* lib/cgi/util.rb (CGI.escapeHTML): use &#39;

nurse · nurse · commit bbb6b5e84e53 · 2012-08-21T22:30:47.000Z
[ruby-core:47221] [Bug #6861] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36766 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Wed Aug 22 07:27:00 2012  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* lib/cgi/util.rb (CGI.escapeHTML): use &#39;
+	  [ruby-core:47221] [Bug #6861]
+
 Tue Aug 21 21:59:22 2012  Ayumu AIZAWA  <ayumu.aizawa@gmail.com>
 
 	* lib/observer.rb: fix typo. https://github.com/ruby/ruby/pull/162 by
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
@@ -22,7 +22,7 @@ def CGI::unescape(string,encoding=@@accept_charset)
 
   # The set of special characters and their escaped values
   TABLE_FOR_ESCAPE_HTML__ = {
-    "'" => '&#x27;',
+    "'" => '&#39;',
     '&' => '&amp;',
     '"' => '&quot;',
     '<' => '&lt;',
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
@@ -54,11 +54,11 @@ def test_cgi_pretty
   end
 
   def test_cgi_escapeHTML
-    assert_equal(CGI::escapeHTML("'&\"><"),"&#x27;&amp;&quot;&gt;&lt;")
+    assert_equal(CGI::escapeHTML("'&\"><"),"&#39;&amp;&quot;&gt;&lt;")
   end
 
   def test_cgi_unescapeHTML
-    assert_equal(CGI::unescapeHTML("&apos;&amp;&quot;&gt;&lt;"),"'&\"><")
+    assert_equal(CGI::unescapeHTML("&#39;&amp;&quot;&gt;&lt;"),"'&\"><")
   end
 
 end
diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb
@@ -39,8 +39,7 @@ def test_with_filename_and_safe_level
   end
 
   def test_html_escape
-    # TODO: &apos; should be changed to &#x27;
-    assert_equal(" !&quot;\#$%&amp;&#x27;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
+    assert_equal(" !&quot;\#$%&amp;&#39;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
                  ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"))
 
     assert_equal("", ERB::Util.html_escape(""))
