App: Unescape "/" in HTML escaper, it makes things cleaner

jcs.org / sinatree

fork

A skeleton web application configured to use Sinatra and ActiveRecord

fork

Surely this won't cause unforeseen XSS vulns

joshua stein 2 years ago 82c0a577 bd23b762

+2 -2

2 changed files

expand all

lib

helpers.rb

sinatra_more

markup_plugin

format_helpers.rb

+1 -1

lib/helpers.rb

··· 1 1 module Sinatra 2 2 module HTMLEscapeHelper 3 3 def h(text) 4 - Rack::Utils.escape_html(text) 4 + Rack::Utils.escape_html(text).to_s.gsub("/", "/") 5 5 end 6 6 end 7 7

+1 -1

lib/sinatra_more/markup_plugin/format_helpers.rb

··· 27 27 28 28 # Returns escaped text to protect against malicious content 29 29 def escape_html(text) 30 - Rack::Utils.escape_html(text) 30 + Rack::Utils.escape_html(text).to_s.gsub("/", "/") 31 31 end 32 32 alias h escape_html 33 33 alias sanitize_html escape_html

Configure Feed

Configure Feed