Actions
Bug #5485
closedERB html_escape should follow OWASP recommendations
Description
Hi,
OWASP recommends that we escape single quotes and forward slashes before inserting them in to HTML. I would like to change ERB::Util.html_escape to do that.
I've attached a patch. Thanks!
Files
Updated by shyouhei (Shyouhei Urabe) over 12 years ago
- Status changed from Open to Assigned
Updated by shugo (Shugo Maeda) over 12 years ago
- Status changed from Assigned to Closed
- Assignee changed from seki (Masatoshi Seki) to shugo (Shugo Maeda)
fixed in r36687.
Actions
Like0
Like0Like0