It's not recommended to escape ' to '
OWASP doesn't recommend it https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
and ' is not a valid in HTML4 http://www.w3.org/TR/html4/sgml/entities.html
I've made a Pull Request on github too https://github.com/ruby/ruby/pull/154
Updated by xibbar (Takeyuki FUJIOKA) almost 10 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100