Bug #6850: It's not recommended to escape ' to ' - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #6850

closed

It's not recommended to escape ' to '

Added by spastorino (Santiago Pastorino) over 12 years ago. Updated over 12 years ago.

Status:

Closed

Assignee:

xibbar (Takeyuki FUJIOKA)

Target version:

2.0.0

ruby -v:

2.0.0dev

Backport:

[ruby-core:47095]

Description

OWASP doesn't recommend it https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
and ' is not a valid in HTML4 http://www.w3.org/TR/html4/sgml/entities.html

I've made a Pull Request on github too https://github.com/ruby/ruby/pull/154

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #6850

It's not recommended to escape ' to '

Updated by xibbar (Takeyuki FUJIOKA) over 12 years ago

Updated by xibbar (Takeyuki FUJIOKA) over 12 years ago

Updated by spastorino (Santiago Pastorino) over 12 years ago

Updated by xibbar (Takeyuki FUJIOKA) over 12 years ago

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #6850

It's not recommended to escape ' to &apos;

Updated by xibbar (Takeyuki FUJIOKA) over 12 years ago

Updated by xibbar (Takeyuki FUJIOKA) over 12 years ago

Updated by spastorino (Santiago Pastorino) over 12 years ago

Updated by xibbar (Takeyuki FUJIOKA) over 12 years ago

It's not recommended to escape ' to '