mirror of
https://github.com/zammad/zammad
synced 2026-05-24 09:48:36 +00:00
20 lines
1,010 B
Ruby
20 lines
1,010 B
Ruby
# Copyright (C) 2012-2026 Zammad Foundation, https://zammad-foundation.org/
|
|
|
|
module EscapeHtmlHelper
|
|
# From now on, CGI#escapeHTML escapes single quotes `'` as `'`, in addition to other supported HTML entities.
|
|
# This may cause some problems with existing implementations of HTML escaping, in case they do not use
|
|
# CGI#escapeHTML internally or conform to the established OWASP standard. Therefore, we bring back the old
|
|
# behavior in form of a helper function, so we can reliably compare actual values with expected ones.
|
|
# https://bugs.ruby-lang.org/issues/5485
|
|
def escape_html_wo_single_quotes(string)
|
|
single_quote_char = "\u0027" # apostrophe/single quotation mark
|
|
replacement_char = "\uFFFD" # replacement character
|
|
target_string = string.gsub(single_quote_char, replacement_char)
|
|
target_string = CGI.escapeHTML(target_string)
|
|
target_string.gsub(replacement_char, single_quote_char)
|
|
end
|
|
end
|
|
|
|
RSpec.configure do |config|
|
|
config.include EscapeHtmlHelper
|
|
end
|