New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape URL to render HTML #1131
Conversation
It's caused by the changed behavior of # rack 1.6.5
Rack::Utils.escape_path(?') # => "%27" # rack master
Rack::Utils.escape_path(?') # => "'" Why not patch |
That change was came from the patch for #265. Seeing #265 (comment), And actually this patch is needed only because |
I found it's been URI escaped here, but not yet HTML escaped. Since the In my opinion, this way can be more decent: def each
# ...
listings = files.map{|f| DIR_FILE % DIR_FILE_escape(f) }*"\n"
# ...
end
# ...
def DIR_FILE_escape(html)
html.map { |e| Utils.escape_html(e) }
end |
334d5a9
to
7e0ac8f
Compare
Yes, I think that's more proper. I just updated. |
Any update on this? I can reproduce this with rack 2.0.7. |
This change looks good to me. CI failures look unrelated. I'll push the changes as a new PR and if CI passes I'll merge it. |
Merged in #1524 |
Thanks! |
DIR_FILE have
<a href='%s'>
, so single quotes in URL should be escaped.