Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Branch: stable
Branches Tags
zammad
/
spec
/
support
/
escape_html.rb

escape_html.rb 1010 B
Permalink History Raw

1234567891011121314151617181920 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module EscapeHtmlHelper
    4. 

  4.   # From now on, CGI#escapeHTML escapes single quotes `'` as `'`, in addition to other supported HTML entities.
    5. 

  5.   #   This may cause some problems with existing implementations of HTML escaping, in case they do not use
    6. 

  6.   #   CGI#escapeHTML internally or conform to the established OWASP standard. Therefore, we bring back the old
    7. 

  7.   #   behavior in form of a helper function, so we can reliably compare actual values with expected ones.
    8. 

  8.   #   https://bugs.ruby-lang.org/issues/5485
    9. 

  9.   def escape_html_wo_single_quotes(string)
    10. 

  10.     single_quote_char = "\u0027" # apostrophe/single quotation mark
    11. 

  11.     replacement_char  = "\uFFFD" # replacement character
    12. 

  12.     target_string = string.gsub(single_quote_char, replacement_char)
    13. 

  13.     target_string = CGI.escapeHTML(target_string)
    14. 

  14.     target_string.gsub(replacement_char, single_quote_char)
    15. 

  15.   end
    16. 

  16. end
    17. 

  17. 

  18. RSpec.configure do |config|
    19. 

  19.   config.include EscapeHtmlHelper
    20. 

  20. end
    21.