Whoops!

In some circumstances, the new Sanitizer was double-escaping text nodes. Fixed (with unit test).
2008-05-21 14:14:43 -05:00 · 2008-05-21 14:14:43 -05:00 · f6508de6dd
commit f6508de6dd
parent 45405fc97e
4 changed files with 20 additions and 9 deletions
--- a/lib/sanitizer.rb
+++ b/lib/sanitizer.rb
@ -149,7 +149,7 @@ module Sanitizer
                    end
                    node.attributes.each do |attr,val|
                      if String === val
-                         node.attributes[attr] = CGI.escapeHTML(CGI.unescapeHTML(val))
+                         node.attributes[attr] = val.unescapeHTML.escapeHTML
                      else
                        node.attributes.delete attr
                      end