From: Aaron Patterson Date: 2012-08-17T03:03:33+09:00 Subject: [ruby-core:47225] Re: [ruby-trunk - Bug #6861] ERB::Util.escape_html is not escaping single quotes --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 14, 2012 at 10:10:23AM +0900, shugo (Shugo Maeda) wrote: > Issue #6861 has been updated by shugo (Shugo Maeda). > Aaron Patterson wrote: > > > I and SEKI have discussed it, and have agreed to use cgi/util. > > > CGI.escapeHTML has a problem that is uses ' instead of ', = but > > > xibbar will fix it later. > > =20 > > Shouldn't CGI use ERB? It seems like ERB's use is for creating HTML, > > where CGI is in charge of providing the common gateway interface. >=20 > I admit that the name CGI is wrong. However, despite its name, CGI provi= des various features for Web applications. For example, cgi/html.rb provid= es features to generate HTML, and cgi/util.rb provides utility methods such= as HTML. OK! Then this change seems good. > > ERB concerns itself with templating and should have knowledge of > > template formats / escaping. It seems CGI would not. >=20 > HTML templating is the most common use case of ERB, but ERB is originally= independent from HTML. For example, it can be used to embed Ruby code int= o TeX files. > Furthermore, ERB is provided as a single large file, and it's not a good = idea to make CGI to depend the whole ERB. Makes sense. Thanks! :-D --=20 Aaron Patterson http://tenderlovemaking.com/ --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) iQEcBAEBAgAGBQJQLTXwAAoJEJUxcLy0/6/GT+0IAKDZKGQ9HjwldqaS6gmnW15h GiQXGCtaUWc9kKPAKIWYJ0zeMk1ghK5lyDlEwPBzYuas9Uv4ql+/VbxnRV+oDDq2 oTh+ICQNGGAqtP1BoUM2LLYYUZ9F24xGfGVx0DYu1RrdQgzqmZZxtFLlhpvRMk6u OFmedUhldc56mRKNgQKHLzvb+uTmSXRqoZrOUnfFu5yc2YVpcBqP5fiv8hOfit4d oLSlzpHA1VIHnS9EvXkjwnDZnMnkCPU98CwjplMfwcjv8RzT0LfYZ9ngj64tQncy Py+vPs4z5wh0dlFvVnjFybndKTk6yCTuiH1uqi74QLo2lSWXf41f7ho0TFX9NMU= =Athp -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq--