File Always_escape_in_Haml.patch of Package rubygem-haml.13060

From 18576ae6e9bdcb4303fdbe6b3199869d289d67c2 Mon Sep 17 00:00:00 2001
From: Takashi Kokubun <takashikkbn@gmail.com>
Date: Thu, 9 Feb 2017 00:17:19 +0900
Subject: [PATCH] Always escape `'` in Haml::Helpers.#html_escape.

In some tests, `attr_wrapper` is changed to be ignored.

I'll split its fix to other commis because not Haml::Helpers but
Haml::AttributeBuilder is responsible for that.
---
 lib/haml/helpers.rb                  |  2 +-
 test/engine_test.rb                  | 14 +++++++-------
 test/pretty_engine_test.rb           | 14 +++++++-------
 test/pretty_results/just_stuff.xhtml |  4 ++--
 test/results/just_stuff.xhtml        |  4 ++--
 5 files changed, 19 insertions(+), 19 deletions(-)

# jsuchome: Above shows files from original patch.
# This is a backport to older version which did not contain
# test/pretty_engine_test.rb and test/pretty_results/just_stuff.xhtml files

diff --git a/lib/haml/helpers.rb b/lib/haml/helpers.rb
--- a/lib/haml/helpers.rb
+++ b/lib/haml/helpers.rb
@@ -520,7 +520,7 @@
     # Characters that need to be escaped to HTML entities from user input
     HTML_ESCAPE = { '&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;', '"'=>'&quot;', "'"=>'&#039;', }
 
-    HTML_ESCAPE_REGEX = /[\"><&]/
+    HTML_ESCAPE_REGEX = /['"><&]/
 
     if RUBY_VERSION >= '1.9'
       # Include docs here so they are picked up by Yard
diff --git a/test/engine_test.rb b/test/engine_test.rb
index 777790ff0..73e7abaa1 100644
--- a/test/engine_test.rb
+++ b/test/engine_test.rb
@@ -1066,8 +1066,8 @@
   def test_attr_wrapper
     assert_equal("<p strange=*attrs*></p>\n", render("%p{ :strange => 'attrs'}", :attr_wrapper => '*'))
     assert_equal("<p escaped='quo\"te'></p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
-    assert_equal("<p escaped=\"quo'te\"></p>\n", render("%p{ :escaped => 'quo\\'te'}", :attr_wrapper => '"'))
-    assert_equal("<p escaped=\"q'uo&#x0022;te\"></p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
+    assert_equal("<p escaped=\"quo&#039;te\"></p>\n", render("%p{ :escaped => 'quo\\'te'}", :attr_wrapper => '"'))
+    assert_equal("<p escaped='q&#039;uo\"te'></p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
     assert_equal("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n", render("!!! XML", :attr_wrapper => '"', :format => :xhtml))
   end
 
@@ -1448,7 +1448,7 @@
       render("%div{:data => {:one_plus_one => 1+1}}",
         :hyphenate_data_attrs => false))
 
-    assert_equal("<div data-foo='Here&#x0027;s a \"quoteful\" string.'></div>\n",
+    assert_equal("<div data-foo='Here&#039;s a \"quoteful\" string.'></div>\n",
       render(%{%div{:data => {:foo => %{Here's a "quoteful" string.}}}},
         :hyphenate_data_attrs => false)) #'
   end
@@ -1604,9 +1604,9 @@
   def test_new_attribute_parsing
     assert_equal("<a a2='b2'>bar</a>\n", render("%a(a2=b2) bar", :locals => {:b2 => 'b2'}))
     assert_equal(%Q{<a a='foo"bar'>bar</a>\n}, render(%q{%a(a="#{'foo"bar'}") bar})) #'
-    assert_equal(%Q{<a a="foo'bar">bar</a>\n}, render(%q{%a(a="#{"foo'bar"}") bar})) #'
+    assert_equal(%Q{<a a='foo&#039;bar'>bar</a>\n}, render(%q{%a(a="#{"foo'bar"}") bar})) #'
     assert_equal(%Q{<a a='foo"bar'>bar</a>\n}, render(%q{%a(a='foo"bar') bar}))
-    assert_equal(%Q{<a a="foo'bar">bar</a>\n}, render(%q{%a(a="foo'bar") bar}))
+    assert_equal(%Q{<a a='foo&#039;bar'>bar</a>\n}, render(%q{%a(a="foo'bar") bar}))
     assert_equal("<a a:b='foo'>bar</a>\n", render("%a(a:b='foo') bar"))
     assert_equal("<a a='foo' b='bar'>bar</a>\n", render("%a(a = 'foo' b = 'bar') bar"))
     assert_equal("<a a='foo' b='bar'>bar</a>\n", render("%a(a = foo b = bar) bar", :locals => {:foo => 'foo', :bar => 'bar'}))
@@ -1619,8 +1619,8 @@
     assert_equal(%Q{<a a='foo " bar'>bar</a>\n}, render(%q{%a(a="foo \" bar") bar}))
     assert_equal(%Q{<a a='foo \\" bar'>bar</a>\n}, render(%q{%a(a="foo \\\\\" bar") bar}))
 
-    assert_equal(%Q{<a a="foo ' bar">bar</a>\n}, render(%q{%a(a='foo \' bar') bar}))
-    assert_equal(%Q{<a a="foo \\' bar">bar</a>\n}, render(%q{%a(a='foo \\\\\' bar') bar}))
+    assert_equal(%Q{<a a='foo &#039; bar'>bar</a>\n}, render(%q{%a(a='foo \' bar') bar}))
+    assert_equal(%Q{<a a='foo \\&#039; bar'>bar</a>\n}, render(%q{%a(a='foo \\\\\' bar') bar}))
 
     assert_equal(%Q{<a a='foo \\ bar'>bar</a>\n}, render(%q{%a(a="foo \\\\ bar") bar}))
     assert_equal(%Q{<a a='foo \#{1 + 1} bar'>bar</a>\n}, render(%q{%a(a="foo \#{1 + 1} bar") bar}))
diff --git a/test/results/just_stuff.xhtml b/test/results/just_stuff.xhtml
index d31dd78ba..742040d20 100644
--- a/test/results/just_stuff.xhtml
+++ b/test/results/just_stuff.xhtml
@@ -6,7 +6,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
-<strong apos="Foo's bar!">Boo!</strong>
+<strong apos='Foo&#039;s bar!'>Boo!</strong>
 Embedded? false!
 Embedded? true!
 Embedded? true!
@@ -60,7 +60,7 @@
 <p class='article quux qux' id='article_1'>Blump</p>
 <p class='article' id='foo_bar_baz_article_1'>Whee</p>
 Woah inner quotes
-<p class='dynamic_quote' dyn='3' quotes="single '"></p>
+<p class='dynamic_quote' dyn='3' quotes='single &#039;'></p>
 <p class='dynamic_self_closing' dyn='3' />
 <body>
   hello