Remove monkey patch which is already included in Rails 2.3.17 #1233

2013-02-12 12:49:50 +01:00 · 2013-02-12 12:49:50 +01:00 · 8b357a118d
parent 6d3dc6e619
commit 8b357a118d
1 changed files with 0 additions and 47 deletions
--- a/config/initializers/10-patches.rb
+++ b/config/initializers/10-patches.rb
@ -159,53 +159,6 @@ module ActionController
  end
 end

-# Backported fix for CVE-2012-3464
-# https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
-# TODO: Remove this once we are on Rails >= 3.2.8
-require 'active_support/core_ext/string/output_safety'
-class ERB
-  module Util
-    HTML_ESCAPE["'"] = '&#39;'
-
-    if RUBY_VERSION >= '1.9'
-      # A utility method for escaping HTML tag characters.
-      # This method is also aliased as <tt>h</tt>.
-      #
-      # In your ERB templates, use this method to escape any unsafe content. For example:
-      # <%=h @person.name %>
-      #
-      # ==== Example:
-      # puts html_escape("is a > 0 & a < 10?")
-      # # => is a &gt; 0 &amp; a &lt; 10?
-      def html_escape(s)
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
-        end
-      end
-    else
-      def html_escape(s) #:nodoc:
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          s.gsub(/[&"'><]/n) { |special| HTML_ESCAPE[special] }.html_safe
-        end
-      end
-    end
-
-    # Aliasing twice issues a warning "discarding old...". Remove first to avoid it.
-    remove_method(:h)
-    alias h html_escape
-
-    module_function :h
-
-    singleton_class.send(:remove_method, :html_escape)
-    module_function :html_escape
-  end
-end
 require 'action_view/helpers/tag_helper'
 module ActionView::Helpers::TagHelper
  def escape_once(html)