Use html_escape method instead of gsub

2015-02-09 15:02:49 -08:00 · 2015-02-09 15:02:49 -08:00 · 83b51875bb
parent 7e79daf9af
commit 83b51875bb
1 changed files with 1 additions and 7 deletions
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@ -249,13 +249,7 @@ class Topic < ActiveRecord::Base
  end

  def fancy_title
-    sanitized_title = title.gsub(/['&\"<>]/, {
-        "'" => '&#39;',
-        '&' => '&amp;',
-        '"' => '&quot;',
-        '<' => '&lt;',
-        '>' => '&gt;',
-      })
+    sanitized_title = ERB::Util.html_escape(title)

    return unless sanitized_title
    return sanitized_title unless SiteSetting.title_fancy_entities?