DEV Community

Avinasha Shastry
Avinasha Shastry

Posted on

What does CGI.escape_html actually escape?

If anyone is wondering what exactly ruby'sCGI.escape_html escape, here is the list:

# The set of special characters and their escaped values  TABLE_FOR_ESCAPE_HTML__ = {    
"'" => ''',
'&' => '&',
'"' => '"',
'<' => '&lt;',
'>' => '&gt;',
}
Enter fullscreen mode Exit fullscreen mode

You can find this defined here in the code: https://github.com/ruby/cgi/blob/c05edf5608e86822a9e1fb0a40b0a7658ff38d56/lib/cgi/util.rb#L29

So, tldr; its escapes ', &, ", <, >

OKBye!

Top comments (0)