From 745ada86498cd80cf93610dd8d6d6b95f61ac327 Mon Sep 17 00:00:00 2001
From: xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 14 Aug 2012 03:03:42 +0000
Subject: [PATCH] Tue Aug 14 11:55:37 2012  Takeyuki FUJIOKA 
 <xibbar@ruby-lang.org>

  * lib/cgi/util.rb (CGI::escapeHTML): &apos; is not recommended. [Bug #6850]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/cgi/util.rb           | 2 +-
 test/cgi/test_cgi_util.rb | 2 +-
 test/erb/test_erb.rb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
index 9cfff99b78..a2bd066fe2 100644
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@@ -22,7 +22,7 @@ class CGI
 
   # The set of special characters and their escaped values
   TABLE_FOR_ESCAPE_HTML__ = {
-    "'" => '&apos;',
+    "'" => '&#x27;',
     '&' => '&amp;',
     '"' => '&quot;',
     '<' => '&lt;',
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
index a36af776c5..5bf5b79988 100644
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@@ -54,7 +54,7 @@ class CGIUtilTest < Test::Unit::TestCase
   end
 
   def test_cgi_escapeHTML
-    assert_equal(CGI::escapeHTML("'&\"><"),"&apos;&amp;&quot;&gt;&lt;")
+    assert_equal(CGI::escapeHTML("'&\"><"),"&#x27;&amp;&quot;&gt;&lt;")
   end
 
   def test_cgi_unescapeHTML
diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb
index 66576d98ea..e609d47876 100644
--- a/test/erb/test_erb.rb
+++ b/test/erb/test_erb.rb
@@ -40,7 +40,7 @@ class TestERB < Test::Unit::TestCase
 
   def test_html_escape
     # TODO: &apos; should be changed to &#x27;
-    assert_equal(" !&quot;\#$%&amp;&apos;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
+    assert_equal(" !&quot;\#$%&amp;&#x27;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
                  ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"))
 
     assert_equal("", ERB::Util.html_escape(""))