From 83b51875bb0a229889fb297d7abe2b5eb5de6c64 Mon Sep 17 00:00:00 2001
From: riking <rikingcoding@gmail.com>
Date: Mon, 9 Feb 2015 15:02:49 -0800
Subject: [PATCH] Use html_escape method instead of gsub
---
app/models/topic.rb | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/app/models/topic.rb b/app/models/topic.rb
index 9a0e93d94..19a3da590 100644
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@@ -249,13 +249,7 @@ class Topic < ActiveRecord::Base
end
def fancy_title
- sanitized_title = title.gsub(/['&\"<>]/, {
- "'" => ''',
- '&' => '&',
- '"' => '"',
- '<' => '<',
- '>' => '>',
- })
+ sanitized_title = ERB::Util.html_escape(title)
return unless sanitized_title
return sanitized_title unless SiteSetting.title_fancy_entities?