Home/ Questions/Q 96681
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T23:51:34+00:00

CGI.escapeHTML is pretty bad, but CGI.unescapeHTML is completely borked. For example: require ‘cgi’ CGI.unescapeHTML(‘…’)

  • 0

CGI.escapeHTML is pretty bad, but CGI.unescapeHTML is completely borked. For example:

require 'cgi'  CGI.unescapeHTML('…') # => '…'                    # correct - an ellipsis  CGI.unescapeHTML('…') # => '…'             # should be '…'  CGI.unescapeHTML('¢') # => '\242'                 # correct - a cent  CGI.unescapeHTML('¢') # => '¢'               # should be '\242'  CGI.escapeHTML('…') # => '…'                    # should be '…'

It appears that unescapeHTML knows about all of the numeric codes plus &, <, >, and ". And escapeHTML only knows about those last four — it doesn’t do any of the numeric codes. I understand that escaping doesn’t generally need to be as robust since HTML will allow the literal versions of most characters except the four that CGI.escapeHTML knows about. But unescaping should really be better.

Is there a better tool out there, at least for unescaping?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. The htmlentities gem should do the trick:

    require 'rubygems' require 'htmlentities'  coder = HTMLEntities.new  coder.decode('…') # => '…' coder.decode('…') # => '…' coder.decode('¢') # => '¢' coder.decode('¢') # => '¢' coder.encode('…', :named) # => '…' coder.encode('…', :decimal) # => '…'
    • 0