- Deprecate
EscapeUtils.escape_url
andEscapeUtils.unescape_url
given that Ruby 2.5 provides an optimizedCGI.escape
andCGI.unescape
with mostly similar performance. - Don't patch
URI.escape
andURI.unescape
if they don't already exist. - Add
EscapeUtils.escape_html_once
andEscapeUtils.rb_eu_escape_html_once_as_html_safe
as faster implementations of Railsescape_once
helper. - Deprecate
escape_html
andescape_html_as_html_safe
given that Ruby 2.5 optimizedCGI.escapeHTML
to be twice faster than theEscapeUtils
implementation. - Deprecate
unescape_html
given that Ruby 2.5 optimizedCGI.unescapeHTML
to be only 40% slower than thEscapeUtils
implementation. - Deprecate
escape_html_as_html_safe
as well. - Deprecate
EscapeUtils.html_safe
, there's no reason to escape for slashes/
in 2022.
- Update EscapeUtils.escape_javascript to match Rails
escape_javascript
Now escapes, Backquotes (```), Dollar ($
), `U+2000` and `U+2001` - Make the Rack monkey patch a noop as it's no longer correct since circa 2011.
- Require Ruby 2.5+
- Stop escaping
~
likeCGI.escape
does since Ruby 2.5
- Historical version