Skip to content

Commit 32d9a92

Browse files
committed
Escape source_name parameter on RDoc::Servlet.
Patch by @claudijd
1 parent 00d6061 commit 32d9a92

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

lib/rdoc/servlet.rb

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
# frozen_string_literal: true
22
require 'rdoc'
3+
require 'erb'
34
require 'time'
45
require 'json'
56
require 'webrick'
@@ -427,14 +428,14 @@ def store_for source_name
427428
end
428429

429430
raise WEBrick::HTTPStatus::NotFound,
430-
"Could not find gem \"#{source_name}\". Are you sure you installed it?" unless ri_dir
431+
"Could not find gem \"#{ERB::Util.html_escape(source_name)}\". Are you sure you installed it?" unless ri_dir
431432

432433
store = RDoc::Store.new ri_dir, type
433434

434435
return store if File.exist? store.cache_path
435436

436437
raise WEBrick::HTTPStatus::NotFound,
437-
"Could not find documentation for \"#{source_name}\". Please run `gem rdoc --ri gem_name`"
438+
"Could not find documentation for \"#{ERB::Util.html_escape(source_name)}\". Please run `gem rdoc --ri gem_name`"
438439

439440
end
440441
end

0 commit comments

Comments
 (0)