[ruby/cgi] Escape/unescape unclosed tags as well

https://github.com/ruby/cgi/commit/cd1eb08076 Co-authored-by: Nobuyoshi Nakada <[email protected]>
author: Hiroshi SHIBATA <[email protected]> 2025-02-21 15:53:31 +0900
committer: git <[email protected]> 2025-02-26 07:34:04 +0000
commit: 237ab21f25b0a062ce6a272e0586d00778a6f20b (patch)
tree: bb8d043dd1d271c505004db4efb491b91217d34f /lib/cgi
parent: fc60a04de958d4ba94fbdf82af94017b963dea7e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
index 4986e544e0..5f12eae130 100644
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@@ -184,7 +184,7 @@ module CGI::Util
   def escapeElement(string, *elements)
     elements = elements[0] if elements[0].kind_of?(Array)
     unless elements.empty?
-      string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
+      string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
         CGI.escapeHTML($&)
       end
     else
@@ -204,7 +204,7 @@ module CGI::Util
   def unescapeElement(string, *elements)
     elements = elements[0] if elements[0].kind_of?(Array)
     unless elements.empty?
-      string.gsub(/&lt;\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?&gt;/i) do
+      string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
         unescapeHTML($&)
       end
     else
author	Hiroshi SHIBATA <[email protected]>	2025-02-21 15:53:31 +0900
committer	git <[email protected]>	2025-02-26 07:34:04 +0000
commit	237ab21f25b0a062ce6a272e0586d00778a6f20b (patch)
tree	bb8d043dd1d271c505004db4efb491b91217d34f /lib/cgi
parent	fc60a04de958d4ba94fbdf82af94017b963dea7e (diff)