From 0505821444753ee267b891b5a86a4b5d4dd22aa6 Mon Sep 17 00:00:00 2001
From: Petrik <petrik@deheus.net>
Date: Tue, 5 Aug 2025 21:47:53 +0200
Subject: [PATCH] [ruby] Use Rack::Utils.escape_html for escaping
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Rack::Utils.escape_html is faster than CGI.escape_html:

```ruby
require 'benchmark/ips'
require 'cgi'
require 'rack'

Benchmark.ips do |x|
  x.config(warmup: 2, time: 5)

  message = 'Additional fortune added at request time.'
  x.report("CGI") do
    CGI.escape_html(message)
  end

  x.report("Rack") do
    Rack::Utils.escape_html(message)
  end

  x.compare!
end
```

```
ruby 3.4.4 (2025-05-14 revision a38531fd3f) +PRISM [arm64-darwin24]
Warming up --------------------------------------
                 CGI     1.016M i/100ms
                Rack     1.586M i/100ms
Calculating -------------------------------------
                 CGI     10.821M (± 0.3%) i/s   (92.42 ns/i) -     54.837M in   5.067830s
                Rack     15.861M (± 0.3%) i/s   (63.05 ns/i) -     80.886M in   5.099606s

Comparison:
                Rack: 15861352.0 i/s
                 CGI: 10820753.9 i/s - 1.47x  slower
```
---
 frameworks/Ruby/rage-sequel/app/views/fortunes.html.erb | 2 +-
 frameworks/Ruby/rage/app/views/fortunes.html.erb        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/frameworks/Ruby/rage-sequel/app/views/fortunes.html.erb b/frameworks/Ruby/rage-sequel/app/views/fortunes.html.erb
index 2614ca7a7b2..c416e40b48f 100644
--- a/frameworks/Ruby/rage-sequel/app/views/fortunes.html.erb
+++ b/frameworks/Ruby/rage-sequel/app/views/fortunes.html.erb
@@ -5,7 +5,7 @@
     <table>
     <tr><th>id</th><th>message</th></tr>
     <% records.each do |record| %>
-      <tr><td><%= record.id %></td><td><%= CGI.escape_html(record.message) %></td></tr>
+      <tr><td><%= record.id %></td><td><%= Rack::Utils.escape_html(record.message) %></td></tr>
     <% end %>
     </table>
   </body>
diff --git a/frameworks/Ruby/rage/app/views/fortunes.html.erb b/frameworks/Ruby/rage/app/views/fortunes.html.erb
index 1aa63f3772a..1b5afeaa763 100644
--- a/frameworks/Ruby/rage/app/views/fortunes.html.erb
+++ b/frameworks/Ruby/rage/app/views/fortunes.html.erb
@@ -5,7 +5,7 @@
     <table>
     <tr><th>id</th><th>message</th></tr>
     <% records.each do |record| %>
-      <tr><td><%= record[:id] %></td><td><%= CGI.escape_html(record[:message]) %></td></tr>
+      <tr><td><%= record[:id] %></td><td><%= Rack::Utils.escape_html(record[:message]) %></td></tr>
     <% end %>
     </table>
   </body>

id	message
<%= record.id %>	<%= CGI.escape_html(record.message) %>
<%= record.id %>	<%= Rack::Utils.escape_html(record.message) %>
id	message
<%= record[:id] %>	<%= CGI.escape_html(record[:message]) %>
<%= record[:id] %>	<%= Rack::Utils.escape_html(record[:message]) %>