helpers.rb in onebox-1.6.7

- old
+ new

@@ -73,11 +73,12 @@
     end
 
     def self.normalize_url_for_output(url)
       url = url.dup
       # expect properly encoded url, remove any unsafe chars
+      url.gsub!("'", "&apos;")
+      url.gsub!('"', "&quot;")
       url.gsub!(/[^a-zA-Z0-9%\-`._~:\/?#\[\]@!$&'\(\)*+,;=]/, "")
-      url.gsub!("'", "&quot;")
       url
     end
 
   end
 end