sanitize.rb in sanitize-1.0.7

- old
+ new

@@ -24,11 +24,11 @@
 $:.unshift(File.dirname(File.expand_path(__FILE__)))
 $:.uniq!
 
 require 'rubygems'
 
-gem 'hpricot', '~> 0.6'
+gem 'hpricot', '~> 0.8.1'
 
 require 'hpricot'
 require 'sanitize/config'
 require 'sanitize/config/restricted'
 require 'sanitize/config/basic'
@@ -44,10 +44,10 @@
     "'" => '&#39;'
   }
 
   # Matches an unencoded ampersand that is not part of a valid character entity
   # reference.
-  REGEX_AMPERSAND = /&(?!(?:[a-z]+|#[0-9]+|#x[0-9a-f]+);)/i
+  REGEX_AMPERSAND = /&(?!(?:[a-z]+[0-9]{0,2}|#[0-9]+|#x[0-9a-f]+);)/i
 
   # Matches an attribute value that could be treated by a browser as a URL
   # with a protocol prefix, such as "http:" or "javascript:". Any string of zero
   # or more characters followed by a colon is considered a match, even if the
   # colon is encoded as an entity and even if it's an incomplete entity (which