What does CGI.escape_html actually escape?

If anyone is wondering what exactly ruby'sCGI.escape_html escape, here is the list:

# The set of special characters and their escaped values TABLE_FOR_ESCAPE_HTML__ = {  "'" => '&#39;', '&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;', } 

You can find this defined here in the code: https://github.com/ruby/cgi/blob/c05edf5608e86822a9e1fb0a40b0a7658ff38d56/lib/cgi/util.rb#L29

So, tldr; its escapes ', &, ", <, >

OKBye!