Remove forward-slash escape (#486)

This was based off of the OWASP XSS prevention cheat sheet --
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary

However, there isn't really any attack vector based on forward slash alone, and
it's being removed in the next version of that document.

> There is no proof that escaping forward slash will improve
> defense against XSS, if all other special characters are escaped
> properly, but it forces developers to use non-standard implementation of
> the HTML escaping, what increases the risk of the mistake and makes the
> implementation harder.

https://github.com/OWASP/CheatSheetSeries/pull/516

2 files changed, 3 insertions, 6 deletions

diff --git a/testing/tests/filters.rs b/testing/tests/filters.rs
index 22a8fa9..1f382f6 100644
--- a/testing/tests/filters.rs
+++ b/testing/tests/filters.rs
@@ -21,7 +21,7 @@ fn filter_escape() {
     };
     assert_eq!(
         s.render().unwrap(),
-        "// my <html> is "unsafe" & \
+        "// my <html> is "unsafe" & \
          should be 'escaped'"
     );
 }
diff --git a/testing/tests/simple.rs b/testing/tests/simple.rs
index b6dd31a..c712900 100644
--- a/testing/tests/simple.rs
+++ b/testing/tests/simple.rs
@@ -40,12 +40,9 @@ struct EscapeTemplate<'a> {
 
 #[test]
 fn test_escape() {
-    let s = EscapeTemplate { name: "<>&\"'/" };
+    let s = EscapeTemplate { name: "<>&\"'" };
 
-    assert_eq!(
-        s.render().unwrap(),
-        "Hello, &lt;&gt;&amp;&quot;&#x27;&#x2f;!"
-    );
+    assert_eq!(s.render().unwrap(), "Hello, &lt;&gt;&amp;&quot;&#x27;!");
 }
 
 #[derive(Template)]