Replaced CGI.escapeHTML() with the html_escape()

Author: Sim4n6

ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb

@@ -1,7 +1,9 @@
+require "erb"
+
 class UnicodeNormalizationHtMLSafeController < ActionController::Base
   def unicodeNormalize
     unicode_input = params[:unicode_input]
-    unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe
+    unicode_html_safe = ERB::Util.html_escape(unicode_input)
     normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD
     normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD
   end