cgi 0.3.7 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07ab7772a63961e384acc8ba4823973fcc33a2146cca79711c9255f4501afea9
-  data.tar.gz: ed59bcae676cebc82134bf5244ec08af350091eab8cdbd9767d913035fd57a56
+  metadata.gz: 4807bd75c56012fd4b219cd83c6b0fb76006483f176b9a7b19b2658606b11503
+  data.tar.gz: b49eebc85d48ac1f068dda9fd36570dbb83d2ee787d6d458680996d29554d8ce
 SHA512:
-  metadata.gz: 91a289cd6cfb781acadc05fdb858611a6dbc0f711a8b0b2d84353bfe6e97a2bf0df4b3fadbae829f73f2480ef2d4968bf8a9d7afe509214f6b71bcc9f3088a0f
-  data.tar.gz: 71d586f04495fe3abd333a0bf5bb4f017b72bd4d40536ac3dae1f7fadd8f61087720d40757b40d69d86b762826192bd406391061835fdc51d709912f1add60ab
+  metadata.gz: c85c60cdefbe541dd68ebc7c82be5a62635bb3861e7a717d828cff5e2072c583bdb0722d85eb36d18a6f1a28255cad60f8d2879d302c10c94f4c7e2c3100103f
+  data.tar.gz: c7a7fccaf06fed4326df4fb5dc1bcab429e4c1430bffb010f5a3c46a4c1b53c102c32b7142b6bdda1a090d6c152da34cdc76e4f5a1d67e1bd37a6df6fc7b5f8e

data/{LICENSE.txt → BSDL}

@@ -4,10 +4,10 @@ Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
+   notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
 
 THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

data/COPYING

@@ -0,0 +1,56 @@
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the
+2-clause BSDL (see the file BSDL), or the conditions below:
+
+1. You may make and give away verbatim copies of the source form of the
+   software without restriction, provided that you duplicate all of the
+   original copyright notices and associated disclaimers.
+
+2. You may modify your copy of the software in any way, provided that
+   you do at least ONE of the following:
+
+   a. place your modifications in the Public Domain or otherwise
+      make them Freely Available, such as by posting said
+      modifications to Usenet or an equivalent medium, or by allowing
+      the author to include your modifications in the software.
+
+   b. use the modified software only within your corporation or
+      organization.
+
+   c. give non-standard binaries non-standard names, with
+      instructions on where to get the original software distribution.
+
+   d. make other distribution arrangements with the author.
+
+3. You may distribute the software in object code or binary form,
+   provided that you do at least ONE of the following:
+
+   a. distribute the binaries and library files of the software,
+      together with instructions (in the manual page or equivalent)
+      on where to get the original distribution.
+
+   b. accompany the distribution with the machine-readable source of
+      the software.
+
+   c. give non-standard binaries non-standard names, with
+      instructions on where to get the original software distribution.
+
+   d. make other distribution arrangements with the author.
+
+4. You may modify and include the part of the software into any other
+   software (possibly commercial).  But some files in the distribution
+   are not written by the author, so that they are not under these terms.
+
+   For the list of those files and their copying conditions, see the
+   file LEGAL.
+
+5. The scripts and library files supplied as input to or produced as
+   output from the software do not automatically fall under the
+   copyright of the software, but belong to whomever generated them,
+   and may be sold commercially, and may be aggregated with this
+   software.
+
+6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+   IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+   PURPOSE.

data/README.md

@@ -32,21 +32,19 @@ Or install it yourself as:
 
 ### Get form values
 
+Given a form with the content `field_name=123`:
+
 ```ruby
 require "cgi"
 cgi = CGI.new
-value = cgi['field_name']   # <== value string for 'field_name'
-  # if not 'field_name' included, then return "".
-fields = cgi.keys            # <== array of field names
-
-# returns true if form has 'field_name'
-cgi.has_key?('field_name')
-cgi.has_key?('field_name')
-cgi.include?('field_name')
-```
+value = cgi['field_name'] # => "123"
+cgi['flowerpot'] # => ""
+fields = cgi.keys # => [ "field_name" ]
 
-CAUTION! cgi['field_name'] returned an Array with the old
-cgi.rb(included in Ruby 1.6)
+cgi.has_key?('field_name') # => true
+cgi.include?('field_name') # => true
+cgi.include?('flowerpot') # => false
+```
 
 ### Get form values as hash
 

data/ext/cgi/escape/escape.c

@@ -8,7 +8,7 @@ RUBY_EXTERN const signed char ruby_digit36_to_number_table[];
 #define upper_hexdigits (ruby_hexdigits+16)
 #define char_to_number(c) ruby_digit36_to_number_table[(unsigned char)(c)]
 
-static VALUE rb_cCGI, rb_mUtil, rb_mEscape;
+static VALUE rb_cCGI, rb_mEscape, rb_mEscapeExt;
 static ID id_accept_charset;
 
 #define HTML_ESCAPE_MAX_LEN 6
@@ -83,7 +83,7 @@ optimized_unescape_html(VALUE str)
     unsigned long charlimit = (strcasecmp(rb_enc_name(enc), "UTF-8") == 0 ? UNICODE_MAX :
                                strcasecmp(rb_enc_name(enc), "ISO-8859-1") == 0 ? 256 :
                                128);
-    long i, len, beg = 0;
+    long i, j, len, beg = 0;
     size_t clen, plen;
     int overflow;
     const char *cstr;
@@ -100,6 +100,7 @@ optimized_unescape_html(VALUE str)
         plen = i - beg;
         if (++i >= len) break;
         c = (unsigned char)cstr[i];
+        j = i;
 #define MATCH(s) (len - i >= (int)rb_strlen_lit(s) && \
                   memcmp(&cstr[i], s, rb_strlen_lit(s)) == 0 && \
                   (i += rb_strlen_lit(s) - 1, 1))
@@ -112,28 +113,40 @@ optimized_unescape_html(VALUE str)
             else if (MATCH("mp;")) {
                 c = '&';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case 'q':
             ++i;
             if (MATCH("uot;")) {
                 c = '"';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case 'g':
             ++i;
             if (MATCH("t;")) {
                 c = '>';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case 'l':
             ++i;
             if (MATCH("t;")) {
                 c = '<';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case '#':
             if (len - ++i >= 2 && ISDIGIT(cstr[i])) {
@@ -142,9 +155,15 @@ optimized_unescape_html(VALUE str)
             else if ((cstr[i] == 'x' || cstr[i] == 'X') && len - ++i >= 2 && ISXDIGIT(cstr[i])) {
                 cc = ruby_scan_digits(&cstr[i], len-i, 16, &clen, &overflow);
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             i += clen;
-            if (overflow || cc >= charlimit || cstr[i] != ';') continue;
+            if (overflow || cc >= charlimit || cstr[i] != ';') {
+                i = j;
+                continue;
+            }
             if (!dest) {
                 dest = rb_str_buf_new(len);
             }
@@ -452,15 +471,17 @@ Init_escape(void)
 void
 InitVM_escape(void)
 {
-    rb_cCGI    = rb_define_class("CGI", rb_cObject);
-    rb_mEscape = rb_define_module_under(rb_cCGI, "Escape");
-    rb_mUtil   = rb_define_module_under(rb_cCGI, "Util");
-    rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
-    rb_define_method(rb_mEscape, "unescapeHTML", cgiesc_unescape_html, 1);
-    rb_define_method(rb_mEscape, "escapeURIComponent", cgiesc_escape_uri_component, 1);
-    rb_define_method(rb_mEscape, "unescapeURIComponent", cgiesc_unescape_uri_component, -1);
-    rb_define_method(rb_mEscape, "escape", cgiesc_escape, 1);
-    rb_define_method(rb_mEscape, "unescape", cgiesc_unescape, -1);
-    rb_prepend_module(rb_mUtil, rb_mEscape);
-    rb_extend_object(rb_cCGI, rb_mEscape);
+    rb_cCGI       = rb_define_class("CGI", rb_cObject);
+    rb_mEscapeExt = rb_define_module_under(rb_cCGI, "EscapeExt");
+    rb_mEscape    = rb_define_module_under(rb_cCGI, "Escape");
+    rb_define_method(rb_mEscapeExt, "escapeHTML", cgiesc_escape_html, 1);
+    rb_define_method(rb_mEscapeExt, "unescapeHTML", cgiesc_unescape_html, 1);
+    rb_define_method(rb_mEscapeExt, "escapeURIComponent", cgiesc_escape_uri_component, 1);
+    rb_define_alias(rb_mEscapeExt, "escape_uri_component", "escapeURIComponent");
+    rb_define_method(rb_mEscapeExt, "unescapeURIComponent", cgiesc_unescape_uri_component, -1);
+    rb_define_alias(rb_mEscapeExt, "unescape_uri_component", "unescapeURIComponent");
+    rb_define_method(rb_mEscapeExt, "escape", cgiesc_escape, 1);
+    rb_define_method(rb_mEscapeExt, "unescape", cgiesc_unescape, -1);
+    rb_prepend_module(rb_mEscape, rb_mEscapeExt);
+    rb_extend_object(rb_cCGI, rb_mEscapeExt);
 }

data/ext/cgi/escape/extconf.rb

@@ -1,3 +1,7 @@
 require 'mkmf'
 
-create_makefile 'cgi/escape'
+if RUBY_ENGINE == 'truffleruby'
+  File.write("Makefile", dummy_makefile($srcdir).join(""))
+else
+  create_makefile 'cgi/escape'
+end

data/lib/cgi/core.rb

@@ -4,12 +4,12 @@
 # generating HTTP responses.
 #++
 class CGI
-  unless const_defined?(:Util)
-    module Util
+  unless const_defined?(:Escape)
+    module Escape
       @@accept_charset = "UTF-8" # :nodoc:
     end
-    include Util
-    extend Util
+    include Escape
+    extend Escape
   end
 
   $CGI_ENV = ENV    # for FCGI support

data/lib/cgi/escape.rb

@@ -0,0 +1,224 @@
+# frozen_string_literal: true
+
+class CGI
+  module Escape; end
+  include Escape
+  extend Escape
+end
+
+module CGI::Escape
+  @@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
+
+  # URL-encode a string into application/x-www-form-urlencoded.
+  # Space characters (+" "+) are encoded with plus signs (+"+"+)
+  #   url_encoded_string = CGI.escape("'Stop!' said Fred")
+  #      # => "%27Stop%21%27+said+Fred"
+  def escape(string)
+    encoding = string.encoding
+    buffer = string.b
+    buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
+      '%' + m.unpack('H2' * m.bytesize).join('%').upcase
+    end
+    buffer.tr!(' ', '+')
+    buffer.force_encoding(encoding)
+  end
+
+  # URL-decode an application/x-www-form-urlencoded string with encoding(optional).
+  #   string = CGI.unescape("%27Stop%21%27+said+Fred")
+  #      # => "'Stop!' said Fred"
+  def unescape(string, encoding = @@accept_charset)
+    str = string.tr('+', ' ')
+    str = str.b
+    str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
+      [m.delete('%')].pack('H*')
+    end
+    str.force_encoding(encoding)
+    str.valid_encoding? ? str : str.force_encoding(string.encoding)
+  end
+
+  # URL-encode a string following RFC 3986
+  # Space characters (+" "+) are encoded with (+"%20"+)
+  #   url_encoded_string = CGI.escapeURIComponent("'Stop!' said Fred")
+  #      # => "%27Stop%21%27%20said%20Fred"
+  def escapeURIComponent(string)
+    encoding = string.encoding
+    buffer = string.b
+    buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
+      '%' + m.unpack('H2' * m.bytesize).join('%').upcase
+    end
+    buffer.force_encoding(encoding)
+  end
+  alias escape_uri_component escapeURIComponent
+
+  # URL-decode a string following RFC 3986 with encoding(optional).
+  #   string = CGI.unescapeURIComponent("%27Stop%21%27+said%20Fred")
+  #      # => "'Stop!'+said Fred"
+  def unescapeURIComponent(string, encoding = @@accept_charset)
+    str = string.b
+    str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
+      [m.delete('%')].pack('H*')
+    end
+    str.force_encoding(encoding)
+    str.valid_encoding? ? str : str.force_encoding(string.encoding)
+  end
+
+  alias unescape_uri_component unescapeURIComponent
+
+  # The set of special characters and their escaped values
+  TABLE_FOR_ESCAPE_HTML__ = {
+    "'" => ''',
+    '&' => '&',
+    '"' => '"',
+    '<' => '&lt;',
+    '>' => '&gt;',
+  }
+
+  # Escape special characters in HTML, namely '&\"<>
+  #   CGI.escapeHTML('Usage: foo "bar" <baz>')
+  #      # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
+  def escapeHTML(string)
+    enc = string.encoding
+    unless enc.ascii_compatible?
+      if enc.dummy?
+        origenc = enc
+        enc = Encoding::Converter.asciicompat_encoding(enc)
+        string = enc ? string.encode(enc) : string.b
+      end
+      table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
+      string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
+      string.encode!(origenc) if origenc
+      string
+    else
+      string = string.b
+      string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
+      string.force_encoding(enc)
+    end
+  end
+
+  # Unescape a string that has been HTML-escaped
+  #   CGI.unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
+  #      # => "Usage: foo \"bar\" <baz>"
+  def unescapeHTML(string)
+    enc = string.encoding
+    unless enc.ascii_compatible?
+      if enc.dummy?
+        origenc = enc
+        enc = Encoding::Converter.asciicompat_encoding(enc)
+        string = enc ? string.encode(enc) : string.b
+      end
+      string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
+        case $1.encode(Encoding::US_ASCII)
+        when 'apos'                then "'".encode(enc)
+        when 'amp'                 then '&'.encode(enc)
+        when 'quot'                then '"'.encode(enc)
+        when 'gt'                  then '>'.encode(enc)
+        when 'lt'                  then '<'.encode(enc)
+        when /\A#0*(\d+)\z/        then $1.to_i.chr(enc)
+        when /\A#x([0-9a-f]+)\z/i  then $1.hex.chr(enc)
+        end
+      end
+      string.encode!(origenc) if origenc
+      return string
+    end
+    return string unless string.include? '&'
+    charlimit = case enc
+                when Encoding::UTF_8; 0x10ffff
+                when Encoding::ISO_8859_1; 256
+                else 128
+                end
+    string = string.b
+    string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
+      match = $1.dup
+      case match
+      when 'apos'                then "'"
+      when 'amp'                 then '&'
+      when 'quot'                then '"'
+      when 'gt'                  then '>'
+      when 'lt'                  then '<'
+      when /\A#0*(\d+)\z/
+        n = $1.to_i
+        if n < charlimit
+          n.chr(enc)
+        else
+          "&##{$1};"
+        end
+      when /\A#x([0-9a-f]+)\z/i
+        n = $1.hex
+        if n < charlimit
+          n.chr(enc)
+        else
+          "&#x#{$1};"
+        end
+      else
+        "&#{match};"
+      end
+    end
+    string.force_encoding enc
+  end
+
+  # Synonym for CGI.escapeHTML(str)
+  alias escape_html escapeHTML
+  alias h escapeHTML
+
+  # Synonym for CGI.unescapeHTML(str)
+  alias unescape_html unescapeHTML
+
+  # TruffleRuby runs the pure-Ruby variant faster, do not use the C extension there
+  unless RUBY_ENGINE == 'truffleruby'
+    begin
+      require 'cgi/escape.so'
+    rescue LoadError
+    end
+  end
+
+  # Escape only the tags of certain HTML elements in +string+.
+  #
+  # Takes an element or elements or array of elements.  Each element
+  # is specified by the name of the element, without angle brackets.
+  # This matches both the start and the end tag of that element.
+  # The attribute list of the open tag will also be escaped (for
+  # instance, the double-quotes surrounding attribute values).
+  #
+  #   print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
+  #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
+  #
+  #   print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
+  #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
+  def escapeElement(string, *elements)
+    elements = elements[0] if elements[0].kind_of?(Array)
+    unless elements.empty?
+      string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
+        CGI.escapeHTML($&)
+      end
+    else
+      string
+    end
+  end
+
+  # Undo escaping such as that done by CGI.escapeElement()
+  #
+  #   print CGI.unescapeElement(
+  #           CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
+  #     # "&lt;BR&gt;<A HREF="url"></A>"
+  #
+  #   print CGI.unescapeElement(
+  #           CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
+  #     # "&lt;BR&gt;<A HREF="url"></A>"
+  def unescapeElement(string, *elements)
+    elements = elements[0] if elements[0].kind_of?(Array)
+    unless elements.empty?
+      string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
+        unescapeHTML($&)
+      end
+    else
+      string
+    end
+  end
+
+  # Synonym for CGI.escapeElement(str)
+  alias escape_element escapeElement
+
+  # Synonym for CGI.unescapeElement(str)
+  alias unescape_element unescapeElement
+
+end

data/lib/cgi/session/pstore.rb

@@ -11,7 +11,10 @@
 # cgi/session.rb for more details on session storage managers.
 
 require_relative '../session'
-require 'pstore'
+begin
+  require 'pstore'
+rescue LoadError
+end
 
 class CGI
   class Session
@@ -82,7 +85,7 @@ class CGI
         File::unlink path
       end
 
-    end
+    end if defined?(::PStore)
   end
 end
 # :enddoc:

data/lib/cgi/session.rb

@@ -279,7 +279,7 @@ class CGI
     # fields are surrounded by a <fieldset> tag in HTML 4 generation, which
     # is _not_ invisible on many browsers; you may wish to disable the
     # use of fieldsets with code similar to the following
-    # (see http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/37805)
+    # (see https://blade.ruby-lang.org/ruby-list/37805)
     #
     #   cgi = CGI.new("html4")
     #   class << cgi

data/lib/cgi/util.rb

@@ -4,214 +4,8 @@ class CGI
   include Util
   extend Util
 end
-module CGI::Util
-  @@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
-
-  # URL-encode a string into application/x-www-form-urlencoded.
-  # Space characters (+" "+) are encoded with plus signs (+"+"+)
-  #   url_encoded_string = CGI.escape("'Stop!' said Fred")
-  #      # => "%27Stop%21%27+said+Fred"
-  def escape(string)
-    encoding = string.encoding
-    buffer = string.b
-    buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
-      '%' + m.unpack('H2' * m.bytesize).join('%').upcase
-    end
-    buffer.tr!(' ', '+')
-    buffer.force_encoding(encoding)
-  end
-
-  # URL-decode an application/x-www-form-urlencoded string with encoding(optional).
-  #   string = CGI.unescape("%27Stop%21%27+said+Fred")
-  #      # => "'Stop!' said Fred"
-  def unescape(string, encoding = @@accept_charset)
-    str = string.tr('+', ' ')
-    str = str.b
-    str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
-      [m.delete('%')].pack('H*')
-    end
-    str.force_encoding(encoding)
-    str.valid_encoding? ? str : str.force_encoding(string.encoding)
-  end
-
-  # URL-encode a string following RFC 3986
-  # Space characters (+" "+) are encoded with (+"%20"+)
-  #   url_encoded_string = CGI.escape("'Stop!' said Fred")
-  #      # => "%27Stop%21%27%20said%20Fred"
-  def escapeURIComponent(string)
-    encoding = string.encoding
-    buffer = string.b
-    buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
-      '%' + m.unpack('H2' * m.bytesize).join('%').upcase
-    end
-    buffer.force_encoding(encoding)
-  end
-
-  # URL-decode a string following RFC 3986 with encoding(optional).
-  #   string = CGI.unescape("%27Stop%21%27+said%20Fred")
-  #      # => "'Stop!'+said Fred"
-  def unescapeURIComponent(string, encoding = @@accept_charset)
-    str = string.b
-    str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
-      [m.delete('%')].pack('H*')
-    end
-    str.force_encoding(encoding)
-    str.valid_encoding? ? str : str.force_encoding(string.encoding)
-  end
-
-  # The set of special characters and their escaped values
-  TABLE_FOR_ESCAPE_HTML__ = {
-    "'" => ''',
-    '&' => '&',
-    '"' => '"',
-    '<' => '&lt;',
-    '>' => '&gt;',
-  }
-
-  # Escape special characters in HTML, namely '&\"<>
-  #   CGI.escapeHTML('Usage: foo "bar" <baz>')
-  #      # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
-  def escapeHTML(string)
-    enc = string.encoding
-    unless enc.ascii_compatible?
-      if enc.dummy?
-        origenc = enc
-        enc = Encoding::Converter.asciicompat_encoding(enc)
-        string = enc ? string.encode(enc) : string.b
-      end
-      table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
-      string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
-      string.encode!(origenc) if origenc
-      string
-    else
-      string = string.b
-      string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
-      string.force_encoding(enc)
-    end
-  end
-
-  begin
-    require 'cgi/escape'
-  rescue LoadError
-  end
-
-  # Unescape a string that has been HTML-escaped
-  #   CGI.unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
-  #      # => "Usage: foo \"bar\" <baz>"
-  def unescapeHTML(string)
-    enc = string.encoding
-    unless enc.ascii_compatible?
-      if enc.dummy?
-        origenc = enc
-        enc = Encoding::Converter.asciicompat_encoding(enc)
-        string = enc ? string.encode(enc) : string.b
-      end
-      string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
-        case $1.encode(Encoding::US_ASCII)
-        when 'apos'                then "'".encode(enc)
-        when 'amp'                 then '&'.encode(enc)
-        when 'quot'                then '"'.encode(enc)
-        when 'gt'                  then '>'.encode(enc)
-        when 'lt'                  then '<'.encode(enc)
-        when /\A#0*(\d+)\z/        then $1.to_i.chr(enc)
-        when /\A#x([0-9a-f]+)\z/i  then $1.hex.chr(enc)
-        end
-      end
-      string.encode!(origenc) if origenc
-      return string
-    end
-    return string unless string.include? '&'
-    charlimit = case enc
-                when Encoding::UTF_8; 0x10ffff
-                when Encoding::ISO_8859_1; 256
-                else 128
-                end
-    string = string.b
-    string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
-      match = $1.dup
-      case match
-      when 'apos'                then "'"
-      when 'amp'                 then '&'
-      when 'quot'                then '"'
-      when 'gt'                  then '>'
-      when 'lt'                  then '<'
-      when /\A#0*(\d+)\z/
-        n = $1.to_i
-        if n < charlimit
-          n.chr(enc)
-        else
-          "&##{$1};"
-        end
-      when /\A#x([0-9a-f]+)\z/i
-        n = $1.hex
-        if n < charlimit
-          n.chr(enc)
-        else
-          "&#x#{$1};"
-        end
-      else
-        "&#{match};"
-      end
-    end
-    string.force_encoding enc
-  end
-
-  # Synonym for CGI.escapeHTML(str)
-  alias escape_html escapeHTML
-
-  # Synonym for CGI.unescapeHTML(str)
-  alias unescape_html unescapeHTML
-
-  # Escape only the tags of certain HTML elements in +string+.
-  #
-  # Takes an element or elements or array of elements.  Each element
-  # is specified by the name of the element, without angle brackets.
-  # This matches both the start and the end tag of that element.
-  # The attribute list of the open tag will also be escaped (for
-  # instance, the double-quotes surrounding attribute values).
-  #
-  #   print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
-  #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
-  #
-  #   print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
-  #     # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
-  def escapeElement(string, *elements)
-    elements = elements[0] if elements[0].kind_of?(Array)
-    unless elements.empty?
-      string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
-        CGI.escapeHTML($&)
-      end
-    else
-      string
-    end
-  end
-
-  # Undo escaping such as that done by CGI.escapeElement()
-  #
-  #   print CGI.unescapeElement(
-  #           CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
-  #     # "&lt;BR&gt;<A HREF="url"></A>"
-  #
-  #   print CGI.unescapeElement(
-  #           CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
-  #     # "&lt;BR&gt;<A HREF="url"></A>"
-  def unescapeElement(string, *elements)
-    elements = elements[0] if elements[0].kind_of?(Array)
-    unless elements.empty?
-      string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
-        unescapeHTML($&)
-      end
-    else
-      string
-    end
-  end
-
-  # Synonym for CGI.escapeElement(str)
-  alias escape_element escapeElement
-
-  # Synonym for CGI.unescapeElement(str)
-  alias unescape_element unescapeElement
 
+module CGI::Util
   # Format a +Time+ object as a String using the format specified by RFC 1123.
   #
   #   CGI.rfc1123_date(Time.now)
@@ -247,6 +41,7 @@ module CGI::Util
     end
     lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')
   end
-
-  alias h escapeHTML
 end
+
+# For backward compatibility
+require 'cgi/escape' unless defined?(CGI::EscapeExt)

data/lib/cgi.rb

@@ -144,7 +144,8 @@
 #
 # === Utility HTML escape and other methods like a function.
 #
-# There are some utility tool defined in cgi/util.rb .
+# There are some utility tools defined in cgi/util.rb and cgi/escape.rb.
+# Escape and unescape methods are defined in cgi/escape.rb.
 # And when include, you can use utility methods like a function.
 #
 # == Examples of use
@@ -274,24 +275,25 @@
 #
 # === Some utility methods
 #
-#   require 'cgi/util'
+#   require 'cgi/escape'
 #   CGI.escapeHTML('Usage: foo "bar" <baz>')
 #
 #
 # === Some utility methods like a function
 #
-#   require 'cgi/util'
-#   include CGI::Util
+#   require 'cgi/escape'
+#   include CGI::Escape
 #   escapeHTML('Usage: foo "bar" <baz>')
 #   h('Usage: foo "bar" <baz>') # alias
 #
 #
 
 class CGI
-  VERSION = "0.3.7"
+  VERSION = "0.5.0"
 end
 
+require 'cgi/util'
+require 'cgi/escape' unless defined?(CGI::EscapeExt)
 require 'cgi/core'
 require 'cgi/cookie'
-require 'cgi/util'
 CGI.autoload(:HtmlExtension, 'cgi/html')

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: cgi
 version: !ruby/object:Gem::Version
-  version: 0.3.7
+  version: 0.5.0
 platform: ruby
 authors:
 - Yukihiro Matsumoto
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-26 00:00:00.000000000 Z
+date: 2025-06-04 00:00:00.000000000 Z
 dependencies: []
 description: Support for the Common Gateway Interface protocol.
 email:
@@ -18,7 +17,8 @@ extensions:
 - ext/cgi/escape/extconf.rb
 extra_rdoc_files: []
 files:
-- LICENSE.txt
+- BSDL
+- COPYING
 - README.md
 - ext/cgi/escape/depend
 - ext/cgi/escape/escape.c
@@ -26,6 +26,7 @@ files:
 - lib/cgi.rb
 - lib/cgi/cookie.rb
 - lib/cgi/core.rb
+- lib/cgi/escape.rb
 - lib/cgi/html.rb
 - lib/cgi/session.rb
 - lib/cgi/session/pstore.rb
@@ -37,7 +38,6 @@ licenses:
 metadata:
   homepage_uri: https://github.com/ruby/cgi
   source_code_uri: https://github.com/ruby/cgi
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -52,8 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Support for the Common Gateway Interface protocol.
 test_files: []