cgi 0.4.2 → 0.5.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +9 -11
  3. data/ext/cgi/escape/escape.c +14 -14
  4. data/lib/cgi/core.rb +4 -4
  5. data/lib/cgi/escape.rb +224 -0
  6. data/lib/cgi/util.rb +4 -215
  7. data/lib/cgi.rb +2 -1
  8. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a2223dc33d62279bcf8cb78f68d8fb46f22c8d9e396243e22d43ded77291dfe5
4
- data.tar.gz: 70b263423e005129ac529dd41f59324accedd2cf6fd8c260965286ff0f03a399
3
+ metadata.gz: 84988d629a2b45f78feb24e97008a9694d1d9c048b58eacbc2c374d4e0b5b94d
4
+ data.tar.gz: 2f292339d8d832b62326e2b60e7e6da2dc770d615a3b302d65bca69926f3aa2c
5
5
  SHA512:
6
- metadata.gz: 9d63be598547392b545cabca27ed6f6765ffa9d8e778335118fa29592c36d8276cc68af052db7abe8e2373c8818072523df6e6aaf65393d09c7c5d16600af6cd
7
- data.tar.gz: 5a27bb456ab0ecee2e504b737f1b7e8f8e2dd3d56f253fd9c08b5ef42fb145dbc1fbb5e3cec9e98866b19d42aa63d58b4b36affa94a25be9e9f46fa2bc03c942
6
+ metadata.gz: d443804f2815126bce2534b5e13e5e5dbd8809a443c4833533de32f7f41c972998a1199e0667cfc940fa4444737b12881231ef30d503cd280451e791c993c249
7
+ data.tar.gz: d9ae4e00a99252889f92e4dd6f30e484fd914d7529dc3d88b34a5b6765d323b9e20554f4fbd6240120e0f262f3eacf72b0cbeb94b901921169bb27ba8a50c34a
data/README.md CHANGED
@@ -32,21 +32,19 @@ Or install it yourself as:
32
32
 
33
33
  ### Get form values
34
34
 
35
+ Given a form with the content `field_name=123`:
36
+
35
37
  ```ruby
36
38
  require "cgi"
37
39
  cgi = CGI.new
38
- value = cgi['field_name'] # <== value string for 'field_name'
39
- # if not 'field_name' included, then return "".
40
- fields = cgi.keys # <== array of field names
41
-
42
- # returns true if form has 'field_name'
43
- cgi.has_key?('field_name')
44
- cgi.has_key?('field_name')
45
- cgi.include?('field_name')
46
- ```
40
+ value = cgi['field_name'] # => "123"
41
+ cgi['flowerpot'] # => ""
42
+ fields = cgi.keys # => [ "field_name" ]
47
43
 
48
- CAUTION! cgi['field_name'] returned an Array with the old
49
- cgi.rb(included in Ruby 1.6)
44
+ cgi.has_key?('field_name') # => true
45
+ cgi.include?('field_name') # => true
46
+ cgi.include?('flowerpot') # => false
47
+ ```
50
48
 
51
49
  ### Get form values as hash
52
50
 
data/ext/cgi/escape/escape.c CHANGED
@@ -8,7 +8,7 @@ RUBY_EXTERN const signed char ruby_digit36_to_number_table[];
8
8
  #define upper_hexdigits (ruby_hexdigits+16)
9
9
  #define char_to_number(c) ruby_digit36_to_number_table[(unsigned char)(c)]
10
10
 
11
- static VALUE rb_cCGI, rb_mUtil, rb_mEscape;
11
+ static VALUE rb_cCGI, rb_mEscape, rb_mEscapeExt;
12
12
  static ID id_accept_charset;
13
13
 
14
14
  #define HTML_ESCAPE_MAX_LEN 6
@@ -471,17 +471,17 @@ Init_escape(void)
471
471
  void
472
472
  InitVM_escape(void)
473
473
  {
474
- rb_cCGI = rb_define_class("CGI", rb_cObject);
475
- rb_mEscape = rb_define_module_under(rb_cCGI, "Escape");
476
- rb_mUtil = rb_define_module_under(rb_cCGI, "Util");
477
- rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
478
- rb_define_method(rb_mEscape, "unescapeHTML", cgiesc_unescape_html, 1);
479
- rb_define_method(rb_mEscape, "escapeURIComponent", cgiesc_escape_uri_component, 1);
480
- rb_define_alias(rb_mEscape, "escape_uri_component", "escapeURIComponent");
481
- rb_define_method(rb_mEscape, "unescapeURIComponent", cgiesc_unescape_uri_component, -1);
482
- rb_define_alias(rb_mEscape, "unescape_uri_component", "unescapeURIComponent");
483
- rb_define_method(rb_mEscape, "escape", cgiesc_escape, 1);
484
- rb_define_method(rb_mEscape, "unescape", cgiesc_unescape, -1);
485
- rb_prepend_module(rb_mUtil, rb_mEscape);
486
- rb_extend_object(rb_cCGI, rb_mEscape);
474
+ rb_cCGI = rb_define_class("CGI", rb_cObject);
475
+ rb_mEscapeExt = rb_define_module_under(rb_cCGI, "EscapeExt");
476
+ rb_mEscape = rb_define_module_under(rb_cCGI, "Escape");
477
+ rb_define_method(rb_mEscapeExt, "escapeHTML", cgiesc_escape_html, 1);
478
+ rb_define_method(rb_mEscapeExt, "unescapeHTML", cgiesc_unescape_html, 1);
479
+ rb_define_method(rb_mEscapeExt, "escapeURIComponent", cgiesc_escape_uri_component, 1);
480
+ rb_define_alias(rb_mEscapeExt, "escape_uri_component", "escapeURIComponent");
481
+ rb_define_method(rb_mEscapeExt, "unescapeURIComponent", cgiesc_unescape_uri_component, -1);
482
+ rb_define_alias(rb_mEscapeExt, "unescape_uri_component", "unescapeURIComponent");
483
+ rb_define_method(rb_mEscapeExt, "escape", cgiesc_escape, 1);
484
+ rb_define_method(rb_mEscapeExt, "unescape", cgiesc_unescape, -1);
485
+ rb_prepend_module(rb_mEscape, rb_mEscapeExt);
486
+ rb_extend_object(rb_cCGI, rb_mEscapeExt);
487
487
  }
data/lib/cgi/core.rb CHANGED
@@ -4,12 +4,12 @@
4
4
  # generating HTTP responses.
5
5
  #++
6
6
  class CGI
7
- unless const_defined?(:Util)
8
- module Util
7
+ unless const_defined?(:Escape)
8
+ module Escape
9
9
  @@accept_charset = "UTF-8" # :nodoc:
10
10
  end
11
- include Util
12
- extend Util
11
+ include Escape
12
+ extend Escape
13
13
  end
14
14
 
15
15
  $CGI_ENV = ENV # for FCGI support
data/lib/cgi/escape.rb ADDED
@@ -0,0 +1,224 @@
1
+ # frozen_string_literal: true
2
+
3
+ class CGI
4
+ module Escape; end
5
+ include Escape
6
+ extend Escape
7
+ end
8
+
9
+ module CGI::Escape
10
+ @@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
11
+
12
+ # URL-encode a string into application/x-www-form-urlencoded.
13
+ # Space characters (+" "+) are encoded with plus signs (+"+"+)
14
+ # url_encoded_string = CGI.escape("'Stop!' said Fred")
15
+ # # => "%27Stop%21%27+said+Fred"
16
+ def escape(string)
17
+ encoding = string.encoding
18
+ buffer = string.b
19
+ buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
20
+ '%' + m.unpack('H2' * m.bytesize).join('%').upcase
21
+ end
22
+ buffer.tr!(' ', '+')
23
+ buffer.force_encoding(encoding)
24
+ end
25
+
26
+ # URL-decode an application/x-www-form-urlencoded string with encoding(optional).
27
+ # string = CGI.unescape("%27Stop%21%27+said+Fred")
28
+ # # => "'Stop!' said Fred"
29
+ def unescape(string, encoding = @@accept_charset)
30
+ str = string.tr('+', ' ')
31
+ str = str.b
32
+ str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
33
+ [m.delete('%')].pack('H*')
34
+ end
35
+ str.force_encoding(encoding)
36
+ str.valid_encoding? ? str : str.force_encoding(string.encoding)
37
+ end
38
+
39
+ # URL-encode a string following RFC 3986
40
+ # Space characters (+" "+) are encoded with (+"%20"+)
41
+ # url_encoded_string = CGI.escapeURIComponent("'Stop!' said Fred")
42
+ # # => "%27Stop%21%27%20said%20Fred"
43
+ def escapeURIComponent(string)
44
+ encoding = string.encoding
45
+ buffer = string.b
46
+ buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
47
+ '%' + m.unpack('H2' * m.bytesize).join('%').upcase
48
+ end
49
+ buffer.force_encoding(encoding)
50
+ end
51
+ alias escape_uri_component escapeURIComponent
52
+
53
+ # URL-decode a string following RFC 3986 with encoding(optional).
54
+ # string = CGI.unescapeURIComponent("%27Stop%21%27+said%20Fred")
55
+ # # => "'Stop!'+said Fred"
56
+ def unescapeURIComponent(string, encoding = @@accept_charset)
57
+ str = string.b
58
+ str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
59
+ [m.delete('%')].pack('H*')
60
+ end
61
+ str.force_encoding(encoding)
62
+ str.valid_encoding? ? str : str.force_encoding(string.encoding)
63
+ end
64
+
65
+ alias unescape_uri_component unescapeURIComponent
66
+
67
+ # The set of special characters and their escaped values
68
+ TABLE_FOR_ESCAPE_HTML__ = {
69
+ "'" => '&#39;',
70
+ '&' => '&amp;',
71
+ '"' => '&quot;',
72
+ '<' => '&lt;',
73
+ '>' => '&gt;',
74
+ }
75
+
76
+ # Escape special characters in HTML, namely '&\"<>
77
+ # CGI.escapeHTML('Usage: foo "bar" <baz>')
78
+ # # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
79
+ def escapeHTML(string)
80
+ enc = string.encoding
81
+ unless enc.ascii_compatible?
82
+ if enc.dummy?
83
+ origenc = enc
84
+ enc = Encoding::Converter.asciicompat_encoding(enc)
85
+ string = enc ? string.encode(enc) : string.b
86
+ end
87
+ table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
88
+ string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
89
+ string.encode!(origenc) if origenc
90
+ string
91
+ else
92
+ string = string.b
93
+ string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
94
+ string.force_encoding(enc)
95
+ end
96
+ end
97
+
98
+ # Unescape a string that has been HTML-escaped
99
+ # CGI.unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
100
+ # # => "Usage: foo \"bar\" <baz>"
101
+ def unescapeHTML(string)
102
+ enc = string.encoding
103
+ unless enc.ascii_compatible?
104
+ if enc.dummy?
105
+ origenc = enc
106
+ enc = Encoding::Converter.asciicompat_encoding(enc)
107
+ string = enc ? string.encode(enc) : string.b
108
+ end
109
+ string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
110
+ case $1.encode(Encoding::US_ASCII)
111
+ when 'apos' then "'".encode(enc)
112
+ when 'amp' then '&'.encode(enc)
113
+ when 'quot' then '"'.encode(enc)
114
+ when 'gt' then '>'.encode(enc)
115
+ when 'lt' then '<'.encode(enc)
116
+ when /\A#0*(\d+)\z/ then $1.to_i.chr(enc)
117
+ when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc)
118
+ end
119
+ end
120
+ string.encode!(origenc) if origenc
121
+ return string
122
+ end
123
+ return string unless string.include? '&'
124
+ charlimit = case enc
125
+ when Encoding::UTF_8; 0x10ffff
126
+ when Encoding::ISO_8859_1; 256
127
+ else 128
128
+ end
129
+ string = string.b
130
+ string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
131
+ match = $1.dup
132
+ case match
133
+ when 'apos' then "'"
134
+ when 'amp' then '&'
135
+ when 'quot' then '"'
136
+ when 'gt' then '>'
137
+ when 'lt' then '<'
138
+ when /\A#0*(\d+)\z/
139
+ n = $1.to_i
140
+ if n < charlimit
141
+ n.chr(enc)
142
+ else
143
+ "&##{$1};"
144
+ end
145
+ when /\A#x([0-9a-f]+)\z/i
146
+ n = $1.hex
147
+ if n < charlimit
148
+ n.chr(enc)
149
+ else
150
+ "&#x#{$1};"
151
+ end
152
+ else
153
+ "&#{match};"
154
+ end
155
+ end
156
+ string.force_encoding enc
157
+ end
158
+
159
+ # Synonym for CGI.escapeHTML(str)
160
+ alias escape_html escapeHTML
161
+ alias h escapeHTML
162
+
163
+ # Synonym for CGI.unescapeHTML(str)
164
+ alias unescape_html unescapeHTML
165
+
166
+ # TruffleRuby runs the pure-Ruby variant faster, do not use the C extension there
167
+ unless RUBY_ENGINE == 'truffleruby'
168
+ begin
169
+ require 'cgi/escape.so'
170
+ rescue LoadError
171
+ end
172
+ end
173
+
174
+ # Escape only the tags of certain HTML elements in +string+.
175
+ #
176
+ # Takes an element or elements or array of elements. Each element
177
+ # is specified by the name of the element, without angle brackets.
178
+ # This matches both the start and the end tag of that element.
179
+ # The attribute list of the open tag will also be escaped (for
180
+ # instance, the double-quotes surrounding attribute values).
181
+ #
182
+ # print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
183
+ # # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
184
+ #
185
+ # print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
186
+ # # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
187
+ def escapeElement(string, *elements)
188
+ elements = elements[0] if elements[0].kind_of?(Array)
189
+ unless elements.empty?
190
+ string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
191
+ CGI.escapeHTML($&)
192
+ end
193
+ else
194
+ string
195
+ end
196
+ end
197
+
198
+ # Undo escaping such as that done by CGI.escapeElement()
199
+ #
200
+ # print CGI.unescapeElement(
201
+ # CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
202
+ # # "&lt;BR&gt;<A HREF="url"></A>"
203
+ #
204
+ # print CGI.unescapeElement(
205
+ # CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
206
+ # # "&lt;BR&gt;<A HREF="url"></A>"
207
+ def unescapeElement(string, *elements)
208
+ elements = elements[0] if elements[0].kind_of?(Array)
209
+ unless elements.empty?
210
+ string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
211
+ unescapeHTML($&)
212
+ end
213
+ else
214
+ string
215
+ end
216
+ end
217
+
218
+ # Synonym for CGI.escapeElement(str)
219
+ alias escape_element escapeElement
220
+
221
+ # Synonym for CGI.unescapeElement(str)
222
+ alias unescape_element unescapeElement
223
+
224
+ end
data/lib/cgi/util.rb CHANGED
@@ -4,220 +4,8 @@ class CGI
4
4
  include Util
5
5
  extend Util
6
6
  end
7
- module CGI::Util
8
- @@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
9
-
10
- # URL-encode a string into application/x-www-form-urlencoded.
11
- # Space characters (+" "+) are encoded with plus signs (+"+"+)
12
- # url_encoded_string = CGI.escape("'Stop!' said Fred")
13
- # # => "%27Stop%21%27+said+Fred"
14
- def escape(string)
15
- encoding = string.encoding
16
- buffer = string.b
17
- buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
18
- '%' + m.unpack('H2' * m.bytesize).join('%').upcase
19
- end
20
- buffer.tr!(' ', '+')
21
- buffer.force_encoding(encoding)
22
- end
23
-
24
- # URL-decode an application/x-www-form-urlencoded string with encoding(optional).
25
- # string = CGI.unescape("%27Stop%21%27+said+Fred")
26
- # # => "'Stop!' said Fred"
27
- def unescape(string, encoding = @@accept_charset)
28
- str = string.tr('+', ' ')
29
- str = str.b
30
- str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
31
- [m.delete('%')].pack('H*')
32
- end
33
- str.force_encoding(encoding)
34
- str.valid_encoding? ? str : str.force_encoding(string.encoding)
35
- end
36
-
37
- # URL-encode a string following RFC 3986
38
- # Space characters (+" "+) are encoded with (+"%20"+)
39
- # url_encoded_string = CGI.escapeURIComponent("'Stop!' said Fred")
40
- # # => "%27Stop%21%27%20said%20Fred"
41
- def escapeURIComponent(string)
42
- encoding = string.encoding
43
- buffer = string.b
44
- buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
45
- '%' + m.unpack('H2' * m.bytesize).join('%').upcase
46
- end
47
- buffer.force_encoding(encoding)
48
- end
49
- alias escape_uri_component escapeURIComponent
50
-
51
- # URL-decode a string following RFC 3986 with encoding(optional).
52
- # string = CGI.unescapeURIComponent("%27Stop%21%27+said%20Fred")
53
- # # => "'Stop!'+said Fred"
54
- def unescapeURIComponent(string, encoding = @@accept_charset)
55
- str = string.b
56
- str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
57
- [m.delete('%')].pack('H*')
58
- end
59
- str.force_encoding(encoding)
60
- str.valid_encoding? ? str : str.force_encoding(string.encoding)
61
- end
62
-
63
- alias unescape_uri_component unescapeURIComponent
64
-
65
- # The set of special characters and their escaped values
66
- TABLE_FOR_ESCAPE_HTML__ = {
67
- "'" => '&#39;',
68
- '&' => '&amp;',
69
- '"' => '&quot;',
70
- '<' => '&lt;',
71
- '>' => '&gt;',
72
- }
73
-
74
- # Escape special characters in HTML, namely '&\"<>
75
- # CGI.escapeHTML('Usage: foo "bar" <baz>')
76
- # # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
77
- def escapeHTML(string)
78
- enc = string.encoding
79
- unless enc.ascii_compatible?
80
- if enc.dummy?
81
- origenc = enc
82
- enc = Encoding::Converter.asciicompat_encoding(enc)
83
- string = enc ? string.encode(enc) : string.b
84
- end
85
- table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
86
- string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
87
- string.encode!(origenc) if origenc
88
- string
89
- else
90
- string = string.b
91
- string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
92
- string.force_encoding(enc)
93
- end
94
- end
95
-
96
- # TruffleRuby runs the pure-Ruby variant faster, do not use the C extension there
97
- unless RUBY_ENGINE == 'truffleruby'
98
- begin
99
- require 'cgi/escape'
100
- rescue LoadError
101
- end
102
- end
103
-
104
- # Unescape a string that has been HTML-escaped
105
- # CGI.unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
106
- # # => "Usage: foo \"bar\" <baz>"
107
- def unescapeHTML(string)
108
- enc = string.encoding
109
- unless enc.ascii_compatible?
110
- if enc.dummy?
111
- origenc = enc
112
- enc = Encoding::Converter.asciicompat_encoding(enc)
113
- string = enc ? string.encode(enc) : string.b
114
- end
115
- string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
116
- case $1.encode(Encoding::US_ASCII)
117
- when 'apos' then "'".encode(enc)
118
- when 'amp' then '&'.encode(enc)
119
- when 'quot' then '"'.encode(enc)
120
- when 'gt' then '>'.encode(enc)
121
- when 'lt' then '<'.encode(enc)
122
- when /\A#0*(\d+)\z/ then $1.to_i.chr(enc)
123
- when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc)
124
- end
125
- end
126
- string.encode!(origenc) if origenc
127
- return string
128
- end
129
- return string unless string.include? '&'
130
- charlimit = case enc
131
- when Encoding::UTF_8; 0x10ffff
132
- when Encoding::ISO_8859_1; 256
133
- else 128
134
- end
135
- string = string.b
136
- string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
137
- match = $1.dup
138
- case match
139
- when 'apos' then "'"
140
- when 'amp' then '&'
141
- when 'quot' then '"'
142
- when 'gt' then '>'
143
- when 'lt' then '<'
144
- when /\A#0*(\d+)\z/
145
- n = $1.to_i
146
- if n < charlimit
147
- n.chr(enc)
148
- else
149
- "&##{$1};"
150
- end
151
- when /\A#x([0-9a-f]+)\z/i
152
- n = $1.hex
153
- if n < charlimit
154
- n.chr(enc)
155
- else
156
- "&#x#{$1};"
157
- end
158
- else
159
- "&#{match};"
160
- end
161
- end
162
- string.force_encoding enc
163
- end
164
-
165
- # Synonym for CGI.escapeHTML(str)
166
- alias escape_html escapeHTML
167
-
168
- # Synonym for CGI.unescapeHTML(str)
169
- alias unescape_html unescapeHTML
170
-
171
- # Escape only the tags of certain HTML elements in +string+.
172
- #
173
- # Takes an element or elements or array of elements. Each element
174
- # is specified by the name of the element, without angle brackets.
175
- # This matches both the start and the end tag of that element.
176
- # The attribute list of the open tag will also be escaped (for
177
- # instance, the double-quotes surrounding attribute values).
178
- #
179
- # print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
180
- # # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
181
- #
182
- # print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
183
- # # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
184
- def escapeElement(string, *elements)
185
- elements = elements[0] if elements[0].kind_of?(Array)
186
- unless elements.empty?
187
- string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
188
- CGI.escapeHTML($&)
189
- end
190
- else
191
- string
192
- end
193
- end
194
-
195
- # Undo escaping such as that done by CGI.escapeElement()
196
- #
197
- # print CGI.unescapeElement(
198
- # CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
199
- # # "&lt;BR&gt;<A HREF="url"></A>"
200
- #
201
- # print CGI.unescapeElement(
202
- # CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
203
- # # "&lt;BR&gt;<A HREF="url"></A>"
204
- def unescapeElement(string, *elements)
205
- elements = elements[0] if elements[0].kind_of?(Array)
206
- unless elements.empty?
207
- string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
208
- unescapeHTML($&)
209
- end
210
- else
211
- string
212
- end
213
- end
214
-
215
- # Synonym for CGI.escapeElement(str)
216
- alias escape_element escapeElement
217
-
218
- # Synonym for CGI.unescapeElement(str)
219
- alias unescape_element unescapeElement
220
7
 
8
+ module CGI::Util
221
9
  # Format a +Time+ object as a String using the format specified by RFC 1123.
222
10
  #
223
11
  # CGI.rfc1123_date(Time.now)
@@ -253,6 +41,7 @@ module CGI::Util
253
41
  end
254
42
  lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')
255
43
  end
256
-
257
- alias h escapeHTML
258
44
  end
45
+
46
+ # For backward compatibility
47
+ require 'cgi/escape' unless defined?(CGI::EscapeExt)
data/lib/cgi.rb CHANGED
@@ -288,10 +288,11 @@
288
288
  #
289
289
 
290
290
  class CGI
291
- VERSION = "0.4.2"
291
+ VERSION = "0.5.0.beta1"
292
292
  end
293
293
 
294
294
  require 'cgi/core'
295
295
  require 'cgi/cookie'
296
296
  require 'cgi/util'
297
+ require 'cgi/escape' unless defined?(CGI::EscapeExt)
297
298
  CGI.autoload(:HtmlExtension, 'cgi/html')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cgi
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.5.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yukihiro Matsumoto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-02-26 00:00:00.000000000 Z
11
+ date: 2025-05-09 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Support for the Common Gateway Interface protocol.
14
14
  email:
@@ -27,6 +27,7 @@ files:
27
27
  - lib/cgi.rb
28
28
  - lib/cgi/cookie.rb
29
29
  - lib/cgi/core.rb
30
+ - lib/cgi/escape.rb
30
31
  - lib/cgi/html.rb
31
32
  - lib/cgi/session.rb
32
33
  - lib/cgi/session/pstore.rb
@@ -53,7 +54,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
53
54
  - !ruby/object:Gem::Version
54
55
  version: '0'
55
56
  requirements: []
56
- rubygems_version: 3.5.11
57
+ rubygems_version: 3.5.22
57
58
  signing_key:
58
59
  specification_version: 4
59
60
  summary: Support for the Common Gateway Interface protocol.