escape_utils 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +2 -1
- data/CHANGELOG.md +5 -0
- data/README.rdoc +51 -13
- data/VERSION +1 -1
- data/benchmark/html_escape.rb +20 -4
- data/benchmark/html_unescape.rb +2 -2
- data/benchmark/javascript_escape.rb +2 -4
- data/benchmark/javascript_unescape.rb +23 -0
- data/benchmark/url_escape.rb +61 -0
- data/benchmark/url_unescape.rb +54 -0
- data/escape_utils.gemspec +21 -6
- data/ext/escape_utils.c +328 -72
- data/lib/escape_utils.rb +3 -1
- data/lib/escape_utils/html/cgi.rb +8 -2
- data/lib/escape_utils/html/erb.rb +2 -3
- data/lib/escape_utils/html/haml.rb +3 -3
- data/lib/escape_utils/html/rack.rb +4 -6
- data/lib/escape_utils/html_safety.rb +19 -0
- data/lib/escape_utils/url/cgi.rb +10 -0
- data/lib/escape_utils/url/erb.rb +12 -0
- data/lib/escape_utils/url/rack.rb +14 -0
- data/spec/html/escape_spec.rb +4 -4
- data/spec/html/unescape_spec.rb +4 -4
- data/spec/html_safety_spec.rb +49 -0
- data/spec/javascript/escape_spec.rb +1 -1
- data/spec/javascript/unescape_spec.rb +39 -0
- data/spec/url/escape_spec.rb +52 -0
- data/spec/url/unescape_spec.rb +52 -0
- metadata +24 -4
data/lib/escape_utils.rb
CHANGED
@@ -1,7 +1,13 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
3
|
class CGI
|
4
|
-
|
5
|
-
|
4
|
+
extend ::EscapeUtils::HtmlSafety
|
5
|
+
|
6
|
+
class << self
|
7
|
+
alias escapeHTML _escape_html
|
8
|
+
|
9
|
+
def unescapeHTML(s)
|
10
|
+
EscapeUtils.unescape_html(s)
|
11
|
+
end
|
6
12
|
end
|
7
13
|
end
|
@@ -2,11 +2,9 @@
|
|
2
2
|
|
3
3
|
module Rack
|
4
4
|
module Utils
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
EscapeUtils.escape_html(s.to_s)
|
10
|
-
end
|
5
|
+
include ::EscapeUtils::HtmlSafety
|
6
|
+
|
7
|
+
alias escape_html _escape_html
|
8
|
+
module_function :escape_html
|
11
9
|
end
|
12
10
|
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
module EscapeUtils
|
4
|
+
module HtmlSafety
|
5
|
+
if "".respond_to? :html_safe?
|
6
|
+
def _escape_html(s)
|
7
|
+
if s.html_safe?
|
8
|
+
s.to_s.html_safe
|
9
|
+
else
|
10
|
+
EscapeUtils.escape_html(s.to_s).html_safe
|
11
|
+
end
|
12
|
+
end
|
13
|
+
else
|
14
|
+
def _escape_html(s)
|
15
|
+
EscapeUtils.escape_html(s.to_s)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
data/spec/html/escape_spec.rb
CHANGED
@@ -7,19 +7,19 @@ describe EscapeUtils, "escape_html" do
|
|
7
7
|
end
|
8
8
|
|
9
9
|
it "should escape a basic html tag" do
|
10
|
-
EscapeUtils.escape_html("<some_tag/>").should eql("<some_tag
|
10
|
+
EscapeUtils.escape_html("<some_tag/>").should eql("<some_tag/>")
|
11
11
|
end
|
12
12
|
|
13
13
|
it "should escape double-quotes" do
|
14
|
-
EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>").should eql("<some_tag some_attr="some value"
|
14
|
+
EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>").should eql("<some_tag some_attr="some value"/>")
|
15
15
|
end
|
16
16
|
|
17
17
|
it "should escape single-quotes" do
|
18
|
-
EscapeUtils.escape_html("<some_tag some_attr='some value'/>").should eql("<some_tag some_attr='some value'
|
18
|
+
EscapeUtils.escape_html("<some_tag some_attr='some value'/>").should eql("<some_tag some_attr='some value'/>")
|
19
19
|
end
|
20
20
|
|
21
21
|
it "should escape the & character" do
|
22
|
-
EscapeUtils.escape_html("<b>Bourbon & Branch</b>").should eql("<b>Bourbon & Branch<
|
22
|
+
EscapeUtils.escape_html("<b>Bourbon & Branch</b>").should eql("<b>Bourbon & Branch</b>")
|
23
23
|
end
|
24
24
|
|
25
25
|
if RUBY_VERSION =~ /^1.9/
|
data/spec/html/unescape_spec.rb
CHANGED
@@ -7,19 +7,19 @@ describe EscapeUtils, "unescape_html" do
|
|
7
7
|
end
|
8
8
|
|
9
9
|
it "should unescape a basic html tag" do
|
10
|
-
EscapeUtils.unescape_html("<some_tag
|
10
|
+
EscapeUtils.unescape_html("<some_tag/>").should eql("<some_tag/>")
|
11
11
|
end
|
12
12
|
|
13
13
|
it "should unescape double-quotes" do
|
14
|
-
EscapeUtils.unescape_html("<some_tag some_attr="some value"
|
14
|
+
EscapeUtils.unescape_html("<some_tag some_attr="some value"/>").should eql("<some_tag some_attr=\"some value\"/>")
|
15
15
|
end
|
16
16
|
|
17
17
|
it "should unescape single-quotes" do
|
18
|
-
EscapeUtils.unescape_html("<some_tag some_attr='some value'
|
18
|
+
EscapeUtils.unescape_html("<some_tag some_attr='some value'/>").should eql("<some_tag some_attr='some value'/>")
|
19
19
|
end
|
20
20
|
|
21
21
|
it "should unescape the & character" do
|
22
|
-
EscapeUtils.unescape_html("<b>Bourbon & Branch<
|
22
|
+
EscapeUtils.unescape_html("<b>Bourbon & Branch</b>").should eql("<b>Bourbon & Branch</b>")
|
23
23
|
end
|
24
24
|
|
25
25
|
if RUBY_VERSION =~ /^1.9/
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper.rb')
|
3
|
+
|
4
|
+
class Object
|
5
|
+
def html_safe?
|
6
|
+
false
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
class TestSafeBuffer < String
|
11
|
+
def html_safe?
|
12
|
+
true
|
13
|
+
end
|
14
|
+
|
15
|
+
def html_safe
|
16
|
+
self
|
17
|
+
end
|
18
|
+
|
19
|
+
def to_s
|
20
|
+
self
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
class String
|
25
|
+
def html_safe
|
26
|
+
TestSafeBuffer.new(self)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
include EscapeUtils::HtmlSafety
|
31
|
+
|
32
|
+
describe EscapeUtils::HtmlSafety do
|
33
|
+
|
34
|
+
it "should escape unsafe strings and make them safe" do
|
35
|
+
escaped = _escape_html("<strong>unsafe</strong>")
|
36
|
+
escaped.should eql("<strong>unsafe</strong>")
|
37
|
+
escaped.should be_html_safe
|
38
|
+
end
|
39
|
+
|
40
|
+
it "shouldn't escape safe strings" do
|
41
|
+
_escape_html("<p>safe string</p>".html_safe).should eql("<p>safe string</p>")
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should work with non strings" do
|
45
|
+
_escape_html(5).should eql("5")
|
46
|
+
_escape_html(:hello).should eql("hello")
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
@@ -12,7 +12,7 @@ describe EscapeUtils, "escape_javascript" do
|
|
12
12
|
end
|
13
13
|
|
14
14
|
it "should escape quotes and newlines" do
|
15
|
-
EscapeUtils.escape_javascript(%(This "thing" is really\n netos')).should eql(%(This \\"thing\\" is really\\n netos\\'))
|
15
|
+
EscapeUtils.escape_javascript(%(This "thing" is really\n netos\r\n\n')).should eql(%(This \\"thing\\" is really\\n netos\\n\\n\\'))
|
16
16
|
end
|
17
17
|
|
18
18
|
it "should escape backslashes" do
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
|
3
|
+
|
4
|
+
describe EscapeUtils, "unescape_javascript" do
|
5
|
+
it "should respond to unescape_javascript" do
|
6
|
+
EscapeUtils.should respond_to(:unescape_javascript)
|
7
|
+
end
|
8
|
+
|
9
|
+
# these are from the ActionView tests
|
10
|
+
it "should return an empty string if passed nil" do
|
11
|
+
EscapeUtils.unescape_javascript(nil).should eql("")
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should unescape quotes and newlines" do
|
15
|
+
EscapeUtils.unescape_javascript(%(This \\"thing\\" is really\\n netos\\n\\n\\')).should eql(%(This "thing" is really\n netos\n\n'))
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should unescape backslashes" do
|
19
|
+
EscapeUtils.unescape_javascript(%(backslash\\\\test)).should eql(%(backslash\\test))
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should unescape closed html tags" do
|
23
|
+
EscapeUtils.unescape_javascript(%(dont <\\/close> tags)).should eql(%(dont </close> tags))
|
24
|
+
end
|
25
|
+
|
26
|
+
if RUBY_VERSION =~ /^1.9/
|
27
|
+
it "should default to utf-8 if Encoding.default_internal is nil" do
|
28
|
+
Encoding.default_internal = nil
|
29
|
+
EscapeUtils.unescape_javascript(%(dont <\\/close> tags)).encoding.should eql(Encoding.find('utf-8'))
|
30
|
+
end
|
31
|
+
|
32
|
+
it "should use Encoding.default_internal" do
|
33
|
+
Encoding.default_internal = Encoding.find('utf-8')
|
34
|
+
EscapeUtils.unescape_javascript(%(dont <\\/close> tags)).encoding.should eql(Encoding.default_internal)
|
35
|
+
Encoding.default_internal = Encoding.find('us-ascii')
|
36
|
+
EscapeUtils.unescape_javascript(%(dont <\\/close> tags)).encoding.should eql(Encoding.default_internal)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
|
3
|
+
|
4
|
+
describe EscapeUtils, "escape_url" do
|
5
|
+
it "should respond to escape_url" do
|
6
|
+
EscapeUtils.should respond_to(:escape_url)
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should escape a basic url" do
|
10
|
+
EscapeUtils.escape_url("http://www.homerun.com/").should eql("http%3A%2F%2Fwww.homerun.com%2F")
|
11
|
+
end
|
12
|
+
|
13
|
+
# NOTE: from Rack's test suite
|
14
|
+
it "should escape a url containing tags" do
|
15
|
+
EscapeUtils.escape_url("fo<o>bar").should eql("fo%3Co%3Ebar")
|
16
|
+
end
|
17
|
+
|
18
|
+
# NOTE: from Rack's test suite
|
19
|
+
it "should escape a url with spaces" do
|
20
|
+
EscapeUtils.escape_url("a space").should eql("a+space")
|
21
|
+
EscapeUtils.escape_url("a sp ace ").should eql("a+++sp+ace+")
|
22
|
+
end
|
23
|
+
|
24
|
+
# NOTE: from Rack's test suite
|
25
|
+
it "should escape a string of mixed characters" do
|
26
|
+
EscapeUtils.escape_url("q1!2\"'w$5&7/z8)?\\").should eql("q1%212%22%27w%245%267%2Fz8%29%3F%5C")
|
27
|
+
end
|
28
|
+
|
29
|
+
# NOTE: from Rack's test suite
|
30
|
+
it "should escape correctly for multibyte characters" do
|
31
|
+
matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto
|
32
|
+
matz_name.force_encoding("UTF-8") if matz_name.respond_to? :force_encoding
|
33
|
+
EscapeUtils.escape_url(matz_name).should eql('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
|
34
|
+
matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsu moto
|
35
|
+
matz_name_sep.force_encoding("UTF-8") if matz_name_sep.respond_to? :force_encoding
|
36
|
+
EscapeUtils.escape_url(matz_name_sep).should eql('%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8')
|
37
|
+
end
|
38
|
+
|
39
|
+
if RUBY_VERSION =~ /^1.9/
|
40
|
+
it "should default to utf-8 if Encoding.default_internal is nil" do
|
41
|
+
Encoding.default_internal = nil
|
42
|
+
EscapeUtils.escape_url("http://www.homerun.com/").encoding.should eql(Encoding.find('utf-8'))
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should use Encoding.default_internal" do
|
46
|
+
Encoding.default_internal = Encoding.find('utf-8')
|
47
|
+
EscapeUtils.escape_url("http://www.homerun.com/").encoding.should eql(Encoding.default_internal)
|
48
|
+
Encoding.default_internal = Encoding.find('us-ascii')
|
49
|
+
EscapeUtils.escape_url("http://www.homerun.com/").encoding.should eql(Encoding.default_internal)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
|
3
|
+
|
4
|
+
describe EscapeUtils, "unescape_url" do
|
5
|
+
it "should respond to unescape_url" do
|
6
|
+
EscapeUtils.should respond_to(:unescape_url)
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should unescape a basic url" do
|
10
|
+
EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").should eql("http://www.homerun.com/")
|
11
|
+
end
|
12
|
+
|
13
|
+
# NOTE: from Rack's test suite
|
14
|
+
it "should unescape a url containing tags" do
|
15
|
+
EscapeUtils.unescape_url("fo%3Co%3Ebar").should eql("fo<o>bar")
|
16
|
+
end
|
17
|
+
|
18
|
+
# NOTE: from Rack's test suite
|
19
|
+
it "should unescape a url with spaces" do
|
20
|
+
EscapeUtils.unescape_url("a+space").should eql("a space")
|
21
|
+
EscapeUtils.unescape_url("a+++sp+ace+").should eql("a sp ace ")
|
22
|
+
end
|
23
|
+
|
24
|
+
# NOTE: from Rack's test suite
|
25
|
+
it "should unescape a string of mixed characters" do
|
26
|
+
EscapeUtils.unescape_url("q1%212%22%27w%245%267%2Fz8%29%3F%5C").should eql("q1!2\"'w$5&7/z8)?\\")
|
27
|
+
end
|
28
|
+
|
29
|
+
# NOTE: from Rack's test suite
|
30
|
+
it "should unescape correctly for multibyte characters" do
|
31
|
+
matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto
|
32
|
+
matz_name.force_encoding("UTF-8") if matz_name.respond_to? :force_encoding
|
33
|
+
EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8').should eql(matz_name)
|
34
|
+
matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsu moto
|
35
|
+
matz_name_sep.force_encoding("UTF-8") if matz_name_sep.respond_to? :force_encoding
|
36
|
+
EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8').should eql(matz_name_sep)
|
37
|
+
end
|
38
|
+
|
39
|
+
if RUBY_VERSION =~ /^1.9/
|
40
|
+
it "should default to utf-8 if Encoding.default_internal is nil" do
|
41
|
+
Encoding.default_internal = nil
|
42
|
+
EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.find('utf-8'))
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should use Encoding.default_internal" do
|
46
|
+
Encoding.default_internal = Encoding.find('utf-8')
|
47
|
+
EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
|
48
|
+
Encoding.default_internal = Encoding.find('us-ascii')
|
49
|
+
EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
metadata
CHANGED
@@ -1,12 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: escape_utils
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
+
hash: 17
|
4
5
|
prerelease: false
|
5
6
|
segments:
|
6
7
|
- 0
|
7
8
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
9
|
+
- 5
|
10
|
+
version: 0.1.5
|
10
11
|
platform: ruby
|
11
12
|
authors:
|
12
13
|
- Brian Lopez
|
@@ -14,7 +15,7 @@ autorequire:
|
|
14
15
|
bindir: bin
|
15
16
|
cert_chain: []
|
16
17
|
|
17
|
-
date: 2010-
|
18
|
+
date: 2010-07-13 00:00:00 -07:00
|
18
19
|
default_executable:
|
19
20
|
dependencies: []
|
20
21
|
|
@@ -36,6 +37,9 @@ files:
|
|
36
37
|
- benchmark/html_escape.rb
|
37
38
|
- benchmark/html_unescape.rb
|
38
39
|
- benchmark/javascript_escape.rb
|
40
|
+
- benchmark/javascript_unescape.rb
|
41
|
+
- benchmark/url_escape.rb
|
42
|
+
- benchmark/url_unescape.rb
|
39
43
|
- escape_utils.gemspec
|
40
44
|
- ext/escape_utils.c
|
41
45
|
- ext/extconf.rb
|
@@ -44,13 +48,21 @@ files:
|
|
44
48
|
- lib/escape_utils/html/erb.rb
|
45
49
|
- lib/escape_utils/html/haml.rb
|
46
50
|
- lib/escape_utils/html/rack.rb
|
51
|
+
- lib/escape_utils/html_safety.rb
|
47
52
|
- lib/escape_utils/javascript/action_view.rb
|
53
|
+
- lib/escape_utils/url/cgi.rb
|
54
|
+
- lib/escape_utils/url/erb.rb
|
55
|
+
- lib/escape_utils/url/rack.rb
|
48
56
|
- spec/html/escape_spec.rb
|
49
57
|
- spec/html/unescape_spec.rb
|
58
|
+
- spec/html_safety_spec.rb
|
50
59
|
- spec/javascript/escape_spec.rb
|
60
|
+
- spec/javascript/unescape_spec.rb
|
51
61
|
- spec/rcov.opts
|
52
62
|
- spec/spec.opts
|
53
63
|
- spec/spec_helper.rb
|
64
|
+
- spec/url/escape_spec.rb
|
65
|
+
- spec/url/unescape_spec.rb
|
54
66
|
has_rdoc: true
|
55
67
|
homepage: http://github.com/brianmario/escape_utils
|
56
68
|
licenses: []
|
@@ -62,28 +74,36 @@ require_paths:
|
|
62
74
|
- lib
|
63
75
|
- ext
|
64
76
|
required_ruby_version: !ruby/object:Gem::Requirement
|
77
|
+
none: false
|
65
78
|
requirements:
|
66
79
|
- - ">="
|
67
80
|
- !ruby/object:Gem::Version
|
81
|
+
hash: 3
|
68
82
|
segments:
|
69
83
|
- 0
|
70
84
|
version: "0"
|
71
85
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
86
|
+
none: false
|
72
87
|
requirements:
|
73
88
|
- - ">="
|
74
89
|
- !ruby/object:Gem::Version
|
90
|
+
hash: 3
|
75
91
|
segments:
|
76
92
|
- 0
|
77
93
|
version: "0"
|
78
94
|
requirements: []
|
79
95
|
|
80
96
|
rubyforge_project:
|
81
|
-
rubygems_version: 1.3.
|
97
|
+
rubygems_version: 1.3.7
|
82
98
|
signing_key:
|
83
99
|
specification_version: 3
|
84
100
|
summary: Faster string escaping routines for your web apps
|
85
101
|
test_files:
|
86
102
|
- spec/html/escape_spec.rb
|
87
103
|
- spec/html/unescape_spec.rb
|
104
|
+
- spec/html_safety_spec.rb
|
88
105
|
- spec/javascript/escape_spec.rb
|
106
|
+
- spec/javascript/unescape_spec.rb
|
89
107
|
- spec/spec_helper.rb
|
108
|
+
- spec/url/escape_spec.rb
|
109
|
+
- spec/url/unescape_spec.rb
|