escape_utils 0.1.9 → 0.2.0

data/ext/escape_utils/extconf.rb

@@ -0,0 +1,17 @@
+# encoding: UTF-8
+require 'mkmf'
+require 'rbconfig'
+
+$CFLAGS << ' -Wall -funroll-loops'
+$CFLAGS << ' -Wextra -O0 -ggdb3' if ENV['DEBUG']
+
+if try_compile(<<SRC)
+#include <ruby.h>
+int main(void) { rb_cvar_set(Qnil, Qnil, Qnil); return 0; }
+SRC
+  $CFLAGS << " -DRB_CVAR_SET_ARITY=3 "
+else
+  $CFLAGS << " -DRB_CVAR_SET_ARITY=4 "
+end
+
+create_makefile("escape_utils")

data/lib/escape_utils.rb

@@ -1,22 +1,13 @@
 # encoding: utf-8
-
-require 'escape_utils_ext'
+require 'escape_utils/escape_utils'
+require 'escape_utils/version' unless defined? EscapeUtils::VERSION
 
 EscapeUtils.send(:extend, EscapeUtils)
 module EscapeUtils
-  VERSION = "0.1.9"
-
   # turn on/off the escaping of the '/' character during HTML escaping
   # Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
   # This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
   @@html_secure = true
 
-  def self.html_secure
-    @@html_secure
-  end
-  def self.html_secure=(val)
-    @@html_secure = val
-  end
-
   autoload :HtmlSafety, 'escape_utils/html_safety'
 end

data/lib/escape_utils/html_safety.rb

@@ -7,13 +7,13 @@ module EscapeUtils
         if s.html_safe?
           s.to_s.html_safe
         else
-          EscapeUtils.escape_html(s.to_s, EscapeUtils.html_secure).html_safe
+          EscapeUtils.escape_html(s.to_s).html_safe
         end
       end
     else
       def _escape_html(s)
-        EscapeUtils.escape_html(s.to_s, EscapeUtils.html_secure)
+        EscapeUtils.escape_html(s.to_s)
       end
     end
   end
-end
+end

data/lib/escape_utils/version.rb

@@ -0,0 +1,3 @@
+module EscapeUtils
+  VERSION = "0.2.0"
+end

data/spec/html/escape_spec.rb

@@ -33,9 +33,11 @@ describe EscapeUtils, "escape_html" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.escape_html("<b>Bourbon & Branch</b>").encoding.should eql(Encoding.find('utf-8'))
+      str = "<b>Bourbon & Branch</b>"
+      str = str.encode('us-ascii')
+      EscapeUtils.escape_html(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/html/unescape_spec.rb

@@ -22,10 +22,17 @@ describe EscapeUtils, "unescape_html" do
     EscapeUtils.unescape_html("&lt;b&gt;Bourbon &amp; Branch&lt;&#47;b&gt;").should eql("<b>Bourbon & Branch</b>")
   end
 
+  it "should pass through incompletely escaped tags" do
+    EscapeUtils.unescape_html("&").should eql("&")
+    EscapeUtils.unescape_html("&lt").should eql("&lt")
+  end
+
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.unescape_html("&lt;b&gt;Bourbon &amp; Branch&lt;/b&gt;").encoding.should eql(Encoding.find('utf-8'))
+      str = "&lt;b&gt;Bourbon &amp; Branch&lt;/b&gt;"
+      str = str.encode('us-ascii')
+      EscapeUtils.unescape_html(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/javascript/escape_spec.rb

@@ -24,9 +24,11 @@ describe EscapeUtils, "escape_javascript" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.escape_javascript(%(dont </close> tags)).encoding.should eql(Encoding.find('utf-8'))
+      str = %(dont </close> tags)
+      str = str.encode('us-ascii')
+      EscapeUtils.escape_javascript(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/javascript/unescape_spec.rb

@@ -23,10 +23,16 @@ describe EscapeUtils, "unescape_javascript" do
     EscapeUtils.unescape_javascript(%(dont <\\/close> tags)).should eql(%(dont </close> tags))
   end
 
+  it "should pass through standalone '\'" do
+    EscapeUtils.unescape_javascript("\\").should eql("\\")
+  end
+
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.unescape_javascript(%(dont <\\/close> tags)).encoding.should eql(Encoding.find('utf-8'))
+      str = %(dont <\\/close> tags)
+      str = str.encode('us-ascii')
+      EscapeUtils.unescape_javascript(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/query/escape_spec.rb

@@ -37,9 +37,11 @@ describe EscapeUtils, "escape_url" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.escape_url("http://www.homerun.com/").encoding.should eql(Encoding.find('utf-8'))
+      str = "http://www.homerun.com/"
+      str = str.encode('us-ascii')
+      EscapeUtils.escape_url(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/query/unescape_spec.rb

@@ -37,9 +37,11 @@ describe EscapeUtils, "unescape_url" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.find('utf-8'))
+      str = "http%3A%2F%2Fwww.homerun.com%2F"
+      str = str.encode('us-ascii')
+      EscapeUtils.unescape_url(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/spec_helper.rb

@@ -2,4 +2,5 @@
 $LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/..')
 $LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/../lib')
 
+require 'rspec'
 require 'escape_utils'

data/spec/uri/escape_spec.rb

@@ -1,13 +1,17 @@
 # encoding: UTF-8
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
+require 'uri'
 
 describe EscapeUtils, "escape_uri" do
   it "should respond to escape_uri" do
     EscapeUtils.should respond_to(:escape_uri)
   end
 
-  it "should escape a basic url" do
-    EscapeUtils.escape_uri("http://www.homerun.com/").should eql("http%3A%2F%2Fwww.homerun.com%2F")
+  it "should escape each byte exactly like URI.escape" do
+    (0..255).each do |i|
+      c = i.chr
+      EscapeUtils.escape_uri(c).should eql(URI.escape(c))
+    end
   end
 
   # NOTE: from Rack's test suite
@@ -21,11 +25,6 @@ describe EscapeUtils, "escape_uri" do
     EscapeUtils.escape_uri("a   sp ace ").should eql("a%20%20%20sp%20ace%20")
   end
 
-  # NOTE: from Rack's test suite
-  it "should escape a string of mixed characters" do
-    EscapeUtils.escape_uri("q1!2\"'w$5&7/z8)?\\").should eql("q1%212%22%27w%245%267%2Fz8%29%3F%5C")
-  end
-
   # NOTE: from Rack's test suite
   it "should escape correctly for multibyte characters" do
     matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto
@@ -37,9 +36,11 @@ describe EscapeUtils, "escape_uri" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.escape_uri("http://www.homerun.com/").encoding.should eql(Encoding.find('utf-8'))
+      str = "http://www.homerun.com/"
+      str = str.encode('us-ascii')
+      EscapeUtils.escape_uri(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/uri/unescape_spec.rb

@@ -11,6 +11,14 @@ describe EscapeUtils, "unescape_uri" do
     EscapeUtils.unescape_uri("http://www.homerun.com/").should eql("http://www.homerun.com/")
   end
 
+  it "should not be thrown by a standalone %" do
+    EscapeUtils.unescape_uri("%").should eql("%")
+  end
+
+  it "should not be thrown by a trailing %" do
+    EscapeUtils.unescape_uri("http%").should eql("http%")
+  end
+
   # NOTE: from Rack's test suite
   it "should unescape a url containing tags" do
     EscapeUtils.unescape_uri("fo%3Co%3Ebar").should eql("fo<o>bar")
@@ -40,9 +48,11 @@ describe EscapeUtils, "unescape_uri" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.find('utf-8'))
+      str = "http%3A%2F%2Fwww.homerun.com%2F"
+      str = str.encode('us-ascii')
+      EscapeUtils.unescape_uri(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/url/escape_spec.rb

@@ -1,5 +1,6 @@
 # encoding: UTF-8
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
+require 'cgi'
 
 describe EscapeUtils, "escape_url" do
   it "should respond to escape_url" do
@@ -10,6 +11,13 @@ describe EscapeUtils, "escape_url" do
     EscapeUtils.escape_url("http://www.homerun.com/").should eql("http%3A%2F%2Fwww.homerun.com%2F")
   end
 
+  it "should escape each possible byte value exactly like CGI.escape" do
+    (0..255).each do |i|
+      c = i.chr
+      EscapeUtils.escape_url(c).should eql(CGI.escape(c))
+    end
+  end
+
   # NOTE: from Rack's test suite
   it "should escape a url containing tags" do
     EscapeUtils.escape_url("fo<o>bar").should eql("fo%3Co%3Ebar")
@@ -37,9 +45,11 @@ describe EscapeUtils, "escape_url" do
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.escape_url("http://www.homerun.com/").encoding.should eql(Encoding.find('utf-8'))
+      str = "http://www.homerun.com/"
+      str = str.encode('us-ascii')
+      EscapeUtils.escape_url(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do

data/spec/url/unescape_spec.rb

@@ -1,55 +1,65 @@
 # encoding: UTF-8
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
 
-describe EscapeUtils, "unescape_uri" do
-  it "should respond to unescape_uri" do
-    EscapeUtils.should respond_to(:unescape_uri)
+describe EscapeUtils, "unescape_url" do
+  it "should respond to unescape_url" do
+    EscapeUtils.should respond_to(:unescape_url)
   end
 
   it "should unescape a basic url" do
-    EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").should eql("http://www.homerun.com/")
-    EscapeUtils.unescape_uri("http://www.homerun.com/").should eql("http://www.homerun.com/")
+    EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").should eql("http://www.homerun.com/")
+    EscapeUtils.unescape_url("http://www.homerun.com/").should eql("http://www.homerun.com/")
+  end
+
+  it "should not be thrown by a standalone %" do
+    EscapeUtils.unescape_url("%").should eql("%")
+  end
+
+  it "should not be thrown by a trailing %" do
+    EscapeUtils.unescape_url("http%").should eql("http%")
   end
 
   # NOTE: from Rack's test suite
   it "should unescape a url containing tags" do
-    EscapeUtils.unescape_uri("fo%3Co%3Ebar").should eql("fo<o>bar")
+    EscapeUtils.unescape_url("fo%3Co%3Ebar").should eql("fo<o>bar")
   end
 
   # NOTE: from Rack's test suite
   it "should unescape a url with spaces" do
-    EscapeUtils.unescape_uri("a%20space").should eql("a space")
-    EscapeUtils.unescape_uri("a%20%20%20sp%20ace%20").should eql("a   sp ace ")
-    EscapeUtils.unescape_uri("a+space").should eql("a+space")
+    EscapeUtils.unescape_url("a%20space").should eql("a space")
+    EscapeUtils.unescape_url("a%20%20%20sp%20ace%20").should eql("a   sp ace ")
+    EscapeUtils.unescape_url("a+space").should eql("a space")
   end
 
   # NOTE: from Rack's test suite
   it "should unescape a string of mixed characters" do
-    EscapeUtils.unescape_uri("q1%212%22%27w%245%267%2Fz8%29%3F%5C").should eql("q1!2\"'w$5&7/z8)?\\")
-    EscapeUtils.unescape_uri("q1!2%22'w$5&7/z8)?%5C").should eql("q1!2\"'w$5&7/z8)?\\")
+    EscapeUtils.unescape_url("q1%212%22%27w%245%267%2Fz8%29%3F%5C").should eql("q1!2\"'w$5&7/z8)?\\")
+    EscapeUtils.unescape_url("q1!2%22'w$5&7/z8)?%5C").should eql("q1!2\"'w$5&7/z8)?\\")
   end
 
   # NOTE: from Rack's test suite
   it "should unescape correctly for multibyte characters" do
     matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto
     matz_name.force_encoding("UTF-8") if matz_name.respond_to? :force_encoding
-    EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8').should eql(matz_name)
+    EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8').should eql(matz_name)
     matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsu moto
     matz_name_sep.force_encoding("UTF-8") if matz_name_sep.respond_to? :force_encoding
-    EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8').should eql(matz_name_sep)
+    EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8').should eql(matz_name_sep)
   end
 
   if RUBY_VERSION =~ /^1.9/
-    it "should default to utf-8 if Encoding.default_internal is nil" do
+    it "should default to the original string's encoding if Encoding.default_internal is nil" do
       Encoding.default_internal = nil
-      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.find('utf-8'))
+      str = "http%3A%2F%2Fwww.homerun.com%2F"
+      str = str.encode('us-ascii')
+      EscapeUtils.unescape_url(str).encoding.should eql(Encoding.find('us-ascii'))
     end
 
     it "should use Encoding.default_internal" do
       Encoding.default_internal = Encoding.find('utf-8')
-      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
+      EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
       Encoding.default_internal = Encoding.find('us-ascii')
-      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
+      EscapeUtils.unescape_url("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
     end
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: escape_utils
 version: !ruby/object:Gem::Version 
-  hash: 9
-  prerelease: false
+  hash: 23
+  prerelease: 
   segments: 
   - 0
-  - 1
-  - 9
-  version: 0.1.9
+  - 2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Brian Lopez
@@ -15,21 +15,124 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-15 00:00:00 -07:00
+date: 2011-02-08 00:00:00 -08:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rake-compiler
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 0
+        - 7
+        - 5
+        version: 0.7.5
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 2
+        - 0
+        - 0
+        version: 2.0.0
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: haml
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: fast_xs
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: actionpack
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: url_escape
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id007
 description: 
 email: seniorlopez@gmail.com
 executables: []
 
 extensions: 
-- ext/extconf.rb
+- ext/escape_utils/extconf.rb
 extra_rdoc_files: 
 - README.rdoc
 files: 
 - .gitignore
+- .rspec
 - CHANGELOG.md
+- Gemfile
 - MIT-LICENSE
 - README.rdoc
 - Rakefile
@@ -41,8 +144,8 @@ files:
 - benchmark/url_escape.rb
 - benchmark/url_unescape.rb
 - escape_utils.gemspec
-- ext/escape_utils.c
-- ext/extconf.rb
+- ext/escape_utils/escape_utils.c
+- ext/escape_utils/extconf.rb
 - lib/escape_utils.rb
 - lib/escape_utils/html/cgi.rb
 - lib/escape_utils/html/erb.rb
@@ -54,6 +157,7 @@ files:
 - lib/escape_utils/url/erb.rb
 - lib/escape_utils/url/rack.rb
 - lib/escape_utils/url/uri.rb
+- lib/escape_utils/version.rb
 - spec/html/escape_spec.rb
 - spec/html/unescape_spec.rb
 - spec/html_safety_spec.rb
@@ -62,7 +166,6 @@ files:
 - spec/query/escape_spec.rb
 - spec/query/unescape_spec.rb
 - spec/rcov.opts
-- spec/spec.opts
 - spec/spec_helper.rb
 - spec/uri/escape_spec.rb
 - spec/uri/unescape_spec.rb
@@ -99,7 +202,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.4.1
 signing_key: 
 specification_version: 3
 summary: Faster string escaping routines for your web apps
@@ -111,6 +214,7 @@ test_files:
 - spec/javascript/unescape_spec.rb
 - spec/query/escape_spec.rb
 - spec/query/unescape_spec.rb
+- spec/rcov.opts
 - spec/spec_helper.rb
 - spec/uri/escape_spec.rb
 - spec/uri/unescape_spec.rb