escape_utils 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. data/.gitignore +2 -1
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +206 -0
  4. data/benchmark/html_escape.rb +1 -0
  5. data/benchmark/html_unescape.rb +1 -0
  6. data/benchmark/javascript_escape.rb +1 -0
  7. data/benchmark/javascript_unescape.rb +1 -0
  8. data/benchmark/url_escape.rb +1 -0
  9. data/benchmark/url_unescape.rb +1 -0
  10. data/escape_utils.gemspec +0 -3
  11. data/ext/escape_utils/buffer.c +228 -0
  12. data/ext/escape_utils/buffer.h +91 -0
  13. data/ext/escape_utils/escape_utils.c +111 -531
  14. data/ext/escape_utils/houdini.h +15 -0
  15. data/ext/escape_utils/houdini_html.c +214 -0
  16. data/ext/escape_utils/houdini_js.c +148 -0
  17. data/ext/escape_utils/houdini_uri.c +130 -0
  18. data/ext/escape_utils/html_unescape.h +754 -0
  19. data/ext/escape_utils/uri_escape.h +35 -0
  20. data/lib/escape_utils.rb +2 -2
  21. data/lib/escape_utils/html/cgi.rb +0 -2
  22. data/lib/escape_utils/html/erb.rb +0 -2
  23. data/lib/escape_utils/html/haml.rb +0 -2
  24. data/lib/escape_utils/html/rack.rb +0 -2
  25. data/lib/escape_utils/html_safety.rb +0 -2
  26. data/lib/escape_utils/javascript/action_view.rb +0 -2
  27. data/lib/escape_utils/url/cgi.rb +0 -2
  28. data/lib/escape_utils/url/erb.rb +0 -2
  29. data/lib/escape_utils/url/rack.rb +0 -2
  30. data/lib/escape_utils/url/uri.rb +0 -2
  31. data/lib/escape_utils/version.rb +1 -1
  32. data/spec/html/escape_spec.rb +0 -1
  33. data/spec/html/unescape_spec.rb +0 -1
  34. data/spec/html_safety_spec.rb +0 -1
  35. data/spec/javascript/escape_spec.rb +0 -1
  36. data/spec/javascript/unescape_spec.rb +0 -1
  37. data/spec/query/escape_spec.rb +0 -1
  38. data/spec/query/unescape_spec.rb +1 -0
  39. data/spec/spec_helper.rb +0 -1
  40. data/spec/uri/escape_spec.rb +0 -1
  41. data/spec/uri/unescape_spec.rb +1 -0
  42. data/spec/url/escape_spec.rb +0 -1
  43. data/spec/url/unescape_spec.rb +1 -0
  44. metadata +16 -8
  45. data/README.rdoc +0 -146
@@ -0,0 +1,35 @@
1
+ static const char URL_SAFE[] = {
2
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
4
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,
5
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,
6
+ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
7
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,
8
+ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
9
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
10
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
11
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
12
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
13
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
14
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
15
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
16
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
17
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
18
+
19
+ static const char URI_SAFE[] = {
20
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
21
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
22
+ 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
23
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
24
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
25
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
26
+ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
27
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0,
28
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
29
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
30
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
31
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
32
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
33
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
34
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
35
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
@@ -1,9 +1,9 @@
1
- # encoding: utf-8
2
1
  require 'escape_utils/escape_utils'
3
2
  require 'escape_utils/version' unless defined? EscapeUtils::VERSION
4
3
 
5
- EscapeUtils.send(:extend, EscapeUtils)
6
4
  module EscapeUtils
5
+ extend self
6
+
7
7
  # turn on/off the escaping of the '/' character during HTML escaping
8
8
  # Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
9
9
  # This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  class CGI
4
2
  extend ::EscapeUtils::HtmlSafety
5
3
 
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  class ERB
4
2
  module Util
5
3
  include ::EscapeUtils::HtmlSafety
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Haml
4
2
  module Helpers
5
3
  include ::EscapeUtils::HtmlSafety
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Rack
4
2
  module Utils
5
3
  include ::EscapeUtils::HtmlSafety
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module EscapeUtils
4
2
  module HtmlSafety
5
3
  if "".respond_to? :html_safe?
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module ActionView
4
2
  module Helpers
5
3
  module JavaScriptHelper
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  class CGI
4
2
  def self.escape(s)
5
3
  EscapeUtils.escape_url(s.to_s)
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  class ERB
4
2
  module Util
5
3
  def url_encode(s)
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Rack
4
2
  module Utils
5
3
  def escape(url)
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module URI
4
2
  def self.escape(s, unsafe=nil)
5
3
  EscapeUtils.escape_uri(s.to_s)
@@ -1,3 +1,3 @@
1
1
  module EscapeUtils
2
- VERSION = "0.2.3"
2
+ VERSION = "0.2.4"
3
3
  end
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
 
4
3
  describe EscapeUtils, "escape_html" do
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
 
4
3
  describe EscapeUtils, "unescape_html" do
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper.rb')
3
2
 
4
3
  class Object
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
 
4
3
  describe EscapeUtils, "escape_javascript" do
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
 
4
3
  describe EscapeUtils, "unescape_javascript" do
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
 
4
3
  describe EscapeUtils, "escape_url" do
@@ -1,4 +1,5 @@
1
1
  # encoding: UTF-8
2
+
2
3
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
4
 
4
5
  describe EscapeUtils, "unescape_url" do
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  $LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/..')
3
2
  $LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/../lib')
4
3
 
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
  require 'uri'
4
3
 
@@ -1,4 +1,5 @@
1
1
  # encoding: UTF-8
2
+
2
3
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
4
 
4
5
  describe EscapeUtils, "unescape_uri" do
@@ -1,4 +1,3 @@
1
- # encoding: UTF-8
2
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
2
  require 'cgi'
4
3
 
@@ -1,4 +1,5 @@
1
1
  # encoding: UTF-8
2
+
2
3
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
3
4
 
4
5
  describe EscapeUtils, "unescape_url" do
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: escape_utils
3
3
  version: !ruby/object:Gem::Version
4
- hash: 17
4
+ hash: 31
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 2
9
- - 3
10
- version: 0.2.3
9
+ - 4
10
+ version: 0.2.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Brian Lopez
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-03-09 00:00:00 -08:00
18
+ date: 2011-09-07 00:00:00 -07:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -126,15 +126,15 @@ executables: []
126
126
 
127
127
  extensions:
128
128
  - ext/escape_utils/extconf.rb
129
- extra_rdoc_files:
130
- - README.rdoc
129
+ extra_rdoc_files: []
130
+
131
131
  files:
132
132
  - .gitignore
133
133
  - .rspec
134
134
  - CHANGELOG.md
135
135
  - Gemfile
136
136
  - MIT-LICENSE
137
- - README.rdoc
137
+ - README.md
138
138
  - Rakefile
139
139
  - benchmark/html_escape.rb
140
140
  - benchmark/html_unescape.rb
@@ -143,8 +143,16 @@ files:
143
143
  - benchmark/url_escape.rb
144
144
  - benchmark/url_unescape.rb
145
145
  - escape_utils.gemspec
146
+ - ext/escape_utils/buffer.c
147
+ - ext/escape_utils/buffer.h
146
148
  - ext/escape_utils/escape_utils.c
147
149
  - ext/escape_utils/extconf.rb
150
+ - ext/escape_utils/houdini.h
151
+ - ext/escape_utils/houdini_html.c
152
+ - ext/escape_utils/houdini_js.c
153
+ - ext/escape_utils/houdini_uri.c
154
+ - ext/escape_utils/html_unescape.h
155
+ - ext/escape_utils/uri_escape.h
148
156
  - lib/escape_utils.rb
149
157
  - lib/escape_utils/html/cgi.rb
150
158
  - lib/escape_utils/html/erb.rb
@@ -201,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
201
209
  requirements: []
202
210
 
203
211
  rubyforge_project:
204
- rubygems_version: 1.6.1
212
+ rubygems_version: 1.6.2
205
213
  signing_key:
206
214
  specification_version: 3
207
215
  summary: Faster string escaping routines for your web apps
@@ -1,146 +0,0 @@
1
- = escape_utils
2
-
3
- Being as though we're all html escaping everything these days, why not make it faster?
4
-
5
- For character encoding in 1.9, we'll return strings in whatever Encoding.default_internal is set to or utf-8 otherwise.
6
-
7
- It has monkey-patches for Rack::Utils, CGI, URI, ERB::Util and Haml and ActionView so you can drop this in and have your app start escaping fast as balls in no time
8
-
9
- It supports HTML, URL, URI and Javascript escaping/unescaping.
10
-
11
- == Installing
12
-
13
- gem install escape_utils
14
-
15
- == Usage
16
-
17
- === HTML
18
-
19
- ==== Escaping
20
-
21
- html = `curl -s http://maps.google.com`
22
- escaped_html = EscapeUtils.escape_html(html)
23
-
24
- ==== Unescaping
25
-
26
- html = `curl -s http://maps.google.com`
27
- escaped_html = EscapeUtils.escape_html(html)
28
- html = EscapeUtils.unescape_html(escaped_html)
29
-
30
- ==== Monkey Patches
31
-
32
- require 'escape_utils/html/rack' # to patch Rack::Utils
33
- require 'escape_utils/html/erb' # to patch ERB::Util
34
- require 'escape_utils/html/cgi' # to patch CGI
35
- require 'escape_utils/html/haml' # to patch Haml::Helpers
36
-
37
- === URL
38
-
39
- Use (un)escape_uri to get RFC-compliant escaping (like PHP rawurlencode).
40
-
41
- Use (un)escape_url to get CGI escaping (where space is +).
42
-
43
- ==== Escaping
44
-
45
- url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
46
- escaped_url = EscapeUtils.escape_url(url)
47
-
48
- ==== Unescaping
49
-
50
- url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
51
- escaped_url = EscapeUtils.escape_url(url)
52
- EscapeUtils.unescape_url(escaped_url) == url # => true
53
-
54
- === Javascript
55
-
56
- ==== Escaping
57
-
58
- javascript = `curl -s http://code.jquery.com/jquery-1.4.2.js`
59
- escaped_javascript = EscapeUtils.escape_javascript(javascript)
60
-
61
- ==== Unescaping
62
-
63
- javascript = `curl -s http://code.jquery.com/jquery-1.4.2.js`
64
- escaped_javascript = EscapeUtils.escape_javascript(javascript)
65
- EscapeUtils.unescape_javascript(escaped_javascript) == javascript # => true
66
-
67
- ==== Monkey Patches
68
-
69
- require 'escape_utils/javascript/action_view' # to patch ActionView::Helpers::JavaScriptHelper
70
-
71
- == Benchmarks
72
-
73
- In my testing, escaping html is around 10-30x faster than the pure ruby implementations in wide use today.
74
- While unescaping html is around 40-100x faster than CGI.unescapeHTML which is also pure ruby.
75
- Escaping Javascript is around 16-30x faster.
76
-
77
- This output is from my laptop using the benchmark scripts in the benchmarks folder.
78
-
79
- === HTML
80
-
81
- ==== Escaping
82
-
83
- Rack::Utils.escape_html
84
- 9.650000 0.090000 9.740000 ( 9.750756)
85
- Haml::Helpers.html_escape
86
- 9.310000 0.110000 9.420000 ( 9.417317)
87
- ERB::Util.html_escape
88
- 5.330000 0.390000 5.720000 ( 5.748394)
89
- CGI.escapeHTML
90
- 5.370000 0.380000 5.750000 ( 5.791344)
91
- FasterHTMLEscape.html_escape
92
- 0.520000 0.010000 0.530000 ( 0.539485)
93
- fast_xs_extra#fast_xs_html
94
- 0.310000 0.030000 0.340000 ( 0.336734)
95
- EscapeUtils.escape_html
96
- 0.200000 0.050000 0.250000 ( 0.258839)
97
-
98
- ==== Unescaping
99
-
100
- CGI.unescapeHTML
101
- 16.520000 0.080000 16.600000 ( 16.853888)
102
- EscapeUtils.unescape_html
103
- 0.120000 0.040000 0.160000 ( 0.162696)
104
-
105
- === Javascript
106
-
107
- ==== Escaping
108
-
109
- ActionView::Helpers::JavaScriptHelper#escape_javascript
110
- 3.810000 0.100000 3.910000 ( 3.925557)
111
- EscapeUtils.escape_javascript
112
- 0.200000 0.040000 0.240000 ( 0.236692)
113
-
114
- ==== Unescaping
115
-
116
- I didn't look that hard, but I'm not aware of another ruby library that does Javascript unescaping to benchmark against. Anyone know of any?
117
-
118
- === URL
119
-
120
- ==== Escaping
121
-
122
- ERB::Util.url_encode
123
- 0.520000 0.010000 0.530000 ( 0.529277)
124
- Rack::Utils.escape
125
- 0.460000 0.010000 0.470000 ( 0.466962)
126
- CGI.escape
127
- 0.440000 0.000000 0.440000 ( 0.443017)
128
- URLEscape#escape
129
- 0.040000 0.000000 0.040000 ( 0.045661)
130
- fast_xs_extra#fast_xs_url
131
- 0.010000 0.000000 0.010000 ( 0.015429)
132
- EscapeUtils.escape_url
133
- 0.010000 0.000000 0.010000 ( 0.010843)
134
-
135
- ==== Unescaping
136
-
137
- Rack::Utils.unescape
138
- 0.250000 0.010000 0.260000 ( 0.257558)
139
- CGI.unescape
140
- 0.250000 0.000000 0.250000 ( 0.257837)
141
- URLEscape#unescape
142
- 0.040000 0.000000 0.040000 ( 0.031548)
143
- fast_xs_extra#fast_uxs_cgi
144
- 0.010000 0.000000 0.010000 ( 0.006062)
145
- EscapeUtils.unescape_url
146
- 0.000000 0.000000 0.000000 ( 0.005679)