escape_utils 0.2.3 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +2 -1
- data/CHANGELOG.md +4 -0
- data/README.md +206 -0
- data/benchmark/html_escape.rb +1 -0
- data/benchmark/html_unescape.rb +1 -0
- data/benchmark/javascript_escape.rb +1 -0
- data/benchmark/javascript_unescape.rb +1 -0
- data/benchmark/url_escape.rb +1 -0
- data/benchmark/url_unescape.rb +1 -0
- data/escape_utils.gemspec +0 -3
- data/ext/escape_utils/buffer.c +228 -0
- data/ext/escape_utils/buffer.h +91 -0
- data/ext/escape_utils/escape_utils.c +111 -531
- data/ext/escape_utils/houdini.h +15 -0
- data/ext/escape_utils/houdini_html.c +214 -0
- data/ext/escape_utils/houdini_js.c +148 -0
- data/ext/escape_utils/houdini_uri.c +130 -0
- data/ext/escape_utils/html_unescape.h +754 -0
- data/ext/escape_utils/uri_escape.h +35 -0
- data/lib/escape_utils.rb +2 -2
- data/lib/escape_utils/html/cgi.rb +0 -2
- data/lib/escape_utils/html/erb.rb +0 -2
- data/lib/escape_utils/html/haml.rb +0 -2
- data/lib/escape_utils/html/rack.rb +0 -2
- data/lib/escape_utils/html_safety.rb +0 -2
- data/lib/escape_utils/javascript/action_view.rb +0 -2
- data/lib/escape_utils/url/cgi.rb +0 -2
- data/lib/escape_utils/url/erb.rb +0 -2
- data/lib/escape_utils/url/rack.rb +0 -2
- data/lib/escape_utils/url/uri.rb +0 -2
- data/lib/escape_utils/version.rb +1 -1
- data/spec/html/escape_spec.rb +0 -1
- data/spec/html/unescape_spec.rb +0 -1
- data/spec/html_safety_spec.rb +0 -1
- data/spec/javascript/escape_spec.rb +0 -1
- data/spec/javascript/unescape_spec.rb +0 -1
- data/spec/query/escape_spec.rb +0 -1
- data/spec/query/unescape_spec.rb +1 -0
- data/spec/spec_helper.rb +0 -1
- data/spec/uri/escape_spec.rb +0 -1
- data/spec/uri/unescape_spec.rb +1 -0
- data/spec/url/escape_spec.rb +0 -1
- data/spec/url/unescape_spec.rb +1 -0
- metadata +16 -8
- data/README.rdoc +0 -146
@@ -0,0 +1,35 @@
|
|
1
|
+
static const char URL_SAFE[] = {
|
2
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
3
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
4
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,
|
5
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,
|
6
|
+
0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
7
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,
|
8
|
+
0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
9
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
|
10
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
11
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
12
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
13
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
14
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
15
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
16
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
17
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
|
18
|
+
|
19
|
+
static const char URI_SAFE[] = {
|
20
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
21
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
22
|
+
0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
23
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
|
24
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
25
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
|
26
|
+
0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
27
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0,
|
28
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
29
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
30
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
31
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
32
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
33
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
34
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
35
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
|
data/lib/escape_utils.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
require 'escape_utils/escape_utils'
|
3
2
|
require 'escape_utils/version' unless defined? EscapeUtils::VERSION
|
4
3
|
|
5
|
-
EscapeUtils.send(:extend, EscapeUtils)
|
6
4
|
module EscapeUtils
|
5
|
+
extend self
|
6
|
+
|
7
7
|
# turn on/off the escaping of the '/' character during HTML escaping
|
8
8
|
# Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
|
9
9
|
# This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
|
data/lib/escape_utils/url/cgi.rb
CHANGED
data/lib/escape_utils/url/erb.rb
CHANGED
data/lib/escape_utils/url/uri.rb
CHANGED
data/lib/escape_utils/version.rb
CHANGED
data/spec/html/escape_spec.rb
CHANGED
data/spec/html/unescape_spec.rb
CHANGED
data/spec/html_safety_spec.rb
CHANGED
data/spec/query/escape_spec.rb
CHANGED
data/spec/query/unescape_spec.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
data/spec/uri/escape_spec.rb
CHANGED
data/spec/uri/unescape_spec.rb
CHANGED
data/spec/url/escape_spec.rb
CHANGED
data/spec/url/unescape_spec.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: escape_utils
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 31
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 2
|
9
|
-
-
|
10
|
-
version: 0.2.
|
9
|
+
- 4
|
10
|
+
version: 0.2.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Brian Lopez
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-
|
18
|
+
date: 2011-09-07 00:00:00 -07:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -126,15 +126,15 @@ executables: []
|
|
126
126
|
|
127
127
|
extensions:
|
128
128
|
- ext/escape_utils/extconf.rb
|
129
|
-
extra_rdoc_files:
|
130
|
-
|
129
|
+
extra_rdoc_files: []
|
130
|
+
|
131
131
|
files:
|
132
132
|
- .gitignore
|
133
133
|
- .rspec
|
134
134
|
- CHANGELOG.md
|
135
135
|
- Gemfile
|
136
136
|
- MIT-LICENSE
|
137
|
-
- README.
|
137
|
+
- README.md
|
138
138
|
- Rakefile
|
139
139
|
- benchmark/html_escape.rb
|
140
140
|
- benchmark/html_unescape.rb
|
@@ -143,8 +143,16 @@ files:
|
|
143
143
|
- benchmark/url_escape.rb
|
144
144
|
- benchmark/url_unescape.rb
|
145
145
|
- escape_utils.gemspec
|
146
|
+
- ext/escape_utils/buffer.c
|
147
|
+
- ext/escape_utils/buffer.h
|
146
148
|
- ext/escape_utils/escape_utils.c
|
147
149
|
- ext/escape_utils/extconf.rb
|
150
|
+
- ext/escape_utils/houdini.h
|
151
|
+
- ext/escape_utils/houdini_html.c
|
152
|
+
- ext/escape_utils/houdini_js.c
|
153
|
+
- ext/escape_utils/houdini_uri.c
|
154
|
+
- ext/escape_utils/html_unescape.h
|
155
|
+
- ext/escape_utils/uri_escape.h
|
148
156
|
- lib/escape_utils.rb
|
149
157
|
- lib/escape_utils/html/cgi.rb
|
150
158
|
- lib/escape_utils/html/erb.rb
|
@@ -201,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
201
209
|
requirements: []
|
202
210
|
|
203
211
|
rubyforge_project:
|
204
|
-
rubygems_version: 1.6.
|
212
|
+
rubygems_version: 1.6.2
|
205
213
|
signing_key:
|
206
214
|
specification_version: 3
|
207
215
|
summary: Faster string escaping routines for your web apps
|
data/README.rdoc
DELETED
@@ -1,146 +0,0 @@
|
|
1
|
-
= escape_utils
|
2
|
-
|
3
|
-
Being as though we're all html escaping everything these days, why not make it faster?
|
4
|
-
|
5
|
-
For character encoding in 1.9, we'll return strings in whatever Encoding.default_internal is set to or utf-8 otherwise.
|
6
|
-
|
7
|
-
It has monkey-patches for Rack::Utils, CGI, URI, ERB::Util and Haml and ActionView so you can drop this in and have your app start escaping fast as balls in no time
|
8
|
-
|
9
|
-
It supports HTML, URL, URI and Javascript escaping/unescaping.
|
10
|
-
|
11
|
-
== Installing
|
12
|
-
|
13
|
-
gem install escape_utils
|
14
|
-
|
15
|
-
== Usage
|
16
|
-
|
17
|
-
=== HTML
|
18
|
-
|
19
|
-
==== Escaping
|
20
|
-
|
21
|
-
html = `curl -s http://maps.google.com`
|
22
|
-
escaped_html = EscapeUtils.escape_html(html)
|
23
|
-
|
24
|
-
==== Unescaping
|
25
|
-
|
26
|
-
html = `curl -s http://maps.google.com`
|
27
|
-
escaped_html = EscapeUtils.escape_html(html)
|
28
|
-
html = EscapeUtils.unescape_html(escaped_html)
|
29
|
-
|
30
|
-
==== Monkey Patches
|
31
|
-
|
32
|
-
require 'escape_utils/html/rack' # to patch Rack::Utils
|
33
|
-
require 'escape_utils/html/erb' # to patch ERB::Util
|
34
|
-
require 'escape_utils/html/cgi' # to patch CGI
|
35
|
-
require 'escape_utils/html/haml' # to patch Haml::Helpers
|
36
|
-
|
37
|
-
=== URL
|
38
|
-
|
39
|
-
Use (un)escape_uri to get RFC-compliant escaping (like PHP rawurlencode).
|
40
|
-
|
41
|
-
Use (un)escape_url to get CGI escaping (where space is +).
|
42
|
-
|
43
|
-
==== Escaping
|
44
|
-
|
45
|
-
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
|
46
|
-
escaped_url = EscapeUtils.escape_url(url)
|
47
|
-
|
48
|
-
==== Unescaping
|
49
|
-
|
50
|
-
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
|
51
|
-
escaped_url = EscapeUtils.escape_url(url)
|
52
|
-
EscapeUtils.unescape_url(escaped_url) == url # => true
|
53
|
-
|
54
|
-
=== Javascript
|
55
|
-
|
56
|
-
==== Escaping
|
57
|
-
|
58
|
-
javascript = `curl -s http://code.jquery.com/jquery-1.4.2.js`
|
59
|
-
escaped_javascript = EscapeUtils.escape_javascript(javascript)
|
60
|
-
|
61
|
-
==== Unescaping
|
62
|
-
|
63
|
-
javascript = `curl -s http://code.jquery.com/jquery-1.4.2.js`
|
64
|
-
escaped_javascript = EscapeUtils.escape_javascript(javascript)
|
65
|
-
EscapeUtils.unescape_javascript(escaped_javascript) == javascript # => true
|
66
|
-
|
67
|
-
==== Monkey Patches
|
68
|
-
|
69
|
-
require 'escape_utils/javascript/action_view' # to patch ActionView::Helpers::JavaScriptHelper
|
70
|
-
|
71
|
-
== Benchmarks
|
72
|
-
|
73
|
-
In my testing, escaping html is around 10-30x faster than the pure ruby implementations in wide use today.
|
74
|
-
While unescaping html is around 40-100x faster than CGI.unescapeHTML which is also pure ruby.
|
75
|
-
Escaping Javascript is around 16-30x faster.
|
76
|
-
|
77
|
-
This output is from my laptop using the benchmark scripts in the benchmarks folder.
|
78
|
-
|
79
|
-
=== HTML
|
80
|
-
|
81
|
-
==== Escaping
|
82
|
-
|
83
|
-
Rack::Utils.escape_html
|
84
|
-
9.650000 0.090000 9.740000 ( 9.750756)
|
85
|
-
Haml::Helpers.html_escape
|
86
|
-
9.310000 0.110000 9.420000 ( 9.417317)
|
87
|
-
ERB::Util.html_escape
|
88
|
-
5.330000 0.390000 5.720000 ( 5.748394)
|
89
|
-
CGI.escapeHTML
|
90
|
-
5.370000 0.380000 5.750000 ( 5.791344)
|
91
|
-
FasterHTMLEscape.html_escape
|
92
|
-
0.520000 0.010000 0.530000 ( 0.539485)
|
93
|
-
fast_xs_extra#fast_xs_html
|
94
|
-
0.310000 0.030000 0.340000 ( 0.336734)
|
95
|
-
EscapeUtils.escape_html
|
96
|
-
0.200000 0.050000 0.250000 ( 0.258839)
|
97
|
-
|
98
|
-
==== Unescaping
|
99
|
-
|
100
|
-
CGI.unescapeHTML
|
101
|
-
16.520000 0.080000 16.600000 ( 16.853888)
|
102
|
-
EscapeUtils.unescape_html
|
103
|
-
0.120000 0.040000 0.160000 ( 0.162696)
|
104
|
-
|
105
|
-
=== Javascript
|
106
|
-
|
107
|
-
==== Escaping
|
108
|
-
|
109
|
-
ActionView::Helpers::JavaScriptHelper#escape_javascript
|
110
|
-
3.810000 0.100000 3.910000 ( 3.925557)
|
111
|
-
EscapeUtils.escape_javascript
|
112
|
-
0.200000 0.040000 0.240000 ( 0.236692)
|
113
|
-
|
114
|
-
==== Unescaping
|
115
|
-
|
116
|
-
I didn't look that hard, but I'm not aware of another ruby library that does Javascript unescaping to benchmark against. Anyone know of any?
|
117
|
-
|
118
|
-
=== URL
|
119
|
-
|
120
|
-
==== Escaping
|
121
|
-
|
122
|
-
ERB::Util.url_encode
|
123
|
-
0.520000 0.010000 0.530000 ( 0.529277)
|
124
|
-
Rack::Utils.escape
|
125
|
-
0.460000 0.010000 0.470000 ( 0.466962)
|
126
|
-
CGI.escape
|
127
|
-
0.440000 0.000000 0.440000 ( 0.443017)
|
128
|
-
URLEscape#escape
|
129
|
-
0.040000 0.000000 0.040000 ( 0.045661)
|
130
|
-
fast_xs_extra#fast_xs_url
|
131
|
-
0.010000 0.000000 0.010000 ( 0.015429)
|
132
|
-
EscapeUtils.escape_url
|
133
|
-
0.010000 0.000000 0.010000 ( 0.010843)
|
134
|
-
|
135
|
-
==== Unescaping
|
136
|
-
|
137
|
-
Rack::Utils.unescape
|
138
|
-
0.250000 0.010000 0.260000 ( 0.257558)
|
139
|
-
CGI.unescape
|
140
|
-
0.250000 0.000000 0.250000 ( 0.257837)
|
141
|
-
URLEscape#unescape
|
142
|
-
0.040000 0.000000 0.040000 ( 0.031548)
|
143
|
-
fast_xs_extra#fast_uxs_cgi
|
144
|
-
0.010000 0.000000 0.010000 ( 0.006062)
|
145
|
-
EscapeUtils.unescape_url
|
146
|
-
0.000000 0.000000 0.000000 ( 0.005679)
|