escape_utils 0.2.4 → 0.3.0

data/test/xml/escape_test.rb

@@ -0,0 +1,67 @@
+require File.expand_path("../../helper", __FILE__)
+
+class XmlEscapeTest < MiniTest::Unit::TestCase
+  def test_basic_xml
+    assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_xml("<some_tag/>")
+  end
+
+  def test_double_quotes
+    assert_equal "&lt;some_tag some_attr=&quot;some value&quot;/&gt;", EscapeUtils.escape_xml("<some_tag some_attr=\"some value\"/>")
+  end
+
+  def test_single_quotes
+    assert_equal "&lt;some_tag some_attr=&apos;some value&apos;/&gt;", EscapeUtils.escape_xml("<some_tag some_attr='some value'/>")
+  end
+
+  def test_ampersand
+    assert_equal "&lt;b&gt;Bourbon &amp; Branch&lt;/b&gt;", EscapeUtils.escape_xml("<b>Bourbon & Branch</b>")
+  end
+
+  # See http://www.w3.org/TR/REC-xml/#charsets for details.
+  VALID = [
+    (0x9..0xA), 0xD,
+    (0x20..0xD7FF),
+    (0xE000..0xFFFD),
+    (0x10000..0x10FFFF)
+  ]
+
+  REPLACEMENT_CHAR = "?".unpack('U*').first
+
+  def test_invalid_characters
+    VALID.each do |range|
+      if range.kind_of? Range
+        start = range.begin
+        last = range.end
+        last -= 1 if range.exclude_end?
+      else
+        start = last = range
+      end
+      input = [start.pred, start, last, last.next].pack('U*')
+      expect = [REPLACEMENT_CHAR, start, last, REPLACEMENT_CHAR].pack('U*')
+      assert_equal expect, EscapeUtils.escape_xml(input)
+    end
+  end
+
+  if RUBY_VERSION =~ /^1.9/
+    def test_input_must_be_utf8_or_ascii
+      str = "<some_tag/>"
+
+      str.force_encoding 'ISO-8859-1'
+      assert_raises Encoding::CompatibilityError do
+        EscapeUtils.escape_xml(str)
+      end
+
+      str.force_encoding 'UTF-8'
+      begin
+        EscapeUtils.escape_xml(str)
+      rescue Encoding::CompatibilityError => e
+        assert_nil e, "#{e.class.name} raised, expected not to"
+      end
+    end
+
+    def test_return_value_is_tagged_as_utf8
+      str = "<some_tag/>"
+      assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
+    end
+  end
+end

metadata

@@ -1,136 +1,137 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: escape_utils
-version: !ruby/object:Gem::Version 
-  hash: 31
+version: !ruby/object:Gem::Version
+  version: 0.3.0
   prerelease: 
-  segments: 
-  - 0
-  - 2
-  - 4
-  version: 0.2.4
 platform: ruby
-authors: 
+authors:
 - Brian Lopez
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-09-07 00:00:00 -07:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-02-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rake-compiler
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 9
-        segments: 
-        - 0
-        - 7
-        - 5
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.7.5
   type: :development
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.7.5
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 2
-        - 0
-        - 0
-        version: 2.0.0
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: haml
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: fast_xs
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fast_xs
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: actionpack
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: url_escape
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: url_escape
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id007
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email: seniorlopez@gmail.com
 executables: []
-
-extensions: 
+extensions:
 - ext/escape_utils/extconf.rb
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
-- .rspec
+- .travis.yml
 - CHANGELOG.md
 - Gemfile
 - MIT-LICENSE
@@ -142,17 +143,22 @@ files:
 - benchmark/javascript_unescape.rb
 - benchmark/url_escape.rb
 - benchmark/url_unescape.rb
+- benchmark/xml_escape.rb
 - escape_utils.gemspec
 - ext/escape_utils/buffer.c
 - ext/escape_utils/buffer.h
 - ext/escape_utils/escape_utils.c
 - ext/escape_utils/extconf.rb
 - ext/escape_utils/houdini.h
-- ext/escape_utils/houdini_html.c
-- ext/escape_utils/houdini_js.c
-- ext/escape_utils/houdini_uri.c
+- ext/escape_utils/houdini_href_e.c
+- ext/escape_utils/houdini_html_e.c
+- ext/escape_utils/houdini_html_u.c
+- ext/escape_utils/houdini_js_e.c
+- ext/escape_utils/houdini_js_u.c
+- ext/escape_utils/houdini_uri_e.c
+- ext/escape_utils/houdini_uri_u.c
+- ext/escape_utils/houdini_xml_e.c
 - ext/escape_utils/html_unescape.h
-- ext/escape_utils/uri_escape.h
 - lib/escape_utils.rb
 - lib/escape_utils/html/cgi.rb
 - lib/escape_utils/html/erb.rb
@@ -165,65 +171,43 @@ files:
 - lib/escape_utils/url/rack.rb
 - lib/escape_utils/url/uri.rb
 - lib/escape_utils/version.rb
-- spec/html/escape_spec.rb
-- spec/html/unescape_spec.rb
-- spec/html_safety_spec.rb
-- spec/javascript/escape_spec.rb
-- spec/javascript/unescape_spec.rb
-- spec/query/escape_spec.rb
-- spec/query/unescape_spec.rb
-- spec/rcov.opts
-- spec/spec_helper.rb
-- spec/uri/escape_spec.rb
-- spec/uri/unescape_spec.rb
-- spec/url/escape_spec.rb
-- spec/url/unescape_spec.rb
-has_rdoc: true
+- lib/escape_utils/xml/builder.rb
+- test/helper.rb
+- test/html/escape_test.rb
+- test/html/unescape_test.rb
+- test/html_safety_test.rb
+- test/javascript/escape_test.rb
+- test/javascript/unescape_test.rb
+- test/query/escape_test.rb
+- test/query/unescape_test.rb
+- test/uri/escape_test.rb
+- test/uri/unescape_test.rb
+- test/url/escape_test.rb
+- test/url/unescape_test.rb
+- test/xml/escape_test.rb
 homepage: http://github.com/brianmario/escape_utils
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - --charset=UTF-8
-require_paths: 
+require_paths:
 - lib
-- ext
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.6.2
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Faster string escaping routines for your web apps
-test_files: 
-- spec/html/escape_spec.rb
-- spec/html/unescape_spec.rb
-- spec/html_safety_spec.rb
-- spec/javascript/escape_spec.rb
-- spec/javascript/unescape_spec.rb
-- spec/query/escape_spec.rb
-- spec/query/unescape_spec.rb
-- spec/rcov.opts
-- spec/spec_helper.rb
-- spec/uri/escape_spec.rb
-- spec/uri/unescape_spec.rb
-- spec/url/escape_spec.rb
-- spec/url/unescape_spec.rb
+test_files: []

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---colour

data/ext/escape_utils/houdini_html.c

@@ -1,214 +0,0 @@
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "houdini.h"
-#include "html_unescape.h"
-
-#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10) /* this is very scientific, yes */
-#define UNESCAPE_GROW_FACTOR(x) (x) /* unescaping shouldn't grow our buffer */
-
-/* Helper _isdigit methods -- do not trust the current locale */
-int _isxdigit(int c)
-{
-	return strchr("0123456789ABCDEFabcdef", c) != NULL;
-}
-
-int _isdigit(int c)
-{
-	return (c >= '0' && c <= '9');
-}
-
-
-/**
- * According to the OWASP rules:
- *
- * & --> &amp;
- * < --> &lt;
- * > --> &gt;
- * " --> &quot;
- * ' --> &#x27;     &apos; is not recommended
- * / --> &#x2F;     forward slash is included as it helps end an HTML entity
- *
- */
-static const char HTML_ESCAPE_TABLE[] = {
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-static const char *HTML_ESCAPES[] = {
-        "",
-        "&quot;",
-        "&amp;",
-        "&#39;",
-        "&#47;",
-        "&lt;",
-        "&gt;"
-};
-
-void
-houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size, int secure)
-{
-	size_t  i = 0, org, esc;
-
-	bufgrow(ob, ESCAPE_GROW_FACTOR(size));
-
-	while (i < size) {
-		org = i;
-		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
-			i++;
-
-		if (i > org)
-			bufput(ob, src + org, i - org);
-
-		/* escaping */
-		if (i >= size)
-			break;
-
-		/* The forward slash is only escaped in secure mode */
-		if (src[i] == '/' && !secure) {
-			bufputc(ob, '/');
-		} else {
-			bufputs(ob, HTML_ESCAPES[esc]);
-		}
-
-		i++;
-	}
-}
-
-static inline void
-bufput_utf8(struct buf *ob, int c)
-{
-	unsigned char unichar[4];
-
-	if (c < 0x80) {
-		bufputc(ob, c);
-	}
-	else if (c < 0x800) {
-		unichar[0] = 192 + (c / 64);
-		unichar[1] = 128 + (c % 64);
-		bufput(ob, unichar, 2);
-	}
-	else if (c - 0xd800u < 0x800) {
-		bufputc(ob, '?');
-	}
-	else if (c < 0x10000) {
-		unichar[0] = 224 + (c / 4096);
-		unichar[1] = 128 + (c / 64) % 64;
-		unichar[2] = 128 + (c % 64);
-		bufput(ob, unichar, 3);
-	}
-	else if (c < 0x110000) {
-		unichar[0] = 240 + (c / 262144);
-		unichar[1] = 128 + (c / 4096) % 64;
-		unichar[2] = 128 + (c / 64) % 64;
-		unichar[3] = 128 + (c % 64);
-		bufput(ob, unichar, 4);
-	}
-	else {
-		bufputc(ob, '?');
-	}
-}
-
-static size_t
-unescape_ent(struct buf *ob, const uint8_t *src, size_t size)
-{
-	size_t i = 0;
-
-	if (size > 3 && src[0] == '#') {
-		int codepoint = 0;
-
-		if (_isdigit(src[1])) {
-			for (i = 1; i < size && _isdigit(src[i]); ++i)
-				codepoint = (codepoint * 10) + (src[i] - '0');
-		}
-
-		else if (src[1] == 'x' || src[1] == 'X') {
-			for (i = 2; i < size && _isxdigit(src[i]); ++i)
-				codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
-		}
-
-		if (i < size && src[i] == ';') {
-			bufput_utf8(ob, codepoint);
-			return i + 1;
-		}
-	}
-
-	else {
-		if (size > MAX_WORD_LENGTH)
-			size = MAX_WORD_LENGTH;
-
-		for (i = MIN_WORD_LENGTH; i < size; ++i) {
-			if (src[i] == ' ')
-				break;
-
-			if (src[i] == ';') {
-				const struct html_ent *entity = find_entity((char *)src, i);
-
-				if (entity != NULL) {
-					bufput(ob, entity->utf8, entity->utf8_len);
-					return i + 1;
-				}
-
-				break;
-			}
-		}
-	}
-
-	bufputc(ob, '&');
-	return 0;
-}
-
-void
-houdini_unescape_html(struct buf *ob, const uint8_t *src, size_t size)
-{
-	size_t  i = 0, org;
-
-	bufgrow(ob, UNESCAPE_GROW_FACTOR(size));
-
-	while (i < size) {
-		org = i;
-		while (i < size && src[i] != '&')
-			i++;
-
-		if (i > org)
-			bufput(ob, src + org, i - org);
-
-		/* escaping */
-		if (i >= size)
-			break;
-
-		i++;
-		i += unescape_ent(ob, src + i, size - i);
-	}
-}
-
-#ifdef TEST
-
-int main()
-{
-	const char TEST_STRING[] = "This &#x2663; is & just &quot;an example&diams;&quot;";
-	struct buf *buffer;
-
-	buffer = bufnew(128);
-	houdini_unescape_html(buffer, TEST_STRING, strlen(TEST_STRING));
-	printf("Result: %.*s\n", (int)buffer->size, buffer->data);
-	bufrelease(buffer);
-	return 0;
-}
-#endif
-