escape_utils 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/ci.yml +43 -0
- data/.gitignore +0 -1
- data/CHANGELOG.md +23 -0
- data/Gemfile +15 -0
- data/README.md +48 -91
- data/Rakefile +4 -2
- data/benchmark/html_escape_once.rb +25 -0
- data/benchmark/javascript_escape.rb +1 -1
- data/benchmark/javascript_unescape.rb +1 -1
- data/benchmark/url_decode.rb +28 -0
- data/benchmark/url_encode.rb +37 -0
- data/benchmark/xml_escape.rb +7 -11
- data/bin/console +8 -0
- data/escape_utils.gemspec +1 -12
- data/ext/escape_utils/escape_utils.c +8 -115
- data/ext/escape_utils/houdini.h +3 -5
- data/ext/escape_utils/houdini_html_e.c +52 -24
- data/ext/escape_utils/houdini_js_e.c +15 -3
- data/ext/escape_utils/houdini_uri_e.c +7 -18
- data/ext/escape_utils/houdini_uri_u.c +5 -15
- data/ext/escape_utils/houdini_xml_e.c +15 -1
- data/lib/escape_utils/html/cgi.rb +10 -8
- data/lib/escape_utils/html/erb.rb +1 -10
- data/lib/escape_utils/html/haml.rb +1 -7
- data/lib/escape_utils/html/rack.rb +3 -3
- data/lib/escape_utils/html_safety.rb +13 -0
- data/lib/escape_utils/url/cgi.rb +0 -8
- data/lib/escape_utils/url/erb.rb +1 -1
- data/lib/escape_utils/url/rack.rb +0 -12
- data/lib/escape_utils/url/uri.rb +11 -7
- data/lib/escape_utils/version.rb +1 -1
- data/lib/escape_utils/xml/builder.rb +2 -2
- data/lib/escape_utils.rb +61 -9
- data/test/helper.rb +16 -3
- data/test/html/escape_test.rb +66 -42
- data/test/html/unescape_test.rb +3 -21
- data/test/html_safety_test.rb +1 -27
- data/test/javascript/escape_test.rb +53 -20
- data/test/javascript/unescape_test.rb +16 -18
- data/test/query/escape_test.rb +3 -21
- data/test/query/unescape_test.rb +5 -23
- data/test/uri/escape_test.rb +16 -18
- data/test/uri/unescape_test.rb +17 -19
- data/test/uri_component/escape_test.rb +15 -17
- data/test/uri_component/unescape_test.rb +17 -19
- data/test/url/escape_test.rb +3 -21
- data/test/url/unescape_test.rb +5 -23
- data/test/xml/escape_test.rb +15 -17
- metadata +14 -127
- data/.travis.yml +0 -7
- data/benchmark/html_escape.rb +0 -68
- data/benchmark/html_unescape.rb +0 -35
- data/benchmark/url_escape.rb +0 -56
- data/benchmark/url_unescape.rb +0 -50
- data/ext/escape_utils/houdini_html_u.c +0 -122
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 7b4b256a1ceb8ed2f7e673d5e2081daafb36761d93d3ebe38c6a1b51017f7ed5
|
4
|
+
data.tar.gz: 23de0f72e4df0b9ddf1d6ca0063fcac74696dc7da429f4b8eb5200fb90ba6435
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0d009060659e31a0d82073d8d6f870b174fc7647c34686d1168ac65bb6abf066043fb568c161850fb90a00ca0f0e55151874e0509089d62e92fb7c97d2187534
|
7
|
+
data.tar.gz: 6395d5b453930debba5b6eee4f5cc2440f2fc72f01d27c45987ecdcb461ff0edfd6ae15935f8ec9f50b010f5f4afcd4e419ee10a2bcdb995652b8be5688a316a
|
@@ -0,0 +1,43 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on: [push, pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
rubies:
|
7
|
+
runs-on: ubuntu-latest
|
8
|
+
strategy:
|
9
|
+
fail-fast: false
|
10
|
+
matrix:
|
11
|
+
ruby: [ ruby-head, '3.1', '3.0', '2.7', '2.6', '2.5' ]
|
12
|
+
steps:
|
13
|
+
- name: Checkout
|
14
|
+
uses: actions/checkout@v2
|
15
|
+
- name: Set up Ruby
|
16
|
+
uses: ruby/setup-ruby@v1
|
17
|
+
with:
|
18
|
+
ruby-version: ${{ matrix.ruby }}
|
19
|
+
- name: Install dependencies
|
20
|
+
run: bundle install
|
21
|
+
- name: Run test
|
22
|
+
run: rake
|
23
|
+
- name: Install gem
|
24
|
+
run: rake install
|
25
|
+
platforms:
|
26
|
+
strategy:
|
27
|
+
matrix:
|
28
|
+
os: [macos, windows]
|
29
|
+
ruby: ['2.5']
|
30
|
+
runs-on: ${{ matrix.os }}-latest
|
31
|
+
steps:
|
32
|
+
- name: Checkout
|
33
|
+
uses: actions/checkout@v3
|
34
|
+
- name: Set up Ruby
|
35
|
+
uses: ruby/setup-ruby@v1
|
36
|
+
with:
|
37
|
+
ruby-version: ${{ matrix.ruby }}
|
38
|
+
- name: Install dependencies
|
39
|
+
run: bundle install
|
40
|
+
- name: Run test
|
41
|
+
run: bundle exec rake
|
42
|
+
- name: Install gem
|
43
|
+
run: bundle exec rake install
|
data/.gitignore
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Unreleased
|
2
|
+
|
3
|
+
# 1.3.0
|
4
|
+
|
5
|
+
- Deprecate `EscapeUtils.escape_url` and `EscapeUtils.unescape_url` given that Ruby 2.5 provides an optimized `CGI.escape` and `CGI.unescape` with mostly similar performance.
|
6
|
+
- Don't patch `URI.escape` and `URI.unescape` if they don't already exist.
|
7
|
+
- Add `EscapeUtils.escape_html_once` and `EscapeUtils.rb_eu_escape_html_once_as_html_safe` as faster implementations of Rails `escape_once` helper.
|
8
|
+
- Deprecate `escape_html` and `escape_html_as_html_safe` given that Ruby 2.5 optimized `GCI.escapeHTML` to be twice faster than the `EscapeUtils` implementation.
|
9
|
+
- Deprecate `unescape_html` given that Ruby 2.5 optimized `GCI.unescapeHTML` to be only 40% slower than th `EscapeUtils` implementation.
|
10
|
+
- Deprecate `escape_html_as_html_safe` as well.
|
11
|
+
- Deprecate `EscapeUtils.html_safe`, there's no reason to escape for slashes `/` in 2022.
|
12
|
+
|
13
|
+
# 1.2.2
|
14
|
+
|
15
|
+
- Update EscapeUtils.escape_javascript to match Rails `escape_javascript`
|
16
|
+
Now escapes, Backquotes (```), Dollar (`$`), `U+2000` and `U+2001`
|
17
|
+
- Make the Rack monkey patch a noop as it's no longer correct since circa 2011.
|
18
|
+
- Require Ruby 2.5+
|
19
|
+
- Stop escaping `~` like `CGI.escape` does since Ruby 2.5
|
20
|
+
|
21
|
+
# 1.2.1
|
22
|
+
|
23
|
+
- Historical version
|
data/Gemfile
CHANGED
@@ -1,3 +1,18 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
+
group :test do
|
4
|
+
gem 'rake-compiler'
|
5
|
+
gem 'minitest'
|
6
|
+
gem 'actionview'
|
7
|
+
end
|
8
|
+
|
9
|
+
group :benchmark do
|
10
|
+
gem 'benchmark-ips'
|
11
|
+
gem 'rack'
|
12
|
+
gem 'haml'
|
13
|
+
gem 'fast_xs'
|
14
|
+
gem 'actionpack'
|
15
|
+
gem 'url_escape'
|
16
|
+
end
|
17
|
+
|
3
18
|
gemspec
|
data/README.md
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
# escape_utils
|
2
2
|
|
3
|
-
|
3
|
+
`EscapeUtils` used to provide optimized escaping function to replace the slow methods
|
4
|
+
provided by Ruby. Since Ruby 2.5, the various `CGI` escape methods have been severely optimized
|
5
|
+
and most `EscapeUtils` methods became irrelevant and were deprecated.
|
4
6
|
|
5
|
-
|
7
|
+
It however still provide fast escaping and unescaping methods for URL (RFC 3986), Javascript, XML, as well as an "escape HTML once" method.
|
6
8
|
|
7
|
-
It has monkey-patches for Rack::Utils,
|
8
|
-
|
9
|
-
It supports HTML, URL, URI and Javascript escaping/unescaping.
|
9
|
+
It has monkey-patches for Rack::Utils, URI and ERB::Util so you can drop this in and have your app start escaping fast as balls in no time
|
10
10
|
|
11
11
|
## Installing
|
12
12
|
|
13
|
-
Compatible with Ruby
|
13
|
+
Compatible with Ruby 2.5+
|
14
14
|
|
15
15
|
``` sh
|
16
16
|
gem install escape_utils
|
@@ -22,72 +22,62 @@ escape_utils assumes all input is encoded as valid UTF-8. If you are dealing wit
|
|
22
22
|
|
23
23
|
|
24
24
|
``` ruby
|
25
|
-
utf8_string = non_utf8_string.encode(
|
25
|
+
utf8_string = non_utf8_string.encode(Encoding::UTF_8)
|
26
26
|
```
|
27
27
|
|
28
28
|
## Usage
|
29
29
|
|
30
30
|
### HTML
|
31
31
|
|
32
|
-
|
33
|
-
|
34
|
-
``` ruby
|
35
|
-
html = `curl -s http://maps.google.com`
|
36
|
-
escaped_html = EscapeUtils.escape_html(html)
|
37
|
-
```
|
32
|
+
As of `escape_utils 1.3.0`, regular HTML escaping methods are deprecated. Ruby 2.5 introduced C implementations for `CGI.escapeHTML` and `CGI.unescapeHTML` which are respectively faster and almost as fast as `EscapeUtils`. Use that instead.
|
38
33
|
|
39
|
-
|
40
|
-
or per-call by passing `false` as the second parameter to `escape_html` like `EscapeUtils.escape_html(html, false)`
|
41
|
-
|
42
|
-
For more information check out: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
|
43
|
-
|
44
|
-
#### Unescaping
|
45
|
-
|
46
|
-
``` ruby
|
47
|
-
html = `curl -s http://maps.google.com`
|
48
|
-
escaped_html = EscapeUtils.escape_html(html)
|
49
|
-
html = EscapeUtils.unescape_html(escaped_html)
|
50
|
-
```
|
34
|
+
To avoid double-escaping HTML entities, use `EscapeUtils.escape_html_once`.
|
51
35
|
|
52
36
|
#### Monkey Patches
|
53
37
|
|
38
|
+
Since historically, `HTML` monkey patches changed the return value for `ActiveSupport::SafeBuffer` instances, they are conserved for that purpose only, but they should be considered as deprecated as well.
|
39
|
+
|
54
40
|
``` ruby
|
55
|
-
require 'escape_utils/html/rack' # to patch Rack::Utils
|
56
|
-
require 'escape_utils/html/erb' # to patch ERB::Util
|
57
41
|
require 'escape_utils/html/cgi' # to patch CGI
|
58
|
-
require 'escape_utils/html/haml' # to patch Haml::Helpers
|
59
42
|
```
|
60
43
|
|
61
44
|
### URL
|
62
45
|
|
63
|
-
Use
|
46
|
+
Use `escape_uri` and `unescape` to get RFC 3986 compliant escaping (like PHP `rawurlencode` or `ERB::Util.url_encode`).
|
64
47
|
|
65
|
-
|
48
|
+
The difference with `CGI.escape` is that spaces (` `) are encoded as `%20` instead of `+`.
|
66
49
|
|
67
50
|
#### Escaping
|
68
51
|
|
69
52
|
``` ruby
|
70
53
|
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
|
71
|
-
escaped_url = EscapeUtils.
|
54
|
+
escaped_url = EscapeUtils.escape_uri(url)
|
72
55
|
```
|
73
56
|
|
74
57
|
#### Unescaping
|
75
58
|
|
76
59
|
``` ruby
|
77
60
|
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
|
78
|
-
escaped_url = EscapeUtils.
|
79
|
-
EscapeUtils.
|
61
|
+
escaped_url = EscapeUtils.escape_uri(url)
|
62
|
+
EscapeUtils.unescape_uri(escaped_uri) == url # => true
|
80
63
|
```
|
81
64
|
|
82
65
|
#### Monkey Patches
|
83
66
|
|
84
67
|
``` ruby
|
85
|
-
require 'escape_utils/url/cgi' # to patch CGI
|
86
68
|
require 'escape_utils/url/erb' # to patch ERB::Util
|
87
|
-
require 'escape_utils/url/rack' # to patch Rack::Utils
|
88
69
|
require 'escape_utils/url/uri' # to patch URI
|
89
70
|
```
|
90
71
|
|
72
|
+
Note that `URI.escape` and `URI.unescape` were removed in Ruby 3.0. `'escape_utils/url/uri'` is a noop on Ruby 3+.
|
73
|
+
|
74
|
+
### XML
|
75
|
+
|
76
|
+
```ruby
|
77
|
+
xml = `curl -s 'https://raw.githubusercontent.com/darcyliu/google-styleguide/master/cppguide.xml'`
|
78
|
+
escaped_xml = EscapeUtils.escape_xml(xml)
|
79
|
+
```
|
80
|
+
|
91
81
|
### Javascript
|
92
82
|
|
93
83
|
#### Escaping
|
@@ -113,87 +103,54 @@ require 'escape_utils/javascript/action_view' # to patch ActionView::Helpers::Ja
|
|
113
103
|
|
114
104
|
## Benchmarks
|
115
105
|
|
116
|
-
|
117
|
-
|
118
|
-
Escaping Javascript is around
|
106
|
+
Escaping URL following RFC 3986 is 13-32x faster than the methods provided by Ruby.
|
107
|
+
|
108
|
+
Escaping Javascript is around 13x faster than Rails `escape_javascript`.
|
109
|
+
|
110
|
+
`EscapeUtils.escape_html_once` is about 17x faster than Rails `escape_once`.
|
119
111
|
|
120
112
|
This output is from my laptop using the benchmark scripts in the benchmarks folder.
|
121
113
|
|
122
|
-
###
|
114
|
+
### Javascript
|
123
115
|
|
124
116
|
#### Escaping
|
125
117
|
|
126
118
|
```
|
127
|
-
|
128
|
-
|
129
|
-
Haml::Helpers.html_escape
|
130
|
-
9.310000 0.110000 9.420000 ( 9.417317)
|
131
|
-
ERB::Util.html_escape
|
132
|
-
5.330000 0.390000 5.720000 ( 5.748394)
|
133
|
-
CGI.escapeHTML
|
134
|
-
5.370000 0.380000 5.750000 ( 5.791344)
|
135
|
-
FasterHTMLEscape.html_escape
|
136
|
-
0.520000 0.010000 0.530000 ( 0.539485)
|
137
|
-
fast_xs_extra#fast_xs_html
|
138
|
-
0.310000 0.030000 0.340000 ( 0.336734)
|
139
|
-
EscapeUtils.escape_html
|
140
|
-
0.200000 0.050000 0.250000 ( 0.258839)
|
119
|
+
EscapeUtils.escape_javascript: 1567.5 i/s
|
120
|
+
ActionView::Helpers::JavaScriptHelper#escape_javascript: 116.8 i/s - 13.42x (± 0.00) slower
|
141
121
|
```
|
142
122
|
|
143
123
|
#### Unescaping
|
144
124
|
|
145
125
|
```
|
146
|
-
|
147
|
-
16.520000 0.080000 16.600000 ( 16.853888)
|
148
|
-
EscapeUtils.unescape_html
|
149
|
-
0.120000 0.040000 0.160000 ( 0.162696)
|
126
|
+
EscapeUtils.escape_javascript: 2.089k (± 3.0%) i/s - 10.530k in 5.044615s
|
150
127
|
```
|
151
128
|
|
152
|
-
|
129
|
+
I didn't look that hard, but I'm not aware of another ruby library that does Javascript unescaping to benchmark against. Anyone know of any?
|
130
|
+
|
131
|
+
### URL
|
153
132
|
|
154
133
|
#### Escaping
|
155
134
|
|
156
135
|
```
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
136
|
+
EscapeUtils.escape_uri: 4019359.2 i/s
|
137
|
+
fast_xs_extra#fast_xs_url: 2435949.2 i/s - 1.65x (± 0.00) slower
|
138
|
+
URI::DEFAULT_PARSER.escape: 288800.8 i/s - 13.92x (± 0.00) slower
|
139
|
+
ERB::Util.url_encode: 122373.5 i/s - 32.85x (± 0.00) slower
|
161
140
|
```
|
162
141
|
|
163
142
|
#### Unescaping
|
164
143
|
|
165
|
-
I didn't look that hard, but I'm not aware of another ruby library that does Javascript unescaping to benchmark against. Anyone know of any?
|
166
|
-
|
167
|
-
### URL
|
168
|
-
|
169
|
-
#### Escaping
|
170
|
-
|
171
144
|
```
|
172
|
-
|
173
|
-
|
174
|
-
Rack::Utils.escape
|
175
|
-
0.460000 0.010000 0.470000 ( 0.466962)
|
176
|
-
CGI.escape
|
177
|
-
0.440000 0.000000 0.440000 ( 0.443017)
|
178
|
-
URLEscape#escape
|
179
|
-
0.040000 0.000000 0.040000 ( 0.045661)
|
180
|
-
fast_xs_extra#fast_xs_url
|
181
|
-
0.010000 0.000000 0.010000 ( 0.015429)
|
182
|
-
EscapeUtils.escape_url
|
183
|
-
0.010000 0.000000 0.010000 ( 0.010843)
|
145
|
+
EscapeUtils.unescape_uri: 3866774.5 i/s
|
146
|
+
fast_xs_extra#fast_uxs_url: 2438900.7 i/s - 1.59x (± 0.00) slower
|
184
147
|
```
|
185
148
|
|
186
|
-
|
149
|
+
### HTML
|
150
|
+
|
151
|
+
#### Escape once
|
187
152
|
|
188
153
|
```
|
189
|
-
|
190
|
-
|
191
|
-
CGI.unescape
|
192
|
-
0.250000 0.000000 0.250000 ( 0.257837)
|
193
|
-
URLEscape#unescape
|
194
|
-
0.040000 0.000000 0.040000 ( 0.031548)
|
195
|
-
fast_xs_extra#fast_uxs_cgi
|
196
|
-
0.010000 0.000000 0.010000 ( 0.006062)
|
197
|
-
EscapeUtils.unescape_url
|
198
|
-
0.000000 0.000000 0.000000 ( 0.005679)
|
154
|
+
EscapeUtils.escape_html_once: 2831.5 i/s
|
155
|
+
ActionView::Helpers::TagHelper#escape_once: 161.4 i/s - 17.55x (± 0.00) slower
|
199
156
|
```
|
data/Rakefile
CHANGED
@@ -1,12 +1,14 @@
|
|
1
|
+
require 'bundler/gem_tasks'
|
1
2
|
require 'rake/testtask'
|
2
3
|
|
3
4
|
Rake::TestTask.new do |t|
|
4
|
-
t.
|
5
|
+
t.libs << "test"
|
6
|
+
t.libs << "lib"
|
7
|
+
t.test_files = FileList["test/**/*_test.rb"]
|
5
8
|
end
|
6
9
|
|
7
10
|
task :default => :test
|
8
11
|
|
9
|
-
gem 'rake-compiler', '>= 0.7.5'
|
10
12
|
require "rake/extensiontask"
|
11
13
|
|
12
14
|
Rake::ExtensionTask.new('escape_utils') do |ext|
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'benchmark/ips'
|
6
|
+
|
7
|
+
require 'escape_utils'
|
8
|
+
require 'active_support/core_ext/string/output_safety'
|
9
|
+
|
10
|
+
url = "https://en.wikipedia.org/wiki/Succession_to_the_British_throne"
|
11
|
+
html = `curl -s #{url}`
|
12
|
+
html = html.force_encoding('utf-8')
|
13
|
+
puts "Escaping #{html.bytesize} bytes of html from #{url}"
|
14
|
+
|
15
|
+
Benchmark.ips do |x|
|
16
|
+
x.report "EscapeUtils.escape_html_once" do
|
17
|
+
EscapeUtils.escape_html_once(html)
|
18
|
+
end
|
19
|
+
|
20
|
+
x.report "ActionView::Helpers::TagHelper#escape_once" do # Rails expose it as ERB::Util.html_escape_once
|
21
|
+
ERB::Util.html_escape_once(html)
|
22
|
+
end
|
23
|
+
|
24
|
+
x.compare!(order: :baseline)
|
25
|
+
end
|
@@ -13,7 +13,7 @@ end
|
|
13
13
|
|
14
14
|
url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js"
|
15
15
|
javascript = `curl -s #{url}`
|
16
|
-
javascript = javascript.force_encoding('utf-8')
|
16
|
+
javascript = javascript.force_encoding('utf-8')
|
17
17
|
puts "Escaping #{javascript.bytesize} bytes of javascript, from #{url}"
|
18
18
|
|
19
19
|
Benchmark.ips do |x|
|
@@ -8,7 +8,7 @@ require 'escape_utils'
|
|
8
8
|
|
9
9
|
url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js"
|
10
10
|
javascript = `curl -s #{url}`
|
11
|
-
javascript = javascript.force_encoding('utf-8')
|
11
|
+
javascript = javascript.force_encoding('utf-8')
|
12
12
|
escaped_javascript = EscapeUtils.escape_javascript(javascript)
|
13
13
|
puts "Escaping #{escaped_javascript.bytesize} bytes of javascript, from #{url}"
|
14
14
|
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'benchmark/ips'
|
6
|
+
|
7
|
+
require 'rack'
|
8
|
+
require 'cgi'
|
9
|
+
require 'url_escape'
|
10
|
+
require 'fast_xs_extra'
|
11
|
+
require 'escape_utils'
|
12
|
+
|
13
|
+
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----"
|
14
|
+
url = url.force_encoding('us-ascii')
|
15
|
+
escaped_url = EscapeUtils.escape_uri(url)
|
16
|
+
puts "Escaping a #{url.bytesize} byte URL"
|
17
|
+
|
18
|
+
Benchmark.ips do |x|
|
19
|
+
x.report "EscapeUtils.unescape_uri" do
|
20
|
+
EscapeUtils.unescape_uri(escaped_url)
|
21
|
+
end
|
22
|
+
|
23
|
+
x.report "fast_xs_extra#fast_uxs_url" do
|
24
|
+
url.fast_xs_url
|
25
|
+
end
|
26
|
+
|
27
|
+
x.compare!(order: :baseline)
|
28
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'benchmark/ips'
|
6
|
+
|
7
|
+
require 'rack'
|
8
|
+
require 'erb'
|
9
|
+
require 'cgi'
|
10
|
+
require 'url_escape'
|
11
|
+
require 'fast_xs_extra'
|
12
|
+
require 'escape_utils'
|
13
|
+
|
14
|
+
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----"
|
15
|
+
puts "Escaping a #{url.bytesize} byte URL times"
|
16
|
+
|
17
|
+
Benchmark.ips do |x|
|
18
|
+
x.report "EscapeUtils.escape_uri" do
|
19
|
+
EscapeUtils.escape_uri(url)
|
20
|
+
end
|
21
|
+
|
22
|
+
x.report " URI::DEFAULT_PARSER.escape" do
|
23
|
+
URI::DEFAULT_PARSER.escape(url)
|
24
|
+
end
|
25
|
+
|
26
|
+
x.report "ERB::Util.url_encode" do |times|
|
27
|
+
times.times do
|
28
|
+
ERB::Util.url_encode(url)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
x.report "fast_xs_extra#fast_xs_url" do
|
33
|
+
url.fast_xs_url
|
34
|
+
end
|
35
|
+
|
36
|
+
x.compare!(order: :baseline)
|
37
|
+
end
|
data/benchmark/xml_escape.rb
CHANGED
@@ -7,23 +7,19 @@ require 'benchmark/ips'
|
|
7
7
|
require 'fast_xs'
|
8
8
|
require 'escape_utils'
|
9
9
|
|
10
|
-
url = "
|
10
|
+
url = "https://raw.githubusercontent.com/darcyliu/google-styleguide/master/cppguide.xml"
|
11
11
|
xml = `curl -s #{url}`
|
12
|
-
xml = xml.force_encoding('binary')
|
12
|
+
xml = xml.force_encoding('binary')
|
13
13
|
puts "Escaping #{xml.bytesize} bytes of xml, from #{url}"
|
14
14
|
|
15
15
|
Benchmark.ips do |x|
|
16
|
-
x.report "
|
17
|
-
|
18
|
-
xml.fast_xs
|
19
|
-
end
|
16
|
+
x.report "EscapeUtils.escape_xml" do
|
17
|
+
EscapeUtils.escape_xml(xml)
|
20
18
|
end
|
21
19
|
|
22
|
-
x.report "
|
23
|
-
|
24
|
-
EscapeUtils.escape_xml(xml)
|
25
|
-
end
|
20
|
+
x.report "fast_xs" do
|
21
|
+
xml.fast_xs
|
26
22
|
end
|
27
23
|
|
28
|
-
x.compare!
|
24
|
+
x.compare!(order: :baseline)
|
29
25
|
end
|
data/bin/console
ADDED
data/escape_utils.gemspec
CHANGED
@@ -16,16 +16,5 @@ Gem::Specification.new do |s|
|
|
16
16
|
s.description = %q{Quickly perform HTML, URL, URI and Javascript escaping/unescaping}
|
17
17
|
s.test_files = `git ls-files test`.split("\n")
|
18
18
|
|
19
|
-
s.required_ruby_version = ">=
|
20
|
-
|
21
|
-
# tests
|
22
|
-
s.add_development_dependency 'rake-compiler', ">= 0.7.5"
|
23
|
-
s.add_development_dependency 'minitest', ">= 5.0.0"
|
24
|
-
# benchmarks
|
25
|
-
s.add_development_dependency 'benchmark-ips'
|
26
|
-
s.add_development_dependency 'rack'
|
27
|
-
s.add_development_dependency 'haml'
|
28
|
-
s.add_development_dependency 'fast_xs'
|
29
|
-
s.add_development_dependency 'actionpack'
|
30
|
-
s.add_development_dependency 'url_escape'
|
19
|
+
s.required_ruby_version = ">= 2.5"
|
31
20
|
end
|