escape_utils 1.2.0 → 1.3.0

data/ext/escape_utils/escape_utils.c

@@ -9,11 +9,6 @@
 
 static VALUE rb_eEncodingCompatibilityError;
 
-static VALUE eu_new_str(const char *str, size_t len)
-{
-	return rb_enc_str_new(str, len, rb_utf8_encoding());
-}
-
 static void check_utf8_encoding(VALUE str)
 {
 	static rb_encoding *_cached[3] = {NULL, NULL, NULL};
@@ -34,41 +29,6 @@ static void check_utf8_encoding(VALUE str)
 
 typedef int (*houdini_cb)(gh_buf *, const uint8_t *, size_t);
 
-static VALUE rb_mEscapeUtils;
-static ID ID_at_html_safe, ID_new;
-
-/**
- * html_secure instance variable
- */
-static int g_html_secure = 1;
-
-static VALUE rb_eu_set_html_secure(VALUE self, VALUE val)
-{
-	g_html_secure = RTEST(val);
-	rb_ivar_set(self, rb_intern("@html_secure"), val);
-	return val;
-}
-
-/**
-* html_safe_string_class instance variable
-*/
-static VALUE rb_html_safe_string_class;
-static VALUE rb_html_safe_string_template_object;
-
-static VALUE rb_eu_set_html_safe_string_class(VALUE self, VALUE val)
-{
-	Check_Type(val, T_CLASS);
-
-	if (rb_funcall(val, rb_intern("<="), 1, rb_cString) == Qnil)
-		rb_raise(rb_eArgError, "%s must be a descendent of String", rb_class2name(val));
-
-	rb_html_safe_string_class = val;
-	rb_html_safe_string_template_object = rb_class_new_instance(0, NULL, rb_html_safe_string_class);
-	OBJ_FREEZE(rb_html_safe_string_template_object);
-	rb_ivar_set(self, rb_intern("@html_safe_string_class"), val);
-	return val;
-}
-
 /**
  * Generic template
  */
@@ -78,13 +38,13 @@ rb_eu__generic(VALUE str, houdini_cb do_escape)
 	gh_buf buf = GH_BUF_INIT;
 
 	if (NIL_P(str))
-		return eu_new_str("", 0);
+		return rb_utf8_str_new("", 0);
 
 	Check_Type(str, T_STRING);
 	check_utf8_encoding(str);
 
 	if (do_escape(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str))) {
-		VALUE result = eu_new_str(buf.ptr, buf.size);
+		VALUE result = rb_utf8_str_new(buf.ptr, buf.size);
 		gh_buf_free(&buf);
 		return result;
 	}
@@ -96,49 +56,15 @@ rb_eu__generic(VALUE str, houdini_cb do_escape)
 /**
  * HTML methods
  */
-static VALUE new_html_safe_string(const char *ptr, size_t len)
-{
-	return rb_str_new_with_class(rb_html_safe_string_template_object, ptr, len);
-}
-
-static VALUE rb_eu_escape_html_as_html_safe(VALUE self, VALUE str)
-{
-	VALUE result;
-	int secure = g_html_secure;
-	gh_buf buf = GH_BUF_INIT;
-
-	Check_Type(str, T_STRING);
-	check_utf8_encoding(str);
 
-	if (houdini_escape_html0(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str), secure)) {
-		result = new_html_safe_string(buf.ptr, buf.size);
-		gh_buf_free(&buf);
-	} else {
-		result = new_html_safe_string(RSTRING_PTR(str), RSTRING_LEN(str));
-	}
-
-	rb_ivar_set(result, ID_at_html_safe, Qtrue);
-
-	return result;
-}
-
-static VALUE rb_eu_escape_html(int argc, VALUE *argv, VALUE self)
+static VALUE rb_eu_escape_html_once(VALUE self, VALUE str)
 {
-	VALUE str, rb_secure;
 	gh_buf buf = GH_BUF_INIT;
-	int secure = g_html_secure;
-
-	if (rb_scan_args(argc, argv, "11", &str, &rb_secure) == 2) {
-		if (rb_secure == Qfalse) {
-			secure = 0;
-		}
-	}
-
 	Check_Type(str, T_STRING);
 	check_utf8_encoding(str);
 
-	if (houdini_escape_html0(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str), secure)) {
-		VALUE result = eu_new_str(buf.ptr, buf.size);
+	if (houdini_escape_html_once(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str))) {
+		VALUE result = rb_utf8_str_new(buf.ptr, buf.size);
 		gh_buf_free(&buf);
 		return result;
 	}
@@ -146,11 +72,6 @@ static VALUE rb_eu_escape_html(int argc, VALUE *argv, VALUE self)
 	return str;
 }
 
-static VALUE rb_eu_unescape_html(VALUE self, VALUE str)
-{
-	return rb_eu__generic(str, &houdini_unescape_html);
-}
-
 
 /**
  * XML methods
@@ -166,7 +87,7 @@ static VALUE rb_eu_escape_xml(VALUE self, VALUE str)
  */
 static VALUE rb_eu_escape_js(VALUE self, VALUE str)
 {
-	return rb_eu__generic(str, &houdini_escape_js);
+	return rb_eu__generic(rb_obj_as_string(str), &houdini_escape_js);
 }
 
 static VALUE rb_eu_unescape_js(VALUE self, VALUE str)
@@ -174,21 +95,6 @@ static VALUE rb_eu_unescape_js(VALUE self, VALUE str)
 	return rb_eu__generic(str, &houdini_unescape_js);
 }
 
-
-/**
- * URL methods
- */
-static VALUE rb_eu_escape_url(VALUE self, VALUE str)
-{
-	return rb_eu__generic(str, &houdini_escape_url);
-}
-
-static VALUE rb_eu_unescape_url(VALUE self, VALUE str)
-{
-	return rb_eu__generic(str, &houdini_unescape_url);
-}
-
-
 /**
  * URI methods
  */
@@ -215,7 +121,6 @@ static VALUE rb_eu_unescape_uri_component(VALUE self, VALUE str)
 	return rb_eu__generic(str, &houdini_unescape_uri_component);
 }
 
-
 /**
  * Ruby Extension initializer
  */
@@ -224,26 +129,14 @@ void Init_escape_utils()
 {
 	rb_eEncodingCompatibilityError = rb_const_get(rb_cEncoding, rb_intern("CompatibilityError"));
 
-	ID_new = rb_intern("new");
-	ID_at_html_safe = rb_intern("@html_safe");
-	rb_global_variable(&rb_html_safe_string_class);
-	rb_global_variable(&rb_html_safe_string_template_object);
-
-	rb_mEscapeUtils = rb_define_module("EscapeUtils");
-	rb_define_method(rb_mEscapeUtils, "escape_html_as_html_safe", rb_eu_escape_html_as_html_safe, 1);
-	rb_define_method(rb_mEscapeUtils, "escape_html", rb_eu_escape_html, -1);
-	rb_define_method(rb_mEscapeUtils, "unescape_html", rb_eu_unescape_html, 1);
+	VALUE rb_mEscapeUtils = rb_define_module("EscapeUtils");
+	rb_define_method(rb_mEscapeUtils, "escape_html_once", rb_eu_escape_html_once, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_xml", rb_eu_escape_xml, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_javascript", rb_eu_escape_js, 1);
 	rb_define_method(rb_mEscapeUtils, "unescape_javascript", rb_eu_unescape_js, 1);
-	rb_define_method(rb_mEscapeUtils, "escape_url", rb_eu_escape_url, 1);
-	rb_define_method(rb_mEscapeUtils, "unescape_url", rb_eu_unescape_url, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_uri", rb_eu_escape_uri, 1);
 	rb_define_method(rb_mEscapeUtils, "unescape_uri", rb_eu_unescape_uri, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_uri_component", rb_eu_escape_uri_component, 1);
 	rb_define_method(rb_mEscapeUtils, "unescape_uri_component", rb_eu_unescape_uri_component, 1);
-
-	rb_define_singleton_method(rb_mEscapeUtils, "html_secure=", rb_eu_set_html_secure, 1);
-	rb_define_singleton_method(rb_mEscapeUtils, "html_safe_string_class=", rb_eu_set_html_safe_string_class, 1);
 }
 

data/ext/escape_utils/houdini.h

@@ -22,20 +22,18 @@ extern "C" {
 #	define _isdigit(c) ((c) >= '0' && (c) <= '9')
 #endif
 
+#define _isasciialpha(c) (((c) >= 'a' && (c) <= 'z') || ((c) >= 'A' && (c) <= 'Z'))
+
 #define HOUDINI_ESCAPED_SIZE(x) (((x) * 12) / 10)
 #define HOUDINI_UNESCAPED_SIZE(x) (x)
 
-extern int houdini_escape_html(gh_buf *ob, const uint8_t *src, size_t size);
-extern int houdini_escape_html0(gh_buf *ob, const uint8_t *src, size_t size, int secure);
-extern int houdini_unescape_html(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_html_once(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_xml(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_uri(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_uri_component(gh_buf *ob, const uint8_t *src, size_t size);
-extern int houdini_escape_url(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_href(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_unescape_uri(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_unescape_uri_component(gh_buf *ob, const uint8_t *src, size_t size);
-extern int houdini_unescape_url(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_js(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_unescape_js(gh_buf *ob, const uint8_t *src, size_t size);
 

data/ext/escape_utils/houdini_html_e.c

@@ -18,8 +18,8 @@
 static const char HTML_ESCAPE_TABLE[] = {
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, 
+	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 5, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
@@ -35,24 +35,64 @@ static const char HTML_ESCAPE_TABLE[] = {
 };
 
 static const char *HTML_ESCAPES[] = {
-        "",
-        """,
-        "&",
-        "'",
-        "/",
-        "<",
-        ">"
+	"",
+	""",
+	"&",
+	"'",
+	"<",
+	">"
 };
 
+static const int HTML_ESCAPES_LENGTHS[] = {
+	0,
+	6,
+	5,
+	5,
+	4,
+	4
+};
+
+static int
+is_entity(const uint8_t *src, size_t size)
+{
+	size_t i = 0;
+
+	if (size == 0 || src[0] != '&')
+		return false;
+
+	if (size > 16)
+		size = 16;
+
+	if (size >= 4 && src[1] == '#') {
+		if (_isdigit(src[2])) {
+			for (i = 3; i < size && _isdigit(src[i]); ++i);
+		}
+		else if ((src[2] == 'x' || src[2] == 'X') && _isxdigit(src[3])) {
+			for (i = 4; i < size && _isxdigit(src[i]); ++i);
+		}
+		else return false;
+	}
+	else {
+		for (i = 1; i < size && _isasciialpha(src[i]); ++i);
+		if (i == 1) return false;
+	}
+
+	return i < size && src[i] == ';';
+}
+
 int
-houdini_escape_html0(gh_buf *ob, const uint8_t *src, size_t size, int secure)
+houdini_escape_html_once(gh_buf *ob, const uint8_t *src, size_t size)
 {
 	size_t  i = 0, org, esc = 0;
 
 	while (i < size) {
 		org = i;
-		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
+		while (i < size) {
+			esc = HTML_ESCAPE_TABLE[src[i]];
+			if (unlikely(esc != 0) && !is_entity(src + i, size - i))
+				break;
 			i++;
+		}
 
 		if (i > org) {
 			if (unlikely(org == 0)) {
@@ -69,22 +109,10 @@ houdini_escape_html0(gh_buf *ob, const uint8_t *src, size_t size, int secure)
 		if (unlikely(i >= size))
 			break;
 
-		/* The forward slash is only escaped in secure mode */
-		if (src[i] == '/' && !secure) {
-			gh_buf_putc(ob, '/');
-		} else {
-			gh_buf_puts(ob, HTML_ESCAPES[esc]);
-		}
+		gh_buf_put(ob, HTML_ESCAPES[esc], HTML_ESCAPES_LENGTHS[esc]);
 
 		i++;
 	}
 
 	return 1;
 }
-
-int
-houdini_escape_html(gh_buf *ob, const uint8_t *src, size_t size)
-{
-	return houdini_escape_html0(ob, src, size, 1);
-}
-

data/ext/escape_utils/houdini_js_e.c

@@ -7,10 +7,11 @@
 static const char JS_ESCAPE[] = {
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 
+	0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 
+	1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
@@ -18,8 +19,7 @@ static const char JS_ESCAPE[] = {
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 };
 
@@ -51,6 +51,18 @@ houdini_escape_js(gh_buf *ob, const uint8_t *src, size_t size)
 		ch = src[i];
 		
 		switch (ch) {
+		case 226:
+			if (i + 2 < size && src[i + 1] == 128) {
+				if (src[i + 2] == 168) {
+					gh_buf_put(ob, "&#x2028;", 8);
+					i += 2;
+				} else if (src[i + 2] == 169) {
+					gh_buf_put(ob, "&#x2029;", 8);
+					i += 2;
+				}
+			}
+			break;
+
 		case '/':
 			/*
 			 * Escape only if preceded by a lt

data/ext/escape_utils/houdini_uri_e.c

@@ -12,7 +12,7 @@ static const char URL_SAFE[] = {
 	0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 
 	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 
 	0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 
-	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
@@ -44,7 +44,7 @@ static const char URI_SAFE[] = {
 
 static int
 escape(gh_buf *ob, const uint8_t *src, size_t size,
-	const char *safe_table, bool escape_plus)
+	const char *safe_table)
 {
 	static const uint8_t hex_chars[] = "0123456789ABCDEF";
 
@@ -73,13 +73,9 @@ escape(gh_buf *ob, const uint8_t *src, size_t size,
 		if (i >= size)
 			break;
 
-		if (src[i] == ' ' && escape_plus) {
-			gh_buf_putc(ob, '+');
-		} else {
-			hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
-			hex_str[2] = hex_chars[src[i] & 0xF];
-			gh_buf_put(ob, hex_str, 3);
-		}
+		hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
+		hex_str[2] = hex_chars[src[i] & 0xF];
+		gh_buf_put(ob, hex_str, 3);
 
 		i++;
 	}
@@ -90,18 +86,11 @@ escape(gh_buf *ob, const uint8_t *src, size_t size,
 int
 houdini_escape_uri(gh_buf *ob, const uint8_t *src, size_t size)
 {
-	return escape(ob, src, size, URI_SAFE, false);
+	return escape(ob, src, size, URI_SAFE);
 }
 
 int
 houdini_escape_uri_component(gh_buf *ob, const uint8_t *src, size_t size)
 {
-	return escape(ob, src, size, URL_SAFE, false);
+	return escape(ob, src, size, URL_SAFE);
 }
-
-int
-houdini_escape_url(gh_buf *ob, const uint8_t *src, size_t size)
-{
-	return escape(ob, src, size, URL_SAFE, true);
-}
-

data/ext/escape_utils/houdini_uri_u.c

@@ -7,13 +7,13 @@
 #define hex2c(c) ((c | 32) % 39 - 9)
 
 static int
-unescape(gh_buf *ob, const uint8_t *src, size_t size, bool unescape_plus)
+unescape(gh_buf *ob, const uint8_t *src, size_t size)
 {
 	size_t  i = 0, org;
 
 	while (i < size) {
 		org = i;
-		while (i < size && src[i] != '%' && src[i] != '+')
+		while (i < size && src[i] != '%')
 			i++;
 
 		if (likely(i > org)) {
@@ -31,11 +31,7 @@ unescape(gh_buf *ob, const uint8_t *src, size_t size, bool unescape_plus)
 		if (i >= size)
 			break;
 
-		if (src[i++] == '+') {
-			gh_buf_putc(ob, unescape_plus ? ' ' : '+');
-			continue;
-		}
-
+		i++;
 		if (i + 1 < size && _isxdigit(src[i]) && _isxdigit(src[i + 1])) {
 			unsigned char new_char = (hex2c(src[i]) << 4) + hex2c(src[i + 1]);
 			gh_buf_putc(ob, new_char);
@@ -51,18 +47,12 @@ unescape(gh_buf *ob, const uint8_t *src, size_t size, bool unescape_plus)
 int
 houdini_unescape_uri(gh_buf *ob, const uint8_t *src, size_t size)
 {
-	return unescape(ob, src, size, false);
+	return unescape(ob, src, size);
 }
 
 int
 houdini_unescape_uri_component(gh_buf *ob, const uint8_t *src, size_t size)
 {
-	return unescape(ob, src, size, false);
-}
-
-int
-houdini_unescape_url(gh_buf *ob, const uint8_t *src, size_t size)
-{
-	return unescape(ob, src, size, true);
+	return unescape(ob, src, size);
 }
 

data/ext/escape_utils/houdini_xml_e.c

@@ -25,6 +25,20 @@ static const char *LOOKUP_CODES[] = {
 	">"
 };
 
+static const int LOOKUP_CODES_LENGTHS[] = {
+	0,
+	0,
+	0,
+	0,
+	0,
+	1,
+	6,
+	5,
+	6,
+	4,
+	4
+};
+
 static const char CODE_INVALID = 5;
 
 static const char XML_LOOKUP_TABLE[] = {
@@ -129,7 +143,7 @@ houdini_escape_xml(gh_buf *ob, const uint8_t *src, size_t size)
 		if (end >= size)
 			break;
 
-		gh_buf_puts(ob, LOOKUP_CODES[code]);
+		gh_buf_put(ob, LOOKUP_CODES[code], LOOKUP_CODES_LENGTHS[code]);
 	}
 
 	return 1;

data/lib/escape_utils/html/cgi.rb

@@ -1,11 +1,13 @@
-class CGI
-  extend ::EscapeUtils::HtmlSafety
-
-  class << self
-    alias escapeHTML _escape_html
+module EscapeUtils
+  module CGIHtmlSafety
+    def escapeHTML(html)
+      ::EscapeUtils::HtmlSafety.escape_once(html) { |s| super(s) }
+    end
 
-    def unescapeHTML(s)
-      EscapeUtils.unescape_html(s.to_s)
+    def unescapeHTML(html)
+      super(html.to_s)
     end
   end
-end
+end
+
+CGI.singleton_class.prepend(EscapeUtils::CGIHtmlSafety)

data/lib/escape_utils/html/erb.rb

@@ -1,10 +1 @@
-class ERB
-  module Util
-    include ::EscapeUtils::HtmlSafety
-
-    alias html_escape _escape_html
-    alias h html_escape
-    module_function :h
-    module_function :html_escape
-  end
-end
+require 'escape_utils/html/cgi' # ERB delegates to EscapeUtils.escapeHTML

data/lib/escape_utils/html/haml.rb

@@ -1,7 +1 @@
-module Haml
-  module Helpers
-    include ::EscapeUtils::HtmlSafety
-
-    alias html_escape _escape_html
-  end
-end
+require 'escape_utils/html/cgi' # HAML delegates to EscapeUtils.escapeHTML

data/lib/escape_utils/html/rack.rb

@@ -1,8 +1,8 @@
 module Rack
   module Utils
-    include ::EscapeUtils::HtmlSafety
-
-    alias escape_html _escape_html
+    def escape_html(html)
+      ::EscapeUtils::HtmlSafety.escape_once(html) { |s| CGI.escapeHTML(s) }
+    end
     module_function :escape_html
   end
 end

data/lib/escape_utils/html_safety.rb

@@ -1,6 +1,15 @@
 module EscapeUtils
   module HtmlSafety
     if "".respond_to? :html_safe?
+      def self.escape_once(s)
+        s = s.to_s
+        if s.html_safe?
+          s.html_safe
+        else
+          yield(s).html_safe
+        end
+      end
+
       def _escape_html(s)
         if s.html_safe?
           s.to_s.html_safe
@@ -9,6 +18,10 @@ module EscapeUtils
         end
       end
     else
+      def self.escape_once(s)
+        yield s.to_s
+      end
+
       def _escape_html(s)
         EscapeUtils.escape_html(s.to_s)
       end

data/lib/escape_utils/url/cgi.rb

@@ -1,8 +0,0 @@
-class CGI
-  def self.escape(s)
-    EscapeUtils.escape_url(s.to_s)
-  end
-  def self.unescape(s)
-    EscapeUtils.unescape_url(s.to_s)
-  end
-end

data/lib/escape_utils/url/erb.rb

@@ -1,7 +1,7 @@
 class ERB
   module Util
     def url_encode(s)
-      EscapeUtils.escape_url(s.to_s)
+      EscapeUtils.escape_uri(s.to_s)
     end
     alias u url_encode
     module_function :u

data/lib/escape_utils/url/rack.rb

@@ -1,12 +0,0 @@
-module Rack
-  module Utils
-    def escape(url)
-      EscapeUtils.escape_url(url.to_s)
-    end
-    def unescape(url)
-      EscapeUtils.unescape_url(url.to_s)
-    end
-    module_function :escape
-    module_function :unescape
-  end
-end

data/lib/escape_utils/url/uri.rb

@@ -1,8 +1,12 @@
-module URI
-  def self.escape(s, unsafe=nil)
-    EscapeUtils.escape_uri(s.to_s)
+require 'uri'
+
+if URI.respond_to?(:escape) # Was removed in Ruby 3.0. Let's not bring it back
+  module URI
+    def self.escape(s, unsafe=nil)
+      EscapeUtils.escape_uri(s.to_s)
+    end
+    def self.unescape(s)
+      EscapeUtils.unescape_uri(s.to_s)
+    end
   end
-  def self.unescape(s)
-    EscapeUtils.unescape_uri(s.to_s)
-  end
-end
+end

data/lib/escape_utils/version.rb

@@ -1,3 +1,3 @@
 module EscapeUtils
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

data/lib/escape_utils/xml/builder.rb

@@ -1,8 +1,8 @@
 module Builder
-  class XmlBase < BlankSlate
+  class XmlBase
     private
     def _escape(text)
-      EscapeUtils.escape_xml(text.to_s)
+      ::EscapeUtils.escape_xml(text.to_s)
     end
   end
 end