escape_utils 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/workflows/ci.yml +43 -0
- data/.gitignore +0 -1
- data/CHANGELOG.md +23 -0
- data/Gemfile +15 -0
- data/README.md +48 -91
- data/Rakefile +4 -2
- data/benchmark/html_escape_once.rb +25 -0
- data/benchmark/javascript_escape.rb +1 -1
- data/benchmark/javascript_unescape.rb +1 -1
- data/benchmark/url_decode.rb +28 -0
- data/benchmark/url_encode.rb +37 -0
- data/benchmark/xml_escape.rb +7 -11
- data/bin/console +8 -0
- data/escape_utils.gemspec +1 -12
- data/ext/escape_utils/escape_utils.c +8 -115
- data/ext/escape_utils/houdini.h +3 -5
- data/ext/escape_utils/houdini_html_e.c +52 -24
- data/ext/escape_utils/houdini_js_e.c +15 -3
- data/ext/escape_utils/houdini_uri_e.c +7 -18
- data/ext/escape_utils/houdini_uri_u.c +5 -15
- data/ext/escape_utils/houdini_xml_e.c +15 -1
- data/lib/escape_utils/html/cgi.rb +10 -8
- data/lib/escape_utils/html/erb.rb +1 -10
- data/lib/escape_utils/html/haml.rb +1 -7
- data/lib/escape_utils/html/rack.rb +3 -3
- data/lib/escape_utils/html_safety.rb +13 -0
- data/lib/escape_utils/url/cgi.rb +0 -8
- data/lib/escape_utils/url/erb.rb +1 -1
- data/lib/escape_utils/url/rack.rb +0 -12
- data/lib/escape_utils/url/uri.rb +11 -7
- data/lib/escape_utils/version.rb +1 -1
- data/lib/escape_utils/xml/builder.rb +2 -2
- data/lib/escape_utils.rb +61 -9
- data/test/helper.rb +16 -3
- data/test/html/escape_test.rb +66 -42
- data/test/html/unescape_test.rb +3 -21
- data/test/html_safety_test.rb +1 -27
- data/test/javascript/escape_test.rb +53 -20
- data/test/javascript/unescape_test.rb +16 -18
- data/test/query/escape_test.rb +3 -21
- data/test/query/unescape_test.rb +5 -23
- data/test/uri/escape_test.rb +16 -18
- data/test/uri/unescape_test.rb +17 -19
- data/test/uri_component/escape_test.rb +15 -17
- data/test/uri_component/unescape_test.rb +17 -19
- data/test/url/escape_test.rb +3 -21
- data/test/url/unescape_test.rb +5 -23
- data/test/xml/escape_test.rb +15 -17
- metadata +14 -127
- data/.travis.yml +0 -7
- data/benchmark/html_escape.rb +0 -68
- data/benchmark/html_unescape.rb +0 -35
- data/benchmark/url_escape.rb +0 -56
- data/benchmark/url_unescape.rb +0 -50
- data/ext/escape_utils/houdini_html_u.c +0 -122
data/lib/escape_utils.rb
CHANGED
@@ -1,22 +1,74 @@
|
|
1
|
+
require 'cgi'
|
1
2
|
require 'escape_utils/escape_utils'
|
2
3
|
require 'escape_utils/version' unless defined? EscapeUtils::VERSION
|
3
4
|
|
4
5
|
module EscapeUtils
|
5
6
|
extend self
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
def html_secure
|
9
|
+
warn "EscapeUtils.html_secure is deprecated"
|
10
|
+
false
|
11
|
+
end
|
12
|
+
|
13
|
+
def html_secure=(val)
|
14
|
+
warn "EscapeUtils.html_secure is deprecated"
|
12
15
|
end
|
13
|
-
self.html_secure = true
|
14
16
|
|
15
17
|
# Default String class to return from HTML escaping
|
16
|
-
|
17
|
-
|
18
|
+
attr_reader :html_safe_string_class
|
19
|
+
|
20
|
+
def html_safe_string_class=(klass)
|
21
|
+
unless String >= klass
|
22
|
+
raise ArgumentError, "EscapeUtils.html_safe_string_class must inherit from ::String"
|
23
|
+
end
|
24
|
+
@html_safe_string_class = klass
|
18
25
|
end
|
26
|
+
|
19
27
|
self.html_safe_string_class = String
|
20
28
|
|
21
29
|
autoload :HtmlSafety, 'escape_utils/html_safety'
|
22
|
-
|
30
|
+
|
31
|
+
def self.escape_html_once_as_html_safe(html)
|
32
|
+
escaped = escape_html_once(html)
|
33
|
+
if String == @html_safe_string_class
|
34
|
+
escaped
|
35
|
+
else
|
36
|
+
escaped = @html_safe_string_class.new(escaped)
|
37
|
+
escaped.instance_variable_set(:@html_safe, true)
|
38
|
+
escaped
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.escape_html(html, secure = false)
|
43
|
+
warn "EscapeUtils.escape_html is deprecated. Use GCI.escapeHTML instead, it's faster"
|
44
|
+
CGI.escapeHTML(html)
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.escape_html_as_html_safe(html)
|
48
|
+
warn "EscapeUtils.escape_html_as_html_safe is deprecated. Use GCI.escapeHTML(str).html_safe instead, it's faster"
|
49
|
+
|
50
|
+
escaped = CGI.escapeHTML(html)
|
51
|
+
if String == @html_safe_string_class
|
52
|
+
escaped
|
53
|
+
else
|
54
|
+
escaped = @html_safe_string_class.new(escaped)
|
55
|
+
escaped.instance_variable_set(:@html_safe, true)
|
56
|
+
escaped
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def self.unescape_html(html)
|
61
|
+
warn "EscapeUtils.unescape_html is deprecated. Use GCI.unescapeHTML instead, performance is similar"
|
62
|
+
CGI.unescapeHTML(html)
|
63
|
+
end
|
64
|
+
|
65
|
+
def self.escape_url(string)
|
66
|
+
warn "EscapeUtils.escape_url is deprecated. Use CGI.escape instead, performance is similar"
|
67
|
+
CGI.escape(string)
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.unescape_url(string)
|
71
|
+
warn "EscapeUtils.unescape_url is deprecated. Use CGI.unescape instead, performance is similar"
|
72
|
+
CGI.unescape(string)
|
73
|
+
end
|
74
|
+
end
|
data/test/helper.rb
CHANGED
@@ -1,11 +1,24 @@
|
|
1
1
|
# Basic test environment.
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
module HideOwnWarnings
|
4
|
+
def warn(message)
|
5
|
+
unless message.include?("EscapeUtils")
|
6
|
+
super
|
7
|
+
end
|
8
|
+
end
|
9
|
+
end
|
10
|
+
Warning.prepend(HideOwnWarnings)
|
6
11
|
|
12
|
+
require 'bundler/setup'
|
7
13
|
require 'escape_utils'
|
8
14
|
|
15
|
+
require 'active_support'
|
16
|
+
require 'active_support/json'
|
17
|
+
require "active_support/core_ext/string/output_safety"
|
18
|
+
|
19
|
+
require 'action_view'
|
20
|
+
require 'action_view/helpers'
|
21
|
+
|
9
22
|
# bring in minitest
|
10
23
|
require 'minitest/autorun'
|
11
24
|
|
data/test/html/escape_test.rb
CHANGED
@@ -1,42 +1,90 @@
|
|
1
1
|
require File.expand_path("../../helper", __FILE__)
|
2
2
|
|
3
|
-
class MyCustomHtmlSafeString < String
|
4
|
-
end
|
5
|
-
|
6
3
|
class HtmlEscapeTest < Minitest::Test
|
4
|
+
MyCustomHtmlSafeString = Class.new(String)
|
5
|
+
|
6
|
+
def setup
|
7
|
+
@_previous_safe = EscapeUtils.html_secure
|
8
|
+
@_previous_class = EscapeUtils.html_safe_string_class
|
9
|
+
end
|
10
|
+
|
11
|
+
def teardown
|
12
|
+
EscapeUtils.html_secure = @_previous_safe
|
13
|
+
EscapeUtils.html_safe_string_class = @_previous_class
|
14
|
+
end
|
15
|
+
|
16
|
+
def test_escape_source_encoding_is_maintained
|
17
|
+
source = 'foobar'
|
18
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
19
|
+
assert_equal source.encoding, str.encoding
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_escape_binary_encoding_is_maintained
|
23
|
+
source = 'foobar'.b
|
24
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
25
|
+
assert_equal source.encoding, str.encoding
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_escape_uft8_encoding_is_maintained
|
29
|
+
source = 'foobar'.encode 'UTF-8'
|
30
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
31
|
+
assert_equal source.encoding, str.encoding
|
32
|
+
end
|
33
|
+
|
34
|
+
def test_escape_us_ascii_encoding_is_maintained
|
35
|
+
source = 'foobar'.encode 'US-ASCII'
|
36
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
37
|
+
assert_equal source.encoding, str.encoding
|
38
|
+
end
|
39
|
+
|
7
40
|
def test_escape_basic_html_with_secure
|
8
|
-
assert_equal "<some_tag
|
41
|
+
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
|
9
42
|
|
10
|
-
secure_before = EscapeUtils.html_secure
|
11
43
|
EscapeUtils.html_secure = true
|
12
|
-
assert_equal "<some_tag
|
13
|
-
EscapeUtils.html_secure = secure_before
|
44
|
+
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
|
14
45
|
end
|
15
46
|
|
16
47
|
def test_escape_basic_html_without_secure
|
17
48
|
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>", false)
|
18
49
|
|
19
|
-
secure_before = EscapeUtils.html_secure
|
20
50
|
EscapeUtils.html_secure = false
|
21
51
|
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
|
22
|
-
EscapeUtils.html_secure = secure_before
|
23
52
|
end
|
24
53
|
|
25
54
|
def test_escape_double_quotes
|
26
|
-
assert_equal "<some_tag some_attr="some value"
|
55
|
+
assert_equal "<some_tag some_attr="some value"/>", EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>")
|
27
56
|
end
|
28
57
|
|
29
58
|
def test_escape_single_quotes
|
30
|
-
assert_equal "<some_tag some_attr='some value'
|
59
|
+
assert_equal "<some_tag some_attr='some value'/>", EscapeUtils.escape_html("<some_tag some_attr='some value'/>")
|
31
60
|
end
|
32
61
|
|
33
62
|
def test_escape_ampersand
|
34
|
-
assert_equal "<b>Bourbon & Branch<
|
63
|
+
assert_equal "<b>Bourbon & Branch</b>", EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
|
35
64
|
end
|
36
65
|
|
37
|
-
def
|
38
|
-
|
39
|
-
|
66
|
+
def test_escape_html_once
|
67
|
+
{
|
68
|
+
'&<' => '&<',
|
69
|
+
'&<&x;' => '&<&x;',
|
70
|
+
'&' => '&amp',
|
71
|
+
'&!;' => '&!;',
|
72
|
+
'�' => '�',
|
73
|
+
' ' => ' ',
|
74
|
+
'
' => '&#10',
|
75
|
+
'�' => '�',
|
76
|
+
'�' => '�',
|
77
|
+
'ð' => 'ð',
|
78
|
+
'ð' => '&#xf0',
|
79
|
+
'&#x;' => '&#x;',
|
80
|
+
'oo;' => '&#xfoo;',
|
81
|
+
'&#;' => '&#;',
|
82
|
+
'&#foo;' => '&#foo;',
|
83
|
+
'foo&bar' => 'foo&bar',
|
84
|
+
}.each do |(input, output)|
|
85
|
+
assert_equal output, EscapeUtils.escape_html_once(input)
|
86
|
+
assert_equal output, EscapeUtils.escape_html_once_as_html_safe(input)
|
87
|
+
end
|
40
88
|
end
|
41
89
|
|
42
90
|
def test_html_safe_escape_default_works
|
@@ -45,27 +93,21 @@ class HtmlEscapeTest < Minitest::Test
|
|
45
93
|
end
|
46
94
|
|
47
95
|
def test_returns_custom_string_class
|
48
|
-
klass_before = EscapeUtils.html_safe_string_class
|
49
96
|
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
|
50
97
|
|
51
98
|
str = EscapeUtils.escape_html_as_html_safe('foobar')
|
52
99
|
assert_equal 'foobar', str
|
53
100
|
assert_equal MyCustomHtmlSafeString, str.class
|
54
101
|
assert_equal true, str.instance_variable_get(:@html_safe)
|
55
|
-
ensure
|
56
|
-
EscapeUtils.html_safe_string_class = klass_before
|
57
102
|
end
|
58
103
|
|
59
104
|
def test_returns_custom_string_class_when_string_requires_escaping
|
60
|
-
klass_before = EscapeUtils.html_safe_string_class
|
61
105
|
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
|
62
106
|
|
63
107
|
str = EscapeUtils.escape_html_as_html_safe("<script>")
|
64
108
|
assert_equal "<script>", str
|
65
109
|
assert_equal MyCustomHtmlSafeString, str.class
|
66
110
|
assert_equal true, str.instance_variable_get(:@html_safe)
|
67
|
-
ensure
|
68
|
-
EscapeUtils.html_safe_string_class = klass_before
|
69
111
|
end
|
70
112
|
|
71
113
|
def test_html_safe_string_class_descends_string
|
@@ -81,26 +123,8 @@ class HtmlEscapeTest < Minitest::Test
|
|
81
123
|
end
|
82
124
|
end
|
83
125
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
str.force_encoding 'ISO-8859-1'
|
89
|
-
assert_raises Encoding::CompatibilityError do
|
90
|
-
EscapeUtils.escape_html(str)
|
91
|
-
end
|
92
|
-
|
93
|
-
str.force_encoding 'UTF-8'
|
94
|
-
begin
|
95
|
-
EscapeUtils.escape_html(str)
|
96
|
-
rescue Encoding::CompatibilityError => e
|
97
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
def test_return_value_is_tagged_as_utf8
|
102
|
-
str = "<b>Bourbon & Branch</b>".encode('utf-8')
|
103
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
|
104
|
-
end
|
126
|
+
def test_return_value_is_tagged_as_utf8
|
127
|
+
str = "<b>Bourbon & Branch</b>".encode('utf-8')
|
128
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
|
105
129
|
end
|
106
130
|
end
|
data/test/html/unescape_test.rb
CHANGED
@@ -23,26 +23,8 @@ class HtmlUnescapeTest < Minitest::Test
|
|
23
23
|
assert_equal "<", EscapeUtils.unescape_html("<")
|
24
24
|
end
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
escaped.force_encoding 'ISO-8859-1'
|
31
|
-
assert_raises Encoding::CompatibilityError do
|
32
|
-
EscapeUtils.unescape_html(escaped)
|
33
|
-
end
|
34
|
-
|
35
|
-
escaped.force_encoding 'UTF-8'
|
36
|
-
begin
|
37
|
-
EscapeUtils.unescape_html(escaped)
|
38
|
-
rescue Encoding::CompatibilityError => e
|
39
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_return_value_is_tagged_as_utf8
|
44
|
-
escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
|
45
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_html(escaped).encoding
|
46
|
-
end
|
26
|
+
def test_return_value_is_tagged_as_utf8
|
27
|
+
escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
|
28
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_html(escaped).encoding
|
47
29
|
end
|
48
30
|
end
|
data/test/html_safety_test.rb
CHANGED
@@ -1,37 +1,11 @@
|
|
1
1
|
require File.expand_path("../helper", __FILE__)
|
2
2
|
|
3
|
-
class Object
|
4
|
-
def html_safe?
|
5
|
-
false
|
6
|
-
end
|
7
|
-
end
|
8
|
-
|
9
|
-
class TestSafeBuffer < String
|
10
|
-
def html_safe?
|
11
|
-
true
|
12
|
-
end
|
13
|
-
|
14
|
-
def html_safe
|
15
|
-
self
|
16
|
-
end
|
17
|
-
|
18
|
-
def to_s
|
19
|
-
self
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
class String
|
24
|
-
def html_safe
|
25
|
-
TestSafeBuffer.new(self)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
3
|
class HtmlEscapeTest < Minitest::Test
|
30
4
|
include EscapeUtils::HtmlSafety
|
31
5
|
|
32
6
|
def test_marks_escaped_strings_safe
|
33
7
|
escaped = _escape_html("<strong>unsafe</strong>")
|
34
|
-
assert_equal "<strong>unsafe<
|
8
|
+
assert_equal "<strong>unsafe</strong>", escaped
|
35
9
|
assert escaped.html_safe?
|
36
10
|
end
|
37
11
|
|
@@ -1,42 +1,75 @@
|
|
1
1
|
require File.expand_path("../../helper", __FILE__)
|
2
2
|
|
3
3
|
class JavascriptEscapeTest < Minitest::Test
|
4
|
+
ActiveSupport.escape_html_entities_in_json = true
|
5
|
+
|
6
|
+
module ActionViewHelper
|
7
|
+
include ActionView::Helpers::JavaScriptHelper
|
8
|
+
extend self
|
9
|
+
end
|
10
|
+
|
4
11
|
def test_returns_empty_string_if_nil_passed
|
5
|
-
|
12
|
+
assert_compatible nil
|
6
13
|
end
|
7
14
|
|
8
15
|
def test_quotes_and_newlines
|
9
|
-
|
16
|
+
assert_compatible %(This "thing" is really\n netos\r\n\n')
|
10
17
|
end
|
11
18
|
|
12
19
|
def test_backslashes
|
13
|
-
|
20
|
+
assert_compatible %(backslash\\test)
|
14
21
|
end
|
15
22
|
|
16
23
|
def test_closed_html_tags
|
17
|
-
|
24
|
+
assert_compatible %(keep <open>, but dont </close> tags)
|
18
25
|
end
|
19
26
|
|
20
|
-
|
21
|
-
|
22
|
-
|
27
|
+
def test_escape_javascript
|
28
|
+
assert_compatible 123
|
29
|
+
assert_compatible :en
|
30
|
+
assert_compatible false
|
31
|
+
assert_compatible true
|
32
|
+
assert_compatible %(don't </close> tags)
|
33
|
+
assert_compatible (+%(unicode \342\200\250 newline)).force_encoding(Encoding::UTF_8).encode!
|
34
|
+
assert_compatible (+%(unicode \342\200\251 newline)).force_encoding(Encoding::UTF_8).encode!
|
35
|
+
assert_compatible %(don't </close> tags)
|
36
|
+
end
|
23
37
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
38
|
+
def test_escape_backtick
|
39
|
+
assert_compatible "`"
|
40
|
+
end
|
41
|
+
|
42
|
+
def test_escape_dollar_sign
|
43
|
+
assert_compatible "$"
|
44
|
+
end
|
28
45
|
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
46
|
+
def test_input_must_be_utf8_or_ascii
|
47
|
+
str = "dont </close> tags"
|
48
|
+
|
49
|
+
str.force_encoding Encoding::ISO_8859_1
|
50
|
+
assert_raises Encoding::CompatibilityError do
|
51
|
+
EscapeUtils.escape_javascript(str)
|
35
52
|
end
|
36
53
|
|
37
|
-
|
38
|
-
|
39
|
-
|
54
|
+
str.force_encoding Encoding::UTF_8
|
55
|
+
begin
|
56
|
+
EscapeUtils.escape_javascript(str)
|
57
|
+
rescue Encoding::CompatibilityError => e
|
58
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
40
59
|
end
|
41
60
|
end
|
61
|
+
|
62
|
+
def test_return_value_is_tagged_as_utf8
|
63
|
+
str = "dont </close> tags"
|
64
|
+
assert_equal Encoding::UTF_8, EscapeUtils.escape_javascript(str).encoding
|
65
|
+
end
|
66
|
+
|
67
|
+
private
|
68
|
+
|
69
|
+
def assert_compatible(src)
|
70
|
+
assert_equal(
|
71
|
+
ActionViewHelper.escape_javascript(src),
|
72
|
+
EscapeUtils.escape_javascript(src),
|
73
|
+
)
|
74
|
+
end
|
42
75
|
end
|
@@ -21,26 +21,24 @@ class JavascriptUnescapeTest < Minitest::Test
|
|
21
21
|
assert_equal "\\", EscapeUtils.unescape_javascript("\\")
|
22
22
|
end
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
EscapeUtils.unescape_javascript(escaped)
|
31
|
-
end
|
32
|
-
|
33
|
-
escaped.force_encoding 'UTF-8'
|
34
|
-
begin
|
35
|
-
EscapeUtils.unescape_javascript(escaped)
|
36
|
-
rescue Encoding::CompatibilityError => e
|
37
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
38
|
-
end
|
24
|
+
def test_input_must_be_utf8_or_ascii
|
25
|
+
escaped = EscapeUtils.escape_javascript("dont </close> tags")
|
26
|
+
|
27
|
+
escaped.force_encoding 'ISO-8859-1'
|
28
|
+
assert_raises Encoding::CompatibilityError do
|
29
|
+
EscapeUtils.unescape_javascript(escaped)
|
39
30
|
end
|
40
31
|
|
41
|
-
|
42
|
-
|
43
|
-
|
32
|
+
escaped.force_encoding 'UTF-8'
|
33
|
+
begin
|
34
|
+
EscapeUtils.unescape_javascript(escaped)
|
35
|
+
rescue Encoding::CompatibilityError => e
|
36
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
44
37
|
end
|
45
38
|
end
|
39
|
+
|
40
|
+
def test_return_value_is_tagged_as_utf8
|
41
|
+
escaped = EscapeUtils.escape_javascript("dont </close> tags")
|
42
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_javascript(escaped).encoding
|
43
|
+
end
|
46
44
|
end
|
data/test/query/escape_test.rb
CHANGED
@@ -25,26 +25,8 @@ class QueryEscapeTest < Minitest::Test
|
|
25
25
|
assert_equal '%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8', EscapeUtils.escape_url(matz_name_sep)
|
26
26
|
end
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
str.force_encoding 'ISO-8859-1'
|
33
|
-
assert_raises Encoding::CompatibilityError do
|
34
|
-
EscapeUtils.escape_url(str)
|
35
|
-
end
|
36
|
-
|
37
|
-
str.force_encoding 'UTF-8'
|
38
|
-
begin
|
39
|
-
EscapeUtils.escape_url(str)
|
40
|
-
rescue Encoding::CompatibilityError => e
|
41
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
def test_return_value_is_tagged_as_utf8
|
46
|
-
str = "a+space"
|
47
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
|
48
|
-
end
|
28
|
+
def test_return_value_is_tagged_as_utf8
|
29
|
+
str = "a+space"
|
30
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
|
49
31
|
end
|
50
32
|
end
|
data/test/query/unescape_test.rb
CHANGED
@@ -20,33 +20,15 @@ class QueryUnescapeTest < Minitest::Test
|
|
20
20
|
|
21
21
|
def test_url_containing_multibyte_characters
|
22
22
|
matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8" # Matsumoto
|
23
|
-
matz_name.force_encoding('UTF-8')
|
23
|
+
matz_name.force_encoding('UTF-8')
|
24
24
|
assert_equal matz_name, EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
|
25
25
|
matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8" # Matsu moto
|
26
|
-
matz_name_sep.force_encoding('UTF-8')
|
26
|
+
matz_name_sep.force_encoding('UTF-8')
|
27
27
|
assert_equal matz_name_sep, EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8')
|
28
28
|
end
|
29
29
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
escaped.force_encoding 'ISO-8859-1'
|
35
|
-
assert_raises Encoding::CompatibilityError do
|
36
|
-
EscapeUtils.unescape_url(escaped)
|
37
|
-
end
|
38
|
-
|
39
|
-
escaped.force_encoding 'UTF-8'
|
40
|
-
begin
|
41
|
-
EscapeUtils.unescape_url(escaped)
|
42
|
-
rescue Encoding::CompatibilityError => e
|
43
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_return_value_is_tagged_as_utf8
|
48
|
-
escaped = EscapeUtils.escape_url("a space")
|
49
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_url(escaped).encoding
|
50
|
-
end
|
30
|
+
def test_return_value_is_tagged_as_utf8
|
31
|
+
escaped = EscapeUtils.escape_url("a space")
|
32
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_url(escaped).encoding
|
51
33
|
end
|
52
34
|
end
|
data/test/uri/escape_test.rb
CHANGED
@@ -5,7 +5,7 @@ class UriEscapeTest < Minitest::Test
|
|
5
5
|
def test_uri_stdlib_compatibility
|
6
6
|
(0..127).each do |i|
|
7
7
|
c = i.chr
|
8
|
-
assert_equal URI.escape(c), EscapeUtils.escape_uri(c)
|
8
|
+
assert_equal URI::DEFAULT_PARSER.escape(c), EscapeUtils.escape_uri(c)
|
9
9
|
end
|
10
10
|
end
|
11
11
|
|
@@ -33,26 +33,24 @@ class UriEscapeTest < Minitest::Test
|
|
33
33
|
assert_equal "a/slash", EscapeUtils.escape_uri("a/slash")
|
34
34
|
end
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
str = "fo<o>bar"
|
36
|
+
def test_input_must_be_utf8_or_ascii
|
37
|
+
str = "fo<o>bar"
|
39
38
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
end
|
44
|
-
|
45
|
-
str.force_encoding 'UTF-8'
|
46
|
-
begin
|
47
|
-
EscapeUtils.escape_uri(str)
|
48
|
-
rescue Encoding::CompatibilityError => e
|
49
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
50
|
-
end
|
39
|
+
str.force_encoding 'ISO-8859-1'
|
40
|
+
assert_raises Encoding::CompatibilityError do
|
41
|
+
EscapeUtils.escape_uri(str)
|
51
42
|
end
|
52
43
|
|
53
|
-
|
54
|
-
|
55
|
-
|
44
|
+
str.force_encoding 'UTF-8'
|
45
|
+
begin
|
46
|
+
EscapeUtils.escape_uri(str)
|
47
|
+
rescue Encoding::CompatibilityError => e
|
48
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
56
49
|
end
|
57
50
|
end
|
51
|
+
|
52
|
+
def test_return_value_is_tagged_as_utf8
|
53
|
+
str = "fo<o>bar"
|
54
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_uri(str).encoding
|
55
|
+
end
|
58
56
|
end
|
data/test/uri/unescape_test.rb
CHANGED
@@ -23,10 +23,10 @@ class UriUnescapeTest < Minitest::Test
|
|
23
23
|
|
24
24
|
def test_uri_containing_multibyte_charactes
|
25
25
|
matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8" # Matsumoto
|
26
|
-
matz_name.force_encoding('UTF-8')
|
26
|
+
matz_name.force_encoding('UTF-8')
|
27
27
|
assert_equal matz_name, EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
|
28
28
|
matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8" # Matsu moto
|
29
|
-
matz_name_sep.force_encoding('UTF-8')
|
29
|
+
matz_name_sep.force_encoding('UTF-8')
|
30
30
|
assert_equal matz_name_sep, EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8')
|
31
31
|
end
|
32
32
|
|
@@ -41,26 +41,24 @@ class UriUnescapeTest < Minitest::Test
|
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
44
|
-
|
45
|
-
|
46
|
-
escaped = EscapeUtils.escape_uri("fo<o>bar")
|
44
|
+
def test_input_must_be_valid_utf8_or_ascii
|
45
|
+
escaped = EscapeUtils.escape_uri("fo<o>bar")
|
47
46
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
end
|
52
|
-
|
53
|
-
escaped.force_encoding 'UTF-8'
|
54
|
-
begin
|
55
|
-
EscapeUtils.unescape_uri(escaped)
|
56
|
-
rescue Encoding::CompatibilityError => e
|
57
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
58
|
-
end
|
47
|
+
escaped.force_encoding 'ISO-8859-1'
|
48
|
+
assert_raises Encoding::CompatibilityError do
|
49
|
+
EscapeUtils.unescape_uri(escaped)
|
59
50
|
end
|
60
51
|
|
61
|
-
|
62
|
-
|
63
|
-
|
52
|
+
escaped.force_encoding 'UTF-8'
|
53
|
+
begin
|
54
|
+
EscapeUtils.unescape_uri(escaped)
|
55
|
+
rescue Encoding::CompatibilityError => e
|
56
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
64
57
|
end
|
65
58
|
end
|
59
|
+
|
60
|
+
def test_return_value_is_tagged_as_utf8
|
61
|
+
escaped = EscapeUtils.escape_uri("a space")
|
62
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_uri(escaped).encoding
|
63
|
+
end
|
66
64
|
end
|