escape_utils 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/ci.yml +43 -0
- data/.gitignore +0 -1
- data/CHANGELOG.md +23 -0
- data/Gemfile +15 -0
- data/README.md +48 -91
- data/Rakefile +4 -2
- data/benchmark/html_escape_once.rb +25 -0
- data/benchmark/javascript_escape.rb +1 -1
- data/benchmark/javascript_unescape.rb +1 -1
- data/benchmark/url_decode.rb +28 -0
- data/benchmark/url_encode.rb +37 -0
- data/benchmark/xml_escape.rb +7 -11
- data/bin/console +8 -0
- data/escape_utils.gemspec +1 -12
- data/ext/escape_utils/escape_utils.c +8 -115
- data/ext/escape_utils/houdini.h +3 -5
- data/ext/escape_utils/houdini_html_e.c +52 -24
- data/ext/escape_utils/houdini_js_e.c +15 -3
- data/ext/escape_utils/houdini_uri_e.c +7 -18
- data/ext/escape_utils/houdini_uri_u.c +5 -15
- data/ext/escape_utils/houdini_xml_e.c +15 -1
- data/lib/escape_utils/html/cgi.rb +10 -8
- data/lib/escape_utils/html/erb.rb +1 -10
- data/lib/escape_utils/html/haml.rb +1 -7
- data/lib/escape_utils/html/rack.rb +3 -3
- data/lib/escape_utils/html_safety.rb +13 -0
- data/lib/escape_utils/url/cgi.rb +0 -8
- data/lib/escape_utils/url/erb.rb +1 -1
- data/lib/escape_utils/url/rack.rb +0 -12
- data/lib/escape_utils/url/uri.rb +11 -7
- data/lib/escape_utils/version.rb +1 -1
- data/lib/escape_utils/xml/builder.rb +2 -2
- data/lib/escape_utils.rb +61 -9
- data/test/helper.rb +16 -3
- data/test/html/escape_test.rb +66 -42
- data/test/html/unescape_test.rb +3 -21
- data/test/html_safety_test.rb +1 -27
- data/test/javascript/escape_test.rb +53 -20
- data/test/javascript/unescape_test.rb +16 -18
- data/test/query/escape_test.rb +3 -21
- data/test/query/unescape_test.rb +5 -23
- data/test/uri/escape_test.rb +16 -18
- data/test/uri/unescape_test.rb +17 -19
- data/test/uri_component/escape_test.rb +15 -17
- data/test/uri_component/unescape_test.rb +17 -19
- data/test/url/escape_test.rb +3 -21
- data/test/url/unescape_test.rb +5 -23
- data/test/xml/escape_test.rb +15 -17
- metadata +14 -127
- data/.travis.yml +0 -7
- data/benchmark/html_escape.rb +0 -68
- data/benchmark/html_unescape.rb +0 -35
- data/benchmark/url_escape.rb +0 -56
- data/benchmark/url_unescape.rb +0 -50
- data/ext/escape_utils/houdini_html_u.c +0 -122
data/lib/escape_utils.rb
CHANGED
@@ -1,22 +1,74 @@
|
|
1
|
+
require 'cgi'
|
1
2
|
require 'escape_utils/escape_utils'
|
2
3
|
require 'escape_utils/version' unless defined? EscapeUtils::VERSION
|
3
4
|
|
4
5
|
module EscapeUtils
|
5
6
|
extend self
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
def html_secure
|
9
|
+
warn "EscapeUtils.html_secure is deprecated"
|
10
|
+
false
|
11
|
+
end
|
12
|
+
|
13
|
+
def html_secure=(val)
|
14
|
+
warn "EscapeUtils.html_secure is deprecated"
|
12
15
|
end
|
13
|
-
self.html_secure = true
|
14
16
|
|
15
17
|
# Default String class to return from HTML escaping
|
16
|
-
|
17
|
-
|
18
|
+
attr_reader :html_safe_string_class
|
19
|
+
|
20
|
+
def html_safe_string_class=(klass)
|
21
|
+
unless String >= klass
|
22
|
+
raise ArgumentError, "EscapeUtils.html_safe_string_class must inherit from ::String"
|
23
|
+
end
|
24
|
+
@html_safe_string_class = klass
|
18
25
|
end
|
26
|
+
|
19
27
|
self.html_safe_string_class = String
|
20
28
|
|
21
29
|
autoload :HtmlSafety, 'escape_utils/html_safety'
|
22
|
-
|
30
|
+
|
31
|
+
def self.escape_html_once_as_html_safe(html)
|
32
|
+
escaped = escape_html_once(html)
|
33
|
+
if String == @html_safe_string_class
|
34
|
+
escaped
|
35
|
+
else
|
36
|
+
escaped = @html_safe_string_class.new(escaped)
|
37
|
+
escaped.instance_variable_set(:@html_safe, true)
|
38
|
+
escaped
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.escape_html(html, secure = false)
|
43
|
+
warn "EscapeUtils.escape_html is deprecated. Use GCI.escapeHTML instead, it's faster"
|
44
|
+
CGI.escapeHTML(html)
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.escape_html_as_html_safe(html)
|
48
|
+
warn "EscapeUtils.escape_html_as_html_safe is deprecated. Use GCI.escapeHTML(str).html_safe instead, it's faster"
|
49
|
+
|
50
|
+
escaped = CGI.escapeHTML(html)
|
51
|
+
if String == @html_safe_string_class
|
52
|
+
escaped
|
53
|
+
else
|
54
|
+
escaped = @html_safe_string_class.new(escaped)
|
55
|
+
escaped.instance_variable_set(:@html_safe, true)
|
56
|
+
escaped
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def self.unescape_html(html)
|
61
|
+
warn "EscapeUtils.unescape_html is deprecated. Use GCI.unescapeHTML instead, performance is similar"
|
62
|
+
CGI.unescapeHTML(html)
|
63
|
+
end
|
64
|
+
|
65
|
+
def self.escape_url(string)
|
66
|
+
warn "EscapeUtils.escape_url is deprecated. Use CGI.escape instead, performance is similar"
|
67
|
+
CGI.escape(string)
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.unescape_url(string)
|
71
|
+
warn "EscapeUtils.unescape_url is deprecated. Use CGI.unescape instead, performance is similar"
|
72
|
+
CGI.unescape(string)
|
73
|
+
end
|
74
|
+
end
|
data/test/helper.rb
CHANGED
@@ -1,11 +1,24 @@
|
|
1
1
|
# Basic test environment.
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
module HideOwnWarnings
|
4
|
+
def warn(message)
|
5
|
+
unless message.include?("EscapeUtils")
|
6
|
+
super
|
7
|
+
end
|
8
|
+
end
|
9
|
+
end
|
10
|
+
Warning.prepend(HideOwnWarnings)
|
6
11
|
|
12
|
+
require 'bundler/setup'
|
7
13
|
require 'escape_utils'
|
8
14
|
|
15
|
+
require 'active_support'
|
16
|
+
require 'active_support/json'
|
17
|
+
require "active_support/core_ext/string/output_safety"
|
18
|
+
|
19
|
+
require 'action_view'
|
20
|
+
require 'action_view/helpers'
|
21
|
+
|
9
22
|
# bring in minitest
|
10
23
|
require 'minitest/autorun'
|
11
24
|
|
data/test/html/escape_test.rb
CHANGED
@@ -1,42 +1,90 @@
|
|
1
1
|
require File.expand_path("../../helper", __FILE__)
|
2
2
|
|
3
|
-
class MyCustomHtmlSafeString < String
|
4
|
-
end
|
5
|
-
|
6
3
|
class HtmlEscapeTest < Minitest::Test
|
4
|
+
MyCustomHtmlSafeString = Class.new(String)
|
5
|
+
|
6
|
+
def setup
|
7
|
+
@_previous_safe = EscapeUtils.html_secure
|
8
|
+
@_previous_class = EscapeUtils.html_safe_string_class
|
9
|
+
end
|
10
|
+
|
11
|
+
def teardown
|
12
|
+
EscapeUtils.html_secure = @_previous_safe
|
13
|
+
EscapeUtils.html_safe_string_class = @_previous_class
|
14
|
+
end
|
15
|
+
|
16
|
+
def test_escape_source_encoding_is_maintained
|
17
|
+
source = 'foobar'
|
18
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
19
|
+
assert_equal source.encoding, str.encoding
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_escape_binary_encoding_is_maintained
|
23
|
+
source = 'foobar'.b
|
24
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
25
|
+
assert_equal source.encoding, str.encoding
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_escape_uft8_encoding_is_maintained
|
29
|
+
source = 'foobar'.encode 'UTF-8'
|
30
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
31
|
+
assert_equal source.encoding, str.encoding
|
32
|
+
end
|
33
|
+
|
34
|
+
def test_escape_us_ascii_encoding_is_maintained
|
35
|
+
source = 'foobar'.encode 'US-ASCII'
|
36
|
+
str = EscapeUtils.escape_html_as_html_safe(source)
|
37
|
+
assert_equal source.encoding, str.encoding
|
38
|
+
end
|
39
|
+
|
7
40
|
def test_escape_basic_html_with_secure
|
8
|
-
assert_equal "<some_tag
|
41
|
+
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
|
9
42
|
|
10
|
-
secure_before = EscapeUtils.html_secure
|
11
43
|
EscapeUtils.html_secure = true
|
12
|
-
assert_equal "<some_tag
|
13
|
-
EscapeUtils.html_secure = secure_before
|
44
|
+
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
|
14
45
|
end
|
15
46
|
|
16
47
|
def test_escape_basic_html_without_secure
|
17
48
|
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>", false)
|
18
49
|
|
19
|
-
secure_before = EscapeUtils.html_secure
|
20
50
|
EscapeUtils.html_secure = false
|
21
51
|
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
|
22
|
-
EscapeUtils.html_secure = secure_before
|
23
52
|
end
|
24
53
|
|
25
54
|
def test_escape_double_quotes
|
26
|
-
assert_equal "<some_tag some_attr="some value"
|
55
|
+
assert_equal "<some_tag some_attr="some value"/>", EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>")
|
27
56
|
end
|
28
57
|
|
29
58
|
def test_escape_single_quotes
|
30
|
-
assert_equal "<some_tag some_attr='some value'
|
59
|
+
assert_equal "<some_tag some_attr='some value'/>", EscapeUtils.escape_html("<some_tag some_attr='some value'/>")
|
31
60
|
end
|
32
61
|
|
33
62
|
def test_escape_ampersand
|
34
|
-
assert_equal "<b>Bourbon & Branch<
|
63
|
+
assert_equal "<b>Bourbon & Branch</b>", EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
|
35
64
|
end
|
36
65
|
|
37
|
-
def
|
38
|
-
|
39
|
-
|
66
|
+
def test_escape_html_once
|
67
|
+
{
|
68
|
+
'&<' => '&<',
|
69
|
+
'&<&x;' => '&<&x;',
|
70
|
+
'&' => '&amp',
|
71
|
+
'&!;' => '&!;',
|
72
|
+
'�' => '�',
|
73
|
+
' ' => ' ',
|
74
|
+
'
' => '&#10',
|
75
|
+
'�' => '�',
|
76
|
+
'�' => '�',
|
77
|
+
'ð' => 'ð',
|
78
|
+
'ð' => '&#xf0',
|
79
|
+
'&#x;' => '&#x;',
|
80
|
+
'oo;' => '&#xfoo;',
|
81
|
+
'&#;' => '&#;',
|
82
|
+
'&#foo;' => '&#foo;',
|
83
|
+
'foo&bar' => 'foo&bar',
|
84
|
+
}.each do |(input, output)|
|
85
|
+
assert_equal output, EscapeUtils.escape_html_once(input)
|
86
|
+
assert_equal output, EscapeUtils.escape_html_once_as_html_safe(input)
|
87
|
+
end
|
40
88
|
end
|
41
89
|
|
42
90
|
def test_html_safe_escape_default_works
|
@@ -45,27 +93,21 @@ class HtmlEscapeTest < Minitest::Test
|
|
45
93
|
end
|
46
94
|
|
47
95
|
def test_returns_custom_string_class
|
48
|
-
klass_before = EscapeUtils.html_safe_string_class
|
49
96
|
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
|
50
97
|
|
51
98
|
str = EscapeUtils.escape_html_as_html_safe('foobar')
|
52
99
|
assert_equal 'foobar', str
|
53
100
|
assert_equal MyCustomHtmlSafeString, str.class
|
54
101
|
assert_equal true, str.instance_variable_get(:@html_safe)
|
55
|
-
ensure
|
56
|
-
EscapeUtils.html_safe_string_class = klass_before
|
57
102
|
end
|
58
103
|
|
59
104
|
def test_returns_custom_string_class_when_string_requires_escaping
|
60
|
-
klass_before = EscapeUtils.html_safe_string_class
|
61
105
|
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
|
62
106
|
|
63
107
|
str = EscapeUtils.escape_html_as_html_safe("<script>")
|
64
108
|
assert_equal "<script>", str
|
65
109
|
assert_equal MyCustomHtmlSafeString, str.class
|
66
110
|
assert_equal true, str.instance_variable_get(:@html_safe)
|
67
|
-
ensure
|
68
|
-
EscapeUtils.html_safe_string_class = klass_before
|
69
111
|
end
|
70
112
|
|
71
113
|
def test_html_safe_string_class_descends_string
|
@@ -81,26 +123,8 @@ class HtmlEscapeTest < Minitest::Test
|
|
81
123
|
end
|
82
124
|
end
|
83
125
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
str.force_encoding 'ISO-8859-1'
|
89
|
-
assert_raises Encoding::CompatibilityError do
|
90
|
-
EscapeUtils.escape_html(str)
|
91
|
-
end
|
92
|
-
|
93
|
-
str.force_encoding 'UTF-8'
|
94
|
-
begin
|
95
|
-
EscapeUtils.escape_html(str)
|
96
|
-
rescue Encoding::CompatibilityError => e
|
97
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
def test_return_value_is_tagged_as_utf8
|
102
|
-
str = "<b>Bourbon & Branch</b>".encode('utf-8')
|
103
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
|
104
|
-
end
|
126
|
+
def test_return_value_is_tagged_as_utf8
|
127
|
+
str = "<b>Bourbon & Branch</b>".encode('utf-8')
|
128
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
|
105
129
|
end
|
106
130
|
end
|
data/test/html/unescape_test.rb
CHANGED
@@ -23,26 +23,8 @@ class HtmlUnescapeTest < Minitest::Test
|
|
23
23
|
assert_equal "<", EscapeUtils.unescape_html("<")
|
24
24
|
end
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
escaped.force_encoding 'ISO-8859-1'
|
31
|
-
assert_raises Encoding::CompatibilityError do
|
32
|
-
EscapeUtils.unescape_html(escaped)
|
33
|
-
end
|
34
|
-
|
35
|
-
escaped.force_encoding 'UTF-8'
|
36
|
-
begin
|
37
|
-
EscapeUtils.unescape_html(escaped)
|
38
|
-
rescue Encoding::CompatibilityError => e
|
39
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_return_value_is_tagged_as_utf8
|
44
|
-
escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
|
45
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_html(escaped).encoding
|
46
|
-
end
|
26
|
+
def test_return_value_is_tagged_as_utf8
|
27
|
+
escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
|
28
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_html(escaped).encoding
|
47
29
|
end
|
48
30
|
end
|
data/test/html_safety_test.rb
CHANGED
@@ -1,37 +1,11 @@
|
|
1
1
|
require File.expand_path("../helper", __FILE__)
|
2
2
|
|
3
|
-
class Object
|
4
|
-
def html_safe?
|
5
|
-
false
|
6
|
-
end
|
7
|
-
end
|
8
|
-
|
9
|
-
class TestSafeBuffer < String
|
10
|
-
def html_safe?
|
11
|
-
true
|
12
|
-
end
|
13
|
-
|
14
|
-
def html_safe
|
15
|
-
self
|
16
|
-
end
|
17
|
-
|
18
|
-
def to_s
|
19
|
-
self
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
class String
|
24
|
-
def html_safe
|
25
|
-
TestSafeBuffer.new(self)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
3
|
class HtmlEscapeTest < Minitest::Test
|
30
4
|
include EscapeUtils::HtmlSafety
|
31
5
|
|
32
6
|
def test_marks_escaped_strings_safe
|
33
7
|
escaped = _escape_html("<strong>unsafe</strong>")
|
34
|
-
assert_equal "<strong>unsafe<
|
8
|
+
assert_equal "<strong>unsafe</strong>", escaped
|
35
9
|
assert escaped.html_safe?
|
36
10
|
end
|
37
11
|
|
@@ -1,42 +1,75 @@
|
|
1
1
|
require File.expand_path("../../helper", __FILE__)
|
2
2
|
|
3
3
|
class JavascriptEscapeTest < Minitest::Test
|
4
|
+
ActiveSupport.escape_html_entities_in_json = true
|
5
|
+
|
6
|
+
module ActionViewHelper
|
7
|
+
include ActionView::Helpers::JavaScriptHelper
|
8
|
+
extend self
|
9
|
+
end
|
10
|
+
|
4
11
|
def test_returns_empty_string_if_nil_passed
|
5
|
-
|
12
|
+
assert_compatible nil
|
6
13
|
end
|
7
14
|
|
8
15
|
def test_quotes_and_newlines
|
9
|
-
|
16
|
+
assert_compatible %(This "thing" is really\n netos\r\n\n')
|
10
17
|
end
|
11
18
|
|
12
19
|
def test_backslashes
|
13
|
-
|
20
|
+
assert_compatible %(backslash\\test)
|
14
21
|
end
|
15
22
|
|
16
23
|
def test_closed_html_tags
|
17
|
-
|
24
|
+
assert_compatible %(keep <open>, but dont </close> tags)
|
18
25
|
end
|
19
26
|
|
20
|
-
|
21
|
-
|
22
|
-
|
27
|
+
def test_escape_javascript
|
28
|
+
assert_compatible 123
|
29
|
+
assert_compatible :en
|
30
|
+
assert_compatible false
|
31
|
+
assert_compatible true
|
32
|
+
assert_compatible %(don't </close> tags)
|
33
|
+
assert_compatible (+%(unicode \342\200\250 newline)).force_encoding(Encoding::UTF_8).encode!
|
34
|
+
assert_compatible (+%(unicode \342\200\251 newline)).force_encoding(Encoding::UTF_8).encode!
|
35
|
+
assert_compatible %(don't </close> tags)
|
36
|
+
end
|
23
37
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
38
|
+
def test_escape_backtick
|
39
|
+
assert_compatible "`"
|
40
|
+
end
|
41
|
+
|
42
|
+
def test_escape_dollar_sign
|
43
|
+
assert_compatible "$"
|
44
|
+
end
|
28
45
|
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
46
|
+
def test_input_must_be_utf8_or_ascii
|
47
|
+
str = "dont </close> tags"
|
48
|
+
|
49
|
+
str.force_encoding Encoding::ISO_8859_1
|
50
|
+
assert_raises Encoding::CompatibilityError do
|
51
|
+
EscapeUtils.escape_javascript(str)
|
35
52
|
end
|
36
53
|
|
37
|
-
|
38
|
-
|
39
|
-
|
54
|
+
str.force_encoding Encoding::UTF_8
|
55
|
+
begin
|
56
|
+
EscapeUtils.escape_javascript(str)
|
57
|
+
rescue Encoding::CompatibilityError => e
|
58
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
40
59
|
end
|
41
60
|
end
|
61
|
+
|
62
|
+
def test_return_value_is_tagged_as_utf8
|
63
|
+
str = "dont </close> tags"
|
64
|
+
assert_equal Encoding::UTF_8, EscapeUtils.escape_javascript(str).encoding
|
65
|
+
end
|
66
|
+
|
67
|
+
private
|
68
|
+
|
69
|
+
def assert_compatible(src)
|
70
|
+
assert_equal(
|
71
|
+
ActionViewHelper.escape_javascript(src),
|
72
|
+
EscapeUtils.escape_javascript(src),
|
73
|
+
)
|
74
|
+
end
|
42
75
|
end
|
@@ -21,26 +21,24 @@ class JavascriptUnescapeTest < Minitest::Test
|
|
21
21
|
assert_equal "\\", EscapeUtils.unescape_javascript("\\")
|
22
22
|
end
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
EscapeUtils.unescape_javascript(escaped)
|
31
|
-
end
|
32
|
-
|
33
|
-
escaped.force_encoding 'UTF-8'
|
34
|
-
begin
|
35
|
-
EscapeUtils.unescape_javascript(escaped)
|
36
|
-
rescue Encoding::CompatibilityError => e
|
37
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
38
|
-
end
|
24
|
+
def test_input_must_be_utf8_or_ascii
|
25
|
+
escaped = EscapeUtils.escape_javascript("dont </close> tags")
|
26
|
+
|
27
|
+
escaped.force_encoding 'ISO-8859-1'
|
28
|
+
assert_raises Encoding::CompatibilityError do
|
29
|
+
EscapeUtils.unescape_javascript(escaped)
|
39
30
|
end
|
40
31
|
|
41
|
-
|
42
|
-
|
43
|
-
|
32
|
+
escaped.force_encoding 'UTF-8'
|
33
|
+
begin
|
34
|
+
EscapeUtils.unescape_javascript(escaped)
|
35
|
+
rescue Encoding::CompatibilityError => e
|
36
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
44
37
|
end
|
45
38
|
end
|
39
|
+
|
40
|
+
def test_return_value_is_tagged_as_utf8
|
41
|
+
escaped = EscapeUtils.escape_javascript("dont </close> tags")
|
42
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_javascript(escaped).encoding
|
43
|
+
end
|
46
44
|
end
|
data/test/query/escape_test.rb
CHANGED
@@ -25,26 +25,8 @@ class QueryEscapeTest < Minitest::Test
|
|
25
25
|
assert_equal '%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8', EscapeUtils.escape_url(matz_name_sep)
|
26
26
|
end
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
str.force_encoding 'ISO-8859-1'
|
33
|
-
assert_raises Encoding::CompatibilityError do
|
34
|
-
EscapeUtils.escape_url(str)
|
35
|
-
end
|
36
|
-
|
37
|
-
str.force_encoding 'UTF-8'
|
38
|
-
begin
|
39
|
-
EscapeUtils.escape_url(str)
|
40
|
-
rescue Encoding::CompatibilityError => e
|
41
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
def test_return_value_is_tagged_as_utf8
|
46
|
-
str = "a+space"
|
47
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
|
48
|
-
end
|
28
|
+
def test_return_value_is_tagged_as_utf8
|
29
|
+
str = "a+space"
|
30
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
|
49
31
|
end
|
50
32
|
end
|
data/test/query/unescape_test.rb
CHANGED
@@ -20,33 +20,15 @@ class QueryUnescapeTest < Minitest::Test
|
|
20
20
|
|
21
21
|
def test_url_containing_multibyte_characters
|
22
22
|
matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8" # Matsumoto
|
23
|
-
matz_name.force_encoding('UTF-8')
|
23
|
+
matz_name.force_encoding('UTF-8')
|
24
24
|
assert_equal matz_name, EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
|
25
25
|
matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8" # Matsu moto
|
26
|
-
matz_name_sep.force_encoding('UTF-8')
|
26
|
+
matz_name_sep.force_encoding('UTF-8')
|
27
27
|
assert_equal matz_name_sep, EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8')
|
28
28
|
end
|
29
29
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
escaped.force_encoding 'ISO-8859-1'
|
35
|
-
assert_raises Encoding::CompatibilityError do
|
36
|
-
EscapeUtils.unescape_url(escaped)
|
37
|
-
end
|
38
|
-
|
39
|
-
escaped.force_encoding 'UTF-8'
|
40
|
-
begin
|
41
|
-
EscapeUtils.unescape_url(escaped)
|
42
|
-
rescue Encoding::CompatibilityError => e
|
43
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_return_value_is_tagged_as_utf8
|
48
|
-
escaped = EscapeUtils.escape_url("a space")
|
49
|
-
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_url(escaped).encoding
|
50
|
-
end
|
30
|
+
def test_return_value_is_tagged_as_utf8
|
31
|
+
escaped = EscapeUtils.escape_url("a space")
|
32
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_url(escaped).encoding
|
51
33
|
end
|
52
34
|
end
|
data/test/uri/escape_test.rb
CHANGED
@@ -5,7 +5,7 @@ class UriEscapeTest < Minitest::Test
|
|
5
5
|
def test_uri_stdlib_compatibility
|
6
6
|
(0..127).each do |i|
|
7
7
|
c = i.chr
|
8
|
-
assert_equal URI.escape(c), EscapeUtils.escape_uri(c)
|
8
|
+
assert_equal URI::DEFAULT_PARSER.escape(c), EscapeUtils.escape_uri(c)
|
9
9
|
end
|
10
10
|
end
|
11
11
|
|
@@ -33,26 +33,24 @@ class UriEscapeTest < Minitest::Test
|
|
33
33
|
assert_equal "a/slash", EscapeUtils.escape_uri("a/slash")
|
34
34
|
end
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
str = "fo<o>bar"
|
36
|
+
def test_input_must_be_utf8_or_ascii
|
37
|
+
str = "fo<o>bar"
|
39
38
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
end
|
44
|
-
|
45
|
-
str.force_encoding 'UTF-8'
|
46
|
-
begin
|
47
|
-
EscapeUtils.escape_uri(str)
|
48
|
-
rescue Encoding::CompatibilityError => e
|
49
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
50
|
-
end
|
39
|
+
str.force_encoding 'ISO-8859-1'
|
40
|
+
assert_raises Encoding::CompatibilityError do
|
41
|
+
EscapeUtils.escape_uri(str)
|
51
42
|
end
|
52
43
|
|
53
|
-
|
54
|
-
|
55
|
-
|
44
|
+
str.force_encoding 'UTF-8'
|
45
|
+
begin
|
46
|
+
EscapeUtils.escape_uri(str)
|
47
|
+
rescue Encoding::CompatibilityError => e
|
48
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
56
49
|
end
|
57
50
|
end
|
51
|
+
|
52
|
+
def test_return_value_is_tagged_as_utf8
|
53
|
+
str = "fo<o>bar"
|
54
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_uri(str).encoding
|
55
|
+
end
|
58
56
|
end
|
data/test/uri/unescape_test.rb
CHANGED
@@ -23,10 +23,10 @@ class UriUnescapeTest < Minitest::Test
|
|
23
23
|
|
24
24
|
def test_uri_containing_multibyte_charactes
|
25
25
|
matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8" # Matsumoto
|
26
|
-
matz_name.force_encoding('UTF-8')
|
26
|
+
matz_name.force_encoding('UTF-8')
|
27
27
|
assert_equal matz_name, EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
|
28
28
|
matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8" # Matsu moto
|
29
|
-
matz_name_sep.force_encoding('UTF-8')
|
29
|
+
matz_name_sep.force_encoding('UTF-8')
|
30
30
|
assert_equal matz_name_sep, EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8')
|
31
31
|
end
|
32
32
|
|
@@ -41,26 +41,24 @@ class UriUnescapeTest < Minitest::Test
|
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
44
|
-
|
45
|
-
|
46
|
-
escaped = EscapeUtils.escape_uri("fo<o>bar")
|
44
|
+
def test_input_must_be_valid_utf8_or_ascii
|
45
|
+
escaped = EscapeUtils.escape_uri("fo<o>bar")
|
47
46
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
end
|
52
|
-
|
53
|
-
escaped.force_encoding 'UTF-8'
|
54
|
-
begin
|
55
|
-
EscapeUtils.unescape_uri(escaped)
|
56
|
-
rescue Encoding::CompatibilityError => e
|
57
|
-
assert_nil e, "#{e.class.name} raised, expected not to"
|
58
|
-
end
|
47
|
+
escaped.force_encoding 'ISO-8859-1'
|
48
|
+
assert_raises Encoding::CompatibilityError do
|
49
|
+
EscapeUtils.unescape_uri(escaped)
|
59
50
|
end
|
60
51
|
|
61
|
-
|
62
|
-
|
63
|
-
|
52
|
+
escaped.force_encoding 'UTF-8'
|
53
|
+
begin
|
54
|
+
EscapeUtils.unescape_uri(escaped)
|
55
|
+
rescue Encoding::CompatibilityError => e
|
56
|
+
assert_nil e, "#{e.class.name} raised, expected not to"
|
64
57
|
end
|
65
58
|
end
|
59
|
+
|
60
|
+
def test_return_value_is_tagged_as_utf8
|
61
|
+
escaped = EscapeUtils.escape_uri("a space")
|
62
|
+
assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_uri(escaped).encoding
|
63
|
+
end
|
66
64
|
end
|