escape_utils 1.2.0 → 1.3.0

data/lib/escape_utils.rb

@@ -1,22 +1,74 @@
+require 'cgi'
 require 'escape_utils/escape_utils'
 require 'escape_utils/version' unless defined? EscapeUtils::VERSION
 
 module EscapeUtils
   extend self
 
-  # turn on/off the escaping of the '/' character during HTML escaping
-  # Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
-  # This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
-  def self.html_secure
-    @html_secure
+  def html_secure
+    warn "EscapeUtils.html_secure is deprecated"
+    false
+  end
+
+  def html_secure=(val)
+    warn "EscapeUtils.html_secure is deprecated"
   end
-  self.html_secure = true
 
   # Default String class to return from HTML escaping
-  def self.html_safe_string_class
-    @html_safe_string_class
+  attr_reader :html_safe_string_class
+
+  def html_safe_string_class=(klass)
+    unless String >= klass
+      raise ArgumentError, "EscapeUtils.html_safe_string_class must inherit from ::String"
+    end
+    @html_safe_string_class = klass
   end
+
   self.html_safe_string_class = String
 
   autoload :HtmlSafety, 'escape_utils/html_safety'
-end
+
+  def self.escape_html_once_as_html_safe(html)
+    escaped = escape_html_once(html)
+    if String == @html_safe_string_class
+      escaped
+    else
+      escaped = @html_safe_string_class.new(escaped)
+      escaped.instance_variable_set(:@html_safe, true)
+      escaped
+    end
+  end
+
+  def self.escape_html(html, secure = false)
+    warn "EscapeUtils.escape_html is deprecated. Use GCI.escapeHTML instead, it's faster"
+    CGI.escapeHTML(html)
+  end
+
+  def self.escape_html_as_html_safe(html)
+    warn "EscapeUtils.escape_html_as_html_safe is deprecated. Use GCI.escapeHTML(str).html_safe instead, it's faster"
+
+    escaped = CGI.escapeHTML(html)
+    if String == @html_safe_string_class
+      escaped
+    else
+      escaped = @html_safe_string_class.new(escaped)
+      escaped.instance_variable_set(:@html_safe, true)
+      escaped
+    end
+  end
+
+  def self.unescape_html(html)
+    warn "EscapeUtils.unescape_html is deprecated. Use GCI.unescapeHTML instead, performance is similar"
+    CGI.unescapeHTML(html)
+  end
+
+  def self.escape_url(string)
+    warn "EscapeUtils.escape_url is deprecated. Use CGI.escape instead, performance is similar"
+    CGI.escape(string)
+  end
+
+  def self.unescape_url(string)
+    warn "EscapeUtils.unescape_url is deprecated. Use CGI.unescape instead, performance is similar"
+    CGI.unescape(string)
+  end
+end

data/test/helper.rb

@@ -1,11 +1,24 @@
 # Basic test environment.
 
-# blah fuck this
-require 'rubygems' if !defined?(Gem)
-require 'bundler/setup'
+module HideOwnWarnings
+  def warn(message)
+    unless message.include?("EscapeUtils")
+      super
+    end
+  end
+end
+Warning.prepend(HideOwnWarnings)
 
+require 'bundler/setup'
 require 'escape_utils'
 
+require 'active_support'
+require 'active_support/json'
+require "active_support/core_ext/string/output_safety"
+
+require 'action_view'
+require 'action_view/helpers'
+
 # bring in minitest
 require 'minitest/autorun'
 

data/test/html/escape_test.rb

@@ -1,42 +1,90 @@
 require File.expand_path("../../helper", __FILE__)
 
-class MyCustomHtmlSafeString < String
-end
-
 class HtmlEscapeTest < Minitest::Test
+  MyCustomHtmlSafeString = Class.new(String)
+
+  def setup
+    @_previous_safe = EscapeUtils.html_secure
+    @_previous_class = EscapeUtils.html_safe_string_class
+  end
+
+  def teardown
+    EscapeUtils.html_secure = @_previous_safe
+    EscapeUtils.html_safe_string_class = @_previous_class
+  end
+
+  def test_escape_source_encoding_is_maintained
+    source = 'foobar'
+    str = EscapeUtils.escape_html_as_html_safe(source)
+    assert_equal source.encoding, str.encoding
+  end
+
+  def test_escape_binary_encoding_is_maintained
+    source = 'foobar'.b
+    str = EscapeUtils.escape_html_as_html_safe(source)
+    assert_equal source.encoding, str.encoding
+  end
+
+  def test_escape_uft8_encoding_is_maintained
+    source = 'foobar'.encode 'UTF-8'
+    str = EscapeUtils.escape_html_as_html_safe(source)
+    assert_equal source.encoding, str.encoding
+  end
+
+  def test_escape_us_ascii_encoding_is_maintained
+    source = 'foobar'.encode 'US-ASCII'
+    str = EscapeUtils.escape_html_as_html_safe(source)
+    assert_equal source.encoding, str.encoding
+  end
+
   def test_escape_basic_html_with_secure
-    assert_equal "&lt;some_tag&#47;&gt;", EscapeUtils.escape_html("<some_tag/>")
+    assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_html("<some_tag/>")
 
-    secure_before = EscapeUtils.html_secure
     EscapeUtils.html_secure = true
-    assert_equal "&lt;some_tag&#47;&gt;", EscapeUtils.escape_html("<some_tag/>")
-    EscapeUtils.html_secure = secure_before
+    assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_html("<some_tag/>")
   end
 
   def test_escape_basic_html_without_secure
     assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_html("<some_tag/>", false)
 
-    secure_before = EscapeUtils.html_secure
     EscapeUtils.html_secure = false
     assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_html("<some_tag/>")
-    EscapeUtils.html_secure = secure_before
   end
 
   def test_escape_double_quotes
-    assert_equal "&lt;some_tag some_attr=&quot;some value&quot;&#47;&gt;", EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>")
+    assert_equal "&lt;some_tag some_attr=&quot;some value&quot;/&gt;", EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>")
   end
 
   def test_escape_single_quotes
-    assert_equal "&lt;some_tag some_attr=&#39;some value&#39;&#47;&gt;", EscapeUtils.escape_html("<some_tag some_attr='some value'/>")
+    assert_equal "&lt;some_tag some_attr=&#39;some value&#39;/&gt;", EscapeUtils.escape_html("<some_tag some_attr='some value'/>")
   end
 
   def test_escape_ampersand
-    assert_equal "&lt;b&gt;Bourbon &amp; Branch&lt;&#47;b&gt;", EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
+    assert_equal "&lt;b&gt;Bourbon &amp; Branch&lt;/b&gt;", EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
   end
 
-  def test_returns_original_if_not_escaped
-    str = 'foobar'
-    assert_equal str.object_id, EscapeUtils.escape_html(str).object_id
+  def test_escape_html_once
+    {
+      '&<' => '&amp;&lt;',
+      '&amp;&lt;&x;' => '&amp;&lt;&x;',
+      '&amp' => '&amp;amp',
+      '&!;' => '&amp;!;',
+      '&#0;' => '&#0;',
+      '&#10;' => '&#10;',
+      '&#10' => '&amp;#10',
+      '&#10000000000;' => '&#10000000000;',
+      '&#x0;' => '&#x0;',
+      '&#xf0;' => '&#xf0;',
+      '&#xf0' => '&amp;#xf0',
+      '&#x;' => '&amp;#x;',
+      '&#xfoo;' => '&amp;#xfoo;',
+      '&#;' => '&amp;#;',
+      '&#foo;' => '&amp;#foo;',
+      'foo&amp;bar' => 'foo&amp;bar',
+    }.each do |(input, output)|
+      assert_equal output, EscapeUtils.escape_html_once(input)
+      assert_equal output, EscapeUtils.escape_html_once_as_html_safe(input)
+    end
   end
 
   def test_html_safe_escape_default_works
@@ -45,27 +93,21 @@ class HtmlEscapeTest < Minitest::Test
   end
 
   def test_returns_custom_string_class
-    klass_before = EscapeUtils.html_safe_string_class
     EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
 
     str = EscapeUtils.escape_html_as_html_safe('foobar')
     assert_equal 'foobar', str
     assert_equal MyCustomHtmlSafeString, str.class
     assert_equal true, str.instance_variable_get(:@html_safe)
-  ensure
-    EscapeUtils.html_safe_string_class = klass_before
   end
 
   def test_returns_custom_string_class_when_string_requires_escaping
-    klass_before = EscapeUtils.html_safe_string_class
     EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
 
     str = EscapeUtils.escape_html_as_html_safe("<script>")
     assert_equal "&lt;script&gt;", str
     assert_equal MyCustomHtmlSafeString, str.class
     assert_equal true, str.instance_variable_get(:@html_safe)
-  ensure
-    EscapeUtils.html_safe_string_class = klass_before
   end
 
   def test_html_safe_string_class_descends_string
@@ -81,26 +123,8 @@ class HtmlEscapeTest < Minitest::Test
     end
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_utf8_or_ascii_input_only
-      str = "<b>Bourbon & Branch</b>"
-
-      str.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.escape_html(str)
-      end
-
-      str.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.escape_html(str)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
-    end
-
-    def test_return_value_is_tagged_as_utf8
-      str = "<b>Bourbon & Branch</b>".encode('utf-8')
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
-    end
+  def test_return_value_is_tagged_as_utf8
+    str = "<b>Bourbon & Branch</b>".encode('utf-8')
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
   end
 end

data/test/html/unescape_test.rb

@@ -23,26 +23,8 @@ class HtmlUnescapeTest < Minitest::Test
     assert_equal "&lt", EscapeUtils.unescape_html("&lt")
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_utf8_or_ascii
-      escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
-
-      escaped.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.unescape_html(escaped)
-      end
-
-      escaped.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.unescape_html(escaped)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
-    end
-
-    def test_return_value_is_tagged_as_utf8
-      escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_html(escaped).encoding
-    end
+  def test_return_value_is_tagged_as_utf8
+    escaped = EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_html(escaped).encoding
   end
 end

data/test/html_safety_test.rb

@@ -1,37 +1,11 @@
 require File.expand_path("../helper", __FILE__)
 
-class Object
-  def html_safe?
-    false
-  end
-end
-
-class TestSafeBuffer < String
-  def html_safe?
-    true
-  end
-
-  def html_safe
-    self
-  end
-
-  def to_s
-    self
-  end
-end
-
-class String
-  def html_safe
-    TestSafeBuffer.new(self)
-  end
-end
-
 class HtmlEscapeTest < Minitest::Test
   include EscapeUtils::HtmlSafety
 
   def test_marks_escaped_strings_safe
     escaped = _escape_html("<strong>unsafe</strong>")
-    assert_equal "&lt;strong&gt;unsafe&lt;&#47;strong&gt;", escaped
+    assert_equal "&lt;strong&gt;unsafe&lt;/strong&gt;", escaped
     assert escaped.html_safe?
   end
 

data/test/javascript/escape_test.rb

@@ -1,42 +1,75 @@
 require File.expand_path("../../helper", __FILE__)
 
 class JavascriptEscapeTest < Minitest::Test
+  ActiveSupport.escape_html_entities_in_json = true
+
+  module ActionViewHelper
+    include ActionView::Helpers::JavaScriptHelper
+    extend self
+  end
+
   def test_returns_empty_string_if_nil_passed
-    assert_equal "", EscapeUtils.escape_javascript(nil)
+    assert_compatible nil
   end
 
   def test_quotes_and_newlines
-    assert_equal %(This \\"thing\\" is really\\n netos\\n\\n\\'), EscapeUtils.escape_javascript(%(This "thing" is really\n netos\r\n\n'))
+    assert_compatible %(This "thing" is really\n netos\r\n\n')
   end
 
   def test_backslashes
-    assert_equal %(backslash\\\\test), EscapeUtils.escape_javascript(%(backslash\\test))
+    assert_compatible %(backslash\\test)
   end
 
   def test_closed_html_tags
-    assert_equal %(keep <open>, but dont <\\/close> tags), EscapeUtils.escape_javascript(%(keep <open>, but dont </close> tags))
+    assert_compatible %(keep <open>, but dont </close> tags)
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_utf8_or_ascii
-      str = "dont </close> tags"
+  def test_escape_javascript
+    assert_compatible 123
+    assert_compatible :en
+    assert_compatible false
+    assert_compatible true
+    assert_compatible %(don't </close> tags)
+    assert_compatible (+%(unicode \342\200\250 newline)).force_encoding(Encoding::UTF_8).encode!
+    assert_compatible (+%(unicode \342\200\251 newline)).force_encoding(Encoding::UTF_8).encode!
+    assert_compatible %(don't </close> tags)
+  end
 
-      str.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.escape_javascript(str)
-      end
+  def test_escape_backtick
+    assert_compatible "`"
+  end
+
+  def test_escape_dollar_sign
+    assert_compatible "$"
+  end
 
-      str.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.escape_javascript(str)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
+  def test_input_must_be_utf8_or_ascii
+    str = "dont </close> tags"
+
+    str.force_encoding Encoding::ISO_8859_1
+    assert_raises Encoding::CompatibilityError do
+      EscapeUtils.escape_javascript(str)
     end
 
-    def test_return_value_is_tagged_as_utf8
-      str = "dont </close> tags"
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_javascript(str).encoding
+    str.force_encoding Encoding::UTF_8
+    begin
+      EscapeUtils.escape_javascript(str)
+    rescue Encoding::CompatibilityError => e
+      assert_nil e, "#{e.class.name} raised, expected not to"
     end
   end
+
+  def test_return_value_is_tagged_as_utf8
+    str = "dont </close> tags"
+    assert_equal Encoding::UTF_8, EscapeUtils.escape_javascript(str).encoding
+  end
+
+  private
+
+  def assert_compatible(src)
+    assert_equal(
+      ActionViewHelper.escape_javascript(src),
+      EscapeUtils.escape_javascript(src),
+    )
+  end
 end

data/test/javascript/unescape_test.rb

@@ -21,26 +21,24 @@ class JavascriptUnescapeTest < Minitest::Test
     assert_equal "\\", EscapeUtils.unescape_javascript("\\")
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_utf8_or_ascii
-      escaped = EscapeUtils.escape_javascript("dont </close> tags")
-
-      escaped.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.unescape_javascript(escaped)
-      end
-
-      escaped.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.unescape_javascript(escaped)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
+  def test_input_must_be_utf8_or_ascii
+    escaped = EscapeUtils.escape_javascript("dont </close> tags")
+
+    escaped.force_encoding 'ISO-8859-1'
+    assert_raises Encoding::CompatibilityError do
+      EscapeUtils.unescape_javascript(escaped)
     end
 
-    def test_return_value_is_tagged_as_utf8
-      escaped = EscapeUtils.escape_javascript("dont </close> tags")
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_javascript(escaped).encoding
+    escaped.force_encoding 'UTF-8'
+    begin
+      EscapeUtils.unescape_javascript(escaped)
+    rescue Encoding::CompatibilityError => e
+      assert_nil e, "#{e.class.name} raised, expected not to"
     end
   end
+
+  def test_return_value_is_tagged_as_utf8
+    escaped = EscapeUtils.escape_javascript("dont </close> tags")
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_javascript(escaped).encoding
+  end
 end

data/test/query/escape_test.rb

@@ -25,26 +25,8 @@ class QueryEscapeTest < Minitest::Test
     assert_equal '%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8', EscapeUtils.escape_url(matz_name_sep)
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_utf8_or_ascii
-      str = "a space"
-
-      str.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.escape_url(str)
-      end
-
-      str.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.escape_url(str)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
-    end
-
-    def test_return_value_is_tagged_as_utf8
-      str = "a+space"
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
-    end
+  def test_return_value_is_tagged_as_utf8
+    str = "a+space"
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_url(str).encoding
   end
 end

data/test/query/unescape_test.rb

@@ -20,33 +20,15 @@ class QueryUnescapeTest < Minitest::Test
 
   def test_url_containing_multibyte_characters
     matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8" # Matsumoto
-    matz_name.force_encoding('UTF-8') if matz_name.respond_to?(:force_encoding)
+    matz_name.force_encoding('UTF-8')
     assert_equal matz_name, EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
     matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8" # Matsu moto
-    matz_name_sep.force_encoding('UTF-8') if matz_name_sep.respond_to?(:force_encoding)
+    matz_name_sep.force_encoding('UTF-8')
     assert_equal matz_name_sep, EscapeUtils.unescape_url('%E3%81%BE%E3%81%A4+%E3%82%82%E3%81%A8')
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_valid_utf8_or_ascii
-      escaped = EscapeUtils.unescape_url("a+space")
-
-      escaped.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.unescape_url(escaped)
-      end
-
-      escaped.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.unescape_url(escaped)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
-    end
-
-    def test_return_value_is_tagged_as_utf8
-      escaped = EscapeUtils.escape_url("a space")
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_url(escaped).encoding
-    end
+  def test_return_value_is_tagged_as_utf8
+    escaped = EscapeUtils.escape_url("a space")
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_url(escaped).encoding
   end
 end

data/test/uri/escape_test.rb

@@ -5,7 +5,7 @@ class UriEscapeTest < Minitest::Test
   def test_uri_stdlib_compatibility
     (0..127).each do |i|
       c = i.chr
-      assert_equal URI.escape(c), EscapeUtils.escape_uri(c)
+      assert_equal URI::DEFAULT_PARSER.escape(c), EscapeUtils.escape_uri(c)
     end
   end
 
@@ -33,26 +33,24 @@ class UriEscapeTest < Minitest::Test
     assert_equal "a/slash", EscapeUtils.escape_uri("a/slash")
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_utf8_or_ascii
-      str = "fo<o>bar"
+  def test_input_must_be_utf8_or_ascii
+    str = "fo<o>bar"
 
-      str.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.escape_uri(str)
-      end
-
-      str.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.escape_uri(str)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
+    str.force_encoding 'ISO-8859-1'
+    assert_raises Encoding::CompatibilityError do
+      EscapeUtils.escape_uri(str)
     end
 
-    def test_return_value_is_tagged_as_utf8
-      str = "fo<o>bar"
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_uri(str).encoding
+    str.force_encoding 'UTF-8'
+    begin
+      EscapeUtils.escape_uri(str)
+    rescue Encoding::CompatibilityError => e
+      assert_nil e, "#{e.class.name} raised, expected not to"
     end
   end
+
+  def test_return_value_is_tagged_as_utf8
+    str = "fo<o>bar"
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_uri(str).encoding
+  end
 end

data/test/uri/unescape_test.rb

@@ -23,10 +23,10 @@ class UriUnescapeTest < Minitest::Test
 
   def test_uri_containing_multibyte_charactes
     matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8" # Matsumoto
-    matz_name.force_encoding('UTF-8') if matz_name.respond_to?(:force_encoding)
+    matz_name.force_encoding('UTF-8')
     assert_equal matz_name, EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
     matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8" # Matsu moto
-    matz_name_sep.force_encoding('UTF-8') if matz_name_sep.respond_to?(:force_encoding)
+    matz_name_sep.force_encoding('UTF-8')
     assert_equal matz_name_sep, EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8')
   end
 
@@ -41,26 +41,24 @@ class UriUnescapeTest < Minitest::Test
     end
   end
 
-  if RUBY_VERSION =~ /^1.9/
-    def test_input_must_be_valid_utf8_or_ascii
-      escaped = EscapeUtils.escape_uri("fo<o>bar")
+  def test_input_must_be_valid_utf8_or_ascii
+    escaped = EscapeUtils.escape_uri("fo<o>bar")
 
-      escaped.force_encoding 'ISO-8859-1'
-      assert_raises Encoding::CompatibilityError do
-        EscapeUtils.unescape_uri(escaped)
-      end
-
-      escaped.force_encoding 'UTF-8'
-      begin
-        EscapeUtils.unescape_uri(escaped)
-      rescue Encoding::CompatibilityError => e
-        assert_nil e, "#{e.class.name} raised, expected not to"
-      end
+    escaped.force_encoding 'ISO-8859-1'
+    assert_raises Encoding::CompatibilityError do
+      EscapeUtils.unescape_uri(escaped)
     end
 
-    def test_return_value_is_tagged_as_utf8
-      escaped = EscapeUtils.escape_uri("a space")
-      assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_uri(escaped).encoding
+    escaped.force_encoding 'UTF-8'
+    begin
+      EscapeUtils.unescape_uri(escaped)
+    rescue Encoding::CompatibilityError => e
+      assert_nil e, "#{e.class.name} raised, expected not to"
     end
   end
+
+  def test_return_value_is_tagged_as_utf8
+    escaped = EscapeUtils.escape_uri("a space")
+    assert_equal Encoding.find('UTF-8'), EscapeUtils.unescape_uri(escaped).encoding
+  end
 end