escape_utils 1.2.2 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f26c8a24ba01ecb130e04ef9af6802ab2deb56455527ccd551ae93839736604
-  data.tar.gz: 4fc6f51b66cd0c773cf3aea923023ccb66e31cd865e9b89da81a9119540cae05
+  metadata.gz: 7b4b256a1ceb8ed2f7e673d5e2081daafb36761d93d3ebe38c6a1b51017f7ed5
+  data.tar.gz: 23de0f72e4df0b9ddf1d6ca0063fcac74696dc7da429f4b8eb5200fb90ba6435
 SHA512:
-  metadata.gz: f0f6556bd83c1068189d5a3183b2ad1df88bd4a79f46f119ae7fcfdff4339544d6e1654379fe0b64cd6f07865c67eafa83b9caa236e0ac6b23de1814fd808b2e
-  data.tar.gz: dd5e1b3baf9c594d48f0580f6c71c766e7e341fce332dba8fbd7f0a36d8611bb70e043ef3808c95e9d6a774a71d088e1136ff8025c2ae43e1588f0500d8d04ad
+  metadata.gz: 0d009060659e31a0d82073d8d6f870b174fc7647c34686d1168ac65bb6abf066043fb568c161850fb90a00ca0f0e55151874e0509089d62e92fb7c97d2187534
+  data.tar.gz: 6395d5b453930debba5b6eee4f5cc2440f2fc72f01d27c45987ecdcb461ff0edfd6ae15935f8ec9f50b010f5f4afcd4e419ee10a2bcdb995652b8be5688a316a

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Unreleased
 
+# 1.3.0
+
+- Deprecate `EscapeUtils.escape_url` and `EscapeUtils.unescape_url` given that Ruby 2.5 provides an optimized `CGI.escape` and `CGI.unescape` with mostly similar performance.
+- Don't patch `URI.escape` and `URI.unescape` if they don't already exist.
+- Add `EscapeUtils.escape_html_once` and `EscapeUtils.rb_eu_escape_html_once_as_html_safe` as faster implementations of Rails `escape_once` helper.
+- Deprecate `escape_html` and `escape_html_as_html_safe` given that Ruby 2.5 optimized `GCI.escapeHTML` to be twice faster than the `EscapeUtils` implementation.
+- Deprecate `unescape_html` given that Ruby 2.5 optimized `GCI.unescapeHTML` to be only 40% slower than th `EscapeUtils` implementation.
+- Deprecate `escape_html_as_html_safe` as well.
+- Deprecate `EscapeUtils.html_safe`, there's no reason to escape for slashes `/` in 2022.
+
 # 1.2.2
 
 - Update EscapeUtils.escape_javascript to match Rails `escape_javascript`

data/README.md

@@ -1,12 +1,12 @@
 # escape_utils
 
-Being as though we're all html escaping everything these days, why not make it faster?
+`EscapeUtils` used to provide optimized escaping function to replace the slow methods
+provided by Ruby. Since Ruby 2.5, the various `CGI` escape methods have been severely optimized
+and most `EscapeUtils` methods became irrelevant and were deprecated.
 
-For character encoding, the output string's encoding is copied from the input string.
+It however still provide fast escaping and unescaping methods for URL (RFC 3986), Javascript, XML, as well as an "escape HTML once" method.
 
-It has monkey-patches for Rack::Utils, CGI, URI, ERB::Util and Haml and ActionView so you can drop this in and have your app start escaping fast as balls in no time
-
-It supports HTML, URL, URI and Javascript escaping/unescaping.
+It has monkey-patches for Rack::Utils, URI and ERB::Util so you can drop this in and have your app start escaping fast as balls in no time
 
 ## Installing
 
@@ -22,70 +22,62 @@ escape_utils assumes all input is encoded as valid UTF-8. If you are dealing wit
 
 
 ``` ruby
-utf8_string = non_utf8_string.encode('UTF-8')
+utf8_string = non_utf8_string.encode(Encoding::UTF_8)
 ```
 
 ## Usage
 
 ### HTML
 
-#### Escaping
-
-``` ruby
-html = `curl -s http://maps.google.com`
-escaped_html = EscapeUtils.escape_html(html)
-```
+As of `escape_utils 1.3.0`, regular HTML escaping methods are deprecated. Ruby 2.5 introduced C implementations for `CGI.escapeHTML` and `CGI.unescapeHTML` which are respectively faster and almost as fast as `EscapeUtils`. Use that instead.
 
-By default escape_utils will escape `/` characters with `/`, but you can disable that by setting `EscapeUtils.html_secure = false`
-or per-call by passing `false` as the second parameter to `escape_html` like `EscapeUtils.escape_html(html, false)`
-
-For more information check out: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
-
-#### Unescaping
-
-``` ruby
-html = `curl -s http://maps.google.com`
-escaped_html = EscapeUtils.escape_html(html)
-html = EscapeUtils.unescape_html(escaped_html)
-```
+To avoid double-escaping HTML entities, use `EscapeUtils.escape_html_once`.
 
 #### Monkey Patches
 
+Since historically, `HTML` monkey patches changed the return value for `ActiveSupport::SafeBuffer` instances, they are conserved for that purpose only, but they should be considered as deprecated as well.
+
 ``` ruby
-require 'escape_utils/html/erb' # to patch ERB::Util
 require 'escape_utils/html/cgi' # to patch CGI
-require 'escape_utils/html/haml' # to patch Haml::Helpers
 ```
 
 ### URL
 
-Use (un)escape_uri to get RFC-compliant escaping (like PHP rawurlencode).
+Use `escape_uri` and `unescape` to get RFC 3986 compliant escaping (like PHP `rawurlencode` or `ERB::Util.url_encode`).
 
-Use (un)escape_url to get CGI escaping (where space is +).
+The difference with `CGI.escape` is that spaces (` `) are encoded as `%20` instead of `+`.
 
 #### Escaping
 
 ``` ruby
 url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
-escaped_url = EscapeUtils.escape_url(url)
+escaped_url = EscapeUtils.escape_uri(url)
 ```
 
 #### Unescaping
 
 ``` ruby
 url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mcEA~!!#*YH*>@!U"
-escaped_url = EscapeUtils.escape_url(url)
-EscapeUtils.unescape_url(escaped_url) == url # => true
+escaped_url = EscapeUtils.escape_uri(url)
+EscapeUtils.unescape_uri(escaped_uri) == url # => true
 ```
 
 #### Monkey Patches
 
 ``` ruby
-require 'escape_utils/url/cgi' # to patch CGI
 require 'escape_utils/url/erb' # to patch ERB::Util
 require 'escape_utils/url/uri' # to patch URI
 ```
 
+Note that `URI.escape` and `URI.unescape` were removed in Ruby 3.0. `'escape_utils/url/uri'` is a noop on Ruby 3+.
+
+### XML
+
+```ruby
+xml = `curl -s 'https://raw.githubusercontent.com/darcyliu/google-styleguide/master/cppguide.xml'`
+escaped_xml = EscapeUtils.escape_xml(xml)
+```
+
 ### Javascript
 
 #### Escaping
@@ -111,87 +103,54 @@ require 'escape_utils/javascript/action_view' # to patch ActionView::Helpers::Ja
 
 ## Benchmarks
 
-In my testing, escaping html is around 10-30x faster than the pure ruby implementations in wide use today.
-While unescaping html is around 40-100x faster than CGI.unescapeHTML which is also pure ruby.
-Escaping Javascript is around 16-30x faster.
+Escaping URL following RFC 3986 is 13-32x faster than the methods provided by Ruby.
+
+Escaping Javascript is around 13x faster than Rails `escape_javascript`.
+
+`EscapeUtils.escape_html_once` is about 17x faster than Rails `escape_once`.
 
 This output is from my laptop using the benchmark scripts in the benchmarks folder.
 
-### HTML
+### Javascript
 
 #### Escaping
 
 ```
-Rack::Utils.escape_html
- 9.650000   0.090000   9.740000 (  9.750756)
-Haml::Helpers.html_escape
- 9.310000   0.110000   9.420000 (  9.417317)
-ERB::Util.html_escape
- 5.330000   0.390000   5.720000 (  5.748394)
-CGI.escapeHTML
- 5.370000   0.380000   5.750000 (  5.791344)
-FasterHTMLEscape.html_escape
- 0.520000   0.010000   0.530000 (  0.539485)
-fast_xs_extra#fast_xs_html
- 0.310000   0.030000   0.340000 (  0.336734)
-EscapeUtils.escape_html
- 0.200000   0.050000   0.250000 (  0.258839)
+EscapeUtils.escape_javascript:                               1567.5 i/s
+ActionView::Helpers::JavaScriptHelper#escape_javascript:      116.8 i/s - 13.42x  (± 0.00) slower
 ```
 
 #### Unescaping
 
 ```
-CGI.unescapeHTML
- 16.520000   0.080000  16.600000 ( 16.853888)
-EscapeUtils.unescape_html
- 0.120000   0.040000   0.160000  (  0.162696)
+EscapeUtils.escape_javascript:    2.089k (± 3.0%) i/s -     10.530k in   5.044615s
 ```
 
-### Javascript
+I didn't look that hard, but I'm not aware of another ruby library that does Javascript unescaping to benchmark against. Anyone know of any?
+
+### URL
 
 #### Escaping
 
 ```
-ActionView::Helpers::JavaScriptHelper#escape_javascript
- 3.810000   0.100000   3.910000 (  3.925557)
-EscapeUtils.escape_javascript
- 0.200000   0.040000   0.240000 (  0.236692)
+EscapeUtils.escape_uri:       4019359.2 i/s
+fast_xs_extra#fast_xs_url:    2435949.2 i/s - 1.65x  (± 0.00) slower
+URI::DEFAULT_PARSER.escape:   288800.8 i/s - 13.92x  (± 0.00) slower
+ERB::Util.url_encode:         122373.5 i/s - 32.85x  (± 0.00) slower
 ```
 
 #### Unescaping
 
-I didn't look that hard, but I'm not aware of another ruby library that does Javascript unescaping to benchmark against. Anyone know of any?
-
-### URL
-
-#### Escaping
-
 ```
-ERB::Util.url_encode
- 0.520000   0.010000   0.530000 (  0.529277)
-Rack::Utils.escape
- 0.460000   0.010000   0.470000 (  0.466962)
-CGI.escape
- 0.440000   0.000000   0.440000 (  0.443017)
-URLEscape#escape
- 0.040000   0.000000   0.040000 (  0.045661)
-fast_xs_extra#fast_xs_url
- 0.010000   0.000000   0.010000 (  0.015429)
-EscapeUtils.escape_url
- 0.010000   0.000000   0.010000 (  0.010843)
+EscapeUtils.unescape_uri:    3866774.5 i/s
+fast_xs_extra#fast_uxs_url:  2438900.7 i/s - 1.59x  (± 0.00) slower
 ```
 
-#### Unescaping
+### HTML
+
+#### Escape once
 
 ```
-Rack::Utils.unescape
- 0.250000   0.010000   0.260000 (  0.257558)
-CGI.unescape
- 0.250000   0.000000   0.250000 (  0.257837)
-URLEscape#unescape
- 0.040000   0.000000   0.040000 (  0.031548)
-fast_xs_extra#fast_uxs_cgi
- 0.010000   0.000000   0.010000 (  0.006062)
-EscapeUtils.unescape_url
- 0.000000   0.000000   0.000000 (  0.005679)
+EscapeUtils.escape_html_once:                   2831.5 i/s
+ActionView::Helpers::TagHelper#escape_once:      161.4 i/s - 17.55x  (± 0.00) slower
 ```

data/benchmark/html_escape_once.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler/setup'
+require 'benchmark/ips'
+
+require 'escape_utils'
+require 'active_support/core_ext/string/output_safety'
+
+url = "https://en.wikipedia.org/wiki/Succession_to_the_British_throne"
+html = `curl -s #{url}`
+html = html.force_encoding('utf-8')
+puts "Escaping #{html.bytesize} bytes of html from #{url}"
+
+Benchmark.ips do |x|
+  x.report "EscapeUtils.escape_html_once" do
+    EscapeUtils.escape_html_once(html)
+  end
+
+  x.report "ActionView::Helpers::TagHelper#escape_once" do # Rails expose it as ERB::Util.html_escape_once
+    ERB::Util.html_escape_once(html)
+  end
+
+  x.compare!(order: :baseline)
+end

data/benchmark/javascript_escape.rb

@@ -13,7 +13,7 @@ end
 
 url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js"
 javascript = `curl -s #{url}`
-javascript = javascript.force_encoding('utf-8') if javascript.respond_to?(:force_encoding)
+javascript = javascript.force_encoding('utf-8')
 puts "Escaping #{javascript.bytesize} bytes of javascript, from #{url}"
 
 Benchmark.ips do |x|

data/benchmark/javascript_unescape.rb

@@ -8,7 +8,7 @@ require 'escape_utils'
 
 url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js"
 javascript = `curl -s #{url}`
-javascript = javascript.force_encoding('utf-8') if javascript.respond_to?(:force_encoding)
+javascript = javascript.force_encoding('utf-8')
 escaped_javascript = EscapeUtils.escape_javascript(javascript)
 puts "Escaping #{escaped_javascript.bytesize} bytes of javascript, from #{url}"
 

data/benchmark/url_decode.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler/setup'
+require 'benchmark/ips'
+
+require 'rack'
+require 'cgi'
+require 'url_escape'
+require 'fast_xs_extra'
+require 'escape_utils'
+
+url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA  dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----"
+url = url.force_encoding('us-ascii')
+escaped_url = EscapeUtils.escape_uri(url)
+puts "Escaping a #{url.bytesize} byte URL"
+
+Benchmark.ips do |x|
+  x.report "EscapeUtils.unescape_uri" do
+    EscapeUtils.unescape_uri(escaped_url)
+  end
+
+  x.report "fast_xs_extra#fast_uxs_url" do
+    url.fast_xs_url
+  end
+
+  x.compare!(order: :baseline)
+end

data/benchmark/url_encode.rb

@@ -0,0 +1,37 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler/setup'
+require 'benchmark/ips'
+
+require 'rack'
+require 'erb'
+require 'cgi'
+require 'url_escape'
+require 'fast_xs_extra'
+require 'escape_utils'
+
+url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA  dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----"
+puts "Escaping a #{url.bytesize} byte URL times"
+
+Benchmark.ips do |x|
+  x.report "EscapeUtils.escape_uri" do
+    EscapeUtils.escape_uri(url)
+  end
+
+  x.report " URI::DEFAULT_PARSER.escape" do
+     URI::DEFAULT_PARSER.escape(url)
+  end
+
+  x.report "ERB::Util.url_encode" do |times|
+    times.times do
+      ERB::Util.url_encode(url)
+    end
+  end
+
+  x.report "fast_xs_extra#fast_xs_url" do
+    url.fast_xs_url
+  end
+
+  x.compare!(order: :baseline)
+end

data/benchmark/xml_escape.rb

@@ -7,23 +7,19 @@ require 'benchmark/ips'
 require 'fast_xs'
 require 'escape_utils'
 
-url = "http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml"
+url = "https://raw.githubusercontent.com/darcyliu/google-styleguide/master/cppguide.xml"
 xml = `curl -s #{url}`
-xml = xml.force_encoding('binary') if xml.respond_to?(:force_encoding)
+xml = xml.force_encoding('binary')
 puts "Escaping #{xml.bytesize} bytes of xml, from #{url}"
 
 Benchmark.ips do |x|
-  x.report "fast_xs" do |times|
-    times.times do
-      xml.fast_xs
-    end
+  x.report "EscapeUtils.escape_xml" do
+    EscapeUtils.escape_xml(xml)
   end
 
-  x.report "EscapeUtils.escape_xml" do |times|
-    times.times do
-      EscapeUtils.escape_xml(xml)
-    end
+  x.report "fast_xs" do
+    xml.fast_xs
   end
 
-  x.compare!
+  x.compare!(order: :baseline)
 end

data/ext/escape_utils/escape_utils.c

@@ -9,11 +9,6 @@
 
 static VALUE rb_eEncodingCompatibilityError;
 
-static VALUE eu_new_str(const char *str, size_t len)
-{
-	return rb_enc_str_new(str, len, rb_utf8_encoding());
-}
-
 static void check_utf8_encoding(VALUE str)
 {
 	static rb_encoding *_cached[3] = {NULL, NULL, NULL};
@@ -34,41 +29,6 @@ static void check_utf8_encoding(VALUE str)
 
 typedef int (*houdini_cb)(gh_buf *, const uint8_t *, size_t);
 
-static VALUE rb_mEscapeUtils;
-static ID ID_at_html_safe, ID_new;
-
-/**
- * html_secure instance variable
- */
-static int g_html_secure = 1;
-
-static VALUE rb_eu_set_html_secure(VALUE self, VALUE val)
-{
-	g_html_secure = RTEST(val);
-	rb_ivar_set(self, rb_intern("@html_secure"), val);
-	return val;
-}
-
-/**
-* html_safe_string_class instance variable
-*/
-static VALUE rb_html_safe_string_class;
-static VALUE rb_html_safe_string_template_object;
-
-static VALUE rb_eu_set_html_safe_string_class(VALUE self, VALUE val)
-{
-	Check_Type(val, T_CLASS);
-
-	if (rb_funcall(val, rb_intern("<="), 1, rb_cString) == Qnil)
-		rb_raise(rb_eArgError, "%s must be a descendent of String", rb_class2name(val));
-
-	rb_html_safe_string_class = val;
-	rb_html_safe_string_template_object = rb_class_new_instance(0, NULL, rb_html_safe_string_class);
-	OBJ_FREEZE(rb_html_safe_string_template_object);
-	rb_ivar_set(self, rb_intern("@html_safe_string_class"), val);
-	return val;
-}
-
 /**
  * Generic template
  */
@@ -78,13 +38,13 @@ rb_eu__generic(VALUE str, houdini_cb do_escape)
 	gh_buf buf = GH_BUF_INIT;
 
 	if (NIL_P(str))
-		return eu_new_str("", 0);
+		return rb_utf8_str_new("", 0);
 
 	Check_Type(str, T_STRING);
 	check_utf8_encoding(str);
 
 	if (do_escape(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str))) {
-		VALUE result = eu_new_str(buf.ptr, buf.size);
+		VALUE result = rb_utf8_str_new(buf.ptr, buf.size);
 		gh_buf_free(&buf);
 		return result;
 	}
@@ -96,50 +56,15 @@ rb_eu__generic(VALUE str, houdini_cb do_escape)
 /**
  * HTML methods
  */
-static VALUE new_html_safe_string(const char *ptr, size_t len)
-{
-	return rb_str_new_with_class(rb_html_safe_string_template_object, ptr, len);
-}
-
-static VALUE rb_eu_escape_html_as_html_safe(VALUE self, VALUE str)
-{
-	VALUE result;
-	int secure = g_html_secure;
-	gh_buf buf = GH_BUF_INIT;
-
-	Check_Type(str, T_STRING);
-	check_utf8_encoding(str);
 
-	if (houdini_escape_html0(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str), secure)) {
-		result = new_html_safe_string(buf.ptr, buf.size);
-		gh_buf_free(&buf);
-	} else {
-		result = new_html_safe_string(RSTRING_PTR(str), RSTRING_LEN(str));
-	}
-
-	rb_ivar_set(result, ID_at_html_safe, Qtrue);
-	rb_enc_associate(result, rb_enc_get(str));
-
-	return result;
-}
-
-static VALUE rb_eu_escape_html(int argc, VALUE *argv, VALUE self)
+static VALUE rb_eu_escape_html_once(VALUE self, VALUE str)
 {
-	VALUE str, rb_secure;
 	gh_buf buf = GH_BUF_INIT;
-	int secure = g_html_secure;
-
-	if (rb_scan_args(argc, argv, "11", &str, &rb_secure) == 2) {
-		if (rb_secure == Qfalse) {
-			secure = 0;
-		}
-	}
-
 	Check_Type(str, T_STRING);
 	check_utf8_encoding(str);
 
-	if (houdini_escape_html0(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str), secure)) {
-		VALUE result = eu_new_str(buf.ptr, buf.size);
+	if (houdini_escape_html_once(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str))) {
+		VALUE result = rb_utf8_str_new(buf.ptr, buf.size);
 		gh_buf_free(&buf);
 		return result;
 	}
@@ -147,11 +72,6 @@ static VALUE rb_eu_escape_html(int argc, VALUE *argv, VALUE self)
 	return str;
 }
 
-static VALUE rb_eu_unescape_html(VALUE self, VALUE str)
-{
-	return rb_eu__generic(str, &houdini_unescape_html);
-}
-
 
 /**
  * XML methods
@@ -175,21 +95,6 @@ static VALUE rb_eu_unescape_js(VALUE self, VALUE str)
 	return rb_eu__generic(str, &houdini_unescape_js);
 }
 
-
-/**
- * URL methods
- */
-static VALUE rb_eu_escape_url(VALUE self, VALUE str)
-{
-	return rb_eu__generic(str, &houdini_escape_url);
-}
-
-static VALUE rb_eu_unescape_url(VALUE self, VALUE str)
-{
-	return rb_eu__generic(str, &houdini_unescape_url);
-}
-
-
 /**
  * URI methods
  */
@@ -216,7 +121,6 @@ static VALUE rb_eu_unescape_uri_component(VALUE self, VALUE str)
 	return rb_eu__generic(str, &houdini_unescape_uri_component);
 }
 
-
 /**
  * Ruby Extension initializer
  */
@@ -225,26 +129,14 @@ void Init_escape_utils()
 {
 	rb_eEncodingCompatibilityError = rb_const_get(rb_cEncoding, rb_intern("CompatibilityError"));
 
-	ID_new = rb_intern("new");
-	ID_at_html_safe = rb_intern("@html_safe");
-	rb_global_variable(&rb_html_safe_string_class);
-	rb_global_variable(&rb_html_safe_string_template_object);
-
-	rb_mEscapeUtils = rb_define_module("EscapeUtils");
-	rb_define_method(rb_mEscapeUtils, "escape_html_as_html_safe", rb_eu_escape_html_as_html_safe, 1);
-	rb_define_method(rb_mEscapeUtils, "escape_html", rb_eu_escape_html, -1);
-	rb_define_method(rb_mEscapeUtils, "unescape_html", rb_eu_unescape_html, 1);
+	VALUE rb_mEscapeUtils = rb_define_module("EscapeUtils");
+	rb_define_method(rb_mEscapeUtils, "escape_html_once", rb_eu_escape_html_once, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_xml", rb_eu_escape_xml, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_javascript", rb_eu_escape_js, 1);
 	rb_define_method(rb_mEscapeUtils, "unescape_javascript", rb_eu_unescape_js, 1);
-	rb_define_method(rb_mEscapeUtils, "escape_url", rb_eu_escape_url, 1);
-	rb_define_method(rb_mEscapeUtils, "unescape_url", rb_eu_unescape_url, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_uri", rb_eu_escape_uri, 1);
 	rb_define_method(rb_mEscapeUtils, "unescape_uri", rb_eu_unescape_uri, 1);
 	rb_define_method(rb_mEscapeUtils, "escape_uri_component", rb_eu_escape_uri_component, 1);
 	rb_define_method(rb_mEscapeUtils, "unescape_uri_component", rb_eu_unescape_uri_component, 1);
-
-	rb_define_singleton_method(rb_mEscapeUtils, "html_secure=", rb_eu_set_html_secure, 1);
-	rb_define_singleton_method(rb_mEscapeUtils, "html_safe_string_class=", rb_eu_set_html_safe_string_class, 1);
 }
 

data/ext/escape_utils/houdini.h

@@ -22,20 +22,18 @@ extern "C" {
 #	define _isdigit(c) ((c) >= '0' && (c) <= '9')
 #endif
 
+#define _isasciialpha(c) (((c) >= 'a' && (c) <= 'z') || ((c) >= 'A' && (c) <= 'Z'))
+
 #define HOUDINI_ESCAPED_SIZE(x) (((x) * 12) / 10)
 #define HOUDINI_UNESCAPED_SIZE(x) (x)
 
-extern int houdini_escape_html(gh_buf *ob, const uint8_t *src, size_t size);
-extern int houdini_escape_html0(gh_buf *ob, const uint8_t *src, size_t size, int secure);
-extern int houdini_unescape_html(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_html_once(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_xml(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_uri(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_uri_component(gh_buf *ob, const uint8_t *src, size_t size);
-extern int houdini_escape_url(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_href(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_unescape_uri(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_unescape_uri_component(gh_buf *ob, const uint8_t *src, size_t size);
-extern int houdini_unescape_url(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_escape_js(gh_buf *ob, const uint8_t *src, size_t size);
 extern int houdini_unescape_js(gh_buf *ob, const uint8_t *src, size_t size);