rack 1.5.5 → 1.6.0.beta

data/test/spec_etag.rb

@@ -21,13 +21,13 @@ describe Rack::ETag do
   should "set ETag if none is set if status is 200" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ["Hello, World!"]] }
     response = etag(app).call(request)
-    response[1]['ETag'].should.equal "\"65a8e27d8879283831b664bd8b7f0ad4\""
+    response[1]['ETag'].should.equal "W/\"65a8e27d8879283831b664bd8b7f0ad4\""
   end
 
   should "set ETag if none is set if status is 201" do
     app = lambda { |env| [201, {'Content-Type' => 'text/plain'}, ["Hello, World!"]] }
     response = etag(app).call(request)
-    response[1]['ETag'].should.equal "\"65a8e27d8879283831b664bd8b7f0ad4\""
+    response[1]['ETag'].should.equal "W/\"65a8e27d8879283831b664bd8b7f0ad4\""
   end
 
   should "set Cache-Control to 'max-age=0, private, must-revalidate' (default) if none is set" do
@@ -95,4 +95,13 @@ describe Rack::ETag do
     response = etag(app).call(request)
     response[1]['ETag'].should.be.nil
   end
+
+  should "close the original body" do
+    body = StringIO.new
+    app = lambda { |env| [200, {}, body] }
+    response = etag(app).call(request)
+    body.should.not.be.closed
+    response[2].close
+    body.should.be.closed
+  end
 end

data/test/spec_file.rb

@@ -164,24 +164,32 @@ describe Rack::File do
     heads['Access-Control-Allow-Origin'].should.equal nil
   end
 
-  should "only support GET and HEAD requests" do
+  should "only support GET, HEAD, and OPTIONS requests" do
     req = Rack::MockRequest.new(file(DOCROOT))
 
     forbidden = %w[post put patch delete]
     forbidden.each do |method|
-
       res = req.send(method, "/cgi/test")
       res.should.be.client_error
       res.should.be.method_not_allowed
+      res.headers['Allow'].split(/, */).sort.should == %w(GET HEAD OPTIONS)
     end
 
-    allowed = %w[get head]
+    allowed = %w[get head options]
     allowed.each do |method|
       res = req.send(method, "/cgi/test")
       res.should.be.successful
     end
   end
 
+  should "set Allow correctly for OPTIONS requests" do
+    req = Rack::MockRequest.new(file(DOCROOT))
+    res = req.options('/cgi/test')
+    res.should.be.successful
+    res.headers['Allow'].should.not.equal nil
+    res.headers['Allow'].split(/, */).sort.should == %w(GET HEAD OPTIONS)
+  end
+
   should "set Content-Length correctly for HEAD requests" do
     req = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT)))
     res = req.head "/cgi/test"

data/test/spec_head.rb

@@ -38,6 +38,8 @@ describe Rack::Head do
     resp[0].should.equal(200)
     resp[1].should.equal({"Content-type" => "test/plain", "Content-length" => "3"})
     resp[2].to_enum.to_a.should.equal([])
+    body.should.not.be.closed
+    resp[2].close
     body.should.be.closed
   end
 end

data/test/spec_lobster.rb

@@ -47,7 +47,7 @@ describe Rack::Lobster do
   should "be flippable" do
     res = lobster.get("/?flip=left")
     res.should.be.ok
-    res.body.should.include "(,,,(,,(,("
+    res.body.should.include "),,,),,),)"
   end
 
   should "provide crashing for testing purposes" do

data/test/spec_mock.rb

@@ -30,6 +30,14 @@ describe Rack::MockRequest do
     env.should.include "rack.version"
   end
 
+  should "return an environment with a path" do
+    env = Rack::MockRequest.env_for("http://www.example.com/parse?location[]=1&location[]=2&age_group[]=2")
+    env["QUERY_STRING"].should.equal "location[]=1&location[]=2&age_group[]=2"
+    env["PATH_INFO"].should.equal "/parse"
+    env.should.be.kind_of Hash
+    env.should.include "rack.version"
+  end
+
   should "provide sensible defaults" do
     res = Rack::MockRequest.new(app).request
 

data/test/spec_multipart.rb

@@ -30,6 +30,44 @@ describe Rack::Multipart do
     params["text"].should.equal "contents"
   end
 
+  if "<3".respond_to?(:force_encoding)
+  should "set US_ASCII encoding based on charset" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:content_type_and_no_filename))
+    params = Rack::Multipart.parse_multipart(env)
+    params["text"].encoding.should.equal Encoding::US_ASCII
+
+    # I'm not 100% sure if making the param name encoding match the
+    # Content-Type charset is the right thing to do.  We should revisit this.
+    params.keys.each do |key|
+      key.encoding.should.equal Encoding::US_ASCII
+    end
+  end
+
+  should "set BINARY encoding on things without content type" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:none))
+    params = Rack::Multipart.parse_multipart(env)
+    params["submit-name"].encoding.should.equal Encoding::UTF_8
+  end
+
+  should "set UTF8 encoding on names of things without content type" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:none))
+    params = Rack::Multipart.parse_multipart(env)
+    params.keys.each do |key|
+      key.encoding.should.equal Encoding::UTF_8
+    end
+  end
+
+  should "default text to UTF8" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
+    params = Rack::Multipart.parse_multipart(env)
+    params['submit-name'].encoding.should.equal Encoding::UTF_8
+    params['submit-name-with-content'].encoding.should.equal Encoding::UTF_8
+    params.keys.each do |key|
+      key.encoding.should.equal Encoding::UTF_8
+    end
+  end
+  end
+
   should "raise RangeError if the key space is exhausted" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:content_type_and_no_filename))
 
@@ -115,6 +153,18 @@ describe Rack::Multipart do
     params["files"][:tempfile].read.should.equal "contents"
   end
 
+  should "parse multipart upload with text file with no name field" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_and_no_name))
+    params = Rack::Multipart.parse_multipart(env)
+    params["file1.txt"][:type].should.equal "text/plain"
+    params["file1.txt"][:filename].should.equal "file1.txt"
+    params["file1.txt"][:head].should.equal "Content-Disposition: form-data; " +
+      "filename=\"file1.txt\"\r\n" +
+      "Content-Type: text/plain\r\n"
+    params["file1.txt"][:name].should.equal "file1.txt"
+    params["file1.txt"][:tempfile].read.should.equal "contents"
+  end
+
   should "parse multipart upload with nested parameters" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:nested))
     params = Rack::Multipart.parse_multipart(env)
@@ -166,6 +216,20 @@ describe Rack::Multipart do
     params["files"][:tempfile].read.should.equal "contents"
   end
 
+  should "parse multipart upload with filename with invalid characters" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:invalid_character))
+    params = Rack::Multipart.parse_multipart(env)
+    params["files"][:type].should.equal "text/plain"
+    params["files"][:filename].should.match(/invalid/)
+    head = "Content-Disposition: form-data; " +
+      "name=\"files\"; filename=\"invalid\xC3.txt\"\r\n" +
+      "Content-Type: text/plain\r\n"
+    head = head.force_encoding("ASCII-8BIT") if head.respond_to?(:force_encoding)
+    params["files"][:head].should.equal head
+    params["files"][:name].should.equal "files"
+    params["files"][:tempfile].read.should.equal "contents"
+  end
+
   should "not include file params if no file was selected" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:none))
     params = Rack::Multipart.parse_multipart(env)
@@ -182,6 +246,14 @@ describe Rack::Multipart do
     params["files"].size.should.equal 252
   end
 
+  should "parse multipart/mixed" do
+    env = Rack::MockRequest.env_for("/", multipart_fixture(:mixed_files))
+    params = Rack::Utils::Multipart.parse_multipart(env)
+    params["foo"].should.equal "bar"
+    params["files"].should.be.instance_of String
+    params["files"].size.should.equal 252
+  end
+
   should "parse IE multipart upload and clean up filename" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:ie))
     params = Rack::Multipart.parse_multipart(env)
@@ -364,56 +436,22 @@ Content-Type: image/jpeg\r
   end
 
   it "builds complete params with the chunk size of 16384 slicing exactly on boundary" do
-    begin
-      previous_limit = Rack::Utils.multipart_part_limit
-      Rack::Utils.multipart_part_limit = 256
-
-      data = File.open(multipart_file("fail_16384_nofile"), 'rb') { |f| f.read }.gsub(/\n/, "\r\n")
-      options = {
-        "CONTENT_TYPE" => "multipart/form-data; boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo",
-        "CONTENT_LENGTH" => data.length.to_s,
-        :input => StringIO.new(data)
-      }
-      env = Rack::MockRequest.env_for("/", options)
-      params = Rack::Multipart.parse_multipart(env)
-
-      params.should.not.equal nil
-      params.keys.should.include "AAAAAAAAAAAAAAAAAAA"
-      params["AAAAAAAAAAAAAAAAAAA"].keys.should.include "PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"
-      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.should.include "new"
-      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.should.include "-2"
-      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.should.include "ba_unit_id"
-      params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].should.equal "1017"
-    ensure
-      Rack::Utils.multipart_part_limit = previous_limit
-    end
-  end
-
- should "not reach a multi-part limit" do
-    begin
-      previous_limit = Rack::Utils.multipart_part_limit
-      Rack::Utils.multipart_part_limit = 4
-
-      env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
-      params = Rack::Multipart.parse_multipart(env)
-      params['reply'].should.equal 'yes'
-      params['to'].should.equal 'people'
-      params['from'].should.equal 'others'
-    ensure
-      Rack::Utils.multipart_part_limit = previous_limit
-    end
-  end
-
-  should "reach a multipart limit" do
-    begin
-      previous_limit = Rack::Utils.multipart_part_limit
-      Rack::Utils.multipart_part_limit = 3
+    data = File.open(multipart_file("fail_16384_nofile"), 'rb') { |f| f.read }.gsub(/\n/, "\r\n")
+    options = {
+      "CONTENT_TYPE" => "multipart/form-data; boundary=----WebKitFormBoundaryWsY0GnpbI5U7ztzo",
+      "CONTENT_LENGTH" => data.length.to_s,
+      :input => StringIO.new(data)
+    }
+    env = Rack::MockRequest.env_for("/", options)
+    params = Rack::Multipart.parse_multipart(env)
 
-      env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
-      lambda { Rack::Multipart.parse_multipart(env) }.should.raise(Rack::Multipart::MultipartLimitError)
-    ensure
-      Rack::Utils.multipart_part_limit = previous_limit
-    end
+    params.should.not.equal nil
+    params.keys.should.include "AAAAAAAAAAAAAAAAAAA"
+    params["AAAAAAAAAAAAAAAAAAA"].keys.should.include "PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"
+    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"].keys.should.include "new"
+    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"].keys.should.include "-2"
+    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"].keys.should.include "ba_unit_id"
+    params["AAAAAAAAAAAAAAAAAAA"]["PLAPLAPLA_MEMMEMMEMM_ATTRATTRER"]["new"]["-2"]["ba_unit_id"].should.equal "1017"
   end
 
   should "return nil if no UploadedFiles were used" do
@@ -476,4 +514,28 @@ contents\r
     params["file"][:filename].should.equal('long' * 100)
   end
 
+  should "support mixed case metadata" do
+    file = multipart_file(:text)
+    data = File.open(file, 'rb') { |io| io.read }
+
+    type = "Multipart/Form-Data; Boundary=AaB03x"
+    length = data.respond_to?(:bytesize) ? data.bytesize : data.size
+
+    e = { "CONTENT_TYPE" => type,
+      "CONTENT_LENGTH" => length.to_s,
+      :input => StringIO.new(data) }
+
+    env = Rack::MockRequest.env_for("/", e)
+    params = Rack::Multipart.parse_multipart(env)
+    params["submit-name"].should.equal "Larry"
+    params["submit-name-with-content"].should.equal "Berry"
+    params["files"][:type].should.equal "text/plain"
+    params["files"][:filename].should.equal "file1.txt"
+    params["files"][:head].should.equal "Content-Disposition: form-data; " +
+      "name=\"files\"; filename=\"file1.txt\"\r\n" +
+      "Content-Type: text/plain\r\n"
+    params["files"][:name].should.equal "files"
+    params["files"][:tempfile].read.should.equal "contents"
+  end
+
 end

data/test/spec_request.rb

@@ -2,7 +2,6 @@ require 'stringio'
 require 'cgi'
 require 'rack/request'
 require 'rack/mock'
-require 'securerandom'
 
 describe Rack::Request do
   should "wrap the rack variables" do
@@ -97,7 +96,10 @@ describe Rack::Request do
 
     req = Rack::Request.new \
       Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost", "HTTP_X_FORWARDED_PROTO" => "https", "SERVER_PORT" => "80")
+    req.port.should.equal 443
 
+    req = Rack::Request.new \
+      Rack::MockRequest.env_for("/", "HTTP_HOST" => "localhost", "HTTP_X_FORWARDED_PROTO" => "https,https", "SERVER_PORT" => "80")
     req.port.should.equal 443
   end
 
@@ -131,6 +133,14 @@ describe Rack::Request do
     req.params.should.equal "foo" => "bar", "quux" => "bla"
   end
 
+  should "not truncate query strings containing semi-colons #543" do
+    req = Rack::Request.new(Rack::MockRequest.env_for("/?foo=bar&quux=b;la"))
+    req.query_string.should.equal "foo=bar&quux=b;la"
+    req.GET.should.equal "foo" => "bar", "quux" => "b;la"
+    req.POST.should.be.empty
+    req.params.should.equal "foo" => "bar", "quux" => "b;la"
+  end
+
   should "limit the keys from the GET query string" do
     env = Rack::MockRequest.env_for("/?foo=bar")
 
@@ -144,7 +154,7 @@ describe Rack::Request do
   end
 
   should "limit the key size per nested params hash" do
-    nested_query = Rack::MockRequest.env_for("/?foo[bar][baz][qux]=1")
+    nested_query = Rack::MockRequest.env_for("/?foo%5Bbar%5D%5Bbaz%5D%5Bqux%5D=1")
     plain_query  = Rack::MockRequest.env_for("/?foo_bar__baz__qux_=1")
 
     old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 3
@@ -170,6 +180,18 @@ describe Rack::Request do
     req.params.should.equal req.GET.merge(req.POST)
   end
 
+  should "raise if input params has invalid %-encoding" do
+    mr = Rack::MockRequest.env_for("/?foo=quux",
+      "REQUEST_METHOD" => 'POST',
+      :input => "a%=1"
+    )
+    req = Rack::Request.new mr
+
+    lambda { req.POST }.
+      should.raise(Rack::Utils::InvalidParameterError).
+      message.should.equal "invalid %-encoding (a%)"
+  end
+
   should "raise if rack.input is missing" do
     req = Rack::Request.new({})
     lambda { req.POST }.should.raise(RuntimeError)
@@ -604,7 +626,7 @@ describe Rack::Request do
   should "handle multiple media type parameters" do
     req = Rack::Request.new \
       Rack::MockRequest.env_for("/",
-        "CONTENT_TYPE" => 'text/plain; foo=BAR,baz=bizzle dizzle;BLING=bam')
+        "CONTENT_TYPE" => 'text/plain; foo=BAR,baz=bizzle dizzle;BLING=bam;blong="boo";zump="zoo\"o";weird=lol"')
       req.should.not.be.form_data
       req.media_type_params.should.include 'foo'
       req.media_type_params['foo'].should.equal 'BAR'
@@ -613,6 +635,9 @@ describe Rack::Request do
       req.media_type_params.should.not.include 'BLING'
       req.media_type_params.should.include 'bling'
       req.media_type_params['bling'].should.equal 'bam'
+      req.media_type_params['blong'].should.equal 'boo'
+      req.media_type_params['zump'].should.equal 'zoo\"o'
+      req.media_type_params['weird'].should.equal 'lol"'
   end
 
   should "parse with junk before boundry" do
@@ -719,22 +744,6 @@ EOF
     f[:tempfile].size.should.equal 76
   end
 
-  should "MultipartLimitError when request has too many multipart parts if limit set" do
-    begin
-      data = 10000.times.map { "--AaB03x\r\nContent-Type: text/plain\r\nContent-Disposition: attachment; name=#{SecureRandom.hex(10)}; filename=#{SecureRandom.hex(10)}\r\n\r\ncontents\r\n" }.join("\r\n")
-      data += "--AaB03x--\r"
-
-      options = {
-        "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
-        "CONTENT_LENGTH" => data.length.to_s,
-        :input => StringIO.new(data)
-      }
-
-      request = Rack::Request.new Rack::MockRequest.env_for("/", options)
-      lambda { request.POST }.should.raise(Rack::Multipart::MultipartLimitError)
-    end
-  end
-
   should "parse big multipart form data" do
     input = <<EOF
 --AaB03x\r
@@ -757,6 +766,31 @@ EOF
     req.POST["mean"][:tempfile].read.should.equal "--AaB03xha"
   end
 
+  should "record tempfiles from multipart form data in env[rack.tempfiles]" do
+    input = <<EOF
+--AaB03x\r
+content-disposition: form-data; name="fileupload"; filename="foo.jpg"\r
+Content-Type: image/jpeg\r
+Content-Transfer-Encoding: base64\r
+\r
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg\r
+--AaB03x\r
+content-disposition: form-data; name="fileupload"; filename="bar.jpg"\r
+Content-Type: image/jpeg\r
+Content-Transfer-Encoding: base64\r
+\r
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg\r
+--AaB03x--\r
+EOF
+    env = Rack::MockRequest.env_for("/",
+                          "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+                          "CONTENT_LENGTH" => input.size,
+                          :input => input)
+    req = Rack::Request.new(env)
+    req.params
+    env['rack.tempfiles'].size.should.equal(2)
+  end
+
   should "detect invalid multipart form data" do
     input = <<EOF
 --AaB03x\r
@@ -796,6 +830,20 @@ EOF
     lambda { req.POST }.should.raise(EOFError)
   end
 
+  should "consistently raise EOFError on bad multipart form data" do
+    input = <<EOF
+--AaB03x\r
+content-disposition: form-data; name="huge"; filename="huge"\r
+EOF
+    req = Rack::Request.new Rack::MockRequest.env_for("/",
+                      "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+                      "CONTENT_LENGTH" => input.size,
+                      :input => input)
+
+    lambda { req.POST }.should.raise(EOFError)
+    lambda { req.POST }.should.raise(EOFError)
+  end
+
   should "correctly parse the part name from Content-Id header" do
     input = <<EOF
 --AaB03x\r
@@ -941,6 +989,23 @@ EOF
     parser.call("gzip ; deflate").should.equal([["gzip", 1.0]])
   end
 
+  should "parse Accept-Language correctly" do
+    parser = lambda do |x|
+      Rack::Request.new(Rack::MockRequest.env_for("", "HTTP_ACCEPT_LANGUAGE" => x)).accept_language
+    end
+
+    parser.call(nil).should.equal([])
+
+    parser.call("fr, en").should.equal([["fr", 1.0], ["en", 1.0]])
+    parser.call("").should.equal([])
+    parser.call("*").should.equal([["*", 1.0]])
+    parser.call("fr;q=0.5, en;q=1.0").should.equal([["fr", 0.5], ["en", 1.0]])
+    parser.call("fr;q=1.0, en; q=0.5, *;q=0").should.equal([["fr", 1.0], ["en", 0.5], ["*", 0] ])
+
+    parser.call("fr ; q=0.9").should.equal([["fr", 0.9]])
+    parser.call("fr").should.equal([["fr", 1.0]])
+  end
+
   ip_app = lambda { |env|
     request = Rack::Request.new(env)
     response = Rack::Response.new
@@ -1023,12 +1088,6 @@ EOF
       'HTTP_CLIENT_IP' => '1.1.1.1'
     res.body.should.equal '1.1.1.1'
 
-    # Spoofing attempt
-    res = mock.get '/',
-      'HTTP_X_FORWARDED_FOR' => '1.1.1.1',
-      'HTTP_CLIENT_IP' => '2.2.2.2'
-    res.body.should.equal '1.1.1.1'
-
     res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, 9.9.9.9'
     res.body.should.equal '9.9.9.9'
 
@@ -1047,6 +1106,24 @@ EOF
     res.body.should.equal '3.4.5.6'
   end
 
+  should "not allow IP spoofing via Client-IP and X-Forwarded-For headers" do
+    mock = Rack::MockRequest.new(Rack::Lint.new(ip_app))
+
+    # IP Spoofing attempt:
+    # Client sends          X-Forwarded-For: 6.6.6.6
+    #                       Client-IP: 6.6.6.6
+    # Load balancer adds    X-Forwarded-For: 2.2.2.3, 192.168.0.7
+    # App receives:         X-Forwarded-For: 6.6.6.6
+    #                       X-Forwarded-For: 2.2.2.3, 192.168.0.7
+    #                       Client-IP: 6.6.6.6
+    # Rack env:             HTTP_X_FORWARDED_FOR: '6.6.6.6, 2.2.2.3, 192.168.0.7'
+    #                       HTTP_CLIENT_IP: '6.6.6.6'
+    res = mock.get '/',
+      'HTTP_X_FORWARDED_FOR' => '6.6.6.6, 2.2.2.3, 192.168.0.7',
+      'HTTP_CLIENT_IP' => '6.6.6.6'
+    res.body.should.equal '2.2.2.3'
+  end
+
   should "regard local addresses as proxies" do
     req = Rack::Request.new(Rack::MockRequest.env_for("/"))
     req.trusted_proxy?('127.0.0.1').should.equal 0
@@ -1101,6 +1178,13 @@ EOF
     req2.params.should.equal "foo" => "bar"
   end
 
+  should "raise TypeError every time if request parameters are broken" do
+    broken_query = Rack::MockRequest.env_for("/?foo%5B%5D=0&foo%5Bbar%5D=1")
+    req = Rack::Request.new(broken_query)
+    lambda{req.GET}.should.raise(TypeError)
+    lambda{req.params}.should.raise(TypeError)
+  end
+
   (0x20...0x7E).collect { |a|
     b = a.chr
     c = CGI.escape(b)