rinku 1.3.1 → 1.4.0

data/README.markdown

@@ -89,7 +89,8 @@ Rinku is written by me
 ----------------------
 
 I am Vicent Marti, and I wrote Rinku.
-While Rinku is busy doing autolinks, you should be busy following me on twitter. `@tanoku`. Do it.
+While Rinku is busy doing autolinks, you should be busy following me on twitter.
+[`@tanoku`](http://twitter.com/tanoku). Do it.
 
 Rinku has an awesome license
 ----------------------------

data/ext/rinku/rinku.c

@@ -26,7 +26,6 @@
 
 #include "autolink.h"
 #include "buffer.h"
-#include "houdini.h"
 
 #include <string.h>
 #include <stdlib.h>
@@ -73,9 +72,9 @@ static const char *g_hrefs[] = {
 };
 
 static void
-autolink__html_escape(struct buf *ob, const struct buf *link, void *payload)
+autolink__print(struct buf *ob, const struct buf *link, void *payload)
 {
-	houdini_escape_html0(ob, link->data, link->size, 0);
+	bufput(ob, link->data, link->size);
 }
 
 /* From sundown/html/html.c */
@@ -187,7 +186,7 @@ rinku_autolink(
 	}
 
 	if (link_text_cb == NULL)
-		link_text_cb = &autolink__html_escape;
+		link_text_cb = &autolink__print;
 
 	if (link_attr != NULL) {
 		while (isspace(*link_attr))
@@ -228,7 +227,7 @@ rinku_autolink(
 			bufput(ob, text + i, end - i - rewind);
 
 			bufputs(ob, g_hrefs[(int)action]);
-			houdini_escape_href(ob, link->data, link->size);
+			bufput(ob, link->data, link->size);
 
 			if (link_attr) {
 				BUFPUTSL(ob, "\" ");
@@ -277,6 +276,13 @@ autolink_callback(struct buf *link_text, const struct buf *link, void *block)
  * Parses a block of text looking for "safe" urls or email addresses,
  * and turns them into HTML links with the given attributes.
  *
+ * NOTE: The block of text may or may not be HTML; if the text is HTML,
+ * Rinku will skip the relevant tags to prevent double-linking and linking
+ * inside `pre` blocks by default.
+ *
+ * NOTE: If the input text is HTML, it's expected to be already escaped.
+ * Rinku will perform no escaping.
+ *
  * NOTE: Currently the follow protocols are considered safe and are the
  * only ones that will be autolinked.
  *

data/lib/rails_rinku.rb

@@ -10,8 +10,9 @@ module RailsRinku
       options[:html] = args[1] || {}
     end
     options.reverse_merge!(:link => :all, :html => {})
+    text = text.html_safe unless text.html_safe?
 
-    Rinku.auto_link(text, options[:link], tag_options(options[:html]), &block)
+    Rinku.auto_link(text.html_safe, options[:link], tag_options(options[:html]), &block)
   end
 end
 

data/rinku.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'rinku'
-  s.version = '1.3.1'
+  s.version = '1.4.0'
   s.summary = "Mostly autolinking"
   s.description = <<-EOF
     A fast and very smart autolinking library that
@@ -20,9 +20,6 @@ Gem::Specification.new do |s|
     ext/rinku/buffer.c
     ext/rinku/buffer.h
     ext/rinku/extconf.rb
-    ext/rinku/houdini.h
-    ext/rinku/houdini_href_e.c
-    ext/rinku/houdini_html_e.c
     lib/rinku.rb
     lib/rails_rinku.rb
     rinku.gemspec

data/test/autolink_test.rb

@@ -79,11 +79,14 @@ This is just a test. <a href="http://www.pokemon.com">http://www.pokemon.com</a>
     pic = "http://example.com/pic.png"
     url = "http://example.com/album?a&b=c"
 
-    assert_equal %(My pic: <a href="#{pic}"><img src="#{pic}" width="160px"></a> -- full album here #{generate_result(url)}), Rinku.auto_link("My pic: #{pic} -- full album here #{url}") { |link|
+    expect = %(My pic: <a href="#{pic}"><img src="#{pic}" width="160px"></a> -- full album here #{generate_result(url)})
+    text = "My pic: #{pic} -- full album here #{CGI.escapeHTML url}"
+
+    assert_equal expect, Rinku.auto_link(text) { |link|
       if link =~ /\.(jpg|gif|png|bmp|tif)$/i
-        %(<img src="#{CGI.escapeHTML link}" width="160px">)
+        %(<img src="#{link}" width="160px">)
       else
-        CGI.escapeHTML link
+        link
       end
     }
   end
@@ -166,7 +169,7 @@ This is just a test. <a href="http://www.pokemon.com">http://www.pokemon.com</a>
             )
 
     urls.each do |url|
-      assert_linked %(<a href="#{CGI.escapeHTML URI.escape(url, SAFE_CHARS)}">#{CGI.escapeHTML url}</a>), url
+      assert_linked %(<a href="#{CGI.escapeHTML url}">#{CGI.escapeHTML url}</a>), CGI.escapeHTML(url)
     end
   end
 
@@ -182,14 +185,14 @@ This is just a test. <a href="http://www.pokemon.com">http://www.pokemon.com</a>
     link2_result = %{<a href="http://#{link2_raw}">#{link2_raw}</a>}
     link3_raw    = 'http://manuals.ruby-on-rails.com/read/chapter.need_a-period/103#page281'
     link3_result = %{<a href="#{link3_raw}">#{link3_raw}</a>}
-    link4_raw    = 'http://foo.example.com/controller/action?parm=value&p2=v2#anchor123'
-    link4_result = %{<a href="#{CGI.escapeHTML link4_raw}">#{CGI.escapeHTML link4_raw}</a>}
+    link4_raw    = CGI.escapeHTML 'http://foo.example.com/controller/action?parm=value&p2=v2#anchor123'
+    link4_result = %{<a href="#{link4_raw}">#{link4_raw}</a>}
     link5_raw    = 'http://foo.example.com:3000/controller/action'
     link5_result = %{<a href="#{link5_raw}">#{link5_raw}</a>}
     link6_raw    = 'http://foo.example.com:3000/controller/action+pack'
     link6_result = %{<a href="#{link6_raw}">#{link6_raw}</a>}
-    link7_raw    = 'http://foo.example.com/controller/action?parm=value&p2=v2#anchor-123'
-    link7_result = %{<a href="#{CGI.escapeHTML link7_raw}">#{CGI.escapeHTML link7_raw}</a>}
+    link7_raw    = CGI.escapeHTML 'http://foo.example.com/controller/action?parm=value&p2=v2#anchor-123'
+    link7_result = %{<a href="#{link7_raw}">#{link7_raw}</a>}
     link8_raw    = 'http://foo.example.com:3000/controller/action.html'
     link8_result = %{<a href="#{link8_raw}">#{link8_raw}</a>}
     link9_raw    = 'http://business.timesonline.co.uk/article/0,,9065-2473189,00.html'
@@ -245,7 +248,7 @@ This is just a test. <a href="http://www.pokemon.com">http://www.pokemon.com</a>
 
   def generate_result(link_text, href = nil)
     href ||= link_text
-    %{<a href="#{CGI::escapeHTML URI.escape(href, SAFE_CHARS)}">#{CGI::escapeHTML link_text}</a>}
+    %{<a href="#{CGI.escapeHTML href}">#{CGI.escapeHTML link_text}</a>}
   end
   
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rinku
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-11-08 00:00:00.000000000 Z
+date: 2011-11-10 00:00:00.000000000 Z
 dependencies: []
 description: ! "    A fast and very smart autolinking library that\n    acts as a
   drop-in replacement for Rails `auto_link`\n"
@@ -29,9 +29,6 @@ files:
 - ext/rinku/buffer.c
 - ext/rinku/buffer.h
 - ext/rinku/extconf.rb
-- ext/rinku/houdini.h
-- ext/rinku/houdini_href_e.c
-- ext/rinku/houdini_html_e.c
 - lib/rinku.rb
 - lib/rails_rinku.rb
 - rinku.gemspec

data/ext/rinku/houdini.h

@@ -1,28 +0,0 @@
-#ifndef __HOUDINI_H__
-#define __HOUDINI_H__
-
-#include "buffer.h"
-
-#ifdef HOUDINI_USE_LOCALE
-#	define _isxdigit(c) isxdigit(c)
-#	define _isdigit(c) isdigit(c)
-#else
-/*
- * Helper _isdigit methods -- do not trust the current locale
- * */
-#	define _isxdigit(c) (strchr("0123456789ABCDEFabcdef", (c)) != NULL)
-#	define _isdigit(c) ((c) >= '0' && (c) <= '9')
-#endif
-
-extern void houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure);
-extern void houdini_unescape_html(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_escape_uri(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_escape_url(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_escape_href(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_unescape_uri(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_unescape_url(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_escape_js(struct buf *ob, const uint8_t *src, size_t size);
-extern void houdini_unescape_js(struct buf *ob, const uint8_t *src, size_t size);
-
-#endif

data/ext/rinku/houdini_href_e.c

@@ -1,108 +0,0 @@
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "houdini.h"
-
-#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10)
-
-/*
- * The following characters will not be escaped:
- *
- *		-_.+!*'(),%#@?=;:/,+&$ alphanum
- *
- * Note that this character set is the addition of:
- *
- *	- The characters which are safe to be in an URL
- *	- The characters which are *not* safe to be in
- *	an URL because they are RESERVED characters.
- *
- * We asume (lazily) that any RESERVED char that
- * appears inside an URL is actually meant to
- * have its native function (i.e. as an URL 
- * component/separator) and hence needs no escaping.
- *
- * There are two exceptions: the chacters & (amp)
- * and ' (single quote) do not appear in the table.
- * They are meant to appear in the URL as components,
- * yet they require special HTML-entity escaping
- * to generate valid HTML markup.
- *
- * All other characters will be escaped to %XX.
- *
- */
-static const char HREF_SAFE[] = {
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 
-	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 
-	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 
-	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 
-	0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 
-	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-void
-houdini_escape_href(struct buf *ob, const uint8_t *src, size_t size)
-{
-	static const char hex_chars[] = "0123456789ABCDEF";
-	size_t  i = 0, org;
-	char hex_str[3];
-
-	bufgrow(ob, ESCAPE_GROW_FACTOR(size));
-	hex_str[0] = '%';
-
-	while (i < size) {
-		org = i;
-		while (i < size && HREF_SAFE[src[i]] != 0)
-			i++;
-
-		if (i > org)
-			bufput(ob, src + org, i - org);
-
-		/* escaping */
-		if (i >= size)
-			break;
-
-		switch (src[i]) {
-		/* amp appears all the time in URLs, but needs
-		 * HTML-entity escaping to be inside an href */
-		case '&': 
-			BUFPUTSL(ob, "&amp;");
-			break;
-
-		/* the single quote is a valid URL character
-		 * according to the standard; it needs HTML
-		 * entity escaping too */
-		case '\'':
-			BUFPUTSL(ob, "&#x27;");
-			break;
-		
-		/* the space can be escaped to %20 or a plus
-		 * sign. we're going with the generic escape
-		 * for now. the plus thing is more commonly seen
-		 * when building GET strings */
-#if 0
-		case ' ':
-			bufputc(ob, '+');
-			break;
-#endif
-
-		/* every other character goes with a %XX escaping */
-		default:
-			hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
-			hex_str[2] = hex_chars[src[i] & 0xF];
-			bufput(ob, hex_str, 3);
-		}
-
-		i++;
-	}
-}

data/ext/rinku/houdini_html_e.c

@@ -1,84 +0,0 @@
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "houdini.h"
-
-#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10) /* this is very scientific, yes */
-
-/**
- * According to the OWASP rules:
- *
- * & --> &amp;
- * < --> &lt;
- * > --> &gt;
- * " --> &quot;
- * ' --> &#x27;     &apos; is not recommended
- * / --> &#x2F;     forward slash is included as it helps end an HTML entity
- *
- */
-static const char HTML_ESCAPE_TABLE[] = {
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
-static const char *HTML_ESCAPES[] = {
-        "",
-        "&quot;",
-        "&amp;",
-        "&#39;",
-        "&#47;",
-        "&lt;",
-        "&gt;"
-};
-
-void
-houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure)
-{
-	size_t  i = 0, org, esc;
-
-	bufgrow(ob, ESCAPE_GROW_FACTOR(size));
-
-	while (i < size) {
-		org = i;
-		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
-			i++;
-
-		if (i > org)
-			bufput(ob, src + org, i - org);
-
-		/* escaping */
-		if (i >= size)
-			break;
-
-		/* The forward slash is only escaped in secure mode */
-		if (src[i] == '/' && !secure) {
-			bufputc(ob, '/');
-		} else {
-			bufputs(ob, HTML_ESCAPES[esc]);
-		}
-
-		i++;
-	}
-}
-
-void
-houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size)
-{
-	houdini_escape_html0(ob, src, size, 1);
-}
-