diff options
author | flosacca <flosacca@gmail.com> | 2023-11-23 01:49:42 +0800 |
---|---|---|
committer | git <svn-admin@ruby-lang.org> | 2023-11-30 08:19:28 +0000 |
commit | 30e477802094e1c47fb5946b79aeeebb3b3ebec5 (patch) | |
tree | 190a71f0c5d8960819dbdaf2c9c3a56ba7f3cb9c /ext/cgi/escape | |
parent | 0daa0589a9b714201a9460fef1bcf5260bc3c6ae (diff) |
[ruby/cgi] Fix unescapeHTML
https://github.com/ruby/cgi/commit/67610e6ca8
Diffstat (limited to 'ext/cgi/escape')
-rw-r--r-- | ext/cgi/escape/escape.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index 17a134aa1a..495ad83aa3 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -83,7 +83,7 @@ optimized_unescape_html(VALUE str) unsigned long charlimit = (strcasecmp(rb_enc_name(enc), "UTF-8") == 0 ? UNICODE_MAX : strcasecmp(rb_enc_name(enc), "ISO-8859-1") == 0 ? 256 : 128); - long i, len, beg = 0; + long i, j, len, beg = 0; size_t clen, plen; int overflow; const char *cstr; @@ -100,6 +100,7 @@ optimized_unescape_html(VALUE str) plen = i - beg; if (++i >= len) break; c = (unsigned char)cstr[i]; + j = i; #define MATCH(s) (len - i >= (int)rb_strlen_lit(s) && \ memcmp(&cstr[i], s, rb_strlen_lit(s)) == 0 && \ (i += rb_strlen_lit(s) - 1, 1)) @@ -112,28 +113,40 @@ optimized_unescape_html(VALUE str) else if (MATCH("mp;")) { c = '&'; } - else continue; + else { + i = j; + continue; + } break; case 'q': ++i; if (MATCH("uot;")) { c = '"'; } - else continue; + else { + i = j; + continue; + } break; case 'g': ++i; if (MATCH("t;")) { c = '>'; } - else continue; + else { + i = j; + continue; + } break; case 'l': ++i; if (MATCH("t;")) { c = '<'; } - else continue; + else { + i = j; + continue; + } break; case '#': if (len - ++i >= 2 && ISDIGIT(cstr[i])) { @@ -142,9 +155,15 @@ optimized_unescape_html(VALUE str) else if ((cstr[i] == 'x' || cstr[i] == 'X') && len - ++i >= 2 && ISXDIGIT(cstr[i])) { cc = ruby_scan_digits(&cstr[i], len-i, 16, &clen, &overflow); } - else continue; + else { + i = j; + continue; + } i += clen; - if (overflow || cc >= charlimit || cstr[i] != ';') continue; + if (overflow || cc >= charlimit || cstr[i] != ';') { + i = j; + continue; + } if (!dest) { dest = rb_str_buf_new(len); } |