diff options
| author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2014-02-16 16:56:01 +0000 |
|---|---|---|
| committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2014-02-16 16:56:01 +0000 |
| commit | 954b8281834fa095d53279a7effb1352aedc7f8c (patch) | |
| tree | ed9406792f0d4903604eb8a5520496e0079bc6cb /lib | |
| parent | 886142e8eecec4956b4f5d1d3fa8761dba1cd7d1 (diff) | |
merge revision(s) r40830,r40848: [Backport #8425]
* test/webrick/test_htmlutils.rb: add test for WEBrick::HTMLUtils.
* lib/webrick/htmlutils.rb (WEBrick::HTMLUtils#escape): replace HTML
meta chars even in non-ascii string. [Bug #8425] [ruby-core:55052]
* lib/webrick/httputils.rb (WEBrick::HTTPUtils#{_escape,_unescape}):
fix %-escape encodings. [Bug #8425] [ruby-core:55052]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@45012 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/webrick/htmlutils.rb | 5 | ||||
| -rw-r--r-- | lib/webrick/httputils.rb | 14 |
2 files changed, 15 insertions, 4 deletions
diff --git a/lib/webrick/htmlutils.rb b/lib/webrick/htmlutils.rb index ed901f1ce2..4cb3d0d7f6 100644 --- a/lib/webrick/htmlutils.rb +++ b/lib/webrick/htmlutils.rb @@ -15,12 +15,13 @@ module WEBrick # Escapes &, ", > and < in +string+ def escape(string) - str = string ? string.dup : "" + return "" unless string + str = string.b str.gsub!(/&/n, '&') str.gsub!(/\"/n, '"') str.gsub!(/>/n, '>') str.gsub!(/</n, '<') - str + str.force_encoding(string.encoding) end module_function :escape diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb index a0ca3a48c7..a5f0632b86 100644 --- a/lib/webrick/httputils.rb +++ b/lib/webrick/httputils.rb @@ -437,8 +437,18 @@ module WEBrick def _make_regex(str) /([#{Regexp.escape(str)}])/n end def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end - def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1.ord } end - def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end + def _escape(str, regex) + str = str.b + str.gsub!(regex) {"%%%02X" % $1.ord} + # %-escaped string should contain US-ASCII only + str.force_encoding(Encoding::US_ASCII) + end + def _unescape(str, regex) + str = str.b + str.gsub!(regex) {$1.hex.chr} + # encoding of %-unescaped string is unknown + str + end UNESCAPED = _make_regex(control+space+delims+unwise+nonascii) UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii) |