diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | lib/webrick/htmlutils.rb | 5 | ||||
| -rw-r--r-- | lib/webrick/httputils.rb | 14 | ||||
| -rw-r--r-- | test/webrick/test_htmlutils.rb | 20 | ||||
| -rw-r--r-- | test/webrick/test_httputils.rb | 4 | ||||
| -rw-r--r-- | version.h | 2 |
6 files changed, 52 insertions, 5 deletions
@@ -1,3 +1,15 @@ +Mon Feb 17 01:51:49 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * lib/webrick/htmlutils.rb (WEBrick::HTMLUtils#escape): replace HTML + meta chars even in non-ascii string. [Bug #8425] [ruby-core:55052] + + * lib/webrick/httputils.rb (WEBrick::HTTPUtils#{_escape,_unescape}): + fix %-escape encodings. [Bug #8425] [ruby-core:55052] + +Mon Feb 17 01:51:49 2014 Ayumu AIZAWA <ayumu.aizawa@gmail.com> + + * test/webrick/test_htmlutils.rb: add test for WEBrick::HTMLUtils. + Mon Feb 17 01:41:59 2014 Masaki Matsushita <glass.saga@gmail.com> * array.c (rb_hash_rehash): use hash_alloc() instead of rb_hash_new(). diff --git a/lib/webrick/htmlutils.rb b/lib/webrick/htmlutils.rb index ed901f1ce2..4cb3d0d7f6 100644 --- a/lib/webrick/htmlutils.rb +++ b/lib/webrick/htmlutils.rb @@ -15,12 +15,13 @@ module WEBrick # Escapes &, ", > and < in +string+ def escape(string) - str = string ? string.dup : "" + return "" unless string + str = string.b str.gsub!(/&/n, '&') str.gsub!(/\"/n, '"') str.gsub!(/>/n, '>') str.gsub!(/</n, '<') - str + str.force_encoding(string.encoding) end module_function :escape diff --git a/lib/webrick/httputils.rb b/lib/webrick/httputils.rb index a0ca3a48c7..a5f0632b86 100644 --- a/lib/webrick/httputils.rb +++ b/lib/webrick/httputils.rb @@ -437,8 +437,18 @@ module WEBrick def _make_regex(str) /([#{Regexp.escape(str)}])/n end def _make_regex!(str) /([^#{Regexp.escape(str)}])/n end - def _escape(str, regex) str.gsub(regex){ "%%%02X" % $1.ord } end - def _unescape(str, regex) str.gsub(regex){ $1.hex.chr } end + def _escape(str, regex) + str = str.b + str.gsub!(regex) {"%%%02X" % $1.ord} + # %-escaped string should contain US-ASCII only + str.force_encoding(Encoding::US_ASCII) + end + def _unescape(str, regex) + str = str.b + str.gsub!(regex) {$1.hex.chr} + # encoding of %-unescaped string is unknown + str + end UNESCAPED = _make_regex(control+space+delims+unwise+nonascii) UNESCAPED_FORM = _make_regex(reserved+control+delims+unwise+nonascii) diff --git a/test/webrick/test_htmlutils.rb b/test/webrick/test_htmlutils.rb new file mode 100644 index 0000000000..1fe49ee226 --- /dev/null +++ b/test/webrick/test_htmlutils.rb @@ -0,0 +1,20 @@ +require "test/unit" +require "webrick/htmlutils" + +class TestWEBrickHTMLUtils < Test::Unit::TestCase + include WEBrick::HTMLUtils + + def test_escape + assert_equal("foo", escape("foo")) + assert_equal("foo bar", escape("foo bar")) + assert_equal("foo&bar", escape("foo&bar")) + assert_equal("foo"bar", escape("foo\"bar")) + assert_equal("foo>bar", escape("foo>bar")) + assert_equal("foo<bar", escape("foo<bar")) + assert_equal("\u{3053 3093 306B 3061 306F}", escape("\u{3053 3093 306B 3061 306F}")) + bug8425 = '[Bug #8425] [ruby-core:55052]' + assert_nothing_raised(ArgumentError, Encoding::CompatibilityError, bug8425) { + assert_equal("\u{3053 3093 306B}\xff<", escape("\u{3053 3093 306B}\xff<")) + } + end +end diff --git a/test/webrick/test_httputils.rb b/test/webrick/test_httputils.rb index ebe8a2b8a5..2753cbe6c9 100644 --- a/test/webrick/test_httputils.rb +++ b/test/webrick/test_httputils.rb @@ -66,6 +66,10 @@ class TestWEBrickHTTPUtils < Test::Unit::TestCase assert_equal("/~foo%20bar", escape("/~foo bar")) assert_equal("/~foo%09bar", escape("/~foo\tbar")) assert_equal("/~foo+bar", escape("/~foo+bar")) + bug8425 = '[Bug #8425] [ruby-core:55052]' + assert_nothing_raised(ArgumentError, Encoding::CompatibilityError, bug8425) { + assert_equal("%E3%83%AB%E3%83%93%E3%83%BC%E3%81%95%E3%82%93", escape("\u{30EB 30D3 30FC 3055 3093}")) + } end def test_escape_form @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.0.0" #define RUBY_RELEASE_DATE "2014-02-17" -#define RUBY_PATCHLEVEL 430 +#define RUBY_PATCHLEVEL 431 #define RUBY_RELEASE_YEAR 2014 #define RUBY_RELEASE_MONTH 2 |