diff options
| -rw-r--r-- | ext/cgi/escape/escape.c | 10 | ||||
| -rw-r--r-- | test/cgi/test_cgi_util.rb | 21 |
2 files changed, 26 insertions, 5 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index ced1b182eb..a36770bc11 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -59,7 +59,7 @@ optimized_escape_html(VALUE str) case '<': case '>': if (!dest) { - dest = rb_str_buf_new(len); + dest = rb_str_new_with_class(str, 0, 0); } rb_str_cat(dest, cstr + beg, i - beg); @@ -151,7 +151,7 @@ optimized_unescape_html(VALUE str) i += clen; if (overflow || cc >= charlimit || cstr[i] != ';') continue; if (!dest) { - dest = rb_str_buf_new(len); + dest = rb_str_new_with_class(str, 0, 0); } rb_str_cat(dest, cstr + beg, plen); if (charlimit > 256) { @@ -168,7 +168,7 @@ optimized_unescape_html(VALUE str) continue; } if (!dest) { - dest = rb_str_buf_new(len); + dest = rb_str_new_with_class(str, 0, 0); } rb_str_cat(dest, cstr + beg, plen); rb_str_cat(dest, &c, 1); @@ -219,7 +219,7 @@ optimized_escape(VALUE str) const unsigned char c = (unsigned char)cstr[i]; if (!url_unreserved_char(c)) { if (!dest) { - dest = rb_str_buf_new(len); + dest = rb_str_new_with_class(str, 0, 0); } rb_str_cat(dest, cstr + beg, i - beg); @@ -278,7 +278,7 @@ optimized_unescape(VALUE str, VALUE encoding) } if (!dest) { - dest = rb_str_buf_new(len); + dest = rb_str_new_with_class(str, 0, 0); } rb_str_cat(dest, cstr + beg, i - beg); diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb index f2f5575efb..786e6f18a3 100644 --- a/test/cgi/test_cgi_util.rb +++ b/test/cgi/test_cgi_util.rb @@ -197,4 +197,25 @@ class CGIUtilTest < Test::Unit::TestCase assert_equal('<BR><A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")) assert_equal('<BR><A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])) end + + def test_escape_string_subclass + sc = Class.new(String).freeze + str = sc.new('>') + msg = '[ruby-core:86847] [Bug #14732]' + assert_not_instance_of String, str + + html = escapeHTML(str) + assert_instance_of sc, html, msg + assert_equal '>', html + orig = unescapeHTML(html) + assert_instance_of sc, orig, msg + assert_equal '>', orig + + url = escape(str) + assert_instance_of sc, url, msg + assert_equal '%3E', url + orig = unescape(url) + assert_instance_of sc, orig, msg + assert_equal '>', orig + end end |