From 29449d70be69c35302e066706e5ec04f9dae3dd9 Mon Sep 17 00:00:00 2001 From: naruse Date: Sat, 23 Aug 2008 21:40:59 +0000 Subject: * lib/cgi.rb (CGI::unescapeHTML): more encoding sensible unescaping. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/cgi.rb | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/cgi.rb b/lib/cgi.rb index 5743855837..ab57fbdcd0 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -375,6 +375,19 @@ class CGI # # => "Usage: foo \"bar\" " def CGI::unescapeHTML(string) enc = string.encoding + if [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc) + return string.gsub(Regexp.new('&(amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do + case $1.encode("US-ASCII") + when 'amp' then '&'.encode(enc) + when 'quot' then '"'.encode(enc) + when 'gt' then '>'.encode(enc) + when 'lt' then '<'.encode(enc) + when /\A#0*(\d+)\z/ then $1.to_i.chr(enc) + when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc) + end + end + end + asciicompat = Encoding.compatible?(string, "a") string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do match = $1.dup case match @@ -382,20 +395,24 @@ class CGI when 'quot' then '"' when 'gt' then '>' when 'lt' then '<' - when /\A#0*(\d+)\z/ then - if Integer($1) < 256 - Integer($1).chr.force_encoding(enc) - else - "&##{$1};" - end - when /\A#x([0-9a-f]+)\z/i then - if $1.hex < 256 - $1.hex.chr.force_encoding(enc) - else - "&#x#{$1};" - end + when /\A#0*(\d+)\z/ + if enc == Encoding::UTF_8 + $1.to_i.chr(enc) + elsif $1.to_i < 128 && asciicompat + $1.to_i.chr + else + "&##{$1};" + end + when /\A#x([0-9a-f]+)\z/i + if enc == Encoding::UTF_8 + $1.hex.chr(enc) + elsif $1.hex < 128 && asciicompat + $1.hex.chr + else + "&#x#{$1};" + end else - "&#{match};" + "&#{match};" end end end -- cgit v1.2.3