2017-02-18 00:52:16 -05:00
|
|
|
# frozen_string_literal: true
|
2017-05-05 21:33:04 -04:00
|
|
|
class CGI
|
|
|
|
module Util; end
|
|
|
|
include Util
|
|
|
|
extend Util
|
|
|
|
end
|
2013-05-03 07:23:23 -04:00
|
|
|
module CGI::Util
|
2009-10-04 09:25:49 -04:00
|
|
|
@@accept_charset="UTF-8" unless defined?(@@accept_charset)
|
2008-09-09 09:09:56 -04:00
|
|
|
# URL-encode a string.
|
|
|
|
# url_encoded_string = CGI::escape("'Stop!' said Fred")
|
|
|
|
# # => "%27Stop%21%27+said+Fred"
|
2013-05-03 07:23:23 -04:00
|
|
|
def escape(string)
|
2012-01-20 06:48:52 -05:00
|
|
|
encoding = string.encoding
|
2017-05-17 08:34:59 -04:00
|
|
|
string.b.gsub(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
|
2013-07-16 19:52:47 -04:00
|
|
|
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
2012-01-20 06:48:52 -05:00
|
|
|
end.tr(' ', '+').force_encoding(encoding)
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|
|
|
|
|
2009-07-30 01:34:02 -04:00
|
|
|
# URL-decode a string with encoding(optional).
|
2008-09-09 09:09:56 -04:00
|
|
|
# string = CGI::unescape("%27Stop%21%27+said+Fred")
|
|
|
|
# # => "'Stop!' said Fred"
|
2013-05-03 07:23:23 -04:00
|
|
|
def unescape(string,encoding=@@accept_charset)
|
2013-07-16 19:52:47 -04:00
|
|
|
str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
|
|
|
[m.delete('%')].pack('H*')
|
2009-07-30 01:34:02 -04:00
|
|
|
end.force_encoding(encoding)
|
|
|
|
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|
|
|
|
|
2011-05-31 20:42:06 -04:00
|
|
|
# The set of special characters and their escaped values
|
2008-09-09 09:09:56 -04:00
|
|
|
TABLE_FOR_ESCAPE_HTML__ = {
|
2012-08-21 18:30:47 -04:00
|
|
|
"'" => ''',
|
2008-09-09 09:09:56 -04:00
|
|
|
'&' => '&',
|
|
|
|
'"' => '"',
|
|
|
|
'<' => '<',
|
|
|
|
'>' => '>',
|
|
|
|
}
|
|
|
|
|
2016-05-27 21:26:21 -04:00
|
|
|
# Escape special characters in HTML, namely '&\"<>
|
2008-09-09 09:09:56 -04:00
|
|
|
# CGI::escapeHTML('Usage: foo "bar" <baz>')
|
|
|
|
# # => "Usage: foo "bar" <baz>"
|
2013-05-03 07:23:23 -04:00
|
|
|
def escapeHTML(string)
|
2016-02-06 08:31:07 -05:00
|
|
|
enc = string.encoding
|
|
|
|
unless enc.ascii_compatible?
|
|
|
|
if enc.dummy?
|
|
|
|
origenc = enc
|
|
|
|
enc = Encoding::Converter.asciicompat_encoding(enc)
|
|
|
|
string = enc ? string.encode(enc) : string.b
|
|
|
|
end
|
|
|
|
table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
|
|
|
|
string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
|
|
|
|
string.encode!(origenc) if origenc
|
|
|
|
return string
|
|
|
|
end
|
2012-07-17 19:04:46 -04:00
|
|
|
string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|
|
|
|
|
2015-12-20 06:54:54 -05:00
|
|
|
begin
|
2018-11-03 01:29:02 -04:00
|
|
|
require 'cgi/escape'
|
2015-12-20 06:54:54 -05:00
|
|
|
rescue LoadError
|
|
|
|
end
|
|
|
|
|
2008-09-09 09:09:56 -04:00
|
|
|
# Unescape a string that has been HTML-escaped
|
|
|
|
# CGI::unescapeHTML("Usage: foo "bar" <baz>")
|
|
|
|
# # => "Usage: foo \"bar\" <baz>"
|
2013-05-03 07:23:23 -04:00
|
|
|
def unescapeHTML(string)
|
2013-06-19 17:11:52 -04:00
|
|
|
enc = string.encoding
|
2016-02-06 08:31:07 -05:00
|
|
|
unless enc.ascii_compatible?
|
|
|
|
if enc.dummy?
|
|
|
|
origenc = enc
|
|
|
|
enc = Encoding::Converter.asciicompat_encoding(enc)
|
|
|
|
string = enc ? string.encode(enc) : string.b
|
|
|
|
end
|
|
|
|
string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
|
2013-05-16 06:26:57 -04:00
|
|
|
case $1.encode(Encoding::US_ASCII)
|
2012-07-17 19:04:46 -04:00
|
|
|
when 'apos' then "'".encode(enc)
|
2008-09-09 09:09:56 -04:00
|
|
|
when 'amp' then '&'.encode(enc)
|
|
|
|
when 'quot' then '"'.encode(enc)
|
|
|
|
when 'gt' then '>'.encode(enc)
|
|
|
|
when 'lt' then '<'.encode(enc)
|
|
|
|
when /\A#0*(\d+)\z/ then $1.to_i.chr(enc)
|
|
|
|
when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc)
|
|
|
|
end
|
|
|
|
end
|
2016-02-06 08:31:07 -05:00
|
|
|
string.encode!(origenc) if origenc
|
|
|
|
return string
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|
2016-02-06 08:31:07 -05:00
|
|
|
return string unless string.include? '&'
|
|
|
|
charlimit = case enc
|
|
|
|
when Encoding::UTF_8; 0x10ffff
|
|
|
|
when Encoding::ISO_8859_1; 256
|
|
|
|
else 128
|
|
|
|
end
|
2013-04-08 00:06:39 -04:00
|
|
|
string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
|
2008-09-09 09:09:56 -04:00
|
|
|
match = $1.dup
|
|
|
|
case match
|
2012-07-17 19:04:46 -04:00
|
|
|
when 'apos' then "'"
|
2008-09-09 09:09:56 -04:00
|
|
|
when 'amp' then '&'
|
|
|
|
when 'quot' then '"'
|
|
|
|
when 'gt' then '>'
|
|
|
|
when 'lt' then '<'
|
|
|
|
when /\A#0*(\d+)\z/
|
|
|
|
n = $1.to_i
|
2016-02-06 08:31:07 -05:00
|
|
|
if n < charlimit
|
2008-09-09 09:09:56 -04:00
|
|
|
n.chr(enc)
|
|
|
|
else
|
|
|
|
"&##{$1};"
|
|
|
|
end
|
|
|
|
when /\A#x([0-9a-f]+)\z/i
|
|
|
|
n = $1.hex
|
2016-02-06 08:31:07 -05:00
|
|
|
if n < charlimit
|
2008-09-09 09:09:56 -04:00
|
|
|
n.chr(enc)
|
|
|
|
else
|
|
|
|
"&#x#{$1};"
|
|
|
|
end
|
|
|
|
else
|
|
|
|
"&#{match};"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-05-18 17:07:13 -04:00
|
|
|
|
2011-05-31 20:42:06 -04:00
|
|
|
# Synonym for CGI::escapeHTML(str)
|
2014-03-21 17:46:17 -04:00
|
|
|
alias escape_html escapeHTML
|
2012-08-21 00:50:18 -04:00
|
|
|
|
2011-05-31 20:42:06 -04:00
|
|
|
# Synonym for CGI::unescapeHTML(str)
|
2014-03-21 17:46:17 -04:00
|
|
|
alias unescape_html unescapeHTML
|
2008-09-09 09:09:56 -04:00
|
|
|
|
|
|
|
# Escape only the tags of certain HTML elements in +string+.
|
|
|
|
#
|
|
|
|
# Takes an element or elements or array of elements. Each element
|
|
|
|
# is specified by the name of the element, without angle brackets.
|
|
|
|
# This matches both the start and the end tag of that element.
|
|
|
|
# The attribute list of the open tag will also be escaped (for
|
|
|
|
# instance, the double-quotes surrounding attribute values).
|
|
|
|
#
|
|
|
|
# print CGI::escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
|
|
|
|
# # "<BR><A HREF="url"></A>"
|
|
|
|
#
|
|
|
|
# print CGI::escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
|
|
|
|
# # "<BR><A HREF="url"></A>"
|
2013-05-03 07:23:23 -04:00
|
|
|
def escapeElement(string, *elements)
|
2008-09-09 09:09:56 -04:00
|
|
|
elements = elements[0] if elements[0].kind_of?(Array)
|
|
|
|
unless elements.empty?
|
|
|
|
string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
|
|
|
|
CGI::escapeHTML($&)
|
|
|
|
end
|
|
|
|
else
|
|
|
|
string
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Undo escaping such as that done by CGI::escapeElement()
|
|
|
|
#
|
|
|
|
# print CGI::unescapeElement(
|
|
|
|
# CGI::escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
|
|
|
|
# # "<BR><A HREF="url"></A>"
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2008-09-09 09:09:56 -04:00
|
|
|
# print CGI::unescapeElement(
|
|
|
|
# CGI::escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
|
|
|
|
# # "<BR><A HREF="url"></A>"
|
2013-05-03 07:23:23 -04:00
|
|
|
def unescapeElement(string, *elements)
|
2008-09-09 09:09:56 -04:00
|
|
|
elements = elements[0] if elements[0].kind_of?(Array)
|
|
|
|
unless elements.empty?
|
|
|
|
string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
|
2013-05-03 07:23:23 -04:00
|
|
|
unescapeHTML($&)
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|
|
|
|
else
|
|
|
|
string
|
|
|
|
end
|
|
|
|
end
|
2011-05-18 17:07:13 -04:00
|
|
|
|
2011-05-31 20:42:06 -04:00
|
|
|
# Synonym for CGI::escapeElement(str)
|
2014-03-21 17:46:17 -04:00
|
|
|
alias escape_element escapeElement
|
2012-08-21 00:50:18 -04:00
|
|
|
|
2011-05-31 20:42:06 -04:00
|
|
|
# Synonym for CGI::unescapeElement(str)
|
2014-03-21 17:46:17 -04:00
|
|
|
alias unescape_element unescapeElement
|
2008-09-09 09:09:56 -04:00
|
|
|
|
2010-04-19 23:39:34 -04:00
|
|
|
# Abbreviated day-of-week names specified by RFC 822
|
|
|
|
RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]
|
|
|
|
|
|
|
|
# Abbreviated month names specified by RFC 822
|
|
|
|
RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]
|
|
|
|
|
2008-09-09 09:09:56 -04:00
|
|
|
# Format a +Time+ object as a String using the format specified by RFC 1123.
|
|
|
|
#
|
|
|
|
# CGI::rfc1123_date(Time.now)
|
|
|
|
# # Sat, 01 Jan 2000 00:00:00 GMT
|
2013-05-03 07:23:23 -04:00
|
|
|
def rfc1123_date(time)
|
2008-09-09 09:09:56 -04:00
|
|
|
t = time.clone.gmtime
|
|
|
|
return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",
|
2013-05-03 07:23:23 -04:00
|
|
|
RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
|
|
|
|
t.hour, t.min, t.sec)
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Prettify (indent) an HTML string.
|
|
|
|
#
|
|
|
|
# +string+ is the HTML string to indent. +shift+ is the indentation
|
|
|
|
# unit to use; it defaults to two spaces.
|
|
|
|
#
|
|
|
|
# print CGI::pretty("<HTML><BODY></BODY></HTML>")
|
|
|
|
# # <HTML>
|
|
|
|
# # <BODY>
|
|
|
|
# # </BODY>
|
|
|
|
# # </HTML>
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2008-09-09 09:09:56 -04:00
|
|
|
# print CGI::pretty("<HTML><BODY></BODY></HTML>", "\t")
|
|
|
|
# # <HTML>
|
|
|
|
# # <BODY>
|
|
|
|
# # </BODY>
|
|
|
|
# # </HTML>
|
|
|
|
#
|
2013-05-03 07:23:23 -04:00
|
|
|
def pretty(string, shift = " ")
|
2009-11-12 10:48:46 -05:00
|
|
|
lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n")
|
2008-09-09 09:09:56 -04:00
|
|
|
end_pos = 0
|
|
|
|
while end_pos = lines.index(/^<\/(\w+)/, end_pos)
|
|
|
|
element = $1.dup
|
|
|
|
start_pos = lines.rindex(/^\s*<#{element}/i, end_pos)
|
|
|
|
lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__"
|
|
|
|
end
|
|
|
|
lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')
|
|
|
|
end
|
2013-05-03 07:23:23 -04:00
|
|
|
|
|
|
|
alias h escapeHTML
|
2008-09-09 09:09:56 -04:00
|
|
|
end
|