mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
Wed Jul 4 08:24:28 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org>
* lib/cgi/util.rb: Add ' to CGI's HTML escaping.[Feature #6620] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36299 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
ab63d24b04
commit
07132e0675
2 changed files with 10 additions and 3 deletions
|
@ -22,6 +22,7 @@ class CGI
|
|||
|
||||
# The set of special characters and their escaped values
|
||||
TABLE_FOR_ESCAPE_HTML__ = {
|
||||
"'" => ''',
|
||||
'&' => '&',
|
||||
'"' => '"',
|
||||
'<' => '<',
|
||||
|
@ -32,7 +33,7 @@ class CGI
|
|||
# CGI::escapeHTML('Usage: foo "bar" <baz>')
|
||||
# # => "Usage: foo "bar" <baz>"
|
||||
def CGI::escapeHTML(string)
|
||||
string.gsub(/[&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
||||
string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
||||
end
|
||||
|
||||
# Unescape a string that has been HTML-escaped
|
||||
|
@ -41,8 +42,9 @@ class CGI
|
|||
def CGI::unescapeHTML(string)
|
||||
enc = string.encoding
|
||||
if [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc)
|
||||
return string.gsub(Regexp.new('&(amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
|
||||
return string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
|
||||
case $1.encode("US-ASCII")
|
||||
when 'apos' then "'".encode(enc)
|
||||
when 'amp' then '&'.encode(enc)
|
||||
when 'quot' then '"'.encode(enc)
|
||||
when 'gt' then '>'.encode(enc)
|
||||
|
@ -53,9 +55,10 @@ class CGI
|
|||
end
|
||||
end
|
||||
asciicompat = Encoding.compatible?(string, "a")
|
||||
string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do
|
||||
string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do
|
||||
match = $1.dup
|
||||
case match
|
||||
when 'apos' then "'"
|
||||
when 'amp' then '&'
|
||||
when 'quot' then '"'
|
||||
when 'gt' then '>'
|
||||
|
|
|
@ -53,4 +53,8 @@ class CGIUtilTest < Test::Unit::TestCase
|
|||
assert_equal("<HTML>\n\t<BODY>\n\t</BODY>\n</HTML>\n",CGI::pretty("<HTML><BODY></BODY></HTML>","\t"))
|
||||
end
|
||||
|
||||
def test_cgi_unescapeHTML
|
||||
assert_equal(CGI::unescapeHTML("'&"><"),"'&\"><")
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue