Wed Jul 18 07:59:29 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org>

* lib/cgi/util.rb (CGI.escapeHTML,unescapeHTML): Add ' for HTML5 escaping. [Feature #6620] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2012-07-17 23:04:46 +00:00 · 2012-07-17 23:04:46 +00:00 · c47cca2f85
commit c47cca2f85
parent ba2ed2edeb
3 changed files with 19 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Wed Jul 18 07:59:29 2012  Takeyuki FUJIOKA  <xibbar@ruby-lang.org>
+
+	* lib/cgi/util.rb (CGI.escapeHTML,unescapeHTML): Add &apos; for HTML5 escaping.
+	[Feature #6620]
+
 Tue Jul 17 22:17:13 2012  Tanaka Akira  <akr@fsij.org>

 	* lib/open-uri.rb: call io.close! for Tempfile.
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@ -22,6 +22,7 @@ class CGI

  # The set of special characters and their escaped values
  TABLE_FOR_ESCAPE_HTML__ = {
+    "'" => '&apos;',
    '&' => '&amp;',
    '"' => '&quot;',
    '<' => '&lt;',
@ -32,7 +33,7 @@ class CGI
  #   CGI::escapeHTML('Usage: foo "bar" <baz>')
  #      # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
  def CGI::escapeHTML(string)
-    string.gsub(/[&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
+    string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
  end

  # Unescape a string that has been HTML-escaped
@ -41,8 +42,9 @@ class CGI
  def CGI::unescapeHTML(string)
    enc = string.encoding
    if [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc)
-      return string.gsub(Regexp.new('&(amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
+      return string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
        case $1.encode("US-ASCII")
+        when 'apos'                then "'".encode(enc)
        when 'amp'                 then '&'.encode(enc)
        when 'quot'                then '"'.encode(enc)
        when 'gt'                  then '>'.encode(enc)
@ -53,9 +55,10 @@ class CGI
      end
    end
    asciicompat = Encoding.compatible?(string, "a")
-    string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do
+    string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do
      match = $1.dup
      case match
+      when 'apos'                then "'"
      when 'amp'                 then '&'
      when 'quot'                then '"'
      when 'gt'                  then '>'
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@ -53,4 +53,12 @@ class CGIUtilTest < Test::Unit::TestCase
    assert_equal("<HTML>\n\t<BODY>\n\t</BODY>\n</HTML>\n",CGI::pretty("<HTML><BODY></BODY></HTML>","\t"))
  end

+  def test_cgi_escapeHTML
+    assert_equal(CGI::escapeHTML("'&\"><"),"&apos;&amp;&quot;&gt;&lt;")
+  end
+
+  def test_cgi_unescapeHTML
+    assert_equal(CGI::unescapeHTML("&apos;&amp;&quot;&gt;&lt;"),"'&\"><")
+  end
+
 end