1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

cgi/escape: Optimize CGI.escapeHTML

* cgi/escape/escape.c: Optimize CGI.escapeHTML for
  ASCII-compatible encodings.  [Fix GH-1164]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2015-12-20 11:54:54 +00:00
parent 28dc41090a
commit ce7f7f5e3d
9 changed files with 120 additions and 0 deletions

View file

@ -1,3 +1,8 @@
Sun Dec 20 20:54:51 2015 Takashi Kokubun <takashikkbn@gmail.com>
* cgi/escape/escape.c: Optimize CGI.escapeHTML for
ASCII-compatible encodings. [Fix GH-1164]
Sun Dec 20 15:36:46 2015 SHIBATA Hiroshi <hsbt@ruby-lang.org>
* lib/erb.rb: revert r53123. It breaks compatibility like thor and

View file

@ -1,6 +1,7 @@
#option nodynamic
#bigdecimal
#cgi/escape
#continuation
#coverage
#date

View file

@ -2,6 +2,7 @@ option nodynamic
#Win32API
bigdecimal
cgi/escape
dbm
digest
digest/md5

View file

@ -2,6 +2,7 @@
#
# #Win32API
# bigdecimal
# cgi/escape
# continuation
# coverage
# date

View file

@ -3,6 +3,7 @@
Win32API
bigdecimal
cgi/escape
#dbm
digest
digest/md5

97
ext/cgi/escape/escape.c Normal file
View file

@ -0,0 +1,97 @@
#include "ruby.h"
#include "ruby/encoding.h"
static VALUE rb_cCGI, rb_mUtil, rb_mEscape;
static void
html_escaped_cat(VALUE str, char c)
{
switch (c) {
case '\'':
rb_str_cat_cstr(str, "&#39;");
break;
case '&':
rb_str_cat_cstr(str, "&amp;");
break;
case '"':
rb_str_cat_cstr(str, "&quot;");
break;
case '<':
rb_str_cat_cstr(str, "&lt;");
break;
case '>':
rb_str_cat_cstr(str, "&gt;");
break;
}
}
static VALUE
optimized_escape_html(VALUE str)
{
long i, len, modified = 0, beg = 0;
VALUE dest;
const char *cstr;
len = RSTRING_LEN(str);
cstr = RSTRING_PTR(str);
for (i = 0; i < len; i++) {
switch (cstr[i]) {
case '\'':
case '&':
case '"':
case '<':
case '>':
if (!modified) {
modified = 1;
dest = rb_str_buf_new(len);
}
rb_str_cat(dest, cstr + beg, i - beg);
beg = i + 1;
html_escaped_cat(dest, cstr[i]);
break;
}
}
if (modified) {
rb_str_cat(dest, cstr + beg, len - beg);
rb_enc_associate(dest, rb_enc_get(str));
return dest;
}
else {
return str;
}
}
/*
* call-seq:
* CGI.escapeHTML(string) -> string
*
* Returns HTML-escaped string.
*
*/
static VALUE
cgiesc_escape_html(VALUE self, VALUE str)
{
StringValue(str);
if (rb_enc_str_asciicompat_p(str)) {
return optimized_escape_html(str);
}
else {
return rb_call_super(1, &str);
}
}
void
Init_escape(void)
{
rb_cCGI = rb_define_class("CGI", rb_cObject);
rb_mEscape = rb_define_module_under(rb_cCGI, "Escape");
rb_mUtil = rb_define_module_under(rb_cCGI, "Util");
rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
rb_prepend_module(rb_mUtil, rb_mEscape);
rb_extend_object(rb_cCGI, rb_mEscape);
}

View file

@ -0,0 +1,3 @@
require 'mkmf'
create_makefile 'cgi/escape'

View file

@ -38,6 +38,11 @@ module CGI::Util
string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
end
begin
require 'cgi/escape'
rescue LoadError
end
# Unescape a string that has been HTML-escaped
# CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
# # => "Usage: foo \"bar\" <baz>"

View file

@ -62,6 +62,12 @@ class CGIUtilTest < Test::Unit::TestCase
assert_equal("&#39;&amp;&quot;&gt;&lt;", CGI::escapeHTML("'&\"><"))
end
def test_cgi_escape_html_preserve_encoding
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding)
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding)
assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
end
def test_cgi_unescapeHTML
assert_equal("'&\"><", CGI::unescapeHTML("&#39;&amp;&quot;&gt;&lt;"))
end