ruby-changes:24248
From: xibbar <ko1@a...>
Date: Wed, 4 Jul 2012 08:33:56 +0900 (JST)
Subject: [ruby-changes:24248] xibbar:r36299 (trunk): * lib/cgi/util.rb: Add ' to CGI's HTML escaping.[Feature #6620]
xibbar 2012-07-04 08:32:33 +0900 (Wed, 04 Jul 2012) New Revision: 36299 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=36299 Log: * lib/cgi/util.rb: Add ' to CGI's HTML escaping.[Feature #6620] Modified files: trunk/lib/cgi/util.rb trunk/test/cgi/test_cgi_util.rb Index: lib/cgi/util.rb =================================================================== --- lib/cgi/util.rb (revision 36298) +++ lib/cgi/util.rb (revision 36299) @@ -22,6 +22,7 @@ # The set of special characters and their escaped values TABLE_FOR_ESCAPE_HTML__ = { + "'" => ''', '&' => '&', '"' => '"', '<' => '<', @@ -32,7 +33,7 @@ # CGI::escapeHTML('Usage: foo "bar" <baz>') # # => "Usage: foo "bar" <baz>" def CGI::escapeHTML(string) - string.gsub(/[&\"<>]/, TABLE_FOR_ESCAPE_HTML__) + string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) end # Unescape a string that has been HTML-escaped @@ -41,8 +42,9 @@ def CGI::unescapeHTML(string) enc = string.encoding if [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc) - return string.gsub(Regexp.new('&(amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do + return string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do case $1.encode("US-ASCII") + when 'apos' then "'".encode(enc) when 'amp' then '&'.encode(enc) when 'quot' then '"'.encode(enc) when 'gt' then '>'.encode(enc) @@ -53,9 +55,10 @@ end end asciicompat = Encoding.compatible?(string, "a") - string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do + string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do match = $1.dup case match + when 'apos' then "'" when 'amp' then '&' when 'quot' then '"' when 'gt' then '>' Index: test/cgi/test_cgi_util.rb =================================================================== --- test/cgi/test_cgi_util.rb (revision 36298) +++ test/cgi/test_cgi_util.rb (revision 36299) @@ -53,4 +53,8 @@ assert_equal("<HTML>\n\t<BODY>\n\t</BODY>\n</HTML>\n",CGI::pretty("<HTML><BODY></BODY></HTML>","\t")) end + def test_cgi_unescapeHTML + assert_equal(CGI::unescapeHTML("'&"><"),"'&\"><") + end + end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/