ruby-changes:41161
From: nobu <ko1@a...>
Date: Tue, 22 Dec 2015 14:31:56 +0900 (JST)
Subject: [ruby-changes:41161] nobu:r53234 (trunk): escape.c: should not freeze
nobu 2015-12-22 14:31:31 +0900 (Tue, 22 Dec 2015) New Revision: 53234 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=53234 Log: escape.c: should not freeze * ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML should return unfrozen new string. [ruby-core:72426] [Bug #11858] Modified files: trunk/ChangeLog trunk/ext/cgi/escape/escape.c trunk/test/cgi/test_cgi_util.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 53233) +++ ChangeLog (revision 53234) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Tue Dec 22 14:31:28 2015 Toru Iwase <tietew@t...> + + * ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML + should return unfrozen new string. + [ruby-core:72426] [Bug #11858] + Tue Dec 22 05:39:58 2015 Takashi Kokubun <takashikkbn@g...> * ext/cgi/escape/escape.c (preserve_original_state): Preserve Index: ext/cgi/escape/escape.c =================================================================== --- ext/cgi/escape/escape.c (revision 53233) +++ ext/cgi/escape/escape.c (revision 53234) @@ -30,7 +30,7 @@ preserve_original_state(VALUE orig, VALU https://github.com/ruby/ruby/blob/trunk/ext/cgi/escape/escape.c#L30 { rb_enc_associate(dest, rb_enc_get(orig)); - FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT)); + RB_OBJ_INFECT_RAW(dest, orig); } static VALUE @@ -69,7 +69,7 @@ optimized_escape_html(VALUE str) https://github.com/ruby/ruby/blob/trunk/ext/cgi/escape/escape.c#L69 return dest; } else { - return str; + return rb_str_dup(str); } } Index: test/cgi/test_cgi_util.rb =================================================================== --- test/cgi/test_cgi_util.rb (revision 53233) +++ test/cgi/test_cgi_util.rb (revision 53234) @@ -62,20 +62,36 @@ class CGIUtilTest < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/cgi/test_cgi_util.rb#L62 assert_equal("'&"><", CGI::escapeHTML("'&\"><")) end + def test_cgi_escape_html_duplicated + orig = "Ruby".force_encoding("US-ASCII") + str = CGI::escapeHTML(orig) + assert_equal(orig, str) + assert_not_same(orig, str) + end + + def assert_cgi_escape_html_preserve_encoding(str, encoding) + assert_equal(encoding, CGI::escapeHTML(str.dup.force_encoding(encoding)).encoding) + end + def test_cgi_escape_html_preserve_encoding - assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding) - assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding) - assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding) + Encoding.list do |enc| + assert_cgi_escape_html_preserve_encoding("'&\"><", enc) + assert_cgi_escape_html_preserve_encoding("Ruby", enc) + end end def test_cgi_escape_html_preserve_tainted - assert_equal(false, CGI::escapeHTML("'&\"><").tainted?) - assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?) + assert_not_predicate CGI::escapeHTML("'&\"><"), :tainted? + assert_predicate CGI::escapeHTML("'&\"><".taint), :tainted? + assert_not_predicate CGI::escapeHTML("Ruby"), :tainted? + assert_predicate CGI::escapeHTML("Ruby".taint), :tainted? end - def test_cgi_escape_html_preserve_frozen - assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?) - assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?) + def test_cgi_escape_html_dont_freeze + assert_not_predicate CGI::escapeHTML("'&\"><".dup), :frozen? + assert_not_predicate CGI::escapeHTML("'&\"><".freeze), :frozen? + assert_not_predicate CGI::escapeHTML("Ruby".dup), :frozen? + assert_not_predicate CGI::escapeHTML("Ruby".freeze), :frozen? end def test_cgi_unescapeHTML -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/