1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

escape.c: should not freeze

Browse Source 
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
  should return unfrozen new string.
  [ruby-core:72426] [Bug #11858]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2015-12-22 05:31:31 +00:00
parent 1b107d48ef
commit 10a129cee7
3 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
Tue Dec 22 14:31:28 2015 Toru Iwase <tietew@tietew.net>
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
should return unfrozen new string.
[ruby-core:72426] [Bug #11858]
Tue Dec 22 05:39:58 2015 Takashi Kokubun <takashikkbn@gmail.com> Tue Dec 22 05:39:58 2015 Takashi Kokubun <takashikkbn@gmail.com>
* ext/cgi/escape/escape.c (preserve_original_state): Preserve * ext/cgi/escape/escape.c (preserve_original_state): Preserve

4
ext/cgi/escape/escape.c
View File

@ -30,7 +30,7 @@ preserve_original_state(VALUE orig, VALUE dest)
{ {
rb_enc_associate(dest, rb_enc_get(orig)); rb_enc_associate(dest, rb_enc_get(orig));
FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT)); RB_OBJ_INFECT_RAW(dest, orig);
} }
static VALUE static VALUE
@ -69,7 +69,7 @@ optimized_escape_html(VALUE str)
return dest; return dest;
} }
else { else {
return str; return rb_str_dup(str);
} }
} }

32
test/cgi/test_cgi_util.rb
View File

@ -62,20 +62,36 @@ class CGIUtilTest < Test::Unit::TestCase
assert_equal("&#39;&amp;&quot;&gt;&lt;", CGI::escapeHTML("'&\"><")) assert_equal("&#39;&amp;&quot;&gt;&lt;", CGI::escapeHTML("'&\"><"))
end end
def test_cgi_escape_html_duplicated
orig = "Ruby".force_encoding("US-ASCII")
str = CGI::escapeHTML(orig)
assert_equal(orig, str)
assert_not_same(orig, str)
end
def assert_cgi_escape_html_preserve_encoding(str, encoding)
assert_equal(encoding, CGI::escapeHTML(str.dup.force_encoding(encoding)).encoding)
end
def test_cgi_escape_html_preserve_encoding def test_cgi_escape_html_preserve_encoding
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding) Encoding.list do |enc|
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding) assert_cgi_escape_html_preserve_encoding("'&\"><", enc)
assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding) assert_cgi_escape_html_preserve_encoding("Ruby", enc)
end
end end
def test_cgi_escape_html_preserve_tainted def test_cgi_escape_html_preserve_tainted
assert_equal(false, CGI::escapeHTML("'&\"><").tainted?) assert_not_predicate CGI::escapeHTML("'&\"><"), :tainted?
assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?) assert_predicate CGI::escapeHTML("'&\"><".taint), :tainted?
assert_not_predicate CGI::escapeHTML("Ruby"), :tainted?
assert_predicate CGI::escapeHTML("Ruby".taint), :tainted?
end end
def test_cgi_escape_html_preserve_frozen def test_cgi_escape_html_dont_freeze
assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?) assert_not_predicate CGI::escapeHTML("'&\"><".dup), :frozen?
assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?) assert_not_predicate CGI::escapeHTML("'&\"><".freeze), :frozen?
assert_not_predicate CGI::escapeHTML("Ruby".dup), :frozen?
assert_not_predicate CGI::escapeHTML("Ruby".freeze), :frozen?
end end
def test_cgi_unescapeHTML def test_cgi_unescapeHTML