Bug #11858 ยป escapehtml_dup_str.patch
| ext/cgi/escape/escape.c | ||
|---|---|---|
|
{
|
||
|
rb_enc_associate(dest, rb_enc_get(orig));
|
||
|
FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT));
|
||
|
RB_OBJ_INFECT_RAW(dest, orig);
|
||
|
}
|
||
|
static VALUE
|
||
| ... | ... | |
|
return dest;
|
||
|
}
|
||
|
else {
|
||
|
return str;
|
||
|
return rb_str_dup(str);
|
||
|
}
|
||
|
}
|
||
| test/cgi/test_cgi_util.rb | ||
|---|---|---|
|
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding)
|
||
|
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding)
|
||
|
assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
|
||
|
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("Ruby".force_encoding("US-ASCII")).encoding)
|
||
|
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("Ruby".force_encoding("ASCII-8BIT")).encoding)
|
||
|
assert_equal(Encoding::UTF_8, CGI::escapeHTML("Ruby".force_encoding("UTF-8")).encoding)
|
||
|
end
|
||
|
def test_cgi_escape_html_preserve_tainted
|
||
|
assert_equal(false, CGI::escapeHTML("'&\"><").tainted?)
|
||
|
assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?)
|
||
|
assert_equal(false, CGI::escapeHTML("Ruby").tainted?)
|
||
|
assert_equal(true, CGI::escapeHTML("Ruby".taint).tainted?)
|
||
|
end
|
||
|
def test_cgi_escape_html_preserve_frozen
|
||
|
def test_cgi_escape_html_dont_freeze
|
||
|
assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?)
|
||
|
assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?)
|
||
|
assert_equal(false, CGI::escapeHTML("'&\"><".freeze).frozen?)
|
||
|
assert_equal(false, CGI::escapeHTML("Ruby".dup).frozen?)
|
||
|
assert_equal(false, CGI::escapeHTML("Ruby".freeze).frozen?)
|
||
|
end
|
||
|
def test_cgi_unescapeHTML
|
||