Project

General

Profile

Bug #11858 ยป escapehtml_dup_str.patch

Tietew (Toru Iwase), 12/22/2015 03:08 AM

View differences:

ext/cgi/escape/escape.c
{
rb_enc_associate(dest, rb_enc_get(orig));
FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT));
RB_OBJ_INFECT_RAW(dest, orig);
}
static VALUE
......
return dest;
}
else {
return str;
return rb_str_dup(str);
}
}
test/cgi/test_cgi_util.rb
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding)
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding)
assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("Ruby".force_encoding("US-ASCII")).encoding)
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("Ruby".force_encoding("ASCII-8BIT")).encoding)
assert_equal(Encoding::UTF_8, CGI::escapeHTML("Ruby".force_encoding("UTF-8")).encoding)
end
def test_cgi_escape_html_preserve_tainted
assert_equal(false, CGI::escapeHTML("'&\"><").tainted?)
assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?)
assert_equal(false, CGI::escapeHTML("Ruby").tainted?)
assert_equal(true, CGI::escapeHTML("Ruby".taint).tainted?)
end
def test_cgi_escape_html_preserve_frozen
def test_cgi_escape_html_dont_freeze
assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?)
assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?)
assert_equal(false, CGI::escapeHTML("'&\"><".freeze).frozen?)
assert_equal(false, CGI::escapeHTML("Ruby".dup).frozen?)
assert_equal(false, CGI::escapeHTML("Ruby".freeze).frozen?)
end
def test_cgi_unescapeHTML
    (1-1/1)