diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index 939b054..e8f64f6 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -30,7 +30,7 @@ preserve_original_state(VALUE orig, VALUE dest) { rb_enc_associate(dest, rb_enc_get(orig)); - FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT)); + RB_OBJ_INFECT_RAW(dest, orig); } static VALUE @@ -69,7 +69,7 @@ optimized_escape_html(VALUE str) return dest; } else { - return str; + return rb_str_dup(str); } } diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb index 08c2ed2..e97de410 100644 --- a/test/cgi/test_cgi_util.rb +++ b/test/cgi/test_cgi_util.rb @@ -66,16 +66,23 @@ def test_cgi_escape_html_preserve_encoding assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding) assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding) assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding) + assert_equal(Encoding::US_ASCII, CGI::escapeHTML("Ruby".force_encoding("US-ASCII")).encoding) + assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("Ruby".force_encoding("ASCII-8BIT")).encoding) + assert_equal(Encoding::UTF_8, CGI::escapeHTML("Ruby".force_encoding("UTF-8")).encoding) end def test_cgi_escape_html_preserve_tainted assert_equal(false, CGI::escapeHTML("'&\"><").tainted?) assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?) + assert_equal(false, CGI::escapeHTML("Ruby").tainted?) + assert_equal(true, CGI::escapeHTML("Ruby".taint).tainted?) end - def test_cgi_escape_html_preserve_frozen + def test_cgi_escape_html_dont_freeze assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?) - assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?) + assert_equal(false, CGI::escapeHTML("'&\"><".freeze).frozen?) + assert_equal(false, CGI::escapeHTML("Ruby".dup).frozen?) + assert_equal(false, CGI::escapeHTML("Ruby".freeze).frozen?) end def test_cgi_unescapeHTML