escape_utils-1.1.0/0000755000004100000410000000000012507171076014227 5ustar www-datawww-dataescape_utils-1.1.0/Rakefile0000644000004100000410000000062712507171075015700 0ustar www-datawww-datarequire 'rake/testtask' Rake::TestTask.new do |t| t.pattern = "test/**/*_test.rb" end task :default => :test gem 'rake-compiler', '>= 0.7.5' require "rake/extensiontask" Rake::ExtensionTask.new('escape_utils') do |ext| ext.cross_compile = true ext.cross_platform = ['x86-mingw32', 'x86-mswin32-60'] ext.lib_dir = File.join 'lib', 'escape_utils' end Rake::Task[:test].prerequisites << :compile escape_utils-1.1.0/Gemfile0000644000004100000410000000004712507171075015522 0ustar www-datawww-datasource 'https://rubygems.org' gemspec escape_utils-1.1.0/script/0000755000004100000410000000000012507171076015533 5ustar www-datawww-dataescape_utils-1.1.0/script/bootstrap0000755000004100000410000000011412507171076017472 0ustar www-datawww-databundle install --path vendor/gems --binstubs bin/rake clobber clean compile escape_utils-1.1.0/.travis.yml0000644000004100000410000000014712507171075016341 0ustar www-datawww-datalanguage: ruby rvm: - 1.9.3 - 2.0.0 - rbx-19mode matrix: allow_failures: - rvm: rbx-19mode escape_utils-1.1.0/benchmark/0000755000004100000410000000000012507171076016161 5ustar www-datawww-dataescape_utils-1.1.0/benchmark/html_unescape.rb0000644000004100000410000000137512507171076021343 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'cgi' require 'haml' require 'escape_utils' module HamlBench extend Haml::Helpers end url = "http://en.wikipedia.org/wiki/Line_of_succession_to_the_British_throne" html = `curl -s #{url}` html = html.force_encoding('binary') if html.respond_to?(:force_encoding) escaped_html = EscapeUtils.escape_html(html) puts "Unescaping #{escaped_html.bytesize} bytes of escaped html, from #{url}" Benchmark.ips do |x| x.report "CGI.unescapeHTML" do |times| times.times do CGI.unescapeHTML(escaped_html) end end x.report "EscapeUtils.unescape_html" do |times| times.times do EscapeUtils.unescape_html(escaped_html) end end x.compare! end escape_utils-1.1.0/benchmark/xml_escape.rb0000644000004100000410000000111612507171076020625 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'fast_xs' require 'escape_utils' url = "http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml" xml = `curl -s #{url}` xml = xml.force_encoding('binary') if xml.respond_to?(:force_encoding) puts "Escaping #{xml.bytesize} bytes of xml, from #{url}" Benchmark.ips do |x| x.report "fast_xs" do |times| times.times do xml.fast_xs end end x.report "EscapeUtils.escape_xml" do |times| times.times do EscapeUtils.escape_xml(xml) end end x.compare! end escape_utils-1.1.0/benchmark/javascript_escape.rb0000644000004100000410000000147512507171076022203 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'action_view' require 'escape_utils' class ActionPackBench extend ActionView::Helpers::JavaScriptHelper end url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js" javascript = `curl -s #{url}` javascript = javascript.force_encoding('utf-8') if javascript.respond_to?(:force_encoding) puts "Escaping #{javascript.bytesize} bytes of javascript, from #{url}" Benchmark.ips do |x| x.report "ActionView::Helpers::JavaScriptHelper#escape_javascript" do |times| times.times do ActionPackBench.escape_javascript(javascript) end end x.report "EscapeUtils.escape_javascript" do |times| times.times do EscapeUtils.escape_javascript(javascript) end end x.compare! end escape_utils-1.1.0/benchmark/html_escape.rb0000644000004100000410000000257112507171076020777 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'rack' require 'erb' require 'cgi' require 'haml' require 'fast_xs_extra' require 'escape_utils' module HamlBench extend Haml::Helpers end url = "http://en.wikipedia.org/wiki/Line_of_succession_to_the_British_throne" html = `curl -s #{url}` html = html.force_encoding('utf-8') if html.respond_to?(:force_encoding) puts "Escaping #{html.bytesize} bytes of html from #{url}" Benchmark.ips do |x| x.report "Rack::Utils.escape_html" do |times| times.times do Rack::Utils.escape_html(html) end end x.report "Haml::Helpers.html_escape" do |times| times.times do HamlBench.html_escape(html) end end x.report "ERB::Util.html_escape" do |times| times.times do ERB::Util.html_escape(html) end end x.report "CGI.escapeHTML" do |times| times.times do CGI.escapeHTML(html) end end x.report "String#gsub" do |times| html_escape = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } times.times do html.gsub(/[&"'><]/, html_escape) end end x.report "fast_xs_extra#fast_xs_html" do |times| times.times do html.fast_xs_html end end x.report "EscapeUtils.escape_html" do |times| times.times do EscapeUtils.escape_html(html) end end x.compare! end escape_utils-1.1.0/benchmark/url_unescape.rb0000644000004100000410000000211112507171076021166 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'rack' require 'cgi' require 'url_escape' require 'fast_xs_extra' require 'escape_utils' url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----" url = url.force_encoding('us-ascii') if url.respond_to?(:force_encoding) escaped_url = EscapeUtils.escape_url(url) puts "Escaping a #{url.bytesize} byte URL" Benchmark.ips do |x| x.report "Rack::Utils.unescape" do |times| times.times do Rack::Utils.unescape(escaped_url) end end x.report "CGI.unescape" do |times| times.times do CGI.unescape(escaped_url) end end x.report "URLEscape#unescape" do |times| times.times do URLEscape.unescape(escaped_url) end end x.report "fast_xs_extra#fast_uxs_cgi" do |times| times.times do url.fast_uxs_cgi end end x.report "EscapeUtils.unescape_url" do |times| times.times do EscapeUtils.unescape_url(escaped_url) end end x.compare! end escape_utils-1.1.0/benchmark/javascript_unescape.rb0000644000004100000410000000117212507171076022540 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'escape_utils' url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js" javascript = `curl -s #{url}` javascript = javascript.force_encoding('utf-8') if javascript.respond_to?(:force_encoding) escaped_javascript = EscapeUtils.escape_javascript(javascript) puts "Escaping #{escaped_javascript.bytesize} bytes of javascript, from #{url}" Benchmark.ips do |x| x.report "EscapeUtils.escape_javascript" do |times| times.times do EscapeUtils.unescape_javascript(escaped_javascript) end end end escape_utils-1.1.0/benchmark/url_escape.rb0000644000004100000410000000216012507171076020627 0ustar www-datawww-data# encoding: utf-8 require 'rubygems' require 'bundler/setup' require 'benchmark/ips' require 'rack' require 'erb' require 'cgi' require 'url_escape' require 'fast_xs_extra' require 'escape_utils' url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----" url = url.force_encoding('us-ascii') if url.respond_to?(:force_encoding) puts "Escaping a #{url.bytesize} byte URL times" Benchmark.ips do |x| x.report "ERB::Util.url_encode" do |times| times.times do ERB::Util.url_encode(url) end end x.report "Rack::Utils.escape" do |times| times.times do Rack::Utils.escape(url) end end x.report "CGI.escape" do |times| times.times do CGI.escape(url) end end x.report "URLEscape#escape" do |times| times.times do URLEscape.escape(url) end end x.report "fast_xs_extra#fast_xs_url" do |times| times.times do url.fast_xs_url end end x.report "EscapeUtils.escape_url" do |times| times.times do EscapeUtils.escape_url(url) end end x.compare! end escape_utils-1.1.0/lib/0000755000004100000410000000000012507171076014775 5ustar www-datawww-dataescape_utils-1.1.0/lib/escape_utils.rb0000644000004100000410000000150412507171076020002 0ustar www-datawww-datarequire 'escape_utils/escape_utils' require 'escape_utils/version' unless defined? EscapeUtils::VERSION module EscapeUtils extend self # turn on/off the escaping of the '/' character during HTML escaping # Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content # This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010) def self.html_secure @html_secure end self.html_secure = true # Default String class to return from HTML escaping def self.html_safe_string_class @html_safe_string_class end self.html_safe_string_class = String autoload :HtmlSafety, 'escape_utils/html_safety' endescape_utils-1.1.0/lib/escape_utils/0000755000004100000410000000000012507171076017455 5ustar www-datawww-dataescape_utils-1.1.0/lib/escape_utils/html/0000755000004100000410000000000012507171076020421 5ustar www-datawww-dataescape_utils-1.1.0/lib/escape_utils/html/rack.rb0000644000004100000410000000022012507171076021660 0ustar www-datawww-datamodule Rack module Utils include ::EscapeUtils::HtmlSafety alias escape_html _escape_html module_function :escape_html end end escape_utils-1.1.0/lib/escape_utils/html/erb.rb0000644000004100000410000000027312507171076021520 0ustar www-datawww-dataclass ERB module Util include ::EscapeUtils::HtmlSafety alias html_escape _escape_html alias h html_escape module_function :h module_function :html_escape end endescape_utils-1.1.0/lib/escape_utils/html/haml.rb0000644000004100000410000000016012507171076021664 0ustar www-datawww-datamodule Haml module Helpers include ::EscapeUtils::HtmlSafety alias html_escape _escape_html end endescape_utils-1.1.0/lib/escape_utils/html/cgi.rb0000644000004100000410000000026212507171076021510 0ustar www-datawww-dataclass CGI extend ::EscapeUtils::HtmlSafety class << self alias escapeHTML _escape_html def unescapeHTML(s) EscapeUtils.unescape_html(s.to_s) end end endescape_utils-1.1.0/lib/escape_utils/javascript/0000755000004100000410000000000012507171076021623 5ustar www-datawww-dataescape_utils-1.1.0/lib/escape_utils/javascript/action_view.rb0000644000004100000410000000025012507171076024454 0ustar www-datawww-datamodule ActionView module Helpers module JavaScriptHelper def escape_javascript(s) EscapeUtils.escape_javascript(s.to_s) end end end end escape_utils-1.1.0/lib/escape_utils/version.rb0000644000004100000410000000005312507171076021465 0ustar www-datawww-datamodule EscapeUtils VERSION = "1.1.0" end escape_utils-1.1.0/lib/escape_utils/xml/0000755000004100000410000000000012507171076020255 5ustar www-datawww-dataescape_utils-1.1.0/lib/escape_utils/xml/builder.rb0000644000004100000410000000021012507171076022221 0ustar www-datawww-datamodule Builder class XmlBase < BlankSlate private def _escape(text) EscapeUtils.escape_xml(text.to_s) end end end escape_utils-1.1.0/lib/escape_utils/url/0000755000004100000410000000000012507171076020257 5ustar www-datawww-dataescape_utils-1.1.0/lib/escape_utils/url/rack.rb0000644000004100000410000000035112507171076021523 0ustar www-datawww-datamodule Rack module Utils def escape(url) EscapeUtils.escape_url(url.to_s) end def unescape(url) EscapeUtils.unescape_url(url.to_s) end module_function :escape module_function :unescape end end escape_utils-1.1.0/lib/escape_utils/url/uri.rb0000644000004100000410000000023212507171076021400 0ustar www-datawww-datamodule URI def self.escape(s, unsafe=nil) EscapeUtils.escape_uri(s.to_s) end def self.unescape(s) EscapeUtils.unescape_uri(s.to_s) end endescape_utils-1.1.0/lib/escape_utils/url/erb.rb0000644000004100000410000000026212507171076021354 0ustar www-datawww-dataclass ERB module Util def url_encode(s) EscapeUtils.escape_url(s.to_s) end alias u url_encode module_function :u module_function :url_encode end endescape_utils-1.1.0/lib/escape_utils/url/cgi.rb0000644000004100000410000000021512507171076021344 0ustar www-datawww-dataclass CGI def self.escape(s) EscapeUtils.escape_url(s.to_s) end def self.unescape(s) EscapeUtils.unescape_url(s.to_s) end endescape_utils-1.1.0/lib/escape_utils/html_safety.rb0000644000004100000410000000052412507171076022322 0ustar www-datawww-datamodule EscapeUtils module HtmlSafety if "".respond_to? :html_safe? def _escape_html(s) if s.html_safe? s.to_s.html_safe else EscapeUtils.escape_html(s.to_s).html_safe end end else def _escape_html(s) EscapeUtils.escape_html(s.to_s) end end end end escape_utils-1.1.0/metadata.yml0000644000004100000410000001354512507171076016542 0ustar www-datawww-data--- !ruby/object:Gem::Specification name: escape_utils version: !ruby/object:Gem::Version version: 1.1.0 platform: ruby authors: - Brian Lopez autorequire: bindir: bin cert_chain: [] date: 2015-03-25 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: rake-compiler requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: 0.7.5 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: 0.7.5 - !ruby/object:Gem::Dependency name: minitest requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: 5.0.0 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: 5.0.0 - !ruby/object:Gem::Dependency name: benchmark-ips requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: rack requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: haml requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: fast_xs requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: actionpack requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: url_escape requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' description: Quickly perform HTML, URL, URI and Javascript escaping/unescaping email: seniorlopez@gmail.com executables: [] extensions: - ext/escape_utils/extconf.rb extra_rdoc_files: [] files: - ".gitignore" - ".travis.yml" - Gemfile - LICENSE - README.md - Rakefile - benchmark/html_escape.rb - benchmark/html_unescape.rb - benchmark/javascript_escape.rb - benchmark/javascript_unescape.rb - benchmark/url_escape.rb - benchmark/url_unescape.rb - benchmark/xml_escape.rb - escape_utils.gemspec - ext/escape_utils/buffer.c - ext/escape_utils/buffer.h - ext/escape_utils/escape_utils.c - ext/escape_utils/extconf.rb - ext/escape_utils/houdini.h - ext/escape_utils/houdini_href_e.c - ext/escape_utils/houdini_html_e.c - ext/escape_utils/houdini_html_u.c - ext/escape_utils/houdini_js_e.c - ext/escape_utils/houdini_js_u.c - ext/escape_utils/houdini_uri_e.c - ext/escape_utils/houdini_uri_u.c - ext/escape_utils/houdini_xml_e.c - ext/escape_utils/html_unescape.h - lib/escape_utils.rb - lib/escape_utils/html/cgi.rb - lib/escape_utils/html/erb.rb - lib/escape_utils/html/haml.rb - lib/escape_utils/html/rack.rb - lib/escape_utils/html_safety.rb - lib/escape_utils/javascript/action_view.rb - lib/escape_utils/url/cgi.rb - lib/escape_utils/url/erb.rb - lib/escape_utils/url/rack.rb - lib/escape_utils/url/uri.rb - lib/escape_utils/version.rb - lib/escape_utils/xml/builder.rb - script/bootstrap - test/helper.rb - test/html/escape_test.rb - test/html/unescape_test.rb - test/html_safety_test.rb - test/javascript/escape_test.rb - test/javascript/unescape_test.rb - test/query/escape_test.rb - test/query/unescape_test.rb - test/uri/escape_test.rb - test/uri/unescape_test.rb - test/uri_component/escape_test.rb - test/uri_component/unescape_test.rb - test/url/escape_test.rb - test/url/unescape_test.rb - test/xml/escape_test.rb homepage: https://github.com/brianmario/escape_utils licenses: - MIT metadata: {} post_install_message: rdoc_options: - "--charset=UTF-8" require_paths: - lib required_ruby_version: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: 1.9.3 required_rubygems_version: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' requirements: [] rubyforge_project: rubygems_version: 2.2.2 signing_key: specification_version: 4 summary: Faster string escaping routines for your web apps test_files: - test/helper.rb - test/html/escape_test.rb - test/html/unescape_test.rb - test/html_safety_test.rb - test/javascript/escape_test.rb - test/javascript/unescape_test.rb - test/query/escape_test.rb - test/query/unescape_test.rb - test/uri/escape_test.rb - test/uri/unescape_test.rb - test/uri_component/escape_test.rb - test/uri_component/unescape_test.rb - test/url/escape_test.rb - test/url/unescape_test.rb - test/xml/escape_test.rb escape_utils-1.1.0/test/0000755000004100000410000000000012507171076015206 5ustar www-datawww-dataescape_utils-1.1.0/test/html/0000755000004100000410000000000012507171076016152 5ustar www-datawww-dataescape_utils-1.1.0/test/html/escape_test.rb0000644000004100000410000000666512507171076021013 0ustar www-datawww-datarequire File.expand_path("../../helper", __FILE__) class MyCustomHtmlSafeString < String end class HtmlEscapeTest < Minitest::Test def test_escape_basic_html_with_secure assert_equal "<some_tag/>", EscapeUtils.escape_html("") secure_before = EscapeUtils.html_secure EscapeUtils.html_secure = true assert_equal "<some_tag/>", EscapeUtils.escape_html("") EscapeUtils.html_secure = secure_before end def test_escape_basic_html_without_secure assert_equal "<some_tag/>", EscapeUtils.escape_html("", false) secure_before = EscapeUtils.html_secure EscapeUtils.html_secure = false assert_equal "<some_tag/>", EscapeUtils.escape_html("") EscapeUtils.html_secure = secure_before end def test_escape_double_quotes assert_equal "<some_tag some_attr="some value"/>", EscapeUtils.escape_html("") end def test_escape_single_quotes assert_equal "<some_tag some_attr='some value'/>", EscapeUtils.escape_html("") end def test_escape_ampersand assert_equal "<b>Bourbon & Branch</b>", EscapeUtils.escape_html("Bourbon & Branch") end def test_returns_original_if_not_escaped str = 'foobar' assert_equal str.object_id, EscapeUtils.escape_html(str).object_id end def test_html_safe_escape_default_works str = EscapeUtils.escape_html_as_html_safe('foobar') assert_equal 'foobar', str end def test_returns_custom_string_class klass_before = EscapeUtils.html_safe_string_class EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString str = EscapeUtils.escape_html_as_html_safe('foobar') assert_equal 'foobar', str assert_equal MyCustomHtmlSafeString, str.class assert_equal true, str.instance_variable_get(:@html_safe) ensure EscapeUtils.html_safe_string_class = klass_before end def test_returns_custom_string_class_when_string_requires_escaping klass_before = EscapeUtils.html_safe_string_class EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString str = EscapeUtils.escape_html_as_html_safe("