escape_utils-1.1.0/ 0000755 0000041 0000041 00000000000 12507171076 014227 5 ustar www-data www-data escape_utils-1.1.0/Rakefile 0000644 0000041 0000041 00000000627 12507171075 015700 0 ustar www-data www-data require 'rake/testtask'
Rake::TestTask.new do |t|
t.pattern = "test/**/*_test.rb"
end
task :default => :test
gem 'rake-compiler', '>= 0.7.5'
require "rake/extensiontask"
Rake::ExtensionTask.new('escape_utils') do |ext|
ext.cross_compile = true
ext.cross_platform = ['x86-mingw32', 'x86-mswin32-60']
ext.lib_dir = File.join 'lib', 'escape_utils'
end
Rake::Task[:test].prerequisites << :compile
escape_utils-1.1.0/Gemfile 0000644 0000041 0000041 00000000047 12507171075 015522 0 ustar www-data www-data source 'https://rubygems.org'
gemspec
escape_utils-1.1.0/script/ 0000755 0000041 0000041 00000000000 12507171076 015533 5 ustar www-data www-data escape_utils-1.1.0/script/bootstrap 0000755 0000041 0000041 00000000114 12507171076 017472 0 ustar www-data www-data bundle install --path vendor/gems --binstubs
bin/rake clobber clean compile
escape_utils-1.1.0/.travis.yml 0000644 0000041 0000041 00000000147 12507171075 016341 0 ustar www-data www-data language: ruby
rvm:
- 1.9.3
- 2.0.0
- rbx-19mode
matrix:
allow_failures:
- rvm: rbx-19mode
escape_utils-1.1.0/benchmark/ 0000755 0000041 0000041 00000000000 12507171076 016161 5 ustar www-data www-data escape_utils-1.1.0/benchmark/html_unescape.rb 0000644 0000041 0000041 00000001375 12507171076 021343 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'cgi'
require 'haml'
require 'escape_utils'
module HamlBench
extend Haml::Helpers
end
url = "http://en.wikipedia.org/wiki/Line_of_succession_to_the_British_throne"
html = `curl -s #{url}`
html = html.force_encoding('binary') if html.respond_to?(:force_encoding)
escaped_html = EscapeUtils.escape_html(html)
puts "Unescaping #{escaped_html.bytesize} bytes of escaped html, from #{url}"
Benchmark.ips do |x|
x.report "CGI.unescapeHTML" do |times|
times.times do
CGI.unescapeHTML(escaped_html)
end
end
x.report "EscapeUtils.unescape_html" do |times|
times.times do
EscapeUtils.unescape_html(escaped_html)
end
end
x.compare!
end
escape_utils-1.1.0/benchmark/xml_escape.rb 0000644 0000041 0000041 00000001116 12507171076 020625 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'fast_xs'
require 'escape_utils'
url = "http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml"
xml = `curl -s #{url}`
xml = xml.force_encoding('binary') if xml.respond_to?(:force_encoding)
puts "Escaping #{xml.bytesize} bytes of xml, from #{url}"
Benchmark.ips do |x|
x.report "fast_xs" do |times|
times.times do
xml.fast_xs
end
end
x.report "EscapeUtils.escape_xml" do |times|
times.times do
EscapeUtils.escape_xml(xml)
end
end
x.compare!
end
escape_utils-1.1.0/benchmark/javascript_escape.rb 0000644 0000041 0000041 00000001475 12507171076 022203 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'action_view'
require 'escape_utils'
class ActionPackBench
extend ActionView::Helpers::JavaScriptHelper
end
url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js"
javascript = `curl -s #{url}`
javascript = javascript.force_encoding('utf-8') if javascript.respond_to?(:force_encoding)
puts "Escaping #{javascript.bytesize} bytes of javascript, from #{url}"
Benchmark.ips do |x|
x.report "ActionView::Helpers::JavaScriptHelper#escape_javascript" do |times|
times.times do
ActionPackBench.escape_javascript(javascript)
end
end
x.report "EscapeUtils.escape_javascript" do |times|
times.times do
EscapeUtils.escape_javascript(javascript)
end
end
x.compare!
end
escape_utils-1.1.0/benchmark/html_escape.rb 0000644 0000041 0000041 00000002571 12507171076 020777 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'rack'
require 'erb'
require 'cgi'
require 'haml'
require 'fast_xs_extra'
require 'escape_utils'
module HamlBench
extend Haml::Helpers
end
url = "http://en.wikipedia.org/wiki/Line_of_succession_to_the_British_throne"
html = `curl -s #{url}`
html = html.force_encoding('utf-8') if html.respond_to?(:force_encoding)
puts "Escaping #{html.bytesize} bytes of html from #{url}"
Benchmark.ips do |x|
x.report "Rack::Utils.escape_html" do |times|
times.times do
Rack::Utils.escape_html(html)
end
end
x.report "Haml::Helpers.html_escape" do |times|
times.times do
HamlBench.html_escape(html)
end
end
x.report "ERB::Util.html_escape" do |times|
times.times do
ERB::Util.html_escape(html)
end
end
x.report "CGI.escapeHTML" do |times|
times.times do
CGI.escapeHTML(html)
end
end
x.report "String#gsub" do |times|
html_escape = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' }
times.times do
html.gsub(/[&"'><]/, html_escape)
end
end
x.report "fast_xs_extra#fast_xs_html" do |times|
times.times do
html.fast_xs_html
end
end
x.report "EscapeUtils.escape_html" do |times|
times.times do
EscapeUtils.escape_html(html)
end
end
x.compare!
end
escape_utils-1.1.0/benchmark/url_unescape.rb 0000644 0000041 0000041 00000002111 12507171076 021166 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'rack'
require 'cgi'
require 'url_escape'
require 'fast_xs_extra'
require 'escape_utils'
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----"
url = url.force_encoding('us-ascii') if url.respond_to?(:force_encoding)
escaped_url = EscapeUtils.escape_url(url)
puts "Escaping a #{url.bytesize} byte URL"
Benchmark.ips do |x|
x.report "Rack::Utils.unescape" do |times|
times.times do
Rack::Utils.unescape(escaped_url)
end
end
x.report "CGI.unescape" do |times|
times.times do
CGI.unescape(escaped_url)
end
end
x.report "URLEscape#unescape" do |times|
times.times do
URLEscape.unescape(escaped_url)
end
end
x.report "fast_xs_extra#fast_uxs_cgi" do |times|
times.times do
url.fast_uxs_cgi
end
end
x.report "EscapeUtils.unescape_url" do |times|
times.times do
EscapeUtils.unescape_url(escaped_url)
end
end
x.compare!
end
escape_utils-1.1.0/benchmark/javascript_unescape.rb 0000644 0000041 0000041 00000001172 12507171076 022540 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'escape_utils'
url = "http://ajax.googleapis.com/ajax/libs/dojo/1.4.3/dojo/dojo.xd.js.uncompressed.js"
javascript = `curl -s #{url}`
javascript = javascript.force_encoding('utf-8') if javascript.respond_to?(:force_encoding)
escaped_javascript = EscapeUtils.escape_javascript(javascript)
puts "Escaping #{escaped_javascript.bytesize} bytes of javascript, from #{url}"
Benchmark.ips do |x|
x.report "EscapeUtils.escape_javascript" do |times|
times.times do
EscapeUtils.unescape_javascript(escaped_javascript)
end
end
end
escape_utils-1.1.0/benchmark/url_escape.rb 0000644 0000041 0000041 00000002160 12507171076 020627 0 ustar www-data www-data # encoding: utf-8
require 'rubygems'
require 'bundler/setup'
require 'benchmark/ips'
require 'rack'
require 'erb'
require 'cgi'
require 'url_escape'
require 'fast_xs_extra'
require 'escape_utils'
url = "https://www.yourmom.com/cgi-bin/session.cgi?sess_args=mYHcEA dh435dqUs0moGHeeAJTSLLbdbcbd9ef----,574b95600e9ab7d27eb0bf524ac68c27----"
url = url.force_encoding('us-ascii') if url.respond_to?(:force_encoding)
puts "Escaping a #{url.bytesize} byte URL times"
Benchmark.ips do |x|
x.report "ERB::Util.url_encode" do |times|
times.times do
ERB::Util.url_encode(url)
end
end
x.report "Rack::Utils.escape" do |times|
times.times do
Rack::Utils.escape(url)
end
end
x.report "CGI.escape" do |times|
times.times do
CGI.escape(url)
end
end
x.report "URLEscape#escape" do |times|
times.times do
URLEscape.escape(url)
end
end
x.report "fast_xs_extra#fast_xs_url" do |times|
times.times do
url.fast_xs_url
end
end
x.report "EscapeUtils.escape_url" do |times|
times.times do
EscapeUtils.escape_url(url)
end
end
x.compare!
end
escape_utils-1.1.0/lib/ 0000755 0000041 0000041 00000000000 12507171076 014775 5 ustar www-data www-data escape_utils-1.1.0/lib/escape_utils.rb 0000644 0000041 0000041 00000001504 12507171076 020002 0 ustar www-data www-data require 'escape_utils/escape_utils'
require 'escape_utils/version' unless defined? EscapeUtils::VERSION
module EscapeUtils
extend self
# turn on/off the escaping of the '/' character during HTML escaping
# Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
# This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
def self.html_secure
@html_secure
end
self.html_secure = true
# Default String class to return from HTML escaping
def self.html_safe_string_class
@html_safe_string_class
end
self.html_safe_string_class = String
autoload :HtmlSafety, 'escape_utils/html_safety'
end escape_utils-1.1.0/lib/escape_utils/ 0000755 0000041 0000041 00000000000 12507171076 017455 5 ustar www-data www-data escape_utils-1.1.0/lib/escape_utils/html/ 0000755 0000041 0000041 00000000000 12507171076 020421 5 ustar www-data www-data escape_utils-1.1.0/lib/escape_utils/html/rack.rb 0000644 0000041 0000041 00000000220 12507171076 021660 0 ustar www-data www-data module Rack
module Utils
include ::EscapeUtils::HtmlSafety
alias escape_html _escape_html
module_function :escape_html
end
end
escape_utils-1.1.0/lib/escape_utils/html/erb.rb 0000644 0000041 0000041 00000000273 12507171076 021520 0 ustar www-data www-data class ERB
module Util
include ::EscapeUtils::HtmlSafety
alias html_escape _escape_html
alias h html_escape
module_function :h
module_function :html_escape
end
end escape_utils-1.1.0/lib/escape_utils/html/haml.rb 0000644 0000041 0000041 00000000160 12507171076 021664 0 ustar www-data www-data module Haml
module Helpers
include ::EscapeUtils::HtmlSafety
alias html_escape _escape_html
end
end escape_utils-1.1.0/lib/escape_utils/html/cgi.rb 0000644 0000041 0000041 00000000262 12507171076 021510 0 ustar www-data www-data class CGI
extend ::EscapeUtils::HtmlSafety
class << self
alias escapeHTML _escape_html
def unescapeHTML(s)
EscapeUtils.unescape_html(s.to_s)
end
end
end escape_utils-1.1.0/lib/escape_utils/javascript/ 0000755 0000041 0000041 00000000000 12507171076 021623 5 ustar www-data www-data escape_utils-1.1.0/lib/escape_utils/javascript/action_view.rb 0000644 0000041 0000041 00000000250 12507171076 024454 0 ustar www-data www-data module ActionView
module Helpers
module JavaScriptHelper
def escape_javascript(s)
EscapeUtils.escape_javascript(s.to_s)
end
end
end
end
escape_utils-1.1.0/lib/escape_utils/version.rb 0000644 0000041 0000041 00000000053 12507171076 021465 0 ustar www-data www-data module EscapeUtils
VERSION = "1.1.0"
end
escape_utils-1.1.0/lib/escape_utils/xml/ 0000755 0000041 0000041 00000000000 12507171076 020255 5 ustar www-data www-data escape_utils-1.1.0/lib/escape_utils/xml/builder.rb 0000644 0000041 0000041 00000000210 12507171076 022221 0 ustar www-data www-data module Builder
class XmlBase < BlankSlate
private
def _escape(text)
EscapeUtils.escape_xml(text.to_s)
end
end
end
escape_utils-1.1.0/lib/escape_utils/url/ 0000755 0000041 0000041 00000000000 12507171076 020257 5 ustar www-data www-data escape_utils-1.1.0/lib/escape_utils/url/rack.rb 0000644 0000041 0000041 00000000351 12507171076 021523 0 ustar www-data www-data module Rack
module Utils
def escape(url)
EscapeUtils.escape_url(url.to_s)
end
def unescape(url)
EscapeUtils.unescape_url(url.to_s)
end
module_function :escape
module_function :unescape
end
end
escape_utils-1.1.0/lib/escape_utils/url/uri.rb 0000644 0000041 0000041 00000000232 12507171076 021400 0 ustar www-data www-data module URI
def self.escape(s, unsafe=nil)
EscapeUtils.escape_uri(s.to_s)
end
def self.unescape(s)
EscapeUtils.unescape_uri(s.to_s)
end
end escape_utils-1.1.0/lib/escape_utils/url/erb.rb 0000644 0000041 0000041 00000000262 12507171076 021354 0 ustar www-data www-data class ERB
module Util
def url_encode(s)
EscapeUtils.escape_url(s.to_s)
end
alias u url_encode
module_function :u
module_function :url_encode
end
end escape_utils-1.1.0/lib/escape_utils/url/cgi.rb 0000644 0000041 0000041 00000000215 12507171076 021344 0 ustar www-data www-data class CGI
def self.escape(s)
EscapeUtils.escape_url(s.to_s)
end
def self.unescape(s)
EscapeUtils.unescape_url(s.to_s)
end
end escape_utils-1.1.0/lib/escape_utils/html_safety.rb 0000644 0000041 0000041 00000000524 12507171076 022322 0 ustar www-data www-data module EscapeUtils
module HtmlSafety
if "".respond_to? :html_safe?
def _escape_html(s)
if s.html_safe?
s.to_s.html_safe
else
EscapeUtils.escape_html(s.to_s).html_safe
end
end
else
def _escape_html(s)
EscapeUtils.escape_html(s.to_s)
end
end
end
end
escape_utils-1.1.0/metadata.yml 0000644 0000041 0000041 00000013545 12507171076 016542 0 ustar www-data www-data --- !ruby/object:Gem::Specification
name: escape_utils
version: !ruby/object:Gem::Version
version: 1.1.0
platform: ruby
authors:
- Brian Lopez
autorequire:
bindir: bin
cert_chain: []
date: 2015-03-25 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rake-compiler
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: 0.7.5
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: 0.7.5
- !ruby/object:Gem::Dependency
name: minitest
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: 5.0.0
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: 5.0.0
- !ruby/object:Gem::Dependency
name: benchmark-ips
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
- !ruby/object:Gem::Dependency
name: haml
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
- !ruby/object:Gem::Dependency
name: fast_xs
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
- !ruby/object:Gem::Dependency
name: actionpack
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
- !ruby/object:Gem::Dependency
name: url_escape
requirement: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
description: Quickly perform HTML, URL, URI and Javascript escaping/unescaping
email: seniorlopez@gmail.com
executables: []
extensions:
- ext/escape_utils/extconf.rb
extra_rdoc_files: []
files:
- ".gitignore"
- ".travis.yml"
- Gemfile
- LICENSE
- README.md
- Rakefile
- benchmark/html_escape.rb
- benchmark/html_unescape.rb
- benchmark/javascript_escape.rb
- benchmark/javascript_unescape.rb
- benchmark/url_escape.rb
- benchmark/url_unescape.rb
- benchmark/xml_escape.rb
- escape_utils.gemspec
- ext/escape_utils/buffer.c
- ext/escape_utils/buffer.h
- ext/escape_utils/escape_utils.c
- ext/escape_utils/extconf.rb
- ext/escape_utils/houdini.h
- ext/escape_utils/houdini_href_e.c
- ext/escape_utils/houdini_html_e.c
- ext/escape_utils/houdini_html_u.c
- ext/escape_utils/houdini_js_e.c
- ext/escape_utils/houdini_js_u.c
- ext/escape_utils/houdini_uri_e.c
- ext/escape_utils/houdini_uri_u.c
- ext/escape_utils/houdini_xml_e.c
- ext/escape_utils/html_unescape.h
- lib/escape_utils.rb
- lib/escape_utils/html/cgi.rb
- lib/escape_utils/html/erb.rb
- lib/escape_utils/html/haml.rb
- lib/escape_utils/html/rack.rb
- lib/escape_utils/html_safety.rb
- lib/escape_utils/javascript/action_view.rb
- lib/escape_utils/url/cgi.rb
- lib/escape_utils/url/erb.rb
- lib/escape_utils/url/rack.rb
- lib/escape_utils/url/uri.rb
- lib/escape_utils/version.rb
- lib/escape_utils/xml/builder.rb
- script/bootstrap
- test/helper.rb
- test/html/escape_test.rb
- test/html/unescape_test.rb
- test/html_safety_test.rb
- test/javascript/escape_test.rb
- test/javascript/unescape_test.rb
- test/query/escape_test.rb
- test/query/unescape_test.rb
- test/uri/escape_test.rb
- test/uri/unescape_test.rb
- test/uri_component/escape_test.rb
- test/uri_component/unescape_test.rb
- test/url/escape_test.rb
- test/url/unescape_test.rb
- test/xml/escape_test.rb
homepage: https://github.com/brianmario/escape_utils
licenses:
- MIT
metadata: {}
post_install_message:
rdoc_options:
- "--charset=UTF-8"
require_paths:
- lib
required_ruby_version: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: 1.9.3
required_rubygems_version: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
requirements: []
rubyforge_project:
rubygems_version: 2.2.2
signing_key:
specification_version: 4
summary: Faster string escaping routines for your web apps
test_files:
- test/helper.rb
- test/html/escape_test.rb
- test/html/unescape_test.rb
- test/html_safety_test.rb
- test/javascript/escape_test.rb
- test/javascript/unescape_test.rb
- test/query/escape_test.rb
- test/query/unescape_test.rb
- test/uri/escape_test.rb
- test/uri/unescape_test.rb
- test/uri_component/escape_test.rb
- test/uri_component/unescape_test.rb
- test/url/escape_test.rb
- test/url/unescape_test.rb
- test/xml/escape_test.rb
escape_utils-1.1.0/test/ 0000755 0000041 0000041 00000000000 12507171076 015206 5 ustar www-data www-data escape_utils-1.1.0/test/html/ 0000755 0000041 0000041 00000000000 12507171076 016152 5 ustar www-data www-data escape_utils-1.1.0/test/html/escape_test.rb 0000644 0000041 0000041 00000006665 12507171076 021013 0 ustar www-data www-data require File.expand_path("../../helper", __FILE__)
class MyCustomHtmlSafeString < String
end
class HtmlEscapeTest < Minitest::Test
def test_escape_basic_html_with_secure
assert_equal "<some_tag/>", EscapeUtils.escape_html("")
secure_before = EscapeUtils.html_secure
EscapeUtils.html_secure = true
assert_equal "<some_tag/>", EscapeUtils.escape_html("")
EscapeUtils.html_secure = secure_before
end
def test_escape_basic_html_without_secure
assert_equal "<some_tag/>", EscapeUtils.escape_html("", false)
secure_before = EscapeUtils.html_secure
EscapeUtils.html_secure = false
assert_equal "<some_tag/>", EscapeUtils.escape_html("")
EscapeUtils.html_secure = secure_before
end
def test_escape_double_quotes
assert_equal "<some_tag some_attr="some value"/>", EscapeUtils.escape_html("")
end
def test_escape_single_quotes
assert_equal "<some_tag some_attr='some value'/>", EscapeUtils.escape_html("")
end
def test_escape_ampersand
assert_equal "<b>Bourbon & Branch</b>", EscapeUtils.escape_html("Bourbon & Branch")
end
def test_returns_original_if_not_escaped
str = 'foobar'
assert_equal str.object_id, EscapeUtils.escape_html(str).object_id
end
def test_html_safe_escape_default_works
str = EscapeUtils.escape_html_as_html_safe('foobar')
assert_equal 'foobar', str
end
def test_returns_custom_string_class
klass_before = EscapeUtils.html_safe_string_class
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
str = EscapeUtils.escape_html_as_html_safe('foobar')
assert_equal 'foobar', str
assert_equal MyCustomHtmlSafeString, str.class
assert_equal true, str.instance_variable_get(:@html_safe)
ensure
EscapeUtils.html_safe_string_class = klass_before
end
def test_returns_custom_string_class_when_string_requires_escaping
klass_before = EscapeUtils.html_safe_string_class
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
str = EscapeUtils.escape_html_as_html_safe("