archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-15 08:33:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

escape.c: should not freeze

Browse source 
* ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
  should return unfrozen new string.
  [ruby-core:72426] [Bug #11858]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2015-12-22 05:31:31 +00:00
parent 1b107d48ef
commit 10a129cee7
3 changed files with 32 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

32
test/cgi/test_cgi_util.rb
View file

@ -62,20 +62,36 @@ class CGIUtilTest < Test::Unit::TestCase
assert_equal("&#39;&amp;&quot;&gt;&lt;", CGI::escapeHTML("'&\"><"))
end
def test_cgi_escape_html_duplicated
orig = "Ruby".force_encoding("US-ASCII")
str = CGI::escapeHTML(orig)
assert_equal(orig, str)
assert_not_same(orig, str)
end
def assert_cgi_escape_html_preserve_encoding(str, encoding)
assert_equal(encoding, CGI::escapeHTML(str.dup.force_encoding(encoding)).encoding)
end
def test_cgi_escape_html_preserve_encoding
assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding)
assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding)
assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
Encoding.list do |enc|
assert_cgi_escape_html_preserve_encoding("'&\"><", enc)
assert_cgi_escape_html_preserve_encoding("Ruby", enc)
end
end
def test_cgi_escape_html_preserve_tainted
assert_equal(false, CGI::escapeHTML("'&\"><").tainted?)
assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?)
assert_not_predicate CGI::escapeHTML("'&\"><"), :tainted?
assert_predicate CGI::escapeHTML("'&\"><".taint), :tainted?
assert_not_predicate CGI::escapeHTML("Ruby"), :tainted?
assert_predicate CGI::escapeHTML("Ruby".taint), :tainted?
end
def test_cgi_escape_html_preserve_frozen
assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?)
assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?)
def test_cgi_escape_html_dont_freeze
assert_not_predicate CGI::escapeHTML("'&\"><".dup), :frozen?
assert_not_predicate CGI::escapeHTML("'&\"><".freeze), :frozen?
assert_not_predicate CGI::escapeHTML("Ruby".dup), :frozen?
assert_not_predicate CGI::escapeHTML("Ruby".freeze), :frozen?
end
def test_cgi_unescapeHTML