1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#include "ruby.h"
#include "ruby/encoding.h"
static VALUE rb_cCGI, rb_mUtil, rb_mEscape;
static void
html_escaped_cat(VALUE str, char c)
{
switch (c) {
case '\'':
rb_str_cat_cstr(str, "'");
break;
case '&':
rb_str_cat_cstr(str, "&");
break;
case '"':
rb_str_cat_cstr(str, """);
break;
case '<':
rb_str_cat_cstr(str, "<");
break;
case '>':
rb_str_cat_cstr(str, ">");
break;
}
}
static inline void
preserve_original_state(VALUE orig, VALUE dest)
{
rb_enc_associate(dest, rb_enc_get(orig));
FL_SET_RAW(dest, FL_TEST_RAW(orig, FL_FREEZE|FL_TAINT));
}
static VALUE
optimized_escape_html(VALUE str)
{
long i, len, modified = 0, beg = 0;
VALUE dest;
const char *cstr;
len = RSTRING_LEN(str);
cstr = RSTRING_PTR(str);
for (i = 0; i < len; i++) {
switch (cstr[i]) {
case '\'':
case '&':
case '"':
case '<':
case '>':
if (!modified) {
modified = 1;
dest = rb_str_buf_new(len);
}
rb_str_cat(dest, cstr + beg, i - beg);
beg = i + 1;
html_escaped_cat(dest, cstr[i]);
break;
}
}
if (modified) {
rb_str_cat(dest, cstr + beg, len - beg);
preserve_original_state(str, dest);
return dest;
}
else {
return str;
}
}
/*
* call-seq:
* CGI.escapeHTML(string) -> string
*
* Returns HTML-escaped string.
*
*/
static VALUE
cgiesc_escape_html(VALUE self, VALUE str)
{
StringValue(str);
if (rb_enc_str_asciicompat_p(str)) {
return optimized_escape_html(str);
}
else {
return rb_call_super(1, &str);
}
}
void
Init_escape(void)
{
rb_cCGI = rb_define_class("CGI", rb_cObject);
rb_mEscape = rb_define_module_under(rb_cCGI, "Escape");
rb_mUtil = rb_define_module_under(rb_cCGI, "Util");
rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
rb_prepend_module(rb_mUtil, rb_mEscape);
rb_extend_object(rb_cCGI, rb_mEscape);
}
|
