Module: EscapeUtils
- Extended by:
- EscapeUtils
- Included in:
- EscapeUtils
- Defined in:
- lib/escape_utils.rb,
lib/escape_utils/version.rb,
lib/escape_utils/html_safety.rb,
ext/escape_utils/escape_utils.c
Defined Under Namespace
Modules: HtmlSafety
Constant Summary collapse
- VERSION =
"0.2.4"- @@html_secure =
turn on/off the escaping of the ‘/’ character during HTML escaping Escaping ‘/’ is recommended by the OWASP - www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
true
Class Method Summary collapse
Instance Method Summary collapse
-
#escape_html(*args) ⇒ Object
HTML methods.
-
#escape_javascript(str) ⇒ Object
JavaScript methods.
-
#escape_uri(str) ⇒ Object
URI methods.
-
#escape_url(str) ⇒ Object
URL methods.
- #unescape_html(str) ⇒ Object
- #unescape_javascript(str) ⇒ Object
- #unescape_uri(str) ⇒ Object
- #unescape_url(str) ⇒ Object
Class Method Details
.html_secure ⇒ Object
26 27 28 29 |
# File 'ext/escape_utils/escape_utils.c', line 26
static VALUE rb_eu_get_html_secure(VALUE self)
{
return rb_cvar_get(self, rb_html_secure);
}
|
.html_secure=(val) ⇒ Object
31 32 33 34 35 36 |
# File 'ext/escape_utils/escape_utils.c', line 31
static VALUE rb_eu_set_html_secure(VALUE self, VALUE val)
{
g_html_secure = RTEST(val);
rb_cvar_set(self, rb_html_secure, val);
return val;
}
|
Instance Method Details
#escape_html(*args) ⇒ Object
HTML methods
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'ext/escape_utils/escape_utils.c', line 72
static VALUE rb_eu_escape_html(int argc, VALUE *argv, VALUE self)
{
VALUE rb_out_buf, str, rb_secure;
struct buf *out_buf;
int secure = g_html_secure;
if (rb_scan_args(argc, argv, "11", &str, &rb_secure) == 2) {
if (rb_secure == Qfalse) {
secure = 0;
}
}
Check_Type(str, T_STRING);
out_buf = bufnew(128);
houdini_escape_html(out_buf, (uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str), secure);
rb_out_buf = rb_str_new((char *)out_buf->data, out_buf->size);
bufrelease(out_buf);
#ifdef HAVE_RUBY_ENCODING_H
rb_enc_copy(rb_out_buf, str);
#endif
return rb_out_buf;
}
|
#escape_javascript(str) ⇒ Object
JavaScript methods
108 109 110 111 |
# File 'ext/escape_utils/escape_utils.c', line 108
static VALUE rb_eu_escape_js(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_escape_js, 128);
}
|
#escape_uri(str) ⇒ Object
URI methods
136 137 138 139 |
# File 'ext/escape_utils/escape_utils.c', line 136
static VALUE rb_eu_escape_uri(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_escape_uri, 32);
}
|
#escape_url(str) ⇒ Object
URL methods
122 123 124 125 |
# File 'ext/escape_utils/escape_utils.c', line 122
static VALUE rb_eu_escape_url(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_escape_url, 32);
}
|
#unescape_html(str) ⇒ Object
99 100 101 102 |
# File 'ext/escape_utils/escape_utils.c', line 99
static VALUE rb_eu_unescape_html(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_unescape_html, 128);
}
|
#unescape_javascript(str) ⇒ Object
113 114 115 116 |
# File 'ext/escape_utils/escape_utils.c', line 113
static VALUE rb_eu_unescape_js(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_unescape_js, 128);
}
|
#unescape_uri(str) ⇒ Object
141 142 143 144 |
# File 'ext/escape_utils/escape_utils.c', line 141
static VALUE rb_eu_unescape_uri(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_unescape_uri, 32);
}
|
#unescape_url(str) ⇒ Object
127 128 129 130 |
# File 'ext/escape_utils/escape_utils.c', line 127
static VALUE rb_eu_unescape_url(VALUE self, VALUE str)
{
return rb_eu__generic(self, str, &houdini_unescape_url, 32);
}
|