Module: EscapeUtils
- Extended by:
- EscapeUtils
- Included in:
- EscapeUtils
- Defined in:
- lib/escape_utils.rb,
lib/escape_utils/version.rb,
lib/escape_utils/html_safety.rb,
ext/escape_utils/escape_utils.c
Defined Under Namespace
Modules: HtmlSafety
Constant Summary collapse
- VERSION =
"0.3.0"
- @@html_secure =
turn on/off the escaping of the ‘/’ character during HTML escaping Escaping ‘/’ is recommended by the OWASP - www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
true
Class Method Summary collapse
Instance Method Summary collapse
-
#escape_html(*args) ⇒ Object
HTML methods.
-
#escape_javascript(str) ⇒ Object
JavaScript methods.
-
#escape_uri(str) ⇒ Object
URI methods.
-
#escape_url(str) ⇒ Object
URL methods.
-
#escape_xml(str) ⇒ Object
XML methods.
- #unescape_html(str) ⇒ Object
- #unescape_javascript(str) ⇒ Object
- #unescape_uri(str) ⇒ Object
- #unescape_url(str) ⇒ Object
Class Method Details
.html_secure ⇒ Object
58 59 60 61 |
# File 'ext/escape_utils/escape_utils.c', line 58
static VALUE rb_eu_get_html_secure(VALUE self)
{
return rb_cvar_get(self, rb_html_secure);
}
|
.html_secure=(val) ⇒ Object
63 64 65 66 67 68 |
# File 'ext/escape_utils/escape_utils.c', line 63
static VALUE rb_eu_set_html_secure(VALUE self, VALUE val)
{
g_html_secure = RTEST(val);
rb_cvar_set(self, rb_html_secure, val);
return val;
}
|
Instance Method Details
#escape_html(*args) ⇒ Object
HTML methods
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'ext/escape_utils/escape_utils.c', line 97
static VALUE rb_eu_escape_html(int argc, VALUE *argv, VALUE self)
{
VALUE str, rb_secure;
gh_buf buf = GH_BUF_INIT;
int secure = g_html_secure;
if (rb_scan_args(argc, argv, "11", &str, &rb_secure) == 2) {
if (rb_secure == Qfalse) {
secure = 0;
}
}
Check_Type(str, T_STRING);
check_utf8_encoding(str);
if (houdini_escape_html0(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str), secure)) {
VALUE result = eu_new_str(buf.ptr, buf.size);
gh_buf_free(&buf);
return result;
}
return str;
}
|
#escape_javascript(str) ⇒ Object
JavaScript methods
139 140 141 142 |
# File 'ext/escape_utils/escape_utils.c', line 139
static VALUE rb_eu_escape_js(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_escape_js);
}
|
#escape_uri(str) ⇒ Object
URI methods
167 168 169 170 |
# File 'ext/escape_utils/escape_utils.c', line 167
static VALUE rb_eu_escape_uri(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_escape_uri);
}
|
#escape_url(str) ⇒ Object
URL methods
153 154 155 156 |
# File 'ext/escape_utils/escape_utils.c', line 153
static VALUE rb_eu_escape_url(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_escape_url);
}
|
#escape_xml(str) ⇒ Object
XML methods
130 131 132 133 |
# File 'ext/escape_utils/escape_utils.c', line 130
static VALUE rb_eu_escape_xml(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_escape_xml);
}
|
#unescape_html(str) ⇒ Object
121 122 123 124 |
# File 'ext/escape_utils/escape_utils.c', line 121
static VALUE rb_eu_unescape_html(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_unescape_html);
}
|
#unescape_javascript(str) ⇒ Object
144 145 146 147 |
# File 'ext/escape_utils/escape_utils.c', line 144
static VALUE rb_eu_unescape_js(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_unescape_js);
}
|
#unescape_uri(str) ⇒ Object
172 173 174 175 |
# File 'ext/escape_utils/escape_utils.c', line 172
static VALUE rb_eu_unescape_uri(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_unescape_uri);
}
|
#unescape_url(str) ⇒ Object
158 159 160 161 |
# File 'ext/escape_utils/escape_utils.c', line 158
static VALUE rb_eu_unescape_url(VALUE self, VALUE str)
{
return rb_eu__generic(str, &houdini_unescape_url);
}
|