Module: CGI::Util

Included in:

CGI

Defined in:

lib/cgi/util.rb,
lib/cgi/util.rb

Constant Summary

TABLE_FOR_ESCAPE_HTML__ =

The set of special characters and their escaped values

{
  "'" => ''',
  '&' => '&',
  '"' => '"',
  '<' => '&lt;',
  '>' => '&gt;',
}

RFC822_DAYS =

Abbreviated day-of-week names specified by RFC 822

%w[ Sun Mon Tue Wed Thu Fri Sat ]

RFC822_MONTHS =

Abbreviated month names specified by RFC 822

%w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]

@@accept_charset =

"UTF-8"

Instance Method Summary

• #escape(string) ⇒ Object

  URL-encode a string.

• #escape_element(str) ⇒ Object

  Synonym for CGI::escapeElement(str).

• #escape_html(str) ⇒ Object

  Synonym for CGI::escapeHTML(str).

• #escapeElement(string, *elements) ⇒ Object

  Escape only the tags of certain HTML elements in string.

• #escapeHTML(string) ⇒ Object (also: #h)

  Escape special characters in HTML, namely &"<> CGI::escapeHTML(‘Usage: foo “bar” <baz>’) # => “Usage: foo &quot;bar&quot; &lt;baz&gt;”.

• #pretty(string, shift = " ") ⇒ Object

  Prettify (indent) an HTML string.

• #rfc1123_date(time) ⇒ Object

  Format a Time object as a String using the format specified by RFC 1123.

• #unescape(string, encoding = @@accept_charset) ⇒ Object

  URL-decode a string with encoding(optional).

• #unescape_element(str) ⇒ Object

  Synonym for CGI::unescapeElement(str).

• #unescape_html(str) ⇒ Object

  Synonym for CGI::unescapeHTML(str).

• #unescapeElement(string, *elements) ⇒ Object

  Undo escaping such as that done by CGI::escapeElement().

• #unescapeHTML(string) ⇒ Object

  Unescape a string that has been HTML-escaped CGI::unescapeHTML(“Usage: foo &quot;bar&quot; &lt;baz&gt;”) # => “Usage: foo "bar" <baz>”.

Instance Method Details

#escape(string) ⇒ Object

URL-encode a string.

url_encoded_string = CGI::escape("'Stop!' said Fred")
   # => "%27Stop%21%27+said+Fred"

# File 'lib/cgi/util.rb', line 7

def escape(string)
  encoding = string.encoding
  string.b.gsub(/([^ a-zA-Z0-9_.-]+)/) do |m|
    '%' + m.unpack('H2' * m.bytesize).join('%').upcase
  end.tr(' ', '+').force_encoding(encoding)
end

#escape_element(str) ⇒ Object

Synonym for CGI::escapeElement(str)

# File 'lib/cgi/util.rb', line 147

def escape_element(str)
  escapeElement(str)
end

#escape_html(str) ⇒ Object

Synonym for CGI::escapeHTML(str)

# File 'lib/cgi/util.rb', line 93

def escape_html(str)
  escapeHTML(str)
end

#escapeElement(string, *elements) ⇒ Object

Escape only the tags of certain HTML elements in string.

Takes an element or elements or array of elements. Each element is specified by the name of the element, without angle brackets. This matches both the start and the end tag of that element. The attribute list of the open tag will also be escaped (for instance, the double-quotes surrounding attribute values).

print CGI::escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
  # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"

print CGI::escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
  # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"

# File 'lib/cgi/util.rb', line 115

def escapeElement(string, *elements)
  elements = elements[0] if elements[0].kind_of?(Array)
  unless elements.empty?
    string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
      CGI::escapeHTML($&)
    end
  else
    string
  end
end

#escapeHTML(string) ⇒ Object Also known as: h

Escape special characters in HTML, namely &"<>

CGI::escapeHTML('Usage: foo "bar" <baz>')
   # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"

# File 'lib/cgi/util.rb', line 36

def escapeHTML(string)
  string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
end

#pretty(string, shift = " ") ⇒ Object

Prettify (indent) an HTML string.

string is the HTML string to indent. shift is the indentation unit to use; it defaults to two spaces.

print CGI::pretty("<HTML><BODY></BODY></HTML>")
  # <HTML>
  #   <BODY>
  #   </BODY>
  # </HTML>

print CGI::pretty("<HTML><BODY></BODY></HTML>", "\t")
  # <HTML>
  #         <BODY>
  #         </BODY>
  # </HTML>

# File 'lib/cgi/util.rb', line 190

def pretty(string, shift = "  ")
  lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n")
  end_pos = 0
  while end_pos = lines.index(/^<\/(\w+)/, end_pos)
    element = $1.dup
    start_pos = lines.rindex(/^\s*<#{element}/i, end_pos)
    lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__"
  end
  lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')
end

#rfc1123_date(time) ⇒ Object

Format a Time object as a String using the format specified by RFC 1123.

CGI::rfc1123_date(Time.now)
  # Sat, 01 Jan 2000 00:00:00 GMT

# File 'lib/cgi/util.rb', line 166

def rfc1123_date(time)
  t = time.clone.gmtime
  return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",
                RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
                t.hour, t.min, t.sec)
end

#unescape(string, encoding = @@accept_charset) ⇒ Object

URL-decode a string with encoding(optional).

string = CGI::unescape("%27Stop%21%27+said+Fred")
   # => "'Stop!' said Fred"

# File 'lib/cgi/util.rb', line 17

def unescape(string,encoding=@@accept_charset)
  str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m|
    [m.delete('%')].pack('H*')
  end.force_encoding(encoding)
  str.valid_encoding? ? str : str.force_encoding(string.encoding)
end

#unescape_element(str) ⇒ Object

Synonym for CGI::unescapeElement(str)

# File 'lib/cgi/util.rb', line 152

def unescape_element(str)
  unescapeElement(str)
end

#unescape_html(str) ⇒ Object

Synonym for CGI::unescapeHTML(str)

# File 'lib/cgi/util.rb', line 98

def unescape_html(str)
  unescapeHTML(str)
end

#unescapeElement(string, *elements) ⇒ Object

Undo escaping such as that done by CGI::escapeElement()

print CGI::unescapeElement(
        CGI::escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
  # "&lt;BR&gt;<A HREF="url"></A>"

print CGI::unescapeElement(
        CGI::escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
  # "&lt;BR&gt;<A HREF="url"></A>"

# File 'lib/cgi/util.rb', line 135

def unescapeElement(string, *elements)
  elements = elements[0] if elements[0].kind_of?(Array)
  unless elements.empty?
    string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
      unescapeHTML($&)
    end
  else
    string
  end
end

#unescapeHTML(string) ⇒ Object

Unescape a string that has been HTML-escaped

CGI::unescapeHTML("Usage: foo "bar" <baz>")
   # => "Usage: foo \"bar\" <baz>"

# File 'lib/cgi/util.rb', line 43

def unescapeHTML(string)
  return string unless string.include? '&'
  enc = string.encoding
  if enc != Encoding::UTF_8 && [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc)
    return string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
      case $1.encode(Encoding::US_ASCII)
      when 'apos'                then "'".encode(enc)
      when 'amp'                 then '&'.encode(enc)
      when 'quot'                then '"'.encode(enc)
      when 'gt'                  then '>'.encode(enc)
      when 'lt'                  then '<'.encode(enc)
      when /\A#0*(\d+)\z/        then $1.to_i.chr(enc)
      when /\A#x([0-9a-f]+)\z/i  then $1.hex.chr(enc)
      end
    end
  end
  asciicompat = Encoding.compatible?(string, "a")
  string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
    match = $1.dup
    case match
    when 'apos'                then "'"
    when 'amp'                 then '&'
    when 'quot'                then '"'
    when 'gt'                  then '>'
    when 'lt'                  then '<'
    when /\A#0*(\d+)\z/
      n = $1.to_i
      if enc == Encoding::UTF_8 or
        enc == Encoding::ISO_8859_1 && n < 256 or
        asciicompat && n < 128
        n.chr(enc)
      else
        "&##{$1};"
      end
    when /\A#x([0-9a-f]+)\z/i
      n = $1.hex
      if enc == Encoding::UTF_8 or
        enc == Encoding::ISO_8859_1 && n < 256 or
        asciicompat && n < 128
        n.chr(enc)
      else
        "&#x#{$1};"
      end
    else
      "&#{match};"
    end
  end
end