[MacRuby] #1249: Webrick escaping is wrong
MacRuby
ruby-noreply at macosforge.org
Sat Apr 30 19:10:50 PDT 2011
#1249: Webrick escaping is wrong
--------------------------------+-------------------------------------------
Reporter: cyberfox@… | Owner: lsansonetti@…
Type: defect | Status: new
Priority: major | Milestone:
Component: MacRuby | Keywords: regexp, escaping
--------------------------------+-------------------------------------------
Greetings,
Something's wacky with HTTPUtils escaping, it escapes 'v' and 'z', when it
shouldn't.
{{{
$ macirb
irb(main):001:0> require 'webrick'
=> true
irb(main):002:0>
WEBrick::HTTPUtils.escape('http://abcdefghijklmnopqrstuvwxyz.com')
=> "http://abcdefghijklmnopqrstu%76wxy%7A.com"
}}}
versus 1.9.2
{{{
$ irb
ruby-1.9.2-p180 :001 > require 'webrick'
=> true
ruby-1.9.2-p180 :002 >
WEBrick::HTTPUtils.escape('http://abcdefghijklmnopqrstuvwxyz.com')
=> "http://abcdefghijklmnopqrstuvwxyz.com"
}}}
There's a FIXME in webrick/httputils.rb about non-ascii regexps, which is
why the 'z' is broken, but the 'v' is a magical problem with the code that
generates the control character regex. :(
I've fixed it in my branch by replacing some of the constants as follows:
{{{
UNESCAPED = /([\x00-\x20\x7F\<\>\#%"'{}|\\^\[\]`\x80-\xFF])/
UNESCAPED_FORM =
/([\x00-\x1F;\/?:@&=+\$,\<\>\#%"'{}|\\^\[\]`\x7F\x80-\xFF])/
NONASCII = /([\x80-\xFF])/
}}}
By using ranged regexes instead of individual character regexes, it
doesn't run into the uncomfortable confusion of \v being vertical tab, but
also being interpreted as a 'v' character, and hopefully avoids whatever
issues was being 'FIXME'ed for the NONASCII case.
My fix may not be the best one, but the WEBrick HTTPUtils escape method is
broken without some kind of a fix, though, which is a pretty serious bug.
-- Morgan
--
Ticket URL: <http://www.macruby.org/trac/ticket/1249>
MacRuby <http://macruby.org/>
More information about the macruby-tickets
mailing list