代码拉取完成,页面将自动刷新
From da7aadf928d85ffdf594d7e77aed4a441f7c3ebb Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Fri, 21 Feb 2025 15:53:31 +0900
Subject: [PATCH 2/2] Escape/unescape unclosed tags as well
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
---
lib/cgi/util.rb | 4 ++--
test/cgi/test_cgi_util.rb | 18 ++++++++++++++++++
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
index 5a5c77a..ce77a0c 100644
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@@ -178,7 +178,7 @@ module CGI::Util
def escapeElement(string, *elements)
elements = elements[0] if elements[0].kind_of?(Array)
unless elements.empty?
- string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
+ string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
CGI.escapeHTML($&)
end
else
@@ -198,7 +198,7 @@ module CGI::Util
def unescapeElement(string, *elements)
elements = elements[0] if elements[0].kind_of?(Array)
unless elements.empty?
- string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
+ string.gsub(/<\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:>)?/im) do
unescapeHTML($&)
end
else
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
index a3be193..d058ccc 100644
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@@ -244,6 +244,14 @@ class CGIUtilTest < Test::Unit::TestCase
assert_equal("<BR><A HREF="url"></A>", escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"]))
assert_equal("<BR><A HREF="url"></A>", escape_element('<BR><A HREF="url"></A>', "A", "IMG"))
assert_equal("<BR><A HREF="url"></A>", escape_element('<BR><A HREF="url"></A>', ["A", "IMG"]))
+
+ assert_equal("<A <A HREF="url"></A>", escapeElement('<A <A HREF="url"></A>', "A", "IMG"))
+ assert_equal("<A <A HREF="url"></A>", escapeElement('<A <A HREF="url"></A>', ["A", "IMG"]))
+ assert_equal("<A <A HREF="url"></A>", escape_element('<A <A HREF="url"></A>', "A", "IMG"))
+ assert_equal("<A <A HREF="url"></A>", escape_element('<A <A HREF="url"></A>', ["A", "IMG"]))
+
+ assert_equal("<A <A ", escapeElement('<A <A ', "A", "IMG"))
+ assert_equal("<A <A ", escapeElement('<A <A ', ["A", "IMG"]))
end
@@ -252,6 +260,16 @@ class CGIUtilTest < Test::Unit::TestCase
assert_equal('<BR><A HREF="url"></A>', unescapeElement(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"]))
assert_equal('<BR><A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG"))
assert_equal('<BR><A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"]))
+
+ assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG"))
+ assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"]))
+ assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG"))
+ assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"]))
+
+ assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), "A", "IMG"))
+ assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), ["A", "IMG"]))
+ assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), "A", "IMG"))
+ assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), ["A", "IMG"]))
end
end
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手