cgi/escape: Optimize CGI.escapeHTML

* cgi/escape/escape.c: Optimize CGI.escapeHTML for
  ASCII-compatible encodings.  [Fix GH-1164]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,8 @@
+Sun Dec 20 20:54:51 2015  Takashi Kokubun  <takashikkbn@gmail.com>
+
+	* cgi/escape/escape.c: Optimize CGI.escapeHTML for
+	  ASCII-compatible encodings.  [Fix GH-1164]
+
 Sun Dec 20 15:36:46 2015  SHIBATA Hiroshi  <hsbt@ruby-lang.org>
 
 	* lib/erb.rb: revert r53123. It breaks compatibility like thor and

ext/Setup

@@ -1,6 +1,7 @@
 #option nodynamic
 
 #bigdecimal
+#cgi/escape
 #continuation
 #coverage
 #date

ext/Setup.atheos

@@ -2,6 +2,7 @@ option nodynamic
 
 #Win32API
 bigdecimal
+cgi/escape
 dbm
 digest
 digest/md5

ext/Setup.nacl

@@ -2,6 +2,7 @@
 #
 # #Win32API
 # bigdecimal
+# cgi/escape
 # continuation
 # coverage
 # date

ext/Setup.nt

@@ -3,6 +3,7 @@
 
 Win32API
 bigdecimal
+cgi/escape
 #dbm
 digest
 digest/md5

ext/cgi/escape/escape.c

@@ -0,0 +1,97 @@
+#include "ruby.h"
+#include "ruby/encoding.h"
+
+static VALUE rb_cCGI, rb_mUtil, rb_mEscape;
+
+static void
+html_escaped_cat(VALUE str, char c)
+{
+    switch (c) {
+      case '\'':
+	rb_str_cat_cstr(str, "'");
+	break;
+      case '&':
+	rb_str_cat_cstr(str, "&");
+	break;
+      case '"':
+	rb_str_cat_cstr(str, """);
+	break;
+      case '<':
+	rb_str_cat_cstr(str, "&lt;");
+	break;
+      case '>':
+	rb_str_cat_cstr(str, "&gt;");
+	break;
+    }
+}
+
+static VALUE
+optimized_escape_html(VALUE str)
+{
+    long i, len, modified = 0, beg = 0;
+    VALUE dest;
+    const char *cstr;
+
+    len  = RSTRING_LEN(str);
+    cstr = RSTRING_PTR(str);
+
+    for (i = 0; i < len; i++) {
+	switch (cstr[i]) {
+	  case '\'':
+	  case '&':
+	  case '"':
+	  case '<':
+	  case '>':
+	    if (!modified) {
+		modified = 1;
+		dest = rb_str_buf_new(len);
+	    }
+
+	    rb_str_cat(dest, cstr + beg, i - beg);
+	    beg = i + 1;
+
+	    html_escaped_cat(dest, cstr[i]);
+	    break;
+	}
+    }
+
+    if (modified) {
+	rb_str_cat(dest, cstr + beg, len - beg);
+	rb_enc_associate(dest, rb_enc_get(str));
+	return dest;
+    }
+    else {
+	return str;
+    }
+}
+
+/*
+ *  call-seq:
+ *     CGI.escapeHTML(string) -> string
+ *
+ *  Returns HTML-escaped string.
+ *
+ */
+static VALUE
+cgiesc_escape_html(VALUE self, VALUE str)
+{
+    StringValue(str);
+
+    if (rb_enc_str_asciicompat_p(str)) {
+	return optimized_escape_html(str);
+    }
+    else {
+	return rb_call_super(1, &str);
+    }
+}
+
+void
+Init_escape(void)
+{
+    rb_cCGI    = rb_define_class("CGI", rb_cObject);
+    rb_mEscape = rb_define_module_under(rb_cCGI, "Escape");
+    rb_mUtil   = rb_define_module_under(rb_cCGI, "Util");
+    rb_define_method(rb_mEscape, "escapeHTML", cgiesc_escape_html, 1);
+    rb_prepend_module(rb_mUtil, rb_mEscape);
+    rb_extend_object(rb_cCGI, rb_mEscape);
+}

ext/cgi/escape/extconf.rb

@@ -0,0 +1,3 @@
+require 'mkmf'
+
+create_makefile 'cgi/escape'

lib/cgi/util.rb

@@ -38,6 +38,11 @@ module CGI::Util
     string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
   end
 
+  begin
+    require 'cgi/escape'
+  rescue LoadError
+  end
+
   # Unescape a string that has been HTML-escaped
   #   CGI::unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
   #      # => "Usage: foo \"bar\" <baz>"

test/cgi/test_cgi_util.rb

@@ -62,6 +62,12 @@ class CGIUtilTest < Test::Unit::TestCase
     assert_equal("&#39;&amp;&quot;&gt;&lt;", CGI::escapeHTML("'&\"><"))
   end
 
+  def test_cgi_escape_html_preserve_encoding
+    assert_equal(Encoding::US_ASCII, CGI::escapeHTML("'&\"><".force_encoding("US-ASCII")).encoding)
+    assert_equal(Encoding::ASCII_8BIT, CGI::escapeHTML("'&\"><".force_encoding("ASCII-8BIT")).encoding)
+    assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
+  end
+
   def test_cgi_unescapeHTML
     assert_equal("'&\"><", CGI::unescapeHTML("&#39;&amp;&quot;&gt;&lt;"))
   end