deprecated Mojo::Util->html_escape and fixed support for multi byte e…

…ntities in Mojo::Util
mojolicious · Jan 14, 2013 · cec5010 · cec5010
1 parent 36042c6
commit cec5010
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 60 deletions.
diff --git a/Changes b/Changes
@@ -1,4 +1,9 @@
 
+3.80  2013-01-14
+  - Deprecated Mojo::Util->html_escape.
+  - Deprecated Mojo::ByteStream->html_escape.
+  - Fixed support for multi byte entities in Mojo::Util.
+
 3.79  2013-01-13
   - Fixed small domain detection bug in Mojo::UserAgent::CookieJar.
 

diff --git a/lib/Mojo/ByteStream.pm b/lib/Mojo/ByteStream.pm
@@ -82,7 +82,7 @@ Mojo::ByteStream - ByteStream
 
   # Use the alternative constructor
   use Mojo::ByteStream 'b';
-  my $stream = b('foobarbaz')->html_escape;
+  my $stream = b('foobarbaz')->b64_encode('')->say;
 
 =head1 DESCRIPTION
 
@@ -175,15 +175,6 @@ Generate HMAC-SHA1 checksum for bytestream with L<Mojo::Util/"hmac_sha1_sum">.
 
   b('foo bar baz')->hmac_sha1_sum('secr3t')->quote->say;
 
-=head2 html_escape
-
-  $stream = $stream->html_escape;
-  $stream = $stream->html_escape('^\n\r\t !#$%(-;=?-~');
-
-Escape unsafe characters in bytestream with L<Mojo::Util/"html_escape">.
-
-  b('<html>')->html_escape->say;
-
 =head2 html_unescape
 
   $stream = $stream->html_unescape;
@@ -324,7 +315,7 @@ L<Mojo::Util/"url_escape">.
 Decode percent encoded characters in bytestream with
 L<Mojo::Util/"url_unescape">.
 
-  b('%3Chtml%3E')->url_unescape->html_escape->say;
+  b('%3Chtml%3E')->url_unescape->b64_encode('')->say;
 
 =head2 xml_escape
 

diff --git a/lib/Mojo/Util.pm b/lib/Mojo/Util.pm
@@ -28,10 +28,13 @@ my $DELIMITER = chr 0x2D;
 my %ENTITIES;
 {
   open my $entities, '<', catfile(dirname(__FILE__), 'entities.txt');
-  /^(\S+)\s+U\+(\S+)/ and $ENTITIES{$1} = chr hex($2) for <$entities>;
+  for my $entity (<$entities>) {
+    next unless $entity =~ /^(\S+)\s+U\+(\S+)(?:\s+U\+(\S+))?/;
+    $ENTITIES{$1} = defined $3 ? (chr(hex $2) . chr(hex $3)) : chr(hex $2);
+  }
 }
 
-# Reverse entities for html_escape (without "apos")
+# DEPRECATED in Rainbow!
 my %REVERSE = ("\x{0027}" => '#39;');
 $REVERSE{$ENTITIES{$_}} //= $_
   for sort  { @{[$a =~ /[A-Z]/g]} <=> @{[$b =~ /[A-Z]/g]} }
@@ -112,7 +115,9 @@ sub get_line {
 sub hmac_md5_sum  { _hmac(\&md5,  @_) }
 sub hmac_sha1_sum { _hmac(\&sha1, @_) }
 
+# DEPRECATED in Rainbow!
 sub html_escape {
+  warn "Mojo::Util->html_escape is DEPRECATED!\n";
   my ($string, $pattern) = @_;
   $pattern ||= '^\n\r\t !#$%(-;=?-~';
   return $string unless $string =~ /[^$pattern]/;
@@ -376,6 +381,7 @@ sub _decode {
   return "&$_[1]";
 }
 
+# DEPRECATED in Rainbow!
 sub _encode {
   return exists $REVERSE{$_[0]} ? "&$REVERSE{$_[0]}" : "&#@{[ord($_[0])]};";
 }
@@ -514,14 +520,6 @@ Generate HMAC-MD5 checksum for string.
 
 Generate HMAC-SHA1 checksum for string.
 
-=head2 html_escape
-
-  my $escaped = html_escape $string;
-  my $escaped = html_escape $string, '^\n\r\t !#$%(-;=?-~';
-
-Escape unsafe characters in string with HTML entities, the pattern used
-defaults to C<^\n\r\t !#$%(-;=?-~>.
-
 =head2 html_unescape
 
   my $string = html_unescape $escaped;
@@ -637,8 +635,7 @@ Decode percent encoded characters in string.
 
   my $escaped = xml_escape $string;
 
-Escape only the characters C<&>, C<E<lt>>, C<E<gt>>, C<"> and C<'> in string,
-this is a much faster version of C<html_escape>.
+Escape unsafe characters C<&>, C<E<lt>>, C<E<gt>>, C<"> and C<'> in string.
 
 =head2 xor_encode
 

diff --git a/lib/Mojolicious.pm b/lib/Mojolicious.pm
@@ -40,7 +40,7 @@ has static   => sub { Mojolicious::Static->new };
 has types    => sub { Mojolicious::Types->new };
 
 our $CODENAME = 'Rainbow';
-our $VERSION  = '3.79';
+our $VERSION  = '3.80';
 
 sub AUTOLOAD {
   my $self = shift;

diff --git a/t/mojo/bytestream.t b/t/mojo/bytestream.t
@@ -29,10 +29,6 @@ is b('foo%C3%9F%C4%80bar%E2%98%BA')->url_unescape->decode,
 is b('foo%C3%9F%C4%80bar%E2%98%BA')->url_unescape->decode('UTF-8'),
   "foo\x{df}\x{0100}bar\x{263a}", 'right url unescaped result';
 
-# html_escape
-is b("foo bar'<baz>")->html_escape, 'foo bar&#39;&lt;baz&gt;',
-  'right html escaped result';
-
 # html_unescape
 is b('&#x3c;foo&#x3E;bar&lt;baz&gt;&#x26;&#34;')->html_unescape,
   "<foo>bar<baz>&\"", 'right html unescaped result';

diff --git a/t/mojo/util.t b/t/mojo/util.t
@@ -7,10 +7,10 @@ use FindBin;
 
 use Mojo::Util
   qw(b64_decode b64_encode camelize class_to_file class_to_path decamelize),
-  qw(decode encode get_line hmac_md5_sum hmac_sha1_sum html_escape),
-  qw(html_unescape md5_bytes md5_sum monkey_patch punycode_decode),
-  qw(punycode_encode quote squish trim unquote secure_compare sha1_bytes),
-  qw(sha1_sum slurp spurt url_escape url_unescape xml_escape xor_encode);
+  qw(decode encode get_line hmac_md5_sum hmac_sha1_sum html_unescape),
+  qw(md5_bytes md5_sum monkey_patch punycode_decode punycode_encode quote),
+  qw(squish trim unquote secure_compare sha1_bytes sha1_sum slurp spurt),
+  qw(url_escape url_unescape xml_escape xor_encode);
 
 # camelize
 is camelize('foo_bar_baz'), 'FooBarBaz', 'right camelized result';
@@ -107,14 +107,6 @@ is url_escape(encode 'UTF-8', "foo\x{df}\x{0100}bar\x{263a}"),
 is decode('UTF-8', url_unescape 'foo%C3%9F%C4%80bar%E2%98%BA'),
   "foo\x{df}\x{0100}bar\x{263a}", 'right url unescaped result';
 
-# html_escape
-is html_escape("foo bar'<baz>"), 'foo bar&#39;&lt;baz&gt;',
-  'right html escaped result';
-
-# html_escape (nothing to escape)
-is html_escape("foobar123\n\r\t !#\$\%()*+,-./:;=?[\\]^-{|}@~"),
-  "foobar123\n\r\t !#\$\%()*+,-./:;=?[\\]^-{|}@~", 'right html escaped result';
-
 # html_unescape
 is html_unescape('&#x3c;foo&#x3E;bar&lt;baz&gt;&#x26;&#34;'),
   "<foo>bar<baz>&\"", 'right html unescaped result';
@@ -123,6 +115,10 @@ is html_unescape('&#x3c;foo&#x3E;bar&lt;baz&gt;&#x26;&#34;'),
 is html_unescape('foo &CounterClockwiseContourIntegral; bar &sup1baz'),
   "foo \x{2233} bar \x{00b9}baz", 'right html unescaped result';
 
+# html_unescape (multi byte entity)
+is html_unescape(decode 'UTF-8', '&acE;'), "\x{223e}\x{0333}",
+  'right html unescaped result';
+
 # html_unescape (apos)
 is html_unescape('foobar&apos;&lt;baz&gt;&#x26;&#34;'), "foobar'<baz>&\"",
   'right html unescaped result';
@@ -134,22 +130,10 @@ is html_unescape('foobar'), 'foobar', 'right html unescaped result';
 is html_unescape('&Ltf&amp&0oo&nbspba;&ltr'), "&Ltf&&0oo\x{00a0}ba;<r",
   'right html unescaped result';
 
-# html_escape (UTF-8)
-is html_escape("fo\nobar<baz>&\"\x{152}\x{02ae4}"),
-  "fo\nobar&lt;baz&gt;&amp;&quot;&OElig;&Dashv;", 'right html escaped result';
-
 # html_unescape (UTF-8)
 is html_unescape(decode 'UTF-8', 'foo&lt;baz&gt;&#x26;&#34;&OElig;&Foo;'),
   "foo<baz>&\"\x{152}&Foo;", 'right html unescaped result';
 
-# html_escape (path)
-is html_escape('/home/sri/perl/site_perl/5.10.0/Mojo.pm'),
-  '/home/sri/perl/site_perl/5.10.0/Mojo.pm', 'right html escaped result';
-
-# html_escape (custom pattern)
-is html_escape("fo\no b<a>r", 'o<'), "f&#111;\n&#111; b&lt;a>r",
-  'right html escaped result';
-
 # xml_escape
 is xml_escape(qq{la<f>\nbar"baz"'yada\n'&lt;la}),
   "la&lt;f&gt;\nbar&quot;baz&quot;&#39;yada\n&#39;&amp;lt;la",

diff --git a/t/mojolicious/twinkle_lite_app.t b/t/mojolicious/twinkle_lite_app.t
@@ -16,11 +16,15 @@ app->renderer->default_format('foo');
 
 # Twinkle template syntax
 my $twinkle = {
-  append          => '$self->res->headers->header("X-Append" => $prepended);',
-  auto_escape     => 0,
-  capture_end     => '-',
-  capture_start   => '+',
-  escape          => \&Mojo::Util::html_escape,
+  append        => '$self->res->headers->header("X-Append" => $prepended);',
+  auto_escape   => 0,
+  capture_end   => '-',
+  capture_start => '+',
+  escape        => sub {
+    my $string = shift;
+    $string =~ s/</&LT;/g;
+    return $string;
+  },
   escape_mark     => '*',
   expression_mark => '*',
   line_start      => '.',
@@ -88,7 +92,7 @@ $t->get_ok('/')->status_is(200)->header_is('X-Append' => 'bar')
 
 # GET /advanced
 $t->get_ok('/advanced')->status_is(200)->header_is('X-Append' => 'bar')
-  ->content_is("&lt;escape me&gt;&awconint;\n123423");
+  ->content_is("&LT;escape me>\n123423");
 
 # GET /docs
 $t->get_ok('/docs')->status_is(200)->content_like(qr!<h3>snowman</h3>!);
@@ -123,7 +127,7 @@ Hello *** $name **!\
 test<%= content %>123\
 
 @@ advanced.foo.twinkle
-.** "<escape me>\x{2233}"
+.** "<escape me>"
 . my $numbers = [1 .. 4];
  ** for my $i (@$numbers) { ***
  *** $i ***

diff --git a/t/pod_coverage.t b/t/pod_coverage.t
@@ -8,7 +8,7 @@ plan skip_all => 'Test::Pod::Coverage 1.04 required for this test!'
   unless eval 'use Test::Pod::Coverage 1.04; 1';
 
 # DEPRECATED in Rainbow!
-my @rainbow = qw(namespace start);
+my @rainbow = qw(html_escape namespace start);
 
 # False positive constants
 all_pod_coverage_ok({also_private => [@rainbow, qw(IPV6 TLS)]});