Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

In meta refresh, escape special characters in the URI before parsing.…

… % is excluded because Safari doesn't escape it. Issue #177
  • Loading branch information...
commit ecff1af9aac331a67eaa1a9e05ff5d08e77fbfb3 1 parent 698020d
Eric Hodel drbrain authored
5 CHANGELOG.rdoc
Source Rendered
... ... @@ -1,5 +1,10 @@
1 1 = Mechanize CHANGELOG
2 2
  3 +=== 2.1.1 / ??
  4 +
  5 +* Bug fixes
  6 + * Meta refresh URIs are now escaped (excluding %). Issue #177
  7 +
3 8 === 2.1 / 2011-12-20
4 9
5 10 * Deprecations
2  lib/mechanize.rb
@@ -39,7 +39,7 @@ class Mechanize
39 39 ##
40 40 # The version of Mechanize you are using.
41 41
42   - VERSION = '2.1'
  42 + VERSION = '2.1.1'
43 43
44 44 ##
45 45 # Base mechanize error class
9 lib/mechanize/page/meta_refresh.rb
@@ -25,6 +25,11 @@ class Mechanize::Page::MetaRefresh < Mechanize::Page::Link
25 25 CONTENT_REGEXP = /^\s*(\d+\.?\d*)(;|;\s*url=\s*['"]?(\S*?)['"]?)?\s*$/i
26 26
27 27 ##
  28 + # Regexp of unsafe URI characters that excludes % for Issue #177
  29 +
  30 + UNSAFE = /[^\-_.!~*'()a-zA-Z\d;\/?:@&%=+$,\[\]]/
  31 +
  32 + ##
28 33 # Parses the delay and url from the content attribute of a meta refresh
29 34 # element. Parse requires the uri of the current page to infer a url when
30 35 # no url is specified.
@@ -37,7 +42,9 @@ def self.parse content, base_uri
37 42 return unless content =~ CONTENT_REGEXP
38 43
39 44 link_self = $3.nil? || $3.empty?
40   - delay, refresh_uri = $1, $3
  45 + delay = $1
  46 + refresh_uri = $3
  47 + refresh_uri = Mechanize::Util.uri_escape refresh_uri, UNSAFE if refresh_uri
41 48
42 49 dest = base_uri
43 50 dest += refresh_uri if refresh_uri
6 lib/mechanize/util.rb
@@ -78,14 +78,16 @@ def self.detect_charset(src)
78 78 enc || "ISO-8859-1"
79 79 end
80 80
81   - def self.uri_escape str
  81 + def self.uri_escape str, unsafe = nil
82 82 @parser ||= begin
83 83 URI::Parser.new
84 84 rescue NameError
85 85 URI
86 86 end
87 87
88   - @parser.escape str
  88 + unsafe ||= @parser.regexp[:UNSAFE]
  89 +
  90 + @parser.escape str, unsafe
89 91 end
90 92
91 93 def self.uri_unescape str
10 test/test_mechanize_page_meta_refresh.rb
@@ -69,6 +69,16 @@ def test_class_parse
69 69 refute link_self
70 70 end
71 71
  72 + def test_class_parse_funky
  73 + delay, uri, link_self = @MR.parse "0; url=/funky?<b>Welcome<%2Fb>", @uri
  74 +
  75 + assert_equal "0", delay
  76 + assert_equal "http://example/funky?%3Cb%3EWelcome%3C%2Fb%3E",
  77 + uri.to_s
  78 +
  79 + refute link_self
  80 + end
  81 +
72 82 def test_class_from_node
73 83 page = util_page 5, 'http://b.example'
74 84 link = util_meta_refresh page
5 test/test_mechanize_util.rb
@@ -99,5 +99,10 @@ def test_self_html_unescape_entity
99 99 assert_equal '&', @MU::html_unescape('&amp;')
100 100 end
101 101
  102 + def test_uri_escape
  103 + assert_equal "%25", @MU.uri_escape("%")
  104 + assert_equal "%", @MU.uri_escape("%", /[^%]/)
  105 + end
  106 +
102 107 end
103 108

0 comments on commit ecff1af

Please sign in to comment.
Something went wrong with that request. Please try again.