Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

In meta refresh, escape special characters in the URI before parsing.…

… % is excluded because Safari doesn't escape it. Issue #177
  • Loading branch information...
commit ecff1af9aac331a67eaa1a9e05ff5d08e77fbfb3 1 parent 698020d
@drbrain drbrain authored
View
5 CHANGELOG.rdoc
@@ -1,5 +1,10 @@
= Mechanize CHANGELOG
+=== 2.1.1 / ??
+
+* Bug fixes
+ * Meta refresh URIs are now escaped (excluding %). Issue #177
+
=== 2.1 / 2011-12-20
* Deprecations
View
2  lib/mechanize.rb
@@ -39,7 +39,7 @@ class Mechanize
##
# The version of Mechanize you are using.
- VERSION = '2.1'
+ VERSION = '2.1.1'
##
# Base mechanize error class
View
9 lib/mechanize/page/meta_refresh.rb
@@ -25,6 +25,11 @@ class Mechanize::Page::MetaRefresh < Mechanize::Page::Link
CONTENT_REGEXP = /^\s*(\d+\.?\d*)(;|;\s*url=\s*['"]?(\S*?)['"]?)?\s*$/i
##
+ # Regexp of unsafe URI characters that excludes % for Issue #177
+
+ UNSAFE = /[^\-_.!~*'()a-zA-Z\d;\/?:@&%=+$,\[\]]/
+
+ ##
# Parses the delay and url from the content attribute of a meta refresh
# element. Parse requires the uri of the current page to infer a url when
# no url is specified.
@@ -37,7 +42,9 @@ def self.parse content, base_uri
return unless content =~ CONTENT_REGEXP
link_self = $3.nil? || $3.empty?
- delay, refresh_uri = $1, $3
+ delay = $1
+ refresh_uri = $3
+ refresh_uri = Mechanize::Util.uri_escape refresh_uri, UNSAFE if refresh_uri
dest = base_uri
dest += refresh_uri if refresh_uri
View
6 lib/mechanize/util.rb
@@ -78,14 +78,16 @@ def self.detect_charset(src)
enc || "ISO-8859-1"
end
- def self.uri_escape str
+ def self.uri_escape str, unsafe = nil
@parser ||= begin
URI::Parser.new
rescue NameError
URI
end
- @parser.escape str
+ unsafe ||= @parser.regexp[:UNSAFE]
+
+ @parser.escape str, unsafe
end
def self.uri_unescape str
View
10 test/test_mechanize_page_meta_refresh.rb
@@ -69,6 +69,16 @@ def test_class_parse
refute link_self
end
+ def test_class_parse_funky
+ delay, uri, link_self = @MR.parse "0; url=/funky?<b>Welcome<%2Fb>", @uri
+
+ assert_equal "0", delay
+ assert_equal "http://example/funky?%3Cb%3EWelcome%3C%2Fb%3E",
+ uri.to_s
+
+ refute link_self
+ end
+
def test_class_from_node
page = util_page 5, 'http://b.example'
link = util_meta_refresh page
View
5 test/test_mechanize_util.rb
@@ -99,5 +99,10 @@ def test_self_html_unescape_entity
assert_equal '&', @MU::html_unescape('&amp;')
end
+ def test_uri_escape
+ assert_equal "%25", @MU.uri_escape("%")
+ assert_equal "%", @MU.uri_escape("%", /[^%]/)
+ end
+
end

0 comments on commit ecff1af

Please sign in to comment.
Something went wrong with that request. Please try again.