Permalink
Browse files

Updated codecs for whitespace

  • Loading branch information...
1 parent 1d1bb76 commit 6da21e502f61f2d8f24d19dd08a20524bcb9d3a6 @washu washu committed Feb 20, 2011
@@ -15,7 +15,7 @@ class Encoder
@@codecs = []
@@html_codec = Owasp::Esapi::Codec::HtmlCodec.new
@@xml_codec = nil
- @@url_codec = Owasp::Esapi::Codec::UrlCodec.new
+ @@percent_codec = Owasp::Esapi::Codec::PercentCodec.new
@@js_codec = nil
@@vb_codec = nil
@@css_codec = Owasp::Esapi::Codec::CssCodec.new
@@ -30,7 +30,7 @@ def initialize(configured_codecs = nil)
# setup some defaults codecs
@@codecs << @@css_codec
@@codecs << @@html_codec
- @@codecs << @@url_codec
+ @@codecs << @@percent_codec
end
end
=begin
@@ -5,13 +5,15 @@
module Owasp
module Esapi
module Codec
- class UrlCodec < BaseCodec
+ class PercentCodec < BaseCodec
=begin
encode each character outsize of the RFC raneg as a hex value
=end
def encode_char(immune,input)
return input if input =~ /[a-zA-Z0-9_.-]/
+ # RFC compliance
+ return "+" if input == " "
val = ''
input.each_byte do |b|
val << '%' << b.ord.to_h.upcase
@@ -39,12 +39,20 @@ def next
get the next hex token in the string or nil
=end
def next_hex
- c = self.next()
+ c = self.next
return nil if c.nil?
return c if is_hex(c)
return nil
end
-
+=begin
+ get the next octal token int eh string or nil
+=end
+ def next_octal
+ c = self.next
+ return nil if c.nil?
+ return c if is_octal(c)
+ return nil
+ end
=begin
Check to see if we have another token on the stream
=end
@@ -93,6 +101,14 @@ def is_hex(c)
c =~ /[a-fA-F0-9]/
end
=begin
+ check if a given character is an octal character
+ means 0 through 7
+=end
+ def is_octal(c)
+ return false if c.nil?
+ c =~ /[0-7]/
+ end
+=begin
reset the index back to the mark
=end
def reset
@@ -8,5 +8,5 @@
require 'codec/base_codec'
require 'codec/css_codec'
require 'codec/html_codec'
-require 'codec/url_codec'
-require 'codec/encoder'
+require 'codec/percent_codec'
+require 'codec/encoder'
@@ -4,7 +4,7 @@ module Owasp
module Esapi
module Codec
describe Codec do
- let (:codec) { Owasp::Esapi::Codec::UrlCodec.new }
+ let (:codec) { Owasp::Esapi::Codec::PercentCodec.new }
it "should decode %3c as <" do
codec.decode("%3c").should == "<"
@@ -23,6 +23,10 @@ module Codec
codec.decode("%25F").should == "%F"
end
+ it "should encode 'Stop!' said Fred as %27Stop%21%27+said+Fred" do
+ codec.encode([],"'Stop!' said Fred").should == "%27Stop%21%27+said+Fred"
+ end
+
end
end
end

0 comments on commit 6da21e5

Please sign in to comment.