New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CGI.unescapeHTML("\xFF&") gives ArgumentError: invalid byte sequence in UTF-8. #6342
Comments
Same on 9.2 HEAD:
Could be missing some logic from the CRuby version. |
This appears to have regressed due to our merging #6097 into JRuby 9.2.11.0. That change also does not appear to have made it into the JRuby fork of Ruby, where we maintain our copy of the standard library. |
Actually I am wrong... that PR was for |
Big question for me is why CRuby does not have this issue. I will try to look into the root cause so we can avoid shipping a patched cgi/util.rb. |
A similar patch for diff --git a/lib/ruby/stdlib/cgi/util.rb b/lib/ruby/stdlib/cgi/util.rb
index daf81c3bf5..993ace57d9 100644
--- a/lib/ruby/stdlib/cgi/util.rb
+++ b/lib/ruby/stdlib/cgi/util.rb
@@ -93,7 +93,8 @@ module CGI::Util
when Encoding::ISO_8859_1; 256
else 128
end
- string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
+ string = string.b
+ string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
match = $1.dup
case match
when 'apos' then "'"
@@ -119,6 +120,7 @@ module CGI::Util
"&#{match};"
end
end
+ string.force_encoding enc
end
# Synonym for CGI::escapeHTML(str) |
CRuby has an alternative implementation in C, that doesn't have this issue there's also a java implementation in jruby |
@ahorek Yeah I'm catching back up with all this and realizing that when I "reverted" the "fix" for #4531 I basically just disabled the native logic altogether. The reason we differ from CRuby is that the optimized logic allows this case through, while the unoptimized logic does not, and due to 3d8847e we never use the optimized logic. The Ruby code is actually incorrect here, because it does not allow cases like this through where the native extension does. I think the fix provided by @ahorek should be applied to the Ruby code in CRuby as well as in our version, since CRuby without the extension fails exactly the same way:
The issues with the prepend + extend logic from the extension still exist in 9.2 HEAD. They prevent
etc |
Environment Information
Expected Behavior
Actual Behavior
I checked similar issues like: #6093 but it doesn't seem relevant since the issue is solved in my jruby version.
Thank you!
The text was updated successfully, but these errors were encountered: