lib/rack/sanitizer.rb in rack-sanitizer-2.0.2 vs lib/rack/sanitizer.rb in rack-sanitizer-2.0.3
- old
+ new
@@ -178,19 +178,21 @@
encoded
end
end
end
+ URI_PARSER = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
+
# Performs the reverse function of `unescape_unreserved`. Unlike
# the previous function, we can reuse the logic in URI#encode
def escape_unreserved(input)
# This regexp matches unsafe characters, i.e. everything except 'reserved'
# and 'unreserved' characters from RFC3986 (2.3), and additionally '%',
# as percent-encoded unreserved characters could be left over from the
# `unescape_unreserved` invocation.
#
# See also URI::REGEXP::PATTERN::{UNRESERVED,RESERVED}.
- URI::DEFAULT_PARSER.escape(input, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/)
+ URI_PARSER.escape(input, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/)
end
def sanitize_string(input)
if input.is_a? String
input = input.force_encoding(Encoding::UTF_8)