Fix XSS vulnerabilities in chunk-handling

2007-09-23 19:30:39 +00:00 · 2007-09-23 19:30:39 +00:00 · a3d3f1c536
commit a3d3f1c536
parent 36b86a9d41
6 changed files with 55 additions and 3 deletions
--- a/lib/sanitize.rb
+++ b/lib/sanitize.rb
@ -203,3 +203,28 @@ module Sanitize
          style = clean.join(' ')
      end
 end      
+
+# Some useful additions to the String class
+
+class String
+
+# Check whether a string is valid utf-8
+#
+# :call-seq:
+#    string.is_utf8?    -> boolean
+#
+# returns true if the sequence of bytes in string is valid utf-8
+   def is_utf8?
+     self =~  /^(
+         [\x09\x0A\x0D\x20-\x7E]            # ASCII
+       | [\xC2-\xDF][\x80-\xBF]             # non-overlong 2-byte
+       |  \xE0[\xA0-\xBF][\x80-\xBF]        # excluding overlongs
+       | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}  # straight 3-byte
+       |  \xED[\x80-\x9F][\x80-\xBF]        # excluding surrogates
+       |  \xF0[\x90-\xBF][\x80-\xBF]{2}     # planes 1-3
+       | [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
+       |  \xF4[\x80-\x8F][\x80-\xBF]{2}     # plane 16
+     )*$/x;
+   end
+
+end