adva 0.1.3 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/adva.gemspec +3 -0
- data/app/assets/config/manifest.js +6 -0
- data/app/assets/javascripts/adva_cms/ckeditor.js.erb +12 -0
- data/app/assets/javascripts/adva_cms/concat_main_menus.js +13 -0
- data/app/assets/javascripts/adva_cms/jquery.table_tree.js +704 -0
- data/app/assets/javascripts/adva_cms.js +7 -0
- data/app/assets/javascripts/ckeditor/config.js.erb +94 -0
- data/app/assets/stylesheets/adva_cms/admin/common.scss +15 -1
- data/app/assets/stylesheets/adva_cms/admin/projection.scss +2 -5
- data/app/assets/stylesheets/adva_cms/admin/sidebar.scss +30 -9
- data/app/assets/stylesheets/adva_cms/admin.scss +1 -1
- data/app/controllers/admin/base_controller.rb +10 -24
- data/app/controllers/admin/page/articles_controller.rb +8 -27
- data/app/controllers/admin/page/categories_controller.rb +6 -9
- data/app/controllers/admin/page/links_controller.rb +6 -9
- data/app/controllers/admin/sections_controller.rb +7 -9
- data/app/controllers/admin/sites_controller.rb +9 -12
- data/app/controllers/admin/users_controller.rb +6 -9
- data/app/controllers/articles_controller.rb +30 -52
- data/app/controllers/base_controller.rb +8 -8
- data/app/controllers/password_controller.rb +3 -5
- data/app/controllers/session_controller.rb +3 -5
- data/app/helpers/activities_helper.rb +9 -20
- data/app/helpers/admin/base_helper.rb +4 -22
- data/app/helpers/base_helper.rb +1 -1
- data/app/helpers/content_helper.rb +7 -5
- data/app/helpers/resource_helper.rb +4 -5
- data/app/helpers/users_helper.rb +1 -1
- data/app/models/activity.rb +3 -0
- data/app/models/article.rb +0 -11
- data/app/models/category.rb +3 -3
- data/app/models/content.rb +10 -39
- data/app/models/link.rb +0 -1
- data/app/models/password_mailer.rb +6 -9
- data/app/models/section.rb +6 -7
- data/app/models/site.rb +0 -2
- data/app/models/user.rb +1 -2
- data/app/views/activity_notifier/new_content_notification.html.erb +5 -5
- data/app/views/admin/activities/_activities.html.erb +4 -4
- data/app/views/admin/activities/_comment.html.erb +21 -21
- data/app/views/admin/activities/_content.html.erb +4 -3
- data/app/views/admin/activities/_topic.html.erb +5 -5
- data/app/views/admin/install/confirmation.html.erb +3 -3
- data/app/views/admin/install/index.html.erb +14 -14
- data/app/views/admin/page/articles/_form.html.erb +28 -25
- data/app/views/admin/page/articles/_options.html.erb +3 -4
- data/app/views/admin/page/articles/edit.html.erb +3 -3
- data/app/views/admin/page/articles/new.html.erb +4 -4
- data/app/views/admin/page/categories/edit.html.erb +9 -9
- data/app/views/admin/page/categories/index.html.erb +16 -16
- data/app/views/admin/page/categories/new.html.erb +5 -3
- data/app/views/admin/page/contents/index.html.erb +3 -18
- data/app/views/admin/page/links/_form.html.erb +17 -17
- data/app/views/admin/page/links/_options.html.erb +16 -19
- data/app/views/admin/page/links/edit.html.erb +3 -3
- data/app/views/admin/page/links/new.html.erb +3 -3
- data/app/views/admin/sections/_form.html.haml +5 -5
- data/app/views/admin/sections/edit.html.haml +2 -2
- data/app/views/admin/sections/index.html.erb +18 -18
- data/app/views/admin/sections/new.html.erb +15 -13
- data/app/views/admin/sections/settings/_page.html.haml +4 -6
- data/app/views/admin/shared/_header.html.erb +5 -4
- data/app/views/admin/shared/_section_tree.html.erb +2 -2
- data/app/views/admin/sites/_email_notifications.html.erb +6 -7
- data/app/views/admin/sites/_form.html.erb +7 -7
- data/app/views/admin/sites/_recent_users.html.erb +4 -2
- data/app/views/admin/sites/_unapproved_comments.html.erb +1 -1
- data/app/views/admin/sites/index.html.erb +1 -1
- data/app/views/admin/sites/new.html.erb +2 -2
- data/app/views/admin/sites/show.html.erb +7 -8
- data/app/views/admin/users/edit.html.erb +1 -1
- data/app/views/admin/users/index.html.erb +10 -10
- data/app/views/admin/users/new.html.erb +1 -1
- data/app/views/admin/users/show.html.erb +7 -7
- data/app/views/layouts/admin.html.haml +3 -5
- data/app/views/layouts/login.html.erb +1 -1
- data/app/views/password/edit.html.erb +12 -5
- data/app/views/password/new.html.erb +7 -7
- data/app/views/password_mailer/reset_password_email.html.erb +21 -1
- data/app/views/password_mailer/updated_password_email.html.erb +3 -1
- data/app/views/session/new.html.erb +9 -9
- data/app/views/shared/_flash.html.erb +2 -2
- data/app/views/shared/_sidebar.html.erb +2 -2
- data/config/initializers/ckeditor.rb +61 -0
- data/config/initializers/menus.rb +1 -1
- data/config/initializers/time_format.rb +2 -0
- data/lib/adva/authenticate_user.rb +193 -0
- data/lib/{active_record → adva}/belongs_to_author.rb +4 -4
- data/lib/adva/event.rb +34 -0
- data/lib/adva/extensible_forms.rb +285 -0
- data/lib/{has_options.rb → adva/has_options.rb} +5 -7
- data/lib/adva/has_permalink.rb +36 -0
- data/lib/adva/version.rb +1 -1
- data/lib/adva.rb +10 -36
- data/lib/rails_ext/action_controller/event_helper.rb +1 -1
- data/lib/rails_ext.rb +0 -9
- data/vendor/gems/cacheable_flash/.gitignore +8 -0
- data/vendor/gems/cacheable_flash/Gemfile +8 -0
- data/vendor/gems/cacheable_flash/README.md +35 -0
- data/vendor/gems/cacheable_flash/Rakefile +4 -0
- data/vendor/gems/cacheable_flash/bin/console +15 -0
- data/vendor/gems/cacheable_flash/bin/setup +8 -0
- data/vendor/gems/cacheable_flash/cacheable_flash.gemspec +38 -0
- data/vendor/gems/cacheable_flash/lib/cacheable_flash/controller.rb +29 -0
- data/vendor/gems/cacheable_flash/lib/cacheable_flash/javascript.js +19 -0
- data/vendor/gems/cacheable_flash/lib/cacheable_flash/middleware.rb +30 -0
- data/vendor/gems/cacheable_flash/lib/cacheable_flash/version.rb +5 -0
- data/vendor/gems/cacheable_flash/lib/cacheable_flash.rb +12 -0
- data/vendor/gems/simple_taggable/lib/tag_list.rb +1 -1
- data/vendor/gems/tags/lib/menu.rb +1 -1
- data/vendor/gems/tags/lib/tags/tag.rb +1 -1
- metadata +72 -145
- data/app/assets/javascripts/adva_cms/admin/jquery.admin.js +0 -23
- data/app/assets/javascripts/adva_cms/admin/jquery.article.js +0 -22
- data/app/assets/javascripts/adva_cms/admin/jquery.cached_pages.js +0 -14
- data/app/assets/javascripts/adva_cms/admin/jquery.table_tree.js +0 -7
- data/app/assets/javascripts/adva_cms/application.js +0 -13
- data/app/assets/javascripts/adva_cms/base.js +0 -4
- data/app/assets/javascripts/adva_cms/cookie.js +0 -49
- data/app/assets/javascripts/adva_cms/jquery/jquery-lowpro.js +0 -224
- data/app/assets/javascripts/adva_cms/jquery/jquery.qtip.js +0 -2085
- data/app/assets/javascripts/adva_cms/jquery/jquery.table_tree.js +0 -307
- data/app/assets/javascripts/adva_cms/jquery/jquery.tablednd_0_5.js +0 -386
- data/app/assets/javascripts/adva_cms/jquery.common.js +0 -41
- data/app/assets/javascripts/adva_cms/jquery.dates.js +0 -51
- data/app/assets/javascripts/adva_cms/jquery.flash.js +0 -59
- data/app/assets/javascripts/adva_cms/jquery.roles.js +0 -25
- data/app/assets/javascripts/adva_cms/json.js +0 -139
- data/app/controllers/admin/base_account_controller.rb +0 -13
- data/app/controllers/admin/install_controller.rb +0 -61
- data/app/controllers/admin/plugins_controller.rb +0 -38
- data/app/helpers/meta_tags_helper.rb +0 -30
- data/app/models/account.rb +0 -7
- data/app/models/event.rb +0 -34
- data/app/views/admin/articles/_meta_tags.html.erb +0 -7
- data/app/views/admin/cached_pages/_filter.html.erb +0 -8
- data/app/views/admin/cached_pages/destroy.js.erb +0 -18
- data/app/views/admin/cached_pages/index.html.erb +0 -26
- data/app/views/admin/plugins/_form.html.erb +0 -11
- data/app/views/admin/plugins/index.html.erb +0 -16
- data/app/views/admin/plugins/show.html.erb +0 -43
- data/app/views/admin/shared/_language_select.html.erb +0 -6
- data/app/views/admin/shared/_section_summary.html.erb +0 -23
- data/app/views/admin/sites/_meta_tags.html.erb +0 -15
- data/app/views/layouts/default.html.erb +0 -38
- data/app/views/layouts/simple.html.erb +0 -22
- data/app/views/shared/_footer.html.erb +0 -4
- data/app/views/shared/messages/insufficient_permissions.html.erb +0 -4
- data/config/initializers/article.rb +0 -8
- data/config/initializers/has_options.rb +0 -2
- data/config/initializers/has_permalink.rb +0 -2
- data/config/initializers/site.rb +0 -8
- data/config/locales/en.yml +0 -1319
- data/lib/action_controller/authenticate_anonymous.rb +0 -69
- data/lib/action_controller/authenticate_user.rb +0 -203
- data/lib/core_ext.rb +0 -7
- data/lib/extensible_forms.rb +0 -284
- data/lib/has_permalink.rb +0 -33
- data/lib/login/helper_integration.rb +0 -11
- data/lib/login/mail_config.rb +0 -39
- data/lib/rails_ext/action_controller/cacheable_flash.rb +0 -30
- data/lib/rails_ext/action_controller/content_for_assignments.rb +0 -106
- data/lib/rails_ext/action_controller/page_caching.rb +0 -23
- data/lib/rails_ext/action_controller/responds_to_parent.rb +0 -46
- data/lib/rails_ext/active_record/exists.rb +0 -5
- data/lib/rails_ext/active_record/sti_instantiation.rb +0 -35
- data/lib/rails_ext/active_record/sticky_changes.rb +0 -30
- data/lib/rails_ext/railties/plugin.rb +0 -58
- data/lib/rails_ext/railties/plugin_configuration.rb +0 -72
- data/lib/registry.rb +0 -49
- data/lib/tasks/translation.rake +0 -69
- data/lib/time_hacks.rb +0 -57
- data/lib/webrat_patch.rb +0 -11
- data/test/meta_tags_test.rb +0 -42
- data/vendor/gems/has_counter/.gitignore +0 -17
- data/vendor/gems/has_counter/Gemfile +0 -4
- data/vendor/gems/has_counter/LICENSE +0 -22
- data/vendor/gems/has_counter/MIT-LICENSE +0 -20
- data/vendor/gems/has_counter/README.markdown +0 -64
- data/vendor/gems/has_counter/README.md +0 -29
- data/vendor/gems/has_counter/Rakefile +0 -2
- data/vendor/gems/has_counter/db/migrate/20080601194338_create_counters_table.rb.rb +0 -13
- data/vendor/gems/has_counter/has_counter.gemspec +0 -17
- data/vendor/gems/has_counter/lib/active_record/has_counter.rb +0 -67
- data/vendor/gems/has_counter/lib/counter.rb +0 -23
- data/vendor/gems/has_counter/lib/has_counter/version.rb +0 -3
- data/vendor/gems/has_counter/lib/has_counter.rb +0 -4
- data/vendor/gems/has_counter/spec/has_counter.sqlite3.db +0 -0
- data/vendor/gems/has_counter/spec/has_counter_spec.rb +0 -55
- data/vendor/gems/has_counter/spec/spec_helper.rb +0 -117
- data/vendor/gems/has_filter/.gitignore +0 -17
- data/vendor/gems/has_filter/Gemfile +0 -4
- data/vendor/gems/has_filter/LICENSE +0 -22
- data/vendor/gems/has_filter/README.md +0 -29
- data/vendor/gems/has_filter/Rakefile +0 -2
- data/vendor/gems/has_filter/app/assets/images/has_filter/filter_add.png +0 -0
- data/vendor/gems/has_filter/app/assets/images/has_filter/filter_button_left.png +0 -0
- data/vendor/gems/has_filter/app/assets/images/has_filter/filter_button_right.png +0 -0
- data/vendor/gems/has_filter/app/assets/images/has_filter/filter_remove.png +0 -0
- data/vendor/gems/has_filter/app/assets/javascripts/has_filter/filter.js +0 -35
- data/vendor/gems/has_filter/app/assets/javascripts/has_filter/jquery.filter.js +0 -23
- data/vendor/gems/has_filter/app/assets/stylesheets/has_filter/alternate/filter.scss +0 -102
- data/vendor/gems/has_filter/app/assets/stylesheets/has_filter/filter.scss +0 -100
- data/vendor/gems/has_filter/app/helpers/filter_helper.rb +0 -3
- data/vendor/gems/has_filter/has_filter.gemspec +0 -17
- data/vendor/gems/has_filter/init.rb +0 -3
- data/vendor/gems/has_filter/lib/has_filter/active_record/act_macro.rb +0 -102
- data/vendor/gems/has_filter/lib/has_filter/filter/base.rb +0 -67
- data/vendor/gems/has_filter/lib/has_filter/filter/categorized.rb +0 -24
- data/vendor/gems/has_filter/lib/has_filter/filter/chain.rb +0 -45
- data/vendor/gems/has_filter/lib/has_filter/filter/set.rb +0 -80
- data/vendor/gems/has_filter/lib/has_filter/filter/state.rb +0 -25
- data/vendor/gems/has_filter/lib/has_filter/filter/tagged.rb +0 -22
- data/vendor/gems/has_filter/lib/has_filter/filter/text.rb +0 -55
- data/vendor/gems/has_filter/lib/has_filter/filter.rb +0 -17
- data/vendor/gems/has_filter/lib/has_filter/version.rb +0 -3
- data/vendor/gems/has_filter/lib/has_filter.rb +0 -22
- data/vendor/gems/has_filter/test/db/setup.rb +0 -45
- data/vendor/gems/has_filter/test/db/test.sqlite3.db +0 -0
- data/vendor/gems/has_filter/test/fixtures.rb +0 -15
- data/vendor/gems/has_filter/test/has_filter/filter_chain_test.rb +0 -41
- data/vendor/gems/has_filter/test/has_filter/filter_scopes_test.rb +0 -102
- data/vendor/gems/has_filter/test/has_filter/filter_tags_test.rb +0 -113
- data/vendor/gems/has_filter/test/has_filter/integration.rb +0 -15
- data/vendor/gems/has_filter/test/has_filter/scopes_test.rb +0 -48
- data/vendor/gems/has_filter/test/log/test.log +0 -34346
- data/vendor/gems/has_filter/test/models.rb +0 -23
- data/vendor/gems/has_filter/test/templates/has_filter/test/index.html.erb +0 -5
- data/vendor/gems/has_filter/test/test_helper.rb +0 -66
- data/vendor/gems/xss_terminate/.gitignore +0 -17
- data/vendor/gems/xss_terminate/Gemfile +0 -4
- data/vendor/gems/xss_terminate/LICENSE +0 -22
- data/vendor/gems/xss_terminate/MIT-LICENSE +0 -20
- data/vendor/gems/xss_terminate/README +0 -94
- data/vendor/gems/xss_terminate/README.md +0 -29
- data/vendor/gems/xss_terminate/Rakefile +0 -23
- data/vendor/gems/xss_terminate/lib/html5lib_sanitize.rb +0 -2453
- data/vendor/gems/xss_terminate/lib/rails_sanitize.rb +0 -8
- data/vendor/gems/xss_terminate/lib/xss_terminate/version.rb +0 -3
- data/vendor/gems/xss_terminate/lib/xss_terminate.rb +0 -141
- data/vendor/gems/xss_terminate/tasks/xss_terminate_tasks.rake +0 -7
- data/vendor/gems/xss_terminate/test/models/comment.rb +0 -5
- data/vendor/gems/xss_terminate/test/models/entry.rb +0 -7
- data/vendor/gems/xss_terminate/test/models/message.rb +0 -3
- data/vendor/gems/xss_terminate/test/models/person.rb +0 -5
- data/vendor/gems/xss_terminate/test/models/review.rb +0 -5
- data/vendor/gems/xss_terminate/test/schema.rb +0 -34
- data/vendor/gems/xss_terminate/test/setup_test.rb +0 -16
- data/vendor/gems/xss_terminate/test/xss_terminate_test.rb +0 -50
- data/vendor/gems/xss_terminate/xss_terminate.gemspec +0 -17
- /data/lib/tasks/{adva_cms.rake → adva.rake} +0 -0
@@ -1,141 +0,0 @@
|
|
1
|
-
# additions + refactorings:
|
2
|
-
#
|
3
|
-
# * allowed options to be passed as symbols (e.g. :sanitize => :body)
|
4
|
-
# * added an escape_html filter that acts the same way as CGI::escapeHTML does
|
5
|
-
# but leaves the & character unchanged (because that behaviour is not
|
6
|
-
# idempotent and results in & in & being escaped every time the filter
|
7
|
-
# is applied)
|
8
|
-
# * added explicit options to access the strip_tags and escape_html filters
|
9
|
-
# * added an option :none to completely turn off sanitizing for a class
|
10
|
-
# (useful e.g. for acts_as_versioned where versions don't need to be
|
11
|
-
# refiltered)
|
12
|
-
# * added an alias filters_attributes for xss_terminate (because this seems
|
13
|
-
# like a more descriptive method name and more in line with the Rails naming
|
14
|
-
# conventions)
|
15
|
-
# * added a module level option :default_filter to allow users to select the
|
16
|
-
# default filter
|
17
|
-
# * added a module level option :untaint_after_find and an after_find hook
|
18
|
-
# which untaints filtered attributes after the where retrieved from the
|
19
|
-
# database (in order to integrate nicely with SafeERB).
|
20
|
-
# * made :xss_terminate_options an superclass_delegating_reader in order to
|
21
|
-
# fix things for cases where a model gets included before XssTerminate is
|
22
|
-
# loaded
|
23
|
-
# * changed the filter process to now work with Arrays and Hashes (i.e. the
|
24
|
-
# ActiveRecord serializes feature)
|
25
|
-
# * changed the filter process to directly access @attributes instead of
|
26
|
-
# self[] (i.e. read/write_attribute) to circumvent any third-party additions
|
27
|
-
# that hook in here
|
28
|
-
# * renamed and refactored a bit more :)
|
29
|
-
|
30
|
-
require "xss_terminate/version"
|
31
|
-
require "rails_sanitize"
|
32
|
-
|
33
|
-
module XssTerminate
|
34
|
-
mattr_accessor :default_filter
|
35
|
-
@@default_filter = :strip_tags
|
36
|
-
|
37
|
-
mattr_accessor :untaint_after_find
|
38
|
-
@@untaint_after_find = false
|
39
|
-
|
40
|
-
mattr_accessor :sanitize_filters
|
41
|
-
@@sanitize_filters = [:html5lib_sanitize, :sanitize, :strip_tags, :escape]
|
42
|
-
|
43
|
-
def self.included(base)
|
44
|
-
base.extend(ClassMethods)
|
45
|
-
# sets up default of stripping tags for all fields
|
46
|
-
# base.send(:xss_terminate)
|
47
|
-
end
|
48
|
-
|
49
|
-
module ClassMethods
|
50
|
-
def xss_terminate(options = {})
|
51
|
-
before_save :sanitize_attributes!
|
52
|
-
|
53
|
-
class_attribute :xss_terminate_options
|
54
|
-
self.xss_terminate_options = {}
|
55
|
-
|
56
|
-
keys = [:except, *XssTerminate.sanitize_filters]
|
57
|
-
options.assert_valid_keys :none, *keys
|
58
|
-
|
59
|
-
keys.each do |key|
|
60
|
-
option = options[key] || []
|
61
|
-
self.xss_terminate_options[key] = option.is_a?(Array) ? option : [option]
|
62
|
-
end
|
63
|
-
self.xss_terminate_options[:none] = options[:none]
|
64
|
-
|
65
|
-
include XssTerminate::InstanceMethods
|
66
|
-
end
|
67
|
-
|
68
|
-
alias :filters_attributes :xss_terminate
|
69
|
-
end
|
70
|
-
|
71
|
-
module InstanceMethods
|
72
|
-
def after_find
|
73
|
-
@attributes.each do |name, value|
|
74
|
-
unless xss_terminate_options[:except].include?(name.to_sym)
|
75
|
-
@attributes[name].untaint
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
def sanitize_attributes!
|
81
|
-
# puts "sanitize attributes #{self.inspect}"
|
82
|
-
return if xss_terminate_options[:none]
|
83
|
-
select_attributes_to_sanitize.each do |attribute|
|
84
|
-
filter = select_sanitize_filter(attribute)
|
85
|
-
sanitize_attribute! filter, @attributes[attribute]
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
def sanitize_attribute!(filter, value)
|
90
|
-
case value
|
91
|
-
when Array
|
92
|
-
value.map{|v| sanitize_attribute!(filter, v) }
|
93
|
-
when Hash
|
94
|
-
value.each{|k, v| sanitize_attribute!(filter, v) }
|
95
|
-
value
|
96
|
-
when String
|
97
|
-
# TODO is it safe to exclude frozen strings? this ran into an error
|
98
|
-
# when with a polymorphic object_type attribute (User#save_roles)
|
99
|
-
value.replace send(filter, value) unless value.frozen?
|
100
|
-
when ActiveRecord::Base, Numeric, NilClass, TrueClass, FalseClass
|
101
|
-
# nothing to sanitize
|
102
|
-
else
|
103
|
-
Rails.logger.warn "can't sanitize #{value.class.name} #{value.inspect}"
|
104
|
-
end
|
105
|
-
end
|
106
|
-
|
107
|
-
def select_attributes_to_sanitize
|
108
|
-
self.class.columns.select do |column|
|
109
|
-
[:string, :text].include?(column.type) &&
|
110
|
-
!xss_terminate_options[:except].include?(column.name.to_sym)
|
111
|
-
end.map(&:name)
|
112
|
-
end
|
113
|
-
|
114
|
-
def select_sanitize_filter(attribute)
|
115
|
-
XssTerminate.sanitize_filters.detect do |filter|
|
116
|
-
xss_terminate_options[filter].include?(attribute.to_sym)
|
117
|
-
end || XssTerminate.default_filter
|
118
|
-
end
|
119
|
-
|
120
|
-
def html5lib_sanitize(value)
|
121
|
-
HTML5libSanitize.new.sanitize_html(value)
|
122
|
-
end
|
123
|
-
|
124
|
-
def sanitize(value)
|
125
|
-
RailsSanitize.white_list_sanitizer.sanitize(value)
|
126
|
-
end
|
127
|
-
|
128
|
-
def strip_tags(value)
|
129
|
-
RailsSanitize.full_sanitizer.sanitize(value)
|
130
|
-
end
|
131
|
-
|
132
|
-
# Can't use CGI::escapeHTML for this because it also escapes & to &
|
133
|
-
# which isn't idempotent (i.e. saving the same value multiple times would
|
134
|
-
# cause the & in & being escaped every time).
|
135
|
-
def escape(value)
|
136
|
-
replace = { '"' => '"', '<' => '<', '>' => '>' }
|
137
|
-
value.gsub(/["<>]/){|char| replace[char] }
|
138
|
-
end
|
139
|
-
end
|
140
|
-
end
|
141
|
-
ActiveRecord::Base.send :include, XssTerminate
|
@@ -1,34 +0,0 @@
|
|
1
|
-
ActiveRecord::Schema.define(:version => 0) do
|
2
|
-
create_table :people, :force => true do |t|
|
3
|
-
t.column :name, :string
|
4
|
-
end
|
5
|
-
|
6
|
-
create_table :entries, :force => true do |t|
|
7
|
-
t.column :title, :string
|
8
|
-
t.column :body, :text
|
9
|
-
t.column :extended, :text
|
10
|
-
t.column :person_id, :integer
|
11
|
-
t.column :created_on, :datetime
|
12
|
-
end
|
13
|
-
|
14
|
-
create_table :comments, :force => true do |t|
|
15
|
-
t.column :person_id, :integer
|
16
|
-
t.column :title, :string
|
17
|
-
t.column :body, :text
|
18
|
-
t.column :created_on, :datetime
|
19
|
-
end
|
20
|
-
|
21
|
-
create_table :messages, :force => true do |t|
|
22
|
-
t.column :person_id, :integer
|
23
|
-
t.column :recipient_id, :integer
|
24
|
-
t.column :body, :text
|
25
|
-
end
|
26
|
-
|
27
|
-
create_table :reviews, :force => true do |t|
|
28
|
-
t.column :title, :string
|
29
|
-
t.column :body, :text
|
30
|
-
t.column :extended, :text
|
31
|
-
t.column :person_id, :integer
|
32
|
-
t.column :created_on, :datetime
|
33
|
-
end
|
34
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# borrowed from err who borrowed from topfunky who borrowed from...
|
2
|
-
|
3
|
-
# set up test environment
|
4
|
-
RAILS_ENV = 'test'
|
5
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb'))
|
6
|
-
require 'test/unit'
|
7
|
-
|
8
|
-
# load test schema
|
9
|
-
load(File.dirname(__FILE__) + "/schema.rb")
|
10
|
-
|
11
|
-
# load test models
|
12
|
-
require File.join(File.dirname(__FILE__), 'models/person')
|
13
|
-
require File.join(File.dirname(__FILE__), 'models/entry')
|
14
|
-
require File.join(File.dirname(__FILE__), 'models/comment')
|
15
|
-
require File.join(File.dirname(__FILE__), 'models/message')
|
16
|
-
require File.join(File.dirname(__FILE__), 'models/review')
|
@@ -1,50 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), 'setup_test')
|
2
|
-
|
3
|
-
class XssTerminateTest < Test::Unit::TestCase
|
4
|
-
def test_strip_tags_on_discovered_fields
|
5
|
-
c = Comment.create!(:title => "<script>alert('xss in title')</script>",
|
6
|
-
:body => "<script>alert('xss in body')</script>")
|
7
|
-
|
8
|
-
assert_equal "alert('xss in title')", c.title
|
9
|
-
|
10
|
-
assert_equal "alert('xss in body')", c.body
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_rails_sanitization_on_specified_fields
|
14
|
-
e = Entry.create!(:title => "<script>alert('xss in title')</script>",
|
15
|
-
:body => "<script>alert('xss in body')</script>",
|
16
|
-
:extended => "<script>alert('xss in extended')</script>",
|
17
|
-
:person_id => 1)
|
18
|
-
|
19
|
-
assert_equal [:body, :extended], e.xss_terminate_options[:sanitize]
|
20
|
-
|
21
|
-
assert_equal "alert('xss in title')", e.title
|
22
|
-
|
23
|
-
assert_equal "", e.body
|
24
|
-
|
25
|
-
assert_equal "", e.extended
|
26
|
-
end
|
27
|
-
|
28
|
-
def test_excepting_specified_fields
|
29
|
-
p = Person.create!(:name => "<strong>Mallory</strong>")
|
30
|
-
|
31
|
-
assert_equal [:name], p.xss_terminate_options[:except]
|
32
|
-
|
33
|
-
assert_equal "<strong>Mallory</strong>", p.name
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_html5lib_sanitization_on_specified_fields
|
37
|
-
r = Review.create!(:title => "<script>alert('xss in title')</script>",
|
38
|
-
:body => "<script>alert('xss in body')</script>",
|
39
|
-
:extended => "<script>alert('xss in extended')</script>",
|
40
|
-
:person_id => 1)
|
41
|
-
|
42
|
-
assert_equal [:body, :extended], r.xss_terminate_options[:html5lib_sanitize]
|
43
|
-
|
44
|
-
assert_equal "alert('xss in title')", r.title
|
45
|
-
|
46
|
-
assert_equal "<script>alert('xss in body')</script>", r.body
|
47
|
-
|
48
|
-
assert_equal "<script>alert('xss in extended')</script>", r.extended
|
49
|
-
end
|
50
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
# -*- encoding: utf-8 -*-
|
2
|
-
require File.expand_path('../lib/xss_terminate/version', __FILE__)
|
3
|
-
|
4
|
-
Gem::Specification.new do |gem|
|
5
|
-
gem.authors = ["Micah Geisel"]
|
6
|
-
gem.email = ["micah@botandrose.com"]
|
7
|
-
gem.description = %q{TODO: Write a gem description}
|
8
|
-
gem.summary = %q{TODO: Write a gem summary}
|
9
|
-
gem.homepage = ""
|
10
|
-
|
11
|
-
gem.files = `git ls-files`.split($\)
|
12
|
-
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
13
|
-
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
|
-
gem.name = "xss_terminate"
|
15
|
-
gem.require_paths = ["lib"]
|
16
|
-
gem.version = XssTerminate::VERSION
|
17
|
-
end
|
File without changes
|