air18n 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/air18n/version.rb +1 -1
- data/lib/air18n/xss_detector.rb +11 -3
- data/spec/lib/air18n/xss_detector_spec.rb +6 -7
- metadata +2 -2
data/lib/air18n/version.rb
CHANGED
data/lib/air18n/xss_detector.rb
CHANGED
|
@@ -5,12 +5,12 @@ module Air18n
|
|
|
5
5
|
def safe?(text_a, text_b)
|
|
6
6
|
text_a = text_a.to_s
|
|
7
7
|
text_b = text_b.to_s
|
|
8
|
-
tags_a = extract_tags(text_a)
|
|
9
|
-
tags_b = extract_tags(text_b)
|
|
8
|
+
tags_a = normalize_tags(extract_tags(text_a))
|
|
9
|
+
tags_b = normalize_tags(extract_tags(text_b))
|
|
10
10
|
if has_dubious_escape_characters?(text_a) || has_dubious_escape_characters?(text_b)
|
|
11
11
|
{ :safe => false, :reason => 'Backslashes are not allowed' }
|
|
12
12
|
elsif tags_a != tags_b
|
|
13
|
-
{ :safe => false, :reason => "HTML tags don't match: #{tags_a.inspect} vs #{tags_b.inspect}" }
|
|
13
|
+
{ :safe => false, :reason => "HTML tags don't match: #{tags_a.inspect} vs. #{tags_b.inspect}" }
|
|
14
14
|
else
|
|
15
15
|
{ :safe => true }
|
|
16
16
|
end
|
|
@@ -43,5 +43,13 @@ module Air18n
|
|
|
43
43
|
end
|
|
44
44
|
tags
|
|
45
45
|
end
|
|
46
|
+
|
|
47
|
+
def normalize_tags(tags)
|
|
48
|
+
tags.map do |tag|
|
|
49
|
+
# Normalize double-quotes to single-quotes to allow differences in type
|
|
50
|
+
# of quotation mark.
|
|
51
|
+
tag.gsub('"', "'")
|
|
52
|
+
end
|
|
53
|
+
end
|
|
46
54
|
end
|
|
47
55
|
end
|
|
@@ -23,8 +23,12 @@ describe Air18n::XssDetector do
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
it "should detect tag mismatches" do
|
|
26
|
-
Air18n::XssDetector::safe?("<tag>", "safe").should == { :safe => false, :reason => "HTML tags don't match: #{['<tag>'].inspect} vs #{[].inspect}" }
|
|
27
|
-
Air18n::XssDetector::safe?("safe", "<tag>").should == { :safe => false, :reason => "HTML tags don't match: #{[].inspect} vs #{['<tag>'].inspect}" }
|
|
26
|
+
Air18n::XssDetector::safe?("<tag>", "safe").should == { :safe => false, :reason => "HTML tags don't match: #{['<tag>'].inspect} vs. #{[].inspect}" }
|
|
27
|
+
Air18n::XssDetector::safe?("safe", "<tag>").should == { :safe => false, :reason => "HTML tags don't match: #{[].inspect} vs. #{['<tag>'].inspect}" }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
it "should allow quote mismatches in tags" do
|
|
31
|
+
Air18n::XssDetector::safe?("<tag href='hi'>", "<tag href=\"hi\">").should == { :safe => true }
|
|
28
32
|
end
|
|
29
33
|
end
|
|
30
34
|
|
|
@@ -39,9 +43,4 @@ describe Air18n::XssDetector do
|
|
|
39
43
|
test('Success! You\'ve invited %{number} friends. <a href="/referrals">Invite <b>more</b>.</a>', ['<a href="/referrals">', '<b>', '</b>', '</a>'])
|
|
40
44
|
end
|
|
41
45
|
end
|
|
42
|
-
|
|
43
|
-
describe 'Robustness to various input formats' do
|
|
44
|
-
it 'should not barf on arrays' do
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
46
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: air18n
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2012-05-
|
|
16
|
+
date: 2012-05-11 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: i18n
|