air18n 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/air18n/version.rb +1 -1
- data/lib/air18n/xss_detector.rb +11 -3
- data/spec/lib/air18n/xss_detector_spec.rb +6 -7
- metadata +2 -2
data/lib/air18n/version.rb
CHANGED
data/lib/air18n/xss_detector.rb
CHANGED
|
@@ -5,12 +5,12 @@ module Air18n
|
|
|
5
5
|
def safe?(text_a, text_b)
|
|
6
6
|
text_a = text_a.to_s
|
|
7
7
|
text_b = text_b.to_s
|
|
8
|
-
tags_a = extract_tags(text_a)
|
|
9
|
-
tags_b = extract_tags(text_b)
|
|
8
|
+
tags_a = normalize_tags(extract_tags(text_a))
|
|
9
|
+
tags_b = normalize_tags(extract_tags(text_b))
|
|
10
10
|
if has_dubious_escape_characters?(text_a) || has_dubious_escape_characters?(text_b)
|
|
11
11
|
{ :safe => false, :reason => 'Backslashes are not allowed' }
|
|
12
12
|
elsif tags_a != tags_b
|
|
13
|
-
{ :safe => false, :reason => "HTML tags don't match: #{tags_a.inspect} vs #{tags_b.inspect}" }
|
|
13
|
+
{ :safe => false, :reason => "HTML tags don't match: #{tags_a.inspect} vs. #{tags_b.inspect}" }
|
|
14
14
|
else
|
|
15
15
|
{ :safe => true }
|
|
16
16
|
end
|
|
@@ -43,5 +43,13 @@ module Air18n
|
|
|
43
43
|
end
|
|
44
44
|
tags
|
|
45
45
|
end
|
|
46
|
+
|
|
47
|
+
def normalize_tags(tags)
|
|
48
|
+
tags.map do |tag|
|
|
49
|
+
# Normalize double-quotes to single-quotes to allow differences in type
|
|
50
|
+
# of quotation mark.
|
|
51
|
+
tag.gsub('"', "'")
|
|
52
|
+
end
|
|
53
|
+
end
|
|
46
54
|
end
|
|
47
55
|
end
|
|
@@ -23,8 +23,12 @@ describe Air18n::XssDetector do
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
it "should detect tag mismatches" do
|
|
26
|
-
Air18n::XssDetector::safe?("<tag>", "safe").should == { :safe => false, :reason => "HTML tags don't match: #{['<tag>'].inspect} vs #{[].inspect}" }
|
|
27
|
-
Air18n::XssDetector::safe?("safe", "<tag>").should == { :safe => false, :reason => "HTML tags don't match: #{[].inspect} vs #{['<tag>'].inspect}" }
|
|
26
|
+
Air18n::XssDetector::safe?("<tag>", "safe").should == { :safe => false, :reason => "HTML tags don't match: #{['<tag>'].inspect} vs. #{[].inspect}" }
|
|
27
|
+
Air18n::XssDetector::safe?("safe", "<tag>").should == { :safe => false, :reason => "HTML tags don't match: #{[].inspect} vs. #{['<tag>'].inspect}" }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
it "should allow quote mismatches in tags" do
|
|
31
|
+
Air18n::XssDetector::safe?("<tag href='hi'>", "<tag href=\"hi\">").should == { :safe => true }
|
|
28
32
|
end
|
|
29
33
|
end
|
|
30
34
|
|
|
@@ -39,9 +43,4 @@ describe Air18n::XssDetector do
|
|
|
39
43
|
test('Success! You\'ve invited %{number} friends. <a href="/referrals">Invite <b>more</b>.</a>', ['<a href="/referrals">', '<b>', '</b>', '</a>'])
|
|
40
44
|
end
|
|
41
45
|
end
|
|
42
|
-
|
|
43
|
-
describe 'Robustness to various input formats' do
|
|
44
|
-
it 'should not barf on arrays' do
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
46
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: air18n
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2012-05-
|
|
16
|
+
date: 2012-05-11 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: i18n
|