angular_xss 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bd5001cfe150eb1c470f46cdabc75fa7c93c6eda
|
4
|
+
data.tar.gz: d3fa3b7a9ea77d3f47bb4ff3adec608427f8bb83
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 770c23bad28c0c1f9e46495e292e3bce47741e423fdece2735c980c74c0ac9b202766e614153270179d8027424a0054267299b33bd7b6b0619a5d3ca1b737376
|
7
|
+
data.tar.gz: 84e8ab293070e44d74242692147e15e0b505c1c5bdd7ca1856893115160fba93fd04c650fe026589e3f583b170b7f12a0633c709522af70754ebafbdc0ec61b3
|
data/lib/angular_xss.rb
CHANGED
data/lib/angular_xss/version.rb
CHANGED
data/spec/rails-2.3/Gemfile.lock
CHANGED
data/spec/rails-3.2/Gemfile.lock
CHANGED
@@ -4,13 +4,6 @@
|
|
4
4
|
|
5
5
|
{{safe}}
|
6
6
|
|
7
|
-
%div{:foo => '{{safe}}'.html_safe, :bar => '{{unsafe}}'}
|
8
|
-
{{safe}}
|
9
|
-
|
10
|
-
-# We can't support Angular interpolations in class and id attributes.
|
11
|
-
-# This is a limitation of Haml.
|
12
|
-
%div{:class => '{{unsafe_id}}', :id => '{{unsafe_id}}'}
|
13
|
-
|
14
7
|
= '{{unsafe}}'
|
15
8
|
= '{{unsafe}}'
|
16
9
|
= '{{unsafe}}'
|
@@ -21,3 +14,19 @@
|
|
21
14
|
= '{{unsafe}}'
|
22
15
|
= '{{unsafe}}'
|
23
16
|
= '{{unsafe}}'
|
17
|
+
|
18
|
+
-# HTML attributes in Haml work in different ways:
|
19
|
+
-# 1. Under certain conditions, attributes are precompiled.
|
20
|
+
-# We never have to escape those because they can not contain user input.
|
21
|
+
-# 2. Whenever there is a Ruby call on attributes, Haml will have to evaluate
|
22
|
+
-# them at runtime. Since they can contain user input, XSS logic applies.
|
23
|
+
|
24
|
+
-# Precompiled:
|
25
|
+
%div(foo='{{safe}}')
|
26
|
+
%div{:class => '{{safe}}', :id => '{{safe}}'}
|
27
|
+
|
28
|
+
-# Compiled at runtime:
|
29
|
+
%div{:class => '{{unsafe}}', :id => '{{unsafe}}', :foo => rand}
|
30
|
+
%div(bar="#{'{{unsafe}}'}")
|
31
|
+
%div{:foo => '{{safe}}'.html_safe, :bar => '{{unsafe}}'}
|
32
|
+
{{safe}}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: angular_xss
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Henning Koch
|
@@ -52,6 +52,7 @@ files:
|
|
52
52
|
- Rakefile
|
53
53
|
- angular_xss.gemspec
|
54
54
|
- lib/angular_xss.rb
|
55
|
+
- lib/angular_xss/action_view.rb
|
55
56
|
- lib/angular_xss/erb.rb
|
56
57
|
- lib/angular_xss/escaper.rb
|
57
58
|
- lib/angular_xss/haml.rb
|