angular_xss 0.2.2 → 0.4.0

data/lib/angular_xss/safe_buffer.rb

@@ -4,15 +4,16 @@ ActiveSupport::SafeBuffer.class_eval do
 
     private
 
-    def html_escape_interpolated_argument_with_rails_xss(arg)
+    def html_escape_interpolated_argument_with_angular_xss(arg)
       if arg.html_safe?
         arg
       else
-        html_escape_interpolated_argument_without_rails_xss(AngularXss::Escaper.escape(arg))
+        html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
       end
     end
 
-    alias_method_chain :html_escape_interpolated_argument, :rails_xss
+    alias_method :html_escape_interpolated_argument_without_angular_xss, :html_escape_interpolated_argument
+    alias_method :html_escape_interpolated_argument, :html_escape_interpolated_argument_with_angular_xss
 
   end
 

data/lib/angular_xss/version.rb

@@ -1,3 +1,3 @@
 module AngularXss
-  VERSION = '0.2.2'
+  VERSION = '0.4.0'
 end

data/spec/{shared/tests → angular_xss}/erb_spec.rb

@@ -2,6 +2,6 @@ require 'spec_helper'
 
 describe 'Angular XSS prevention in ERB', :type => :view do
 
-  it_should_act_like 'engine preventing Angular XSS', :partial => 'test/test_erb'
+  it_should_behave_like 'engine preventing Angular XSS', :partial => 'test_erb'
 
 end

data/spec/{shared/tests → angular_xss}/haml_spec.rb

@@ -2,6 +2,6 @@ require 'spec_helper'
 
 describe 'Angular XSS prevention in Haml', :type => :view do
 
-  it_should_act_like 'engine preventing Angular XSS', :partial => 'test/test_haml'
+  it_should_behave_like 'engine preventing Angular XSS', :partial => 'test_haml'
 
 end

data/spec/angular_xss/safe_buffer_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe ActiveSupport::SafeBuffer do
+
+  it 'still allows concatting nil' do
+    expect { subject << nil }.to_not raise_error
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,37 @@
+require 'pathname'
+require 'active_support/all'
+require 'action_dispatch'
+require 'action_view'
+
+begin
+  # Rails 3.2
+  require 'rails'
+rescue LoadError
+  # Rails 4+
+end
+
+module Rails
+  def self.env
+    'test'.inquiry
+  end
+end
+
+require 'haml'
+require 'haml/template'
+
+require 'angular_xss'
+
+
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+TEMPLATE_ROOT = Pathname.new(__dir__).join('templates')
+
+
+RSpec.configure do |config|
+  config.mock_with :rspec do |c|
+    c.syntax = [:should, :expect]
+  end
+  config.expect_with :rspec do |c|
+    c.syntax = [:should, :expect]
+  end
+end

data/spec/{shared/support → support}/engine_preventing_angular_xss.rb

@@ -1,17 +1,23 @@
-shared_examples_for 'engine preventing Angular XSS' do
+shared_examples_for 'engine preventing Angular XSS' do |partial:|
 
-  let(:engine) { respond_to?(:view) ? view : template }
+  let(:path_set) { ActionView::LookupContext.new([TEMPLATE_ROOT]) }
+
+  if defined?(ActionView::VERSION) && ActionView::VERSION::MAJOR >= 6
+    let(:engine) { ActionView::Base.with_empty_template_cache.new(path_set, {}, nil) }
+  else
+    let(:engine) { ActionView::Base.new(path_set) }
+  end
 
   let(:html) { engine.render(partial) }
 
   it 'escapes Angular interpolation marks in unsafe strings' do
     html.should_not include('{{unsafe}}')
-    html.should include(' { { unsafe}}')
+    html.should include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
   end
 
   it 'recognizes the many ways to express an opening curly brace in HTML' do
 
-    html.should include(" { { unsafe}}")
+    html.should include("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}")
     html.should_not include("{{unsafe}}")
 
     braces = [
@@ -37,7 +43,7 @@ shared_examples_for 'engine preventing Angular XSS' do
 
   it 'does not escape Angular interpolation marks in safe strings' do
     html.should include("{{safe}}")
-    html.should_not include(" { { safe}}")
+    html.should_not include("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}safe}}")
   end
 
   it 'does not escape Angular interpolation marks in a block where AngularXSS is disabled' do
@@ -47,7 +53,7 @@ shared_examples_for 'engine preventing Angular XSS' do
     end
 
     result.should include('{{unsafe}}')
-    result.should_not include(' { { unsafe}}')
+    result.should_not include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
   end
 
   it 'does escape Angular interpolation marks after the block where AngularXSS is disabled' do
@@ -55,7 +61,7 @@ shared_examples_for 'engine preventing Angular XSS' do
     end
     result = html
 
-    result.should include(' { { unsafe}}')
+    result.should include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
     result.should_not include('{{unsafe}}')
   end
 
@@ -68,8 +74,14 @@ shared_examples_for 'engine preventing Angular XSS' do
       end
     }.should raise_error(SomeException)
 
-    html.should include(' { { unsafe}}')
+    html.should include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
     html.should_not include('{{unsafe}}')
   end
 
+  it 'does not escape twice' do
+    escaped = AngularXss::Escaper.escape('{{')
+    double_escaped = AngularXss::Escaper.escape(escaped)
+    html.should_not include(double_escaped)
+  end
+
 end

data/spec/{shared/app_root/app/views/test → templates}/_test_haml.haml

@@ -29,7 +29,9 @@
 %div{:class => '{{safe}}', :id => '{{safe}}'}
 
 -# Compiled at runtime:
-%div{:class => '{{unsafe}}', :id => '{{unsafe}}', :foo => rand}
-%div(bar="#{'{{unsafe}}'}")
-%div{:foo => '{{safe}}'.html_safe, :bar => '{{unsafe}}'}
+- unsafe = '{{unsafe}}'
+- safe = '{{safe}}'.html_safe
+%div{:class => unsafe, :id => unsafe}
+%div(bar="#{unsafe}")
+  %div{:foo => safe, :bar => unsafe}
   {{safe}}

metadata

@@ -1,64 +1,69 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: angular_xss
-version: !ruby/object:Gem::Version 
-  hash: 19
-  prerelease: 
-  segments: 
-  - 0
-  - 2
-  - 2
-  version: 0.2.2
+version: !ruby/object:Gem::Version
+  version: 0.4.0
 platform: ruby
-authors: 
+authors:
 - Henning Koch
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2015-04-17 00:00:00 +02:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2021-08-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: haml
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: haml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 9
-        segments: 
-        - 3
-        - 1
-        - 5
+      - !ruby/object:Gem::Version
         version: 3.1.5
   type: :runtime
-  version_requirements: *id002
-description: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in unsafe strings.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.5
+description: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped
+  in unsafe strings.
 email: henning.koch@makandra.de
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
-- .gitignore
-- .travis.yml
+files:
+- ".github/workflows/test.yml"
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- Gemfile.rails-3.2
+- Gemfile.rails-3.2.lock
+- Gemfile.rails-4.2.haml-4
+- Gemfile.rails-4.2.haml-4.lock
+- Gemfile.rails-4.2.haml-5
+- Gemfile.rails-4.2.haml-5.lock
+- Gemfile.rails-5.1.haml-4
+- Gemfile.rails-5.1.haml-4.lock
+- Gemfile.rails-5.1.haml-5
+- Gemfile.rails-5.1.haml-5.lock
+- Gemfile.rails-6.1.haml-5
+- Gemfile.rails-6.1.haml-5.lock
 - LICENSE
 - README.md
 - Rakefile
@@ -70,172 +75,42 @@ files:
 - lib/angular_xss/haml.rb
 - lib/angular_xss/safe_buffer.rb
 - lib/angular_xss/version.rb
-- spec/rails-2.3/Gemfile
-- spec/rails-2.3/Gemfile.lock
-- spec/rails-2.3/Rakefile
-- spec/rails-2.3/app_root/config/boot.rb
-- spec/rails-2.3/app_root/config/database.yml
-- spec/rails-2.3/app_root/config/environment.rb
-- spec/rails-2.3/app_root/config/environments/test.rb
-- spec/rails-2.3/app_root/config/preinitializer.rb
-- spec/rails-2.3/app_root/config/routes.rb
-- spec/rails-2.3/app_root/lib/console_with_fixtures.rb
-- spec/rails-2.3/app_root/log/.gitignore
-- spec/rails-2.3/app_root/script/console
-- spec/rails-2.3/rcov.opts
-- spec/rails-2.3/spec.opts
-- spec/rails-2.3/spec/spec_helper.rb
-- spec/rails-3.2/.rspec
-- spec/rails-3.2/Gemfile
-- spec/rails-3.2/Gemfile.lock
-- spec/rails-3.2/Rakefile
-- spec/rails-3.2/app_root/.gitignore
-- spec/rails-3.2/app_root/config/application.rb
-- spec/rails-3.2/app_root/config/boot.rb
-- spec/rails-3.2/app_root/config/database.yml
-- spec/rails-3.2/app_root/config/environment.rb
-- spec/rails-3.2/app_root/config/environments/test.rb
-- spec/rails-3.2/app_root/config/initializers/backtrace_silencers.rb
-- spec/rails-3.2/app_root/config/initializers/inflections.rb
-- spec/rails-3.2/app_root/config/initializers/mime_types.rb
-- spec/rails-3.2/app_root/config/initializers/secret_token.rb
-- spec/rails-3.2/app_root/config/initializers/session_store.rb
-- spec/rails-3.2/app_root/config/routes.rb
-- spec/rails-3.2/app_root/lib/tasks/.gitkeep
-- spec/rails-3.2/app_root/log/.gitkeep
-- spec/rails-3.2/app_root/script/rails
-- spec/rails-3.2/rcov.opts
-- spec/rails-3.2/spec/spec_helper.rb
-- spec/rails-4.2/.rspec
-- spec/rails-4.2/Gemfile
-- spec/rails-4.2/Gemfile.lock
-- spec/rails-4.2/Rakefile
-- spec/rails-4.2/app_root/.gitignore
-- spec/rails-4.2/app_root/config/application.rb
-- spec/rails-4.2/app_root/config/boot.rb
-- spec/rails-4.2/app_root/config/database.yml
-- spec/rails-4.2/app_root/config/environment.rb
-- spec/rails-4.2/app_root/config/environments/test.rb
-- spec/rails-4.2/app_root/config/initializers/backtrace_silencers.rb
-- spec/rails-4.2/app_root/config/initializers/inflections.rb
-- spec/rails-4.2/app_root/config/initializers/mime_types.rb
-- spec/rails-4.2/app_root/config/initializers/secret_token.rb
-- spec/rails-4.2/app_root/config/initializers/session_store.rb
-- spec/rails-4.2/app_root/config/routes.rb
-- spec/rails-4.2/app_root/lib/tasks/.gitkeep
-- spec/rails-4.2/app_root/log/.gitkeep
-- spec/rails-4.2/app_root/script/rails
-- spec/rails-4.2/rcov.opts
-- spec/rails-4.2/spec/spec_helper.rb
-- spec/shared/app_root/app/controllers/application_controller.rb
-- spec/shared/app_root/app/helpers/application_helper.rb
-- spec/shared/app_root/app/models/.gitkeep
-- spec/shared/app_root/app/views/test/_test_erb.erb
-- spec/shared/app_root/app/views/test/_test_haml.haml
-- spec/shared/app_root/config/database.yml
-- spec/shared/app_root/db/migrate/.gitkeep
-- spec/shared/support/engine_preventing_angular_xss.rb
-- spec/shared/tests/erb_spec.rb
-- spec/shared/tests/haml_spec.rb
-has_rdoc: true
+- spec/angular_xss/erb_spec.rb
+- spec/angular_xss/haml_spec.rb
+- spec/angular_xss/safe_buffer_spec.rb
+- spec/spec_helper.rb
+- spec/support/engine_preventing_angular_xss.rb
+- spec/templates/_test_erb.erb
+- spec/templates/_test_haml.haml
 homepage: https://github.com/makandra/angular_xss
-licenses: 
+licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
-rubyforge_project: 
-rubygems_version: 1.6.2
+rubygems_version: 3.1.4
 signing_key: 
-specification_version: 3
-summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in unsafe strings.
-test_files: 
-- spec/rails-2.3/Gemfile
-- spec/rails-2.3/Gemfile.lock
-- spec/rails-2.3/Rakefile
-- spec/rails-2.3/app_root/config/boot.rb
-- spec/rails-2.3/app_root/config/database.yml
-- spec/rails-2.3/app_root/config/environment.rb
-- spec/rails-2.3/app_root/config/environments/test.rb
-- spec/rails-2.3/app_root/config/preinitializer.rb
-- spec/rails-2.3/app_root/config/routes.rb
-- spec/rails-2.3/app_root/lib/console_with_fixtures.rb
-- spec/rails-2.3/app_root/log/.gitignore
-- spec/rails-2.3/app_root/script/console
-- spec/rails-2.3/rcov.opts
-- spec/rails-2.3/spec.opts
-- spec/rails-2.3/spec/spec_helper.rb
-- spec/rails-3.2/.rspec
-- spec/rails-3.2/Gemfile
-- spec/rails-3.2/Gemfile.lock
-- spec/rails-3.2/Rakefile
-- spec/rails-3.2/app_root/.gitignore
-- spec/rails-3.2/app_root/config/application.rb
-- spec/rails-3.2/app_root/config/boot.rb
-- spec/rails-3.2/app_root/config/database.yml
-- spec/rails-3.2/app_root/config/environment.rb
-- spec/rails-3.2/app_root/config/environments/test.rb
-- spec/rails-3.2/app_root/config/initializers/backtrace_silencers.rb
-- spec/rails-3.2/app_root/config/initializers/inflections.rb
-- spec/rails-3.2/app_root/config/initializers/mime_types.rb
-- spec/rails-3.2/app_root/config/initializers/secret_token.rb
-- spec/rails-3.2/app_root/config/initializers/session_store.rb
-- spec/rails-3.2/app_root/config/routes.rb
-- spec/rails-3.2/app_root/lib/tasks/.gitkeep
-- spec/rails-3.2/app_root/log/.gitkeep
-- spec/rails-3.2/app_root/script/rails
-- spec/rails-3.2/rcov.opts
-- spec/rails-3.2/spec/spec_helper.rb
-- spec/rails-4.2/.rspec
-- spec/rails-4.2/Gemfile
-- spec/rails-4.2/Gemfile.lock
-- spec/rails-4.2/Rakefile
-- spec/rails-4.2/app_root/.gitignore
-- spec/rails-4.2/app_root/config/application.rb
-- spec/rails-4.2/app_root/config/boot.rb
-- spec/rails-4.2/app_root/config/database.yml
-- spec/rails-4.2/app_root/config/environment.rb
-- spec/rails-4.2/app_root/config/environments/test.rb
-- spec/rails-4.2/app_root/config/initializers/backtrace_silencers.rb
-- spec/rails-4.2/app_root/config/initializers/inflections.rb
-- spec/rails-4.2/app_root/config/initializers/mime_types.rb
-- spec/rails-4.2/app_root/config/initializers/secret_token.rb
-- spec/rails-4.2/app_root/config/initializers/session_store.rb
-- spec/rails-4.2/app_root/config/routes.rb
-- spec/rails-4.2/app_root/lib/tasks/.gitkeep
-- spec/rails-4.2/app_root/log/.gitkeep
-- spec/rails-4.2/app_root/script/rails
-- spec/rails-4.2/rcov.opts
-- spec/rails-4.2/spec/spec_helper.rb
-- spec/shared/app_root/app/controllers/application_controller.rb
-- spec/shared/app_root/app/helpers/application_helper.rb
-- spec/shared/app_root/app/models/.gitkeep
-- spec/shared/app_root/app/views/test/_test_erb.erb
-- spec/shared/app_root/app/views/test/_test_haml.haml
-- spec/shared/app_root/config/database.yml
-- spec/shared/app_root/db/migrate/.gitkeep
-- spec/shared/support/engine_preventing_angular_xss.rb
-- spec/shared/tests/erb_spec.rb
-- spec/shared/tests/haml_spec.rb
+specification_version: 4
+summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in
+  unsafe strings.
+test_files:
+- spec/angular_xss/erb_spec.rb
+- spec/angular_xss/haml_spec.rb
+- spec/angular_xss/safe_buffer_spec.rb
+- spec/spec_helper.rb
+- spec/support/engine_preventing_angular_xss.rb
+- spec/templates/_test_erb.erb
+- spec/templates/_test_haml.haml