angular_xss 0.2.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/workflows/test.yml +52 -0
- data/.rspec +1 -0
- data/.ruby-version +1 -0
- data/CHANGELOG.md +72 -0
- data/Gemfile +1 -0
- data/Gemfile.lock +1 -0
- data/Gemfile.rails-3.2 +9 -0
- data/Gemfile.rails-3.2.lock +91 -0
- data/Gemfile.rails-4.2.haml-4 +8 -0
- data/Gemfile.rails-4.2.haml-4.lock +88 -0
- data/Gemfile.rails-4.2.haml-5 +8 -0
- data/Gemfile.rails-4.2.haml-5.lock +90 -0
- data/Gemfile.rails-5.1.haml-4 +8 -0
- data/Gemfile.rails-5.1.haml-4.lock +85 -0
- data/Gemfile.rails-5.1.haml-5 +8 -0
- data/Gemfile.rails-5.1.haml-5.lock +87 -0
- data/Gemfile.rails-6.1.haml-5 +8 -0
- data/Gemfile.rails-6.1.haml-5.lock +90 -0
- data/README.md +12 -4
- data/Rakefile +3 -66
- data/lib/angular_xss/action_view.rb +2 -1
- data/lib/angular_xss/erb.rb +2 -1
- data/lib/angular_xss/escaper.rb +2 -2
- data/lib/angular_xss/haml.rb +27 -10
- data/lib/angular_xss/safe_buffer.rb +4 -3
- data/lib/angular_xss/version.rb +1 -1
- data/spec/{shared/tests → angular_xss}/erb_spec.rb +1 -1
- data/spec/{shared/tests → angular_xss}/haml_spec.rb +1 -1
- data/spec/angular_xss/safe_buffer_spec.rb +9 -0
- data/spec/spec_helper.rb +37 -0
- data/spec/{shared/support → support}/engine_preventing_angular_xss.rb +20 -8
- data/spec/{shared/app_root/app/views/test → templates}/_test_erb.erb +0 -0
- data/spec/{shared/app_root/app/views/test → templates}/_test_haml.haml +5 -3
- metadata +79 -204
- data/.travis.yml +0 -15
- data/spec/rails-2.3/Gemfile +0 -12
- data/spec/rails-2.3/Gemfile.lock +0 -62
- data/spec/rails-2.3/Rakefile +0 -11
- data/spec/rails-2.3/app_root/config/boot.rb +0 -129
- data/spec/rails-2.3/app_root/config/database.yml +0 -4
- data/spec/rails-2.3/app_root/config/environment.rb +0 -14
- data/spec/rails-2.3/app_root/config/environments/test.rb +0 -28
- data/spec/rails-2.3/app_root/config/preinitializer.rb +0 -20
- data/spec/rails-2.3/app_root/config/routes.rb +0 -4
- data/spec/rails-2.3/app_root/lib/console_with_fixtures.rb +0 -4
- data/spec/rails-2.3/app_root/log/.gitignore +0 -1
- data/spec/rails-2.3/app_root/script/console +0 -7
- data/spec/rails-2.3/rcov.opts +0 -2
- data/spec/rails-2.3/spec/spec_helper.rb +0 -20
- data/spec/rails-2.3/spec.opts +0 -4
- data/spec/rails-3.2/.rspec +0 -2
- data/spec/rails-3.2/Gemfile +0 -10
- data/spec/rails-3.2/Gemfile.lock +0 -129
- data/spec/rails-3.2/Rakefile +0 -10
- data/spec/rails-3.2/app_root/.gitignore +0 -4
- data/spec/rails-3.2/app_root/config/application.rb +0 -32
- data/spec/rails-3.2/app_root/config/boot.rb +0 -13
- data/spec/rails-3.2/app_root/config/database.yml +0 -4
- data/spec/rails-3.2/app_root/config/environment.rb +0 -5
- data/spec/rails-3.2/app_root/config/environments/test.rb +0 -35
- data/spec/rails-3.2/app_root/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/rails-3.2/app_root/config/initializers/inflections.rb +0 -10
- data/spec/rails-3.2/app_root/config/initializers/mime_types.rb +0 -5
- data/spec/rails-3.2/app_root/config/initializers/secret_token.rb +0 -7
- data/spec/rails-3.2/app_root/config/initializers/session_store.rb +0 -8
- data/spec/rails-3.2/app_root/config/routes.rb +0 -58
- data/spec/rails-3.2/app_root/lib/tasks/.gitkeep +0 -0
- data/spec/rails-3.2/app_root/log/.gitkeep +0 -0
- data/spec/rails-3.2/app_root/script/rails +0 -6
- data/spec/rails-3.2/rcov.opts +0 -2
- data/spec/rails-3.2/spec/spec_helper.rb +0 -20
- data/spec/rails-4.2/.rspec +0 -2
- data/spec/rails-4.2/Gemfile +0 -10
- data/spec/rails-4.2/Gemfile.lock +0 -157
- data/spec/rails-4.2/Rakefile +0 -10
- data/spec/rails-4.2/app_root/.gitignore +0 -4
- data/spec/rails-4.2/app_root/config/application.rb +0 -34
- data/spec/rails-4.2/app_root/config/boot.rb +0 -13
- data/spec/rails-4.2/app_root/config/database.yml +0 -4
- data/spec/rails-4.2/app_root/config/environment.rb +0 -5
- data/spec/rails-4.2/app_root/config/environments/test.rb +0 -35
- data/spec/rails-4.2/app_root/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/rails-4.2/app_root/config/initializers/inflections.rb +0 -10
- data/spec/rails-4.2/app_root/config/initializers/mime_types.rb +0 -5
- data/spec/rails-4.2/app_root/config/initializers/secret_token.rb +0 -7
- data/spec/rails-4.2/app_root/config/initializers/session_store.rb +0 -8
- data/spec/rails-4.2/app_root/config/routes.rb +0 -3
- data/spec/rails-4.2/app_root/lib/tasks/.gitkeep +0 -0
- data/spec/rails-4.2/app_root/log/.gitkeep +0 -0
- data/spec/rails-4.2/app_root/script/rails +0 -6
- data/spec/rails-4.2/rcov.opts +0 -2
- data/spec/rails-4.2/spec/spec_helper.rb +0 -27
- data/spec/shared/app_root/app/controllers/application_controller.rb +0 -2
- data/spec/shared/app_root/app/helpers/application_helper.rb +0 -3
- data/spec/shared/app_root/app/models/.gitkeep +0 -0
- data/spec/shared/app_root/config/database.yml +0 -4
- data/spec/shared/app_root/db/migrate/.gitkeep +0 -0
@@ -4,15 +4,16 @@ ActiveSupport::SafeBuffer.class_eval do
|
|
4
4
|
|
5
5
|
private
|
6
6
|
|
7
|
-
def
|
7
|
+
def html_escape_interpolated_argument_with_angular_xss(arg)
|
8
8
|
if arg.html_safe?
|
9
9
|
arg
|
10
10
|
else
|
11
|
-
|
11
|
+
html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
|
15
|
+
alias_method :html_escape_interpolated_argument_without_angular_xss, :html_escape_interpolated_argument
|
16
|
+
alias_method :html_escape_interpolated_argument, :html_escape_interpolated_argument_with_angular_xss
|
16
17
|
|
17
18
|
end
|
18
19
|
|
data/lib/angular_xss/version.rb
CHANGED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'pathname'
|
2
|
+
require 'active_support/all'
|
3
|
+
require 'action_dispatch'
|
4
|
+
require 'action_view'
|
5
|
+
|
6
|
+
begin
|
7
|
+
# Rails 3.2
|
8
|
+
require 'rails'
|
9
|
+
rescue LoadError
|
10
|
+
# Rails 4+
|
11
|
+
end
|
12
|
+
|
13
|
+
module Rails
|
14
|
+
def self.env
|
15
|
+
'test'.inquiry
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
require 'haml'
|
20
|
+
require 'haml/template'
|
21
|
+
|
22
|
+
require 'angular_xss'
|
23
|
+
|
24
|
+
|
25
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
26
|
+
|
27
|
+
TEMPLATE_ROOT = Pathname.new(__dir__).join('templates')
|
28
|
+
|
29
|
+
|
30
|
+
RSpec.configure do |config|
|
31
|
+
config.mock_with :rspec do |c|
|
32
|
+
c.syntax = [:should, :expect]
|
33
|
+
end
|
34
|
+
config.expect_with :rspec do |c|
|
35
|
+
c.syntax = [:should, :expect]
|
36
|
+
end
|
37
|
+
end
|
@@ -1,17 +1,23 @@
|
|
1
|
-
shared_examples_for 'engine preventing Angular XSS' do
|
1
|
+
shared_examples_for 'engine preventing Angular XSS' do |partial:|
|
2
2
|
|
3
|
-
let(:
|
3
|
+
let(:path_set) { ActionView::LookupContext.new([TEMPLATE_ROOT]) }
|
4
|
+
|
5
|
+
if defined?(ActionView::VERSION) && ActionView::VERSION::MAJOR >= 6
|
6
|
+
let(:engine) { ActionView::Base.with_empty_template_cache.new(path_set, {}, nil) }
|
7
|
+
else
|
8
|
+
let(:engine) { ActionView::Base.new(path_set) }
|
9
|
+
end
|
4
10
|
|
5
11
|
let(:html) { engine.render(partial) }
|
6
12
|
|
7
13
|
it 'escapes Angular interpolation marks in unsafe strings' do
|
8
14
|
html.should_not include('{{unsafe}}')
|
9
|
-
html.should include('
|
15
|
+
html.should include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
|
10
16
|
end
|
11
17
|
|
12
18
|
it 'recognizes the many ways to express an opening curly brace in HTML' do
|
13
19
|
|
14
|
-
html.should include("
|
20
|
+
html.should include("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}")
|
15
21
|
html.should_not include("{{unsafe}}")
|
16
22
|
|
17
23
|
braces = [
|
@@ -37,7 +43,7 @@ shared_examples_for 'engine preventing Angular XSS' do
|
|
37
43
|
|
38
44
|
it 'does not escape Angular interpolation marks in safe strings' do
|
39
45
|
html.should include("{{safe}}")
|
40
|
-
html.should_not include("
|
46
|
+
html.should_not include("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}safe}}")
|
41
47
|
end
|
42
48
|
|
43
49
|
it 'does not escape Angular interpolation marks in a block where AngularXSS is disabled' do
|
@@ -47,7 +53,7 @@ shared_examples_for 'engine preventing Angular XSS' do
|
|
47
53
|
end
|
48
54
|
|
49
55
|
result.should include('{{unsafe}}')
|
50
|
-
result.should_not include('
|
56
|
+
result.should_not include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
|
51
57
|
end
|
52
58
|
|
53
59
|
it 'does escape Angular interpolation marks after the block where AngularXSS is disabled' do
|
@@ -55,7 +61,7 @@ shared_examples_for 'engine preventing Angular XSS' do
|
|
55
61
|
end
|
56
62
|
result = html
|
57
63
|
|
58
|
-
result.should include('
|
64
|
+
result.should include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
|
59
65
|
result.should_not include('{{unsafe}}')
|
60
66
|
end
|
61
67
|
|
@@ -68,8 +74,14 @@ shared_examples_for 'engine preventing Angular XSS' do
|
|
68
74
|
end
|
69
75
|
}.should raise_error(SomeException)
|
70
76
|
|
71
|
-
html.should include('
|
77
|
+
html.should include('{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}')
|
72
78
|
html.should_not include('{{unsafe}}')
|
73
79
|
end
|
74
80
|
|
81
|
+
it 'does not escape twice' do
|
82
|
+
escaped = AngularXss::Escaper.escape('{{')
|
83
|
+
double_escaped = AngularXss::Escaper.escape(escaped)
|
84
|
+
html.should_not include(double_escaped)
|
85
|
+
end
|
86
|
+
|
75
87
|
end
|
File without changes
|
@@ -29,7 +29,9 @@
|
|
29
29
|
%div{:class => '{{safe}}', :id => '{{safe}}'}
|
30
30
|
|
31
31
|
-# Compiled at runtime:
|
32
|
-
|
33
|
-
|
34
|
-
%div{:
|
32
|
+
- unsafe = '{{unsafe}}'
|
33
|
+
- safe = '{{safe}}'.html_safe
|
34
|
+
%div{:class => unsafe, :id => unsafe}
|
35
|
+
%div(bar="#{unsafe}")
|
36
|
+
%div{:foo => safe, :bar => unsafe}
|
35
37
|
{{safe}}
|
metadata
CHANGED
@@ -1,64 +1,69 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: angular_xss
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 0
|
8
|
-
- 2
|
9
|
-
- 2
|
10
|
-
version: 0.2.2
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.4.0
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- Henning Koch
|
14
8
|
autorequire:
|
15
9
|
bindir: bin
|
16
10
|
cert_chain: []
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
dependencies:
|
21
|
-
- !ruby/object:Gem::Dependency
|
11
|
+
date: 2021-08-23 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
22
14
|
name: activesupport
|
23
|
-
|
24
|
-
|
25
|
-
none: false
|
26
|
-
requirements:
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
27
17
|
- - ">="
|
28
|
-
- !ruby/object:Gem::Version
|
29
|
-
|
30
|
-
segments:
|
31
|
-
- 0
|
32
|
-
version: "0"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
33
20
|
type: :runtime
|
34
|
-
version_requirements: *id001
|
35
|
-
- !ruby/object:Gem::Dependency
|
36
|
-
name: haml
|
37
21
|
prerelease: false
|
38
|
-
|
39
|
-
|
40
|
-
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: haml
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
41
31
|
- - ">="
|
42
|
-
- !ruby/object:Gem::Version
|
43
|
-
hash: 9
|
44
|
-
segments:
|
45
|
-
- 3
|
46
|
-
- 1
|
47
|
-
- 5
|
32
|
+
- !ruby/object:Gem::Version
|
48
33
|
version: 3.1.5
|
49
34
|
type: :runtime
|
50
|
-
|
51
|
-
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 3.1.5
|
41
|
+
description: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped
|
42
|
+
in unsafe strings.
|
52
43
|
email: henning.koch@makandra.de
|
53
44
|
executables: []
|
54
|
-
|
55
45
|
extensions: []
|
56
|
-
|
57
46
|
extra_rdoc_files: []
|
58
|
-
|
59
|
-
|
60
|
-
- .gitignore
|
61
|
-
- .
|
47
|
+
files:
|
48
|
+
- ".github/workflows/test.yml"
|
49
|
+
- ".gitignore"
|
50
|
+
- ".rspec"
|
51
|
+
- ".ruby-version"
|
52
|
+
- CHANGELOG.md
|
53
|
+
- Gemfile
|
54
|
+
- Gemfile.lock
|
55
|
+
- Gemfile.rails-3.2
|
56
|
+
- Gemfile.rails-3.2.lock
|
57
|
+
- Gemfile.rails-4.2.haml-4
|
58
|
+
- Gemfile.rails-4.2.haml-4.lock
|
59
|
+
- Gemfile.rails-4.2.haml-5
|
60
|
+
- Gemfile.rails-4.2.haml-5.lock
|
61
|
+
- Gemfile.rails-5.1.haml-4
|
62
|
+
- Gemfile.rails-5.1.haml-4.lock
|
63
|
+
- Gemfile.rails-5.1.haml-5
|
64
|
+
- Gemfile.rails-5.1.haml-5.lock
|
65
|
+
- Gemfile.rails-6.1.haml-5
|
66
|
+
- Gemfile.rails-6.1.haml-5.lock
|
62
67
|
- LICENSE
|
63
68
|
- README.md
|
64
69
|
- Rakefile
|
@@ -70,172 +75,42 @@ files:
|
|
70
75
|
- lib/angular_xss/haml.rb
|
71
76
|
- lib/angular_xss/safe_buffer.rb
|
72
77
|
- lib/angular_xss/version.rb
|
73
|
-
- spec/
|
74
|
-
- spec/
|
75
|
-
- spec/
|
76
|
-
- spec/
|
77
|
-
- spec/
|
78
|
-
- spec/
|
79
|
-
- spec/
|
80
|
-
- spec/rails-2.3/app_root/config/preinitializer.rb
|
81
|
-
- spec/rails-2.3/app_root/config/routes.rb
|
82
|
-
- spec/rails-2.3/app_root/lib/console_with_fixtures.rb
|
83
|
-
- spec/rails-2.3/app_root/log/.gitignore
|
84
|
-
- spec/rails-2.3/app_root/script/console
|
85
|
-
- spec/rails-2.3/rcov.opts
|
86
|
-
- spec/rails-2.3/spec.opts
|
87
|
-
- spec/rails-2.3/spec/spec_helper.rb
|
88
|
-
- spec/rails-3.2/.rspec
|
89
|
-
- spec/rails-3.2/Gemfile
|
90
|
-
- spec/rails-3.2/Gemfile.lock
|
91
|
-
- spec/rails-3.2/Rakefile
|
92
|
-
- spec/rails-3.2/app_root/.gitignore
|
93
|
-
- spec/rails-3.2/app_root/config/application.rb
|
94
|
-
- spec/rails-3.2/app_root/config/boot.rb
|
95
|
-
- spec/rails-3.2/app_root/config/database.yml
|
96
|
-
- spec/rails-3.2/app_root/config/environment.rb
|
97
|
-
- spec/rails-3.2/app_root/config/environments/test.rb
|
98
|
-
- spec/rails-3.2/app_root/config/initializers/backtrace_silencers.rb
|
99
|
-
- spec/rails-3.2/app_root/config/initializers/inflections.rb
|
100
|
-
- spec/rails-3.2/app_root/config/initializers/mime_types.rb
|
101
|
-
- spec/rails-3.2/app_root/config/initializers/secret_token.rb
|
102
|
-
- spec/rails-3.2/app_root/config/initializers/session_store.rb
|
103
|
-
- spec/rails-3.2/app_root/config/routes.rb
|
104
|
-
- spec/rails-3.2/app_root/lib/tasks/.gitkeep
|
105
|
-
- spec/rails-3.2/app_root/log/.gitkeep
|
106
|
-
- spec/rails-3.2/app_root/script/rails
|
107
|
-
- spec/rails-3.2/rcov.opts
|
108
|
-
- spec/rails-3.2/spec/spec_helper.rb
|
109
|
-
- spec/rails-4.2/.rspec
|
110
|
-
- spec/rails-4.2/Gemfile
|
111
|
-
- spec/rails-4.2/Gemfile.lock
|
112
|
-
- spec/rails-4.2/Rakefile
|
113
|
-
- spec/rails-4.2/app_root/.gitignore
|
114
|
-
- spec/rails-4.2/app_root/config/application.rb
|
115
|
-
- spec/rails-4.2/app_root/config/boot.rb
|
116
|
-
- spec/rails-4.2/app_root/config/database.yml
|
117
|
-
- spec/rails-4.2/app_root/config/environment.rb
|
118
|
-
- spec/rails-4.2/app_root/config/environments/test.rb
|
119
|
-
- spec/rails-4.2/app_root/config/initializers/backtrace_silencers.rb
|
120
|
-
- spec/rails-4.2/app_root/config/initializers/inflections.rb
|
121
|
-
- spec/rails-4.2/app_root/config/initializers/mime_types.rb
|
122
|
-
- spec/rails-4.2/app_root/config/initializers/secret_token.rb
|
123
|
-
- spec/rails-4.2/app_root/config/initializers/session_store.rb
|
124
|
-
- spec/rails-4.2/app_root/config/routes.rb
|
125
|
-
- spec/rails-4.2/app_root/lib/tasks/.gitkeep
|
126
|
-
- spec/rails-4.2/app_root/log/.gitkeep
|
127
|
-
- spec/rails-4.2/app_root/script/rails
|
128
|
-
- spec/rails-4.2/rcov.opts
|
129
|
-
- spec/rails-4.2/spec/spec_helper.rb
|
130
|
-
- spec/shared/app_root/app/controllers/application_controller.rb
|
131
|
-
- spec/shared/app_root/app/helpers/application_helper.rb
|
132
|
-
- spec/shared/app_root/app/models/.gitkeep
|
133
|
-
- spec/shared/app_root/app/views/test/_test_erb.erb
|
134
|
-
- spec/shared/app_root/app/views/test/_test_haml.haml
|
135
|
-
- spec/shared/app_root/config/database.yml
|
136
|
-
- spec/shared/app_root/db/migrate/.gitkeep
|
137
|
-
- spec/shared/support/engine_preventing_angular_xss.rb
|
138
|
-
- spec/shared/tests/erb_spec.rb
|
139
|
-
- spec/shared/tests/haml_spec.rb
|
140
|
-
has_rdoc: true
|
78
|
+
- spec/angular_xss/erb_spec.rb
|
79
|
+
- spec/angular_xss/haml_spec.rb
|
80
|
+
- spec/angular_xss/safe_buffer_spec.rb
|
81
|
+
- spec/spec_helper.rb
|
82
|
+
- spec/support/engine_preventing_angular_xss.rb
|
83
|
+
- spec/templates/_test_erb.erb
|
84
|
+
- spec/templates/_test_haml.haml
|
141
85
|
homepage: https://github.com/makandra/angular_xss
|
142
|
-
licenses:
|
86
|
+
licenses:
|
143
87
|
- MIT
|
88
|
+
metadata: {}
|
144
89
|
post_install_message:
|
145
90
|
rdoc_options: []
|
146
|
-
|
147
|
-
require_paths:
|
91
|
+
require_paths:
|
148
92
|
- lib
|
149
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
150
|
-
|
151
|
-
requirements:
|
93
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
152
95
|
- - ">="
|
153
|
-
- !ruby/object:Gem::Version
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
version: "0"
|
158
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
159
|
-
none: false
|
160
|
-
requirements:
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '0'
|
98
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
161
100
|
- - ">="
|
162
|
-
- !ruby/object:Gem::Version
|
163
|
-
|
164
|
-
segments:
|
165
|
-
- 0
|
166
|
-
version: "0"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '0'
|
167
103
|
requirements: []
|
168
|
-
|
169
|
-
rubyforge_project:
|
170
|
-
rubygems_version: 1.6.2
|
104
|
+
rubygems_version: 3.1.4
|
171
105
|
signing_key:
|
172
|
-
specification_version:
|
173
|
-
summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in
|
174
|
-
|
175
|
-
|
176
|
-
- spec/
|
177
|
-
- spec/
|
178
|
-
- spec/
|
179
|
-
- spec/
|
180
|
-
- spec/
|
181
|
-
- spec/
|
182
|
-
- spec/
|
183
|
-
- spec/rails-2.3/app_root/config/routes.rb
|
184
|
-
- spec/rails-2.3/app_root/lib/console_with_fixtures.rb
|
185
|
-
- spec/rails-2.3/app_root/log/.gitignore
|
186
|
-
- spec/rails-2.3/app_root/script/console
|
187
|
-
- spec/rails-2.3/rcov.opts
|
188
|
-
- spec/rails-2.3/spec.opts
|
189
|
-
- spec/rails-2.3/spec/spec_helper.rb
|
190
|
-
- spec/rails-3.2/.rspec
|
191
|
-
- spec/rails-3.2/Gemfile
|
192
|
-
- spec/rails-3.2/Gemfile.lock
|
193
|
-
- spec/rails-3.2/Rakefile
|
194
|
-
- spec/rails-3.2/app_root/.gitignore
|
195
|
-
- spec/rails-3.2/app_root/config/application.rb
|
196
|
-
- spec/rails-3.2/app_root/config/boot.rb
|
197
|
-
- spec/rails-3.2/app_root/config/database.yml
|
198
|
-
- spec/rails-3.2/app_root/config/environment.rb
|
199
|
-
- spec/rails-3.2/app_root/config/environments/test.rb
|
200
|
-
- spec/rails-3.2/app_root/config/initializers/backtrace_silencers.rb
|
201
|
-
- spec/rails-3.2/app_root/config/initializers/inflections.rb
|
202
|
-
- spec/rails-3.2/app_root/config/initializers/mime_types.rb
|
203
|
-
- spec/rails-3.2/app_root/config/initializers/secret_token.rb
|
204
|
-
- spec/rails-3.2/app_root/config/initializers/session_store.rb
|
205
|
-
- spec/rails-3.2/app_root/config/routes.rb
|
206
|
-
- spec/rails-3.2/app_root/lib/tasks/.gitkeep
|
207
|
-
- spec/rails-3.2/app_root/log/.gitkeep
|
208
|
-
- spec/rails-3.2/app_root/script/rails
|
209
|
-
- spec/rails-3.2/rcov.opts
|
210
|
-
- spec/rails-3.2/spec/spec_helper.rb
|
211
|
-
- spec/rails-4.2/.rspec
|
212
|
-
- spec/rails-4.2/Gemfile
|
213
|
-
- spec/rails-4.2/Gemfile.lock
|
214
|
-
- spec/rails-4.2/Rakefile
|
215
|
-
- spec/rails-4.2/app_root/.gitignore
|
216
|
-
- spec/rails-4.2/app_root/config/application.rb
|
217
|
-
- spec/rails-4.2/app_root/config/boot.rb
|
218
|
-
- spec/rails-4.2/app_root/config/database.yml
|
219
|
-
- spec/rails-4.2/app_root/config/environment.rb
|
220
|
-
- spec/rails-4.2/app_root/config/environments/test.rb
|
221
|
-
- spec/rails-4.2/app_root/config/initializers/backtrace_silencers.rb
|
222
|
-
- spec/rails-4.2/app_root/config/initializers/inflections.rb
|
223
|
-
- spec/rails-4.2/app_root/config/initializers/mime_types.rb
|
224
|
-
- spec/rails-4.2/app_root/config/initializers/secret_token.rb
|
225
|
-
- spec/rails-4.2/app_root/config/initializers/session_store.rb
|
226
|
-
- spec/rails-4.2/app_root/config/routes.rb
|
227
|
-
- spec/rails-4.2/app_root/lib/tasks/.gitkeep
|
228
|
-
- spec/rails-4.2/app_root/log/.gitkeep
|
229
|
-
- spec/rails-4.2/app_root/script/rails
|
230
|
-
- spec/rails-4.2/rcov.opts
|
231
|
-
- spec/rails-4.2/spec/spec_helper.rb
|
232
|
-
- spec/shared/app_root/app/controllers/application_controller.rb
|
233
|
-
- spec/shared/app_root/app/helpers/application_helper.rb
|
234
|
-
- spec/shared/app_root/app/models/.gitkeep
|
235
|
-
- spec/shared/app_root/app/views/test/_test_erb.erb
|
236
|
-
- spec/shared/app_root/app/views/test/_test_haml.haml
|
237
|
-
- spec/shared/app_root/config/database.yml
|
238
|
-
- spec/shared/app_root/db/migrate/.gitkeep
|
239
|
-
- spec/shared/support/engine_preventing_angular_xss.rb
|
240
|
-
- spec/shared/tests/erb_spec.rb
|
241
|
-
- spec/shared/tests/haml_spec.rb
|
106
|
+
specification_version: 4
|
107
|
+
summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in
|
108
|
+
unsafe strings.
|
109
|
+
test_files:
|
110
|
+
- spec/angular_xss/erb_spec.rb
|
111
|
+
- spec/angular_xss/haml_spec.rb
|
112
|
+
- spec/angular_xss/safe_buffer_spec.rb
|
113
|
+
- spec/spec_helper.rb
|
114
|
+
- spec/support/engine_preventing_angular_xss.rb
|
115
|
+
- spec/templates/_test_erb.erb
|
116
|
+
- spec/templates/_test_haml.haml
|