angular_xss 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (24) hide show
  1. checksums.yaml +5 -5
  2. data/.github/workflows/test.yml +52 -0
  3. data/.ruby-version +1 -1
  4. data/CHANGELOG.md +72 -0
  5. data/Gemfile +1 -1
  6. data/Gemfile.lock +1 -1
  7. data/{gemfiles/Gemfile.rails-3.2 → Gemfile.rails-3.2} +1 -1
  8. data/{gemfiles/Gemfile.rails-3.2.lock → Gemfile.rails-3.2.lock} +4 -4
  9. data/{gemfiles/Gemfile.rails-4.2.haml-4 → Gemfile.rails-4.2.haml-4} +1 -1
  10. data/{gemfiles/Gemfile.rails-4.2.haml-4.lock → Gemfile.rails-4.2.haml-4.lock} +4 -4
  11. data/{gemfiles/Gemfile.rails-4.2.haml-5 → Gemfile.rails-4.2.haml-5} +1 -1
  12. data/{gemfiles/Gemfile.rails-4.2.haml-5.lock → Gemfile.rails-4.2.haml-5.lock} +4 -4
  13. data/{gemfiles/Gemfile.rails-5.1.haml-4 → Gemfile.rails-5.1.haml-4} +1 -1
  14. data/{gemfiles/Gemfile.rails-5.1.haml-4.lock → Gemfile.rails-5.1.haml-4.lock} +15 -15
  15. data/{gemfiles/Gemfile.rails-5.1.haml-5 → Gemfile.rails-5.1.haml-5} +1 -1
  16. data/{gemfiles/Gemfile.rails-5.1.haml-5.lock → Gemfile.rails-5.1.haml-5.lock} +15 -15
  17. data/Gemfile.rails-6.1.haml-5 +8 -0
  18. data/Gemfile.rails-6.1.haml-5.lock +90 -0
  19. data/README.md +1 -1
  20. data/lib/angular_xss/haml.rb +14 -1
  21. data/lib/angular_xss/version.rb +1 -1
  22. data/spec/support/engine_preventing_angular_xss.rb +6 -2
  23. metadata +17 -15
  24. data/.travis.yml +0 -26
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 8285965b9fb9aea32781f2248b2df9cf6b4265fb
4
- data.tar.gz: a1c00df41faef450247779d0f4d1e4894e06d453
2
+ SHA256:
3
+ metadata.gz: 0d7d2dcd19075eb585a144cfbf52e22e61031155dd20e2350bef4df1e213a1d6
4
+ data.tar.gz: 06cfba2593dc1c67ba5407575eac8ef032c746cfa127deaaf743f6e752ef85b4
5
5
  SHA512:
6
- metadata.gz: 831832e385c8260bc7663fe4bd125f34166fbd5f50ac335a49e0ef542b5c9639903cd4f95572f1ee4f1d34dc2fbf40e8f65acb29ee8e0d4d439aaaab88a4f791
7
- data.tar.gz: 03c23f5a1c4d5ecb2ebe5388a91b317b87f91e0b26fd9ee76f5cedc5348e376daa4fd767acaad81f90724b834dd7c66cb9f05cf4bb3db4c6896d60ee0742e27c
6
+ metadata.gz: 19c422e8f23f5e914dd184ffdf443ba2fffcd6785b86347823de54e71e07a0481f5fc7ef594c9de9f0d701983864fa06f90f402ee94e889e71e4e3cca2d72cdb
7
+ data.tar.gz: ba840f913b4b842217b8056d9da914f7fc56e324fe94dbb6d42e0fbec3dc225ae17bc385ec737b836ac7b4e487726b4b6f1d957e9cbb5e727408d4d22d1ab7eb
data/.github/workflows/test.yml ADDED
@@ -0,0 +1,52 @@
1
+ ---
2
+ name: Tests
3
+ 'on':
4
+ push:
5
+ branches:
6
+ - master
7
+ pull_request:
8
+ branches:
9
+ - master
10
+ jobs:
11
+ test:
12
+ runs-on: ubuntu-20.04
13
+ strategy:
14
+ fail-fast: false
15
+ matrix:
16
+ include:
17
+ - ruby: 2.3.5
18
+ gemfile: Gemfile.rails-3.2
19
+ - ruby: 2.3.5
20
+ gemfile: Gemfile.rails-4.2.haml-4
21
+ - ruby: 2.3.5
22
+ gemfile: Gemfile.rails-4.2.haml-5
23
+ - ruby: 2.3.5
24
+ gemfile: Gemfile.rails-5.1.haml-4
25
+ - ruby: 2.3.5
26
+ gemfile: Gemfile.rails-5.1.haml-5
27
+ - ruby: 2.7.2
28
+ gemfile: Gemfile.rails-5.1.haml-4
29
+ - ruby: 2.7.2
30
+ gemfile: Gemfile.rails-5.1.haml-5
31
+ - ruby: 2.7.2
32
+ gemfile: Gemfile.rails-6.1.haml-5
33
+ - ruby: 3.0.1
34
+ gemfile: Gemfile.rails-5.1.haml-4
35
+ - ruby: 3.0.1
36
+ gemfile: Gemfile.rails-5.1.haml-5
37
+ - ruby: 3.0.1
38
+ gemfile: Gemfile.rails-6.1.haml-5
39
+ env:
40
+ BUNDLE_GEMFILE: "${{ matrix.gemfile }}"
41
+ steps:
42
+ - uses: actions/checkout@v2
43
+ - name: Install ruby
44
+ uses: ruby/setup-ruby@v1
45
+ with:
46
+ ruby-version: "${{ matrix.ruby }}"
47
+ - name: Bundle
48
+ run: |
49
+ gem install bundler:2.1.4
50
+ bundle install --no-deployment
51
+ - name: Run tests
52
+ run: bundle exec rspec
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.3.5
1
+ 2.7.2
data/CHANGELOG.md ADDED
@@ -0,0 +1,72 @@
1
+ # Changelog
2
+ All notable changes to this project will be documented in this file.
3
+
4
+ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
5
+
6
+ ## Unreleased
7
+
8
+ ### Compatible changes
9
+
10
+ ### Breaking changes
11
+
12
+
13
+ ## 0.4.0 2021-08-23
14
+
15
+ ### Compatible changes
16
+
17
+ - Add compatibility with Rails 6
18
+ - Add compatibility with Haml > 5.2
19
+ - Add compatibility with Ruby 2.7 and Ruby 3
20
+
21
+ ## 0.3.1 2017-11-21
22
+
23
+ ### Compatible Changes
24
+
25
+ - Add compatibility with Rails 5
26
+ - Add compatibility with Haml 5
27
+
28
+ ## 0.3.0 2017-07-31
29
+
30
+ ### Breaking changes
31
+
32
+ - Changed the way Angular XSS escapes double braces from ` { { ` to
33
+ `{{ $root.DOUBLE_LEFT_CURLY_BRACE }}`. This requires a change in the
34
+ application code. Check the [README](https://github.com/makandra/angular_xss/blob/master/README.md#installation)
35
+ for details.
36
+
37
+ ## 0.2.3 2015-04-17
38
+
39
+ ### Compatible changes
40
+
41
+ - Fix a bug where an unexpected nil value would cause problems
42
+
43
+ ## 0.2.2 2015-04-17
44
+
45
+ ### Compatible changes
46
+
47
+ - Support Rails 4.2
48
+
49
+ ## 0.2.1 2015-04-13
50
+
51
+ ### Compatible changes
52
+
53
+ - Fix escaping of precompiled attributes in Haml templates
54
+
55
+ ## 0.2.0 2015-04-13
56
+
57
+ ### Compatible changes
58
+
59
+ - Add option to disable escaping temporarily via `AngularXss.disable do ... end`
60
+
61
+ ## 0.1.1 2014-01-04
62
+
63
+ ### Compatible changes
64
+
65
+ - Require Haml >= 3.1.5 (lower Hamls don't escape element attribute values)
66
+
67
+ ## 0.1.0 2014-01-03
68
+
69
+ ### Compatible changes
70
+
71
+ - First version.
72
+
data/Gemfile CHANGED
@@ -1 +1 @@
1
- gemfiles/Gemfile.rails-4.2.haml-5
1
+ ./Gemfile.rails-5.1.haml-5
data/Gemfile.lock CHANGED
@@ -1 +1 @@
1
- gemfiles/Gemfile.rails-4.2.haml-5.lock
1
+ ./Gemfile.rails-5.1.haml-5.lock
data/{gemfiles/Gemfile.rails-3.2 → Gemfile.rails-3.2} RENAMED
@@ -4,6 +4,6 @@ gem 'railties', '~>3.2'
4
4
  gem 'actionpack', '~>3.2'
5
5
  gem 'rspec'
6
6
  gem 'haml', '=4.0.2'
7
- gem 'angular_xss', :path => '..'
7
+ gem 'angular_xss', :path => '.'
8
8
  gem 'gemika'
9
9
  gem 'rake'
data/{gemfiles/Gemfile.rails-3.2.lock → Gemfile.rails-3.2.lock} RENAMED
@@ -1,7 +1,7 @@
1
1
  PATH
2
- remote: ..
2
+ remote: .
3
3
  specs:
4
- angular_xss (0.3.1)
4
+ angular_xss (0.4.0)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -28,7 +28,7 @@ GEM
28
28
  concurrent-ruby (1.0.5)
29
29
  diff-lcs (1.3)
30
30
  erubis (2.7.0)
31
- gemika (0.3.2)
31
+ gemika (0.6.1)
32
32
  haml (4.0.2)
33
33
  tilt
34
34
  hike (1.2.3)
@@ -88,4 +88,4 @@ DEPENDENCIES
88
88
  rspec
89
89
 
90
90
  BUNDLED WITH
91
- 1.15.4
91
+ 1.17.3
data/{gemfiles/Gemfile.rails-4.2.haml-4 → Gemfile.rails-4.2.haml-4} RENAMED
@@ -3,6 +3,6 @@ source 'http://rubygems.org'
3
3
  gem 'actionpack', '~>4.2'
4
4
  gem 'rspec'
5
5
  gem 'haml', '<5'
6
- gem 'angular_xss', :path => '..'
6
+ gem 'angular_xss', :path => '.'
7
7
  gem 'gemika'
8
8
  gem 'rake'
data/{gemfiles/Gemfile.rails-4.2.haml-4.lock → Gemfile.rails-4.2.haml-4.lock} RENAMED
@@ -1,7 +1,7 @@
1
1
  PATH
2
- remote: ..
2
+ remote: .
3
3
  specs:
4
- angular_xss (0.3.1)
4
+ angular_xss (0.4.0)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -31,7 +31,7 @@ GEM
31
31
  crass (1.0.3)
32
32
  diff-lcs (1.3)
33
33
  erubis (2.7.0)
34
- gemika (0.3.2)
34
+ gemika (0.6.1)
35
35
  haml (4.0.7)
36
36
  tilt
37
37
  i18n (0.9.1)
@@ -85,4 +85,4 @@ DEPENDENCIES
85
85
  rspec
86
86
 
87
87
  BUNDLED WITH
88
- 1.15.4
88
+ 1.17.3
data/{gemfiles/Gemfile.rails-4.2.haml-5 → Gemfile.rails-4.2.haml-5} RENAMED
@@ -3,6 +3,6 @@ source 'http://rubygems.org'
3
3
  gem 'actionpack', '~>4.2'
4
4
  gem 'rspec'
5
5
  gem 'haml', '~> 5'
6
- gem 'angular_xss', :path => '..'
6
+ gem 'angular_xss', :path => '.'
7
7
  gem 'gemika'
8
8
  gem 'rake'
data/{gemfiles/Gemfile.rails-4.2.haml-5.lock → Gemfile.rails-4.2.haml-5.lock} RENAMED
@@ -1,7 +1,7 @@
1
1
  PATH
2
- remote: ..
2
+ remote: .
3
3
  specs:
4
- angular_xss (0.3.1)
4
+ angular_xss (0.4.0)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -31,7 +31,7 @@ GEM
31
31
  crass (1.0.3)
32
32
  diff-lcs (1.3)
33
33
  erubis (2.7.0)
34
- gemika (0.3.2)
34
+ gemika (0.6.1)
35
35
  haml (5.0.4)
36
36
  temple (>= 0.8.0)
37
37
  tilt
@@ -87,4 +87,4 @@ DEPENDENCIES
87
87
  rspec
88
88
 
89
89
  BUNDLED WITH
90
- 1.15.4
90
+ 1.17.3
data/{gemfiles/Gemfile.rails-5.1.haml-4 → Gemfile.rails-5.1.haml-4} RENAMED
@@ -3,6 +3,6 @@ source 'http://rubygems.org'
3
3
  gem 'actionpack', '~>5.1'
4
4
  gem 'rspec'
5
5
  gem 'haml', '< 5'
6
- gem 'angular_xss', :path => '..'
6
+ gem 'angular_xss', :path => '.'
7
7
  gem 'gemika'
8
8
  gem 'rake'
data/{gemfiles/Gemfile.rails-5.1.haml-4.lock → Gemfile.rails-5.1.haml-4.lock} RENAMED
@@ -1,7 +1,7 @@
1
1
  PATH
2
- remote: ..
2
+ remote: .
3
3
  specs:
4
- angular_xss (0.3.1)
4
+ angular_xss (0.4.0)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -31,7 +31,7 @@ GEM
31
31
  crass (1.0.3)
32
32
  diff-lcs (1.3)
33
33
  erubi (1.7.0)
34
- gemika (0.3.2)
34
+ gemika (0.6.1)
35
35
  haml (4.0.7)
36
36
  tilt
37
37
  i18n (0.9.1)
@@ -52,19 +52,19 @@ GEM
52
52
  rails-html-sanitizer (1.0.3)
53
53
  loofah (~> 2.0)
54
54
  rake (12.3.0)
55
- rspec (3.7.0)
56
- rspec-core (~> 3.7.0)
57
- rspec-expectations (~> 3.7.0)
58
- rspec-mocks (~> 3.7.0)
59
- rspec-core (3.7.0)
60
- rspec-support (~> 3.7.0)
61
- rspec-expectations (3.7.0)
55
+ rspec (3.10.0)
56
+ rspec-core (~> 3.10.0)
57
+ rspec-expectations (~> 3.10.0)
58
+ rspec-mocks (~> 3.10.0)
59
+ rspec-core (3.10.1)
60
+ rspec-support (~> 3.10.0)
61
+ rspec-expectations (3.10.1)
62
62
  diff-lcs (>= 1.2.0, < 2.0)
63
- rspec-support (~> 3.7.0)
64
- rspec-mocks (3.7.0)
63
+ rspec-support (~> 3.10.0)
64
+ rspec-mocks (3.10.2)
65
65
  diff-lcs (>= 1.2.0, < 2.0)
66
- rspec-support (~> 3.7.0)
67
- rspec-support (3.7.0)
66
+ rspec-support (~> 3.10.0)
67
+ rspec-support (3.10.2)
68
68
  thread_safe (0.3.6)
69
69
  tilt (2.0.8)
70
70
  tzinfo (1.2.4)
@@ -82,4 +82,4 @@ DEPENDENCIES
82
82
  rspec
83
83
 
84
84
  BUNDLED WITH
85
- 1.15.4
85
+ 2.2.20
data/{gemfiles/Gemfile.rails-5.1.haml-5 → Gemfile.rails-5.1.haml-5} RENAMED
@@ -3,6 +3,6 @@ source 'http://rubygems.org'
3
3
  gem 'actionpack', '~>5.1'
4
4
  gem 'rspec'
5
5
  gem 'haml', '~> 5'
6
- gem 'angular_xss', :path => '..'
6
+ gem 'angular_xss', :path => '.'
7
7
  gem 'gemika'
8
8
  gem 'rake'
data/{gemfiles/Gemfile.rails-5.1.haml-5.lock → Gemfile.rails-5.1.haml-5.lock} RENAMED
@@ -1,7 +1,7 @@
1
1
  PATH
2
- remote: ..
2
+ remote: .
3
3
  specs:
4
- angular_xss (0.3.1)
4
+ angular_xss (0.4.0)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -31,7 +31,7 @@ GEM
31
31
  crass (1.0.3)
32
32
  diff-lcs (1.3)
33
33
  erubi (1.7.0)
34
- gemika (0.3.2)
34
+ gemika (0.6.1)
35
35
  haml (5.0.4)
36
36
  temple (>= 0.8.0)
37
37
  tilt
@@ -53,19 +53,19 @@ GEM
53
53
  rails-html-sanitizer (1.0.3)
54
54
  loofah (~> 2.0)
55
55
  rake (12.3.0)
56
- rspec (3.7.0)
57
- rspec-core (~> 3.7.0)
58
- rspec-expectations (~> 3.7.0)
59
- rspec-mocks (~> 3.7.0)
60
- rspec-core (3.7.0)
61
- rspec-support (~> 3.7.0)
62
- rspec-expectations (3.7.0)
56
+ rspec (3.10.0)
57
+ rspec-core (~> 3.10.0)
58
+ rspec-expectations (~> 3.10.0)
59
+ rspec-mocks (~> 3.10.0)
60
+ rspec-core (3.10.1)
61
+ rspec-support (~> 3.10.0)
62
+ rspec-expectations (3.10.1)
63
63
  diff-lcs (>= 1.2.0, < 2.0)
64
- rspec-support (~> 3.7.0)
65
- rspec-mocks (3.7.0)
64
+ rspec-support (~> 3.10.0)
65
+ rspec-mocks (3.10.2)
66
66
  diff-lcs (>= 1.2.0, < 2.0)
67
- rspec-support (~> 3.7.0)
68
- rspec-support (3.7.0)
67
+ rspec-support (~> 3.10.0)
68
+ rspec-support (3.10.2)
69
69
  temple (0.8.0)
70
70
  thread_safe (0.3.6)
71
71
  tilt (2.0.8)
@@ -84,4 +84,4 @@ DEPENDENCIES
84
84
  rspec
85
85
 
86
86
  BUNDLED WITH
87
- 1.15.4
87
+ 2.2.20
data/Gemfile.rails-6.1.haml-5 ADDED
@@ -0,0 +1,8 @@
1
+ source 'http://rubygems.org'
2
+
3
+ gem 'actionpack', '~>6.1'
4
+ gem 'rspec'
5
+ gem 'haml', '~> 5'
6
+ gem 'angular_xss', :path => '.'
7
+ gem 'gemika'
8
+ gem 'rake'
data/Gemfile.rails-6.1.haml-5.lock ADDED
@@ -0,0 +1,90 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ angular_xss (0.4.0)
5
+ activesupport
6
+ haml (>= 3.1.5)
7
+
8
+ GEM
9
+ remote: http://rubygems.org/
10
+ specs:
11
+ actionpack (6.1.3.2)
12
+ actionview (= 6.1.3.2)
13
+ activesupport (= 6.1.3.2)
14
+ rack (~> 2.0, >= 2.0.9)
15
+ rack-test (>= 0.6.3)
16
+ rails-dom-testing (~> 2.0)
17
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
+ actionview (6.1.3.2)
19
+ activesupport (= 6.1.3.2)
20
+ builder (~> 3.1)
21
+ erubi (~> 1.4)
22
+ rails-dom-testing (~> 2.0)
23
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
+ activesupport (6.1.3.2)
25
+ concurrent-ruby (~> 1.0, >= 1.0.2)
26
+ i18n (>= 1.6, < 2)
27
+ minitest (>= 5.1)
28
+ tzinfo (~> 2.0)
29
+ zeitwerk (~> 2.3)
30
+ builder (3.2.4)
31
+ concurrent-ruby (1.1.9)
32
+ crass (1.0.6)
33
+ diff-lcs (1.4.4)
34
+ erubi (1.10.0)
35
+ gemika (0.6.0)
36
+ haml (5.2.1)
37
+ temple (>= 0.8.0)
38
+ tilt
39
+ i18n (1.8.10)
40
+ concurrent-ruby (~> 1.0)
41
+ loofah (2.10.0)
42
+ crass (~> 1.0.2)
43
+ nokogiri (>= 1.5.9)
44
+ mini_portile2 (2.5.3)
45
+ minitest (5.14.4)
46
+ nokogiri (1.11.7)
47
+ mini_portile2 (~> 2.5.0)
48
+ racc (~> 1.4)
49
+ racc (1.5.2)
50
+ rack (2.2.3)
51
+ rack-test (1.1.0)
52
+ rack (>= 1.0, < 3)
53
+ rails-dom-testing (2.0.3)
54
+ activesupport (>= 4.2.0)
55
+ nokogiri (>= 1.6)
56
+ rails-html-sanitizer (1.3.0)
57
+ loofah (~> 2.3)
58
+ rake (13.0.3)
59
+ rspec (3.10.0)
60
+ rspec-core (~> 3.10.0)
61
+ rspec-expectations (~> 3.10.0)
62
+ rspec-mocks (~> 3.10.0)
63
+ rspec-core (3.10.1)
64
+ rspec-support (~> 3.10.0)
65
+ rspec-expectations (3.10.1)
66
+ diff-lcs (>= 1.2.0, < 2.0)
67
+ rspec-support (~> 3.10.0)
68
+ rspec-mocks (3.10.2)
69
+ diff-lcs (>= 1.2.0, < 2.0)
70
+ rspec-support (~> 3.10.0)
71
+ rspec-support (3.10.2)
72
+ temple (0.8.2)
73
+ tilt (2.0.10)
74
+ tzinfo (2.0.4)
75
+ concurrent-ruby (~> 1.0)
76
+ zeitwerk (2.4.2)
77
+
78
+ PLATFORMS
79
+ ruby
80
+
81
+ DEPENDENCIES
82
+ actionpack (~> 6.1)
83
+ angular_xss!
84
+ gemika
85
+ haml (~> 5)
86
+ rake
87
+ rspec
88
+
89
+ BUNDLED WITH
90
+ 2.2.20
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- angular_xss [![Build Status](https://travis-ci.org/makandra/angular_xss.png?branch=master)](https://travis-ci.org/makandra/angular_xss)
1
+ angular_xss [![Build Status](https://github.com/makandra/angular_xss/workflows/Tests/badge.svg)](https://github.com/makandra/angular_xss/actions)
2
2
  ===========
3
3
 
4
4
  When rendering AngularJS templates with a server-side templating engine like ERB or Haml it is easy to introduce XSS vulnerabilities. These vulnerabilities are enabled by AngularJS evaluating user-provided strings containing interpolation symbols (default symbols are `{{` and `}}`).
data/lib/angular_xss/haml.rb CHANGED
@@ -1,4 +1,4 @@
1
- # Haml > 5 falls back to erb
1
+ # Haml 5.0 and 5.1 fall back to erb
2
2
  if Haml::VERSION < '5'
3
3
  # Use module_eval so we crash when Haml::Helpers has not yet been loaded.
4
4
  Haml::Helpers.module_eval do
@@ -14,6 +14,19 @@ if Haml::VERSION < '5'
14
14
 
15
15
  alias_method :html_escape_without_escaping_angular_expressions, :html_escape
16
16
  alias_method :html_escape, :html_escape_with_escaping_angular_expressions
17
+ end
18
+
19
+ elsif Haml::VERSION >= '5.2'
20
+ Haml::Helpers.module_eval do
21
+
22
+ def html_escape_without_haml_xss_with_escaping_angular_expressions(s)
23
+ s = s.to_s
24
+ return s if s.html_safe?
25
+
26
+ html_escape_without_haml_xss_without_escaping_angular_expressions(AngularXss::Escaper.escape(s))
27
+ end
17
28
 
29
+ alias_method :html_escape_without_haml_xss_without_escaping_angular_expressions, :html_escape_without_haml_xss
30
+ alias_method :html_escape_without_haml_xss, :html_escape_without_haml_xss_with_escaping_angular_expressions
18
31
  end
19
32
  end
data/lib/angular_xss/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AngularXss
2
- VERSION = '0.3.1'
2
+ VERSION = '0.4.0'
3
3
  end
data/spec/support/engine_preventing_angular_xss.rb CHANGED
@@ -1,8 +1,12 @@
1
1
  shared_examples_for 'engine preventing Angular XSS' do |partial:|
2
2
 
3
- let(:path_set) { ActionView::PathSet.new([TEMPLATE_ROOT]) }
3
+ let(:path_set) { ActionView::LookupContext.new([TEMPLATE_ROOT]) }
4
4
 
5
- let(:engine) { ActionView::Base.new(path_set) }
5
+ if defined?(ActionView::VERSION) && ActionView::VERSION::MAJOR >= 6
6
+ let(:engine) { ActionView::Base.with_empty_template_cache.new(path_set, {}, nil) }
7
+ else
8
+ let(:engine) { ActionView::Base.new(path_set) }
9
+ end
6
10
 
7
11
  let(:html) { engine.render(partial) }
8
12
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: angular_xss
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Henning Koch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-21 00:00:00.000000000 Z
11
+ date: 2021-08-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -45,26 +45,29 @@ executables: []
45
45
  extensions: []
46
46
  extra_rdoc_files: []
47
47
  files:
48
+ - ".github/workflows/test.yml"
48
49
  - ".gitignore"
49
50
  - ".rspec"
50
51
  - ".ruby-version"
51
- - ".travis.yml"
52
+ - CHANGELOG.md
52
53
  - Gemfile
53
54
  - Gemfile.lock
55
+ - Gemfile.rails-3.2
56
+ - Gemfile.rails-3.2.lock
57
+ - Gemfile.rails-4.2.haml-4
58
+ - Gemfile.rails-4.2.haml-4.lock
59
+ - Gemfile.rails-4.2.haml-5
60
+ - Gemfile.rails-4.2.haml-5.lock
61
+ - Gemfile.rails-5.1.haml-4
62
+ - Gemfile.rails-5.1.haml-4.lock
63
+ - Gemfile.rails-5.1.haml-5
64
+ - Gemfile.rails-5.1.haml-5.lock
65
+ - Gemfile.rails-6.1.haml-5
66
+ - Gemfile.rails-6.1.haml-5.lock
54
67
  - LICENSE
55
68
  - README.md
56
69
  - Rakefile
57
70
  - angular_xss.gemspec
58
- - gemfiles/Gemfile.rails-3.2
59
- - gemfiles/Gemfile.rails-3.2.lock
60
- - gemfiles/Gemfile.rails-4.2.haml-4
61
- - gemfiles/Gemfile.rails-4.2.haml-4.lock
62
- - gemfiles/Gemfile.rails-4.2.haml-5
63
- - gemfiles/Gemfile.rails-4.2.haml-5.lock
64
- - gemfiles/Gemfile.rails-5.1.haml-4
65
- - gemfiles/Gemfile.rails-5.1.haml-4.lock
66
- - gemfiles/Gemfile.rails-5.1.haml-5
67
- - gemfiles/Gemfile.rails-5.1.haml-5.lock
68
71
  - lib/angular_xss.rb
69
72
  - lib/angular_xss/action_view.rb
70
73
  - lib/angular_xss/erb.rb
@@ -98,8 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
98
101
  - !ruby/object:Gem::Version
99
102
  version: '0'
100
103
  requirements: []
101
- rubyforge_project:
102
- rubygems_version: 2.5.2.1
104
+ rubygems_version: 3.1.4
103
105
  signing_key:
104
106
  specification_version: 4
105
107
  summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in
data/.travis.yml DELETED
@@ -1,26 +0,0 @@
1
- language: ruby
2
- sudo: false
3
- rvm:
4
- - "2.1.2"
5
- - "2.3.5"
6
- gemfile:
7
- - gemfiles/Gemfile.rails-3.2
8
- - gemfiles/Gemfile.rails-4.2.haml-4
9
- - gemfiles/Gemfile.rails-4.2.haml-5
10
- - gemfiles/Gemfile.rails-5.1.haml-4
11
- - gemfiles/Gemfile.rails-5.1.haml-5
12
- notifications:
13
- email:
14
- - fail@makandra.de
15
- cache: bundler
16
- install:
17
- # Replace default Travis CI bundler script with a version that doesn't
18
- # explode when lockfile doesn't match recently bumped version
19
- - bundle install --no-deployment --jobs=3 --retry=3 --path=${BUNDLE_PATH:-vendor/bundle}
20
- script: bundle exec rake current_rspec
21
- matrix:
22
- exclude:
23
- - gemfile: gemfiles/Gemfile.rails-5.1.haml-4
24
- rvm: "2.1.2"
25
- - gemfile: gemfiles/Gemfile.rails-5.1.haml-5
26
- rvm: "2.1.2"