angular_xss 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +11 -5
  3. data/CHANGELOG.md +7 -1
  4. data/Gemfile +1 -1
  5. data/Gemfile.lock +1 -1
  6. data/Gemfile.rails-3.2.lock +1 -1
  7. data/Gemfile.rails-4.2.haml-4.lock +1 -1
  8. data/Gemfile.rails-4.2.haml-5.lock +1 -1
  9. data/Gemfile.rails-5.1.haml-4.lock +1 -1
  10. data/Gemfile.rails-5.1.haml-5.lock +1 -1
  11. data/Gemfile.rails-6.1.haml-5.lock +1 -1
  12. data/Gemfile.rails-7.0.haml-5 +8 -0
  13. data/Gemfile.rails-7.0.haml-5.lock +86 -0
  14. data/README.md +1 -0
  15. data/angular_xss.gemspec +1 -0
  16. data/lib/angular_xss/safe_buffer.rb +31 -7
  17. data/lib/angular_xss/version.rb +1 -1
  18. metadata +7 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0d7d2dcd19075eb585a144cfbf52e22e61031155dd20e2350bef4df1e213a1d6
4
- data.tar.gz: 06cfba2593dc1c67ba5407575eac8ef032c746cfa127deaaf743f6e752ef85b4
3
+ metadata.gz: eb1a0c1e8ae803433d1bd66dcde3646143295fd909faed0000e4c901d06c2b2c
4
+ data.tar.gz: 2a712de0b5d20e9bbdc6eba1a361ba5ab7d8b3a817df18ec16ed3f9c5f505e7f
5
5
  SHA512:
6
- metadata.gz: 19c422e8f23f5e914dd184ffdf443ba2fffcd6785b86347823de54e71e07a0481f5fc7ef594c9de9f0d701983864fa06f90f402ee94e889e71e4e3cca2d72cdb
7
- data.tar.gz: ba840f913b4b842217b8056d9da914f7fc56e324fe94dbb6d42e0fbec3dc225ae17bc385ec737b836ac7b4e487726b4b6f1d957e9cbb5e727408d4d22d1ab7eb
6
+ metadata.gz: d802e1bb79a3dc3ff5a7b51ee4ec11303a28c68920d6f4f456145360376672f67a16ff55de9761f1ae88e1a86a350296ebb8b02b684ed83ac0a355b75fa0961b
7
+ data.tar.gz: 974517dfd01363d23bec8c776e4198da2e510eea042396c59de17e9d1872e075d4a8ba06d10e73099f018e1c0ca4501cbbc7c9524d49dd277fe396c4ee6a034e
data/.github/workflows/test.yml CHANGED
@@ -14,28 +14,34 @@ jobs:
14
14
  fail-fast: false
15
15
  matrix:
16
16
  include:
17
- - ruby: 2.3.5
17
+ - ruby: 2.5.9
18
18
  gemfile: Gemfile.rails-3.2
19
- - ruby: 2.3.5
19
+ - ruby: 2.5.9
20
20
  gemfile: Gemfile.rails-4.2.haml-4
21
- - ruby: 2.3.5
21
+ - ruby: 2.5.9
22
22
  gemfile: Gemfile.rails-4.2.haml-5
23
- - ruby: 2.3.5
23
+ - ruby: 2.5.9
24
24
  gemfile: Gemfile.rails-5.1.haml-4
25
- - ruby: 2.3.5
25
+ - ruby: 2.5.9
26
26
  gemfile: Gemfile.rails-5.1.haml-5
27
+
27
28
  - ruby: 2.7.2
28
29
  gemfile: Gemfile.rails-5.1.haml-4
29
30
  - ruby: 2.7.2
30
31
  gemfile: Gemfile.rails-5.1.haml-5
31
32
  - ruby: 2.7.2
32
33
  gemfile: Gemfile.rails-6.1.haml-5
34
+ - ruby: 2.7.2
35
+ gemfile: Gemfile.rails-7.0.haml-5
36
+
33
37
  - ruby: 3.0.1
34
38
  gemfile: Gemfile.rails-5.1.haml-4
35
39
  - ruby: 3.0.1
36
40
  gemfile: Gemfile.rails-5.1.haml-5
37
41
  - ruby: 3.0.1
38
42
  gemfile: Gemfile.rails-6.1.haml-5
43
+ - ruby: 3.0.1
44
+ gemfile: Gemfile.rails-7.0.haml-5
39
45
  env:
40
46
  BUNDLE_GEMFILE: "${{ matrix.gemfile }}"
41
47
  steps:
data/CHANGELOG.md CHANGED
@@ -10,6 +10,13 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
10
10
  ### Breaking changes
11
11
 
12
12
 
13
+ ## 0.4.1 2022-03-16
14
+
15
+ ### Compatible changes
16
+
17
+ - Add compatibility with Rails 7
18
+ - Require MFA for RubyGems
19
+
13
20
  ## 0.4.0 2021-08-23
14
21
 
15
22
  ### Compatible changes
@@ -69,4 +76,3 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
69
76
  ### Compatible changes
70
77
 
71
78
  - First version.
72
-
data/Gemfile CHANGED
@@ -1 +1 @@
1
- ./Gemfile.rails-5.1.haml-5
1
+ Gemfile.rails-5.1.haml-5
data/Gemfile.lock CHANGED
@@ -1 +1 @@
1
- ./Gemfile.rails-5.1.haml-5.lock
1
+ Gemfile.rails-5.1.haml-5.lock
data/Gemfile.rails-3.2.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
data/Gemfile.rails-4.2.haml-4.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
data/Gemfile.rails-4.2.haml-5.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
data/Gemfile.rails-5.1.haml-4.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
data/Gemfile.rails-5.1.haml-5.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
data/Gemfile.rails-6.1.haml-5.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
data/Gemfile.rails-7.0.haml-5 ADDED
@@ -0,0 +1,8 @@
1
+ source 'http://rubygems.org'
2
+
3
+ gem 'actionpack', '~>7.0'
4
+ gem 'rspec'
5
+ gem 'haml', '~> 5'
6
+ gem 'angular_xss', :path => '.'
7
+ gem 'gemika'
8
+ gem 'rake'
data/Gemfile.rails-7.0.haml-5.lock ADDED
@@ -0,0 +1,86 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ angular_xss (0.4.1)
5
+ activesupport
6
+ haml (>= 3.1.5)
7
+
8
+ GEM
9
+ remote: http://rubygems.org/
10
+ specs:
11
+ actionpack (7.0.0)
12
+ actionview (= 7.0.0)
13
+ activesupport (= 7.0.0)
14
+ rack (~> 2.0, >= 2.2.0)
15
+ rack-test (>= 0.6.3)
16
+ rails-dom-testing (~> 2.0)
17
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
+ actionview (7.0.0)
19
+ activesupport (= 7.0.0)
20
+ builder (~> 3.1)
21
+ erubi (~> 1.4)
22
+ rails-dom-testing (~> 2.0)
23
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
+ activesupport (7.0.0)
25
+ concurrent-ruby (~> 1.0, >= 1.0.2)
26
+ i18n (>= 1.6, < 2)
27
+ minitest (>= 5.1)
28
+ tzinfo (~> 2.0)
29
+ builder (3.2.4)
30
+ concurrent-ruby (1.1.9)
31
+ crass (1.0.6)
32
+ diff-lcs (1.4.4)
33
+ erubi (1.10.0)
34
+ gemika (0.6.1)
35
+ haml (5.2.2)
36
+ temple (>= 0.8.0)
37
+ tilt
38
+ i18n (1.8.11)
39
+ concurrent-ruby (~> 1.0)
40
+ loofah (2.13.0)
41
+ crass (~> 1.0.2)
42
+ nokogiri (>= 1.5.9)
43
+ minitest (5.15.0)
44
+ nokogiri (1.12.5-x86_64-linux)
45
+ racc (~> 1.4)
46
+ racc (1.6.0)
47
+ rack (2.2.3)
48
+ rack-test (1.1.0)
49
+ rack (>= 1.0, < 3)
50
+ rails-dom-testing (2.0.3)
51
+ activesupport (>= 4.2.0)
52
+ nokogiri (>= 1.6)
53
+ rails-html-sanitizer (1.4.2)
54
+ loofah (~> 2.3)
55
+ rake (13.0.6)
56
+ rspec (3.10.0)
57
+ rspec-core (~> 3.10.0)
58
+ rspec-expectations (~> 3.10.0)
59
+ rspec-mocks (~> 3.10.0)
60
+ rspec-core (3.10.1)
61
+ rspec-support (~> 3.10.0)
62
+ rspec-expectations (3.10.1)
63
+ diff-lcs (>= 1.2.0, < 2.0)
64
+ rspec-support (~> 3.10.0)
65
+ rspec-mocks (3.10.2)
66
+ diff-lcs (>= 1.2.0, < 2.0)
67
+ rspec-support (~> 3.10.0)
68
+ rspec-support (3.10.3)
69
+ temple (0.8.2)
70
+ tilt (2.0.10)
71
+ tzinfo (2.0.4)
72
+ concurrent-ruby (~> 1.0)
73
+
74
+ PLATFORMS
75
+ x86_64-linux
76
+
77
+ DEPENDENCIES
78
+ actionpack (~> 7.0)
79
+ angular_xss!
80
+ gemika
81
+ haml (~> 5)
82
+ rake
83
+ rspec
84
+
85
+ BUNDLED WITH
86
+ 2.2.26
data/README.md CHANGED
@@ -57,6 +57,7 @@ Development
57
57
 
58
58
  - Fork the repository.
59
59
  - Push your changes with specs. There is a Rails 3 test application in `spec/app_root` if you need to test integration with a live Rails app.
60
+ - You may run single tests with a specified Rails version via `BUNDLE_GEMFILE=Gemfile.rails-7.0.haml-5 bundle exec rspec ./spec/angular_xss`
60
61
  - Send a pull request.
61
62
 
62
63
 
data/angular_xss.gemspec CHANGED
@@ -10,6 +10,7 @@ Gem::Specification.new do |s|
10
10
  s.summary = 'Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in unsafe strings.'
11
11
  s.description = s.summary
12
12
  s.license = 'MIT'
13
+ s.metadata = { 'rubygems_mfa_required' => 'true' }
13
14
 
14
15
  s.files = `git ls-files`.split($\)
15
16
  s.test_files = s.files.grep(%r{^spec/})
data/lib/angular_xss/safe_buffer.rb CHANGED
@@ -1,20 +1,44 @@
1
+ ##
2
+ # Monkey patch ActiveSupport::SafeBuffer to escape double braces from Angular
3
+ #
4
+ # Link to the original implementation without Angular XSS escaping:
5
+ # https://github.com/rails/rails/blob/7-0-stable/activesupport/lib/active_support/core_ext/string/output_safety.rb#L295
6
+ #
1
7
  ActiveSupport::SafeBuffer.class_eval do
2
8
 
3
- if private_method_defined? :html_escape_interpolated_argument
9
+ html_escape = :html_escape_interpolated_argument
10
+
11
+ if private_method_defined?(html_escape) || # Rails < 6.1
12
+ private_method_defined?(:"explicit_#{html_escape}") # Rails >= 6.1
4
13
 
5
14
  private
6
15
 
7
- def html_escape_interpolated_argument_with_angular_xss(arg)
8
- if arg.html_safe?
16
+ def explicit_html_escape_interpolated_argument_with_angular_xss(arg)
17
+ if !html_safe? || arg.html_safe?
9
18
  arg
10
19
  else
11
- html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
20
+ explicit_html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
12
21
  end
13
22
  end
14
23
 
15
- alias_method :html_escape_interpolated_argument_without_angular_xss, :html_escape_interpolated_argument
16
- alias_method :html_escape_interpolated_argument, :html_escape_interpolated_argument_with_angular_xss
24
+ if private_method_defined?(html_escape)
25
+ alias_method :"explicit_#{html_escape}_without_angular_xss", html_escape
26
+ alias_method html_escape, :"explicit_#{html_escape}_with_angular_xss"
27
+ elsif private_method_defined?(:"explicit_#{html_escape}")
28
+ alias_method :"explicit_#{html_escape}_without_angular_xss", :"explicit_#{html_escape}"
29
+ alias_method :"explicit_#{html_escape}", :"explicit_#{html_escape}_with_angular_xss"
30
+ end
17
31
 
32
+ if private_method_defined?(:"implicit_#{html_escape}")
33
+ def implicit_html_escape_interpolated_argument_with_angular_xss(arg)
34
+ if !html_safe? || arg.html_safe?
35
+ arg
36
+ else
37
+ implicit_html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
38
+ end
39
+ end
40
+ alias_method :"implicit_#{html_escape}_without_angular_xss", :"implicit_#{html_escape}"
41
+ alias_method :"implicit_#{html_escape}", :"implicit_#{html_escape}_with_angular_xss"
42
+ end
18
43
  end
19
-
20
44
  end
data/lib/angular_xss/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AngularXss
2
- VERSION = '0.4.0'
2
+ VERSION = '0.4.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: angular_xss
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Henning Koch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-23 00:00:00.000000000 Z
11
+ date: 2022-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -64,6 +64,8 @@ files:
64
64
  - Gemfile.rails-5.1.haml-5.lock
65
65
  - Gemfile.rails-6.1.haml-5
66
66
  - Gemfile.rails-6.1.haml-5.lock
67
+ - Gemfile.rails-7.0.haml-5
68
+ - Gemfile.rails-7.0.haml-5.lock
67
69
  - LICENSE
68
70
  - README.md
69
71
  - Rakefile
@@ -85,7 +87,8 @@ files:
85
87
  homepage: https://github.com/makandra/angular_xss
86
88
  licenses:
87
89
  - MIT
88
- metadata: {}
90
+ metadata:
91
+ rubygems_mfa_required: 'true'
89
92
  post_install_message:
90
93
  rdoc_options: []
91
94
  require_paths:
@@ -101,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
101
104
  - !ruby/object:Gem::Version
102
105
  version: '0'
103
106
  requirements: []
104
- rubygems_version: 3.1.4
107
+ rubygems_version: 3.3.9
105
108
  signing_key:
106
109
  specification_version: 4
107
110
  summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in