angular_xss 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0d7d2dcd19075eb585a144cfbf52e22e61031155dd20e2350bef4df1e213a1d6
4
- data.tar.gz: 06cfba2593dc1c67ba5407575eac8ef032c746cfa127deaaf743f6e752ef85b4
3
+ metadata.gz: eb1a0c1e8ae803433d1bd66dcde3646143295fd909faed0000e4c901d06c2b2c
4
+ data.tar.gz: 2a712de0b5d20e9bbdc6eba1a361ba5ab7d8b3a817df18ec16ed3f9c5f505e7f
5
5
  SHA512:
6
- metadata.gz: 19c422e8f23f5e914dd184ffdf443ba2fffcd6785b86347823de54e71e07a0481f5fc7ef594c9de9f0d701983864fa06f90f402ee94e889e71e4e3cca2d72cdb
7
- data.tar.gz: ba840f913b4b842217b8056d9da914f7fc56e324fe94dbb6d42e0fbec3dc225ae17bc385ec737b836ac7b4e487726b4b6f1d957e9cbb5e727408d4d22d1ab7eb
6
+ metadata.gz: d802e1bb79a3dc3ff5a7b51ee4ec11303a28c68920d6f4f456145360376672f67a16ff55de9761f1ae88e1a86a350296ebb8b02b684ed83ac0a355b75fa0961b
7
+ data.tar.gz: 974517dfd01363d23bec8c776e4198da2e510eea042396c59de17e9d1872e075d4a8ba06d10e73099f018e1c0ca4501cbbc7c9524d49dd277fe396c4ee6a034e
@@ -14,28 +14,34 @@ jobs:
14
14
  fail-fast: false
15
15
  matrix:
16
16
  include:
17
- - ruby: 2.3.5
17
+ - ruby: 2.5.9
18
18
  gemfile: Gemfile.rails-3.2
19
- - ruby: 2.3.5
19
+ - ruby: 2.5.9
20
20
  gemfile: Gemfile.rails-4.2.haml-4
21
- - ruby: 2.3.5
21
+ - ruby: 2.5.9
22
22
  gemfile: Gemfile.rails-4.2.haml-5
23
- - ruby: 2.3.5
23
+ - ruby: 2.5.9
24
24
  gemfile: Gemfile.rails-5.1.haml-4
25
- - ruby: 2.3.5
25
+ - ruby: 2.5.9
26
26
  gemfile: Gemfile.rails-5.1.haml-5
27
+
27
28
  - ruby: 2.7.2
28
29
  gemfile: Gemfile.rails-5.1.haml-4
29
30
  - ruby: 2.7.2
30
31
  gemfile: Gemfile.rails-5.1.haml-5
31
32
  - ruby: 2.7.2
32
33
  gemfile: Gemfile.rails-6.1.haml-5
34
+ - ruby: 2.7.2
35
+ gemfile: Gemfile.rails-7.0.haml-5
36
+
33
37
  - ruby: 3.0.1
34
38
  gemfile: Gemfile.rails-5.1.haml-4
35
39
  - ruby: 3.0.1
36
40
  gemfile: Gemfile.rails-5.1.haml-5
37
41
  - ruby: 3.0.1
38
42
  gemfile: Gemfile.rails-6.1.haml-5
43
+ - ruby: 3.0.1
44
+ gemfile: Gemfile.rails-7.0.haml-5
39
45
  env:
40
46
  BUNDLE_GEMFILE: "${{ matrix.gemfile }}"
41
47
  steps:
data/CHANGELOG.md CHANGED
@@ -10,6 +10,13 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
10
10
  ### Breaking changes
11
11
 
12
12
 
13
+ ## 0.4.1 2022-03-16
14
+
15
+ ### Compatible changes
16
+
17
+ - Add compatibility with Rails 7
18
+ - Require MFA for RubyGems
19
+
13
20
  ## 0.4.0 2021-08-23
14
21
 
15
22
  ### Compatible changes
@@ -69,4 +76,3 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
69
76
  ### Compatible changes
70
77
 
71
78
  - First version.
72
-
data/Gemfile CHANGED
@@ -1 +1 @@
1
- ./Gemfile.rails-5.1.haml-5
1
+ Gemfile.rails-5.1.haml-5
data/Gemfile.lock CHANGED
@@ -1 +1 @@
1
- ./Gemfile.rails-5.1.haml-5.lock
1
+ Gemfile.rails-5.1.haml-5.lock
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- angular_xss (0.4.0)
4
+ angular_xss (0.4.1)
5
5
  activesupport
6
6
  haml (>= 3.1.5)
7
7
 
@@ -0,0 +1,8 @@
1
+ source 'http://rubygems.org'
2
+
3
+ gem 'actionpack', '~>7.0'
4
+ gem 'rspec'
5
+ gem 'haml', '~> 5'
6
+ gem 'angular_xss', :path => '.'
7
+ gem 'gemika'
8
+ gem 'rake'
@@ -0,0 +1,86 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ angular_xss (0.4.1)
5
+ activesupport
6
+ haml (>= 3.1.5)
7
+
8
+ GEM
9
+ remote: http://rubygems.org/
10
+ specs:
11
+ actionpack (7.0.0)
12
+ actionview (= 7.0.0)
13
+ activesupport (= 7.0.0)
14
+ rack (~> 2.0, >= 2.2.0)
15
+ rack-test (>= 0.6.3)
16
+ rails-dom-testing (~> 2.0)
17
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
+ actionview (7.0.0)
19
+ activesupport (= 7.0.0)
20
+ builder (~> 3.1)
21
+ erubi (~> 1.4)
22
+ rails-dom-testing (~> 2.0)
23
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
+ activesupport (7.0.0)
25
+ concurrent-ruby (~> 1.0, >= 1.0.2)
26
+ i18n (>= 1.6, < 2)
27
+ minitest (>= 5.1)
28
+ tzinfo (~> 2.0)
29
+ builder (3.2.4)
30
+ concurrent-ruby (1.1.9)
31
+ crass (1.0.6)
32
+ diff-lcs (1.4.4)
33
+ erubi (1.10.0)
34
+ gemika (0.6.1)
35
+ haml (5.2.2)
36
+ temple (>= 0.8.0)
37
+ tilt
38
+ i18n (1.8.11)
39
+ concurrent-ruby (~> 1.0)
40
+ loofah (2.13.0)
41
+ crass (~> 1.0.2)
42
+ nokogiri (>= 1.5.9)
43
+ minitest (5.15.0)
44
+ nokogiri (1.12.5-x86_64-linux)
45
+ racc (~> 1.4)
46
+ racc (1.6.0)
47
+ rack (2.2.3)
48
+ rack-test (1.1.0)
49
+ rack (>= 1.0, < 3)
50
+ rails-dom-testing (2.0.3)
51
+ activesupport (>= 4.2.0)
52
+ nokogiri (>= 1.6)
53
+ rails-html-sanitizer (1.4.2)
54
+ loofah (~> 2.3)
55
+ rake (13.0.6)
56
+ rspec (3.10.0)
57
+ rspec-core (~> 3.10.0)
58
+ rspec-expectations (~> 3.10.0)
59
+ rspec-mocks (~> 3.10.0)
60
+ rspec-core (3.10.1)
61
+ rspec-support (~> 3.10.0)
62
+ rspec-expectations (3.10.1)
63
+ diff-lcs (>= 1.2.0, < 2.0)
64
+ rspec-support (~> 3.10.0)
65
+ rspec-mocks (3.10.2)
66
+ diff-lcs (>= 1.2.0, < 2.0)
67
+ rspec-support (~> 3.10.0)
68
+ rspec-support (3.10.3)
69
+ temple (0.8.2)
70
+ tilt (2.0.10)
71
+ tzinfo (2.0.4)
72
+ concurrent-ruby (~> 1.0)
73
+
74
+ PLATFORMS
75
+ x86_64-linux
76
+
77
+ DEPENDENCIES
78
+ actionpack (~> 7.0)
79
+ angular_xss!
80
+ gemika
81
+ haml (~> 5)
82
+ rake
83
+ rspec
84
+
85
+ BUNDLED WITH
86
+ 2.2.26
data/README.md CHANGED
@@ -57,6 +57,7 @@ Development
57
57
 
58
58
  - Fork the repository.
59
59
  - Push your changes with specs. There is a Rails 3 test application in `spec/app_root` if you need to test integration with a live Rails app.
60
+ - You may run single tests with a specified Rails version via `BUNDLE_GEMFILE=Gemfile.rails-7.0.haml-5 bundle exec rspec ./spec/angular_xss`
60
61
  - Send a pull request.
61
62
 
62
63
 
data/angular_xss.gemspec CHANGED
@@ -10,6 +10,7 @@ Gem::Specification.new do |s|
10
10
  s.summary = 'Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in unsafe strings.'
11
11
  s.description = s.summary
12
12
  s.license = 'MIT'
13
+ s.metadata = { 'rubygems_mfa_required' => 'true' }
13
14
 
14
15
  s.files = `git ls-files`.split($\)
15
16
  s.test_files = s.files.grep(%r{^spec/})
@@ -1,20 +1,44 @@
1
+ ##
2
+ # Monkey patch ActiveSupport::SafeBuffer to escape double braces from Angular
3
+ #
4
+ # Link to the original implementation without Angular XSS escaping:
5
+ # https://github.com/rails/rails/blob/7-0-stable/activesupport/lib/active_support/core_ext/string/output_safety.rb#L295
6
+ #
1
7
  ActiveSupport::SafeBuffer.class_eval do
2
8
 
3
- if private_method_defined? :html_escape_interpolated_argument
9
+ html_escape = :html_escape_interpolated_argument
10
+
11
+ if private_method_defined?(html_escape) || # Rails < 6.1
12
+ private_method_defined?(:"explicit_#{html_escape}") # Rails >= 6.1
4
13
 
5
14
  private
6
15
 
7
- def html_escape_interpolated_argument_with_angular_xss(arg)
8
- if arg.html_safe?
16
+ def explicit_html_escape_interpolated_argument_with_angular_xss(arg)
17
+ if !html_safe? || arg.html_safe?
9
18
  arg
10
19
  else
11
- html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
20
+ explicit_html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
12
21
  end
13
22
  end
14
23
 
15
- alias_method :html_escape_interpolated_argument_without_angular_xss, :html_escape_interpolated_argument
16
- alias_method :html_escape_interpolated_argument, :html_escape_interpolated_argument_with_angular_xss
24
+ if private_method_defined?(html_escape)
25
+ alias_method :"explicit_#{html_escape}_without_angular_xss", html_escape
26
+ alias_method html_escape, :"explicit_#{html_escape}_with_angular_xss"
27
+ elsif private_method_defined?(:"explicit_#{html_escape}")
28
+ alias_method :"explicit_#{html_escape}_without_angular_xss", :"explicit_#{html_escape}"
29
+ alias_method :"explicit_#{html_escape}", :"explicit_#{html_escape}_with_angular_xss"
30
+ end
17
31
 
32
+ if private_method_defined?(:"implicit_#{html_escape}")
33
+ def implicit_html_escape_interpolated_argument_with_angular_xss(arg)
34
+ if !html_safe? || arg.html_safe?
35
+ arg
36
+ else
37
+ implicit_html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
38
+ end
39
+ end
40
+ alias_method :"implicit_#{html_escape}_without_angular_xss", :"implicit_#{html_escape}"
41
+ alias_method :"implicit_#{html_escape}", :"implicit_#{html_escape}_with_angular_xss"
42
+ end
18
43
  end
19
-
20
44
  end
@@ -1,3 +1,3 @@
1
1
  module AngularXss
2
- VERSION = '0.4.0'
2
+ VERSION = '0.4.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: angular_xss
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Henning Koch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-23 00:00:00.000000000 Z
11
+ date: 2022-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -64,6 +64,8 @@ files:
64
64
  - Gemfile.rails-5.1.haml-5.lock
65
65
  - Gemfile.rails-6.1.haml-5
66
66
  - Gemfile.rails-6.1.haml-5.lock
67
+ - Gemfile.rails-7.0.haml-5
68
+ - Gemfile.rails-7.0.haml-5.lock
67
69
  - LICENSE
68
70
  - README.md
69
71
  - Rakefile
@@ -85,7 +87,8 @@ files:
85
87
  homepage: https://github.com/makandra/angular_xss
86
88
  licenses:
87
89
  - MIT
88
- metadata: {}
90
+ metadata:
91
+ rubygems_mfa_required: 'true'
89
92
  post_install_message:
90
93
  rdoc_options: []
91
94
  require_paths:
@@ -101,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
101
104
  - !ruby/object:Gem::Version
102
105
  version: '0'
103
106
  requirements: []
104
- rubygems_version: 3.1.4
107
+ rubygems_version: 3.3.9
105
108
  signing_key:
106
109
  specification_version: 4
107
110
  summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in