RubyGems - angular_xss - Versions diffs - 0.4.0 → 0.4.1 - Mend

angular_xss 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/.github/workflows/test.yml +11 -5
data/CHANGELOG.md +7 -1
data/Gemfile +1 -1
data/Gemfile.lock +1 -1
data/Gemfile.rails-3.2.lock +1 -1
data/Gemfile.rails-4.2.haml-4.lock +1 -1
data/Gemfile.rails-4.2.haml-5.lock +1 -1
data/Gemfile.rails-5.1.haml-4.lock +1 -1
data/Gemfile.rails-5.1.haml-5.lock +1 -1
data/Gemfile.rails-6.1.haml-5.lock +1 -1
data/Gemfile.rails-7.0.haml-5 +8 -0
data/Gemfile.rails-7.0.haml-5.lock +86 -0
data/README.md +1 -0
data/angular_xss.gemspec +1 -0
data/lib/angular_xss/safe_buffer.rb +31 -7
data/lib/angular_xss/version.rb +1 -1
metadata +7 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d7d2dcd19075eb585a144cfbf52e22e61031155dd20e2350bef4df1e213a1d6
-  data.tar.gz: 06cfba2593dc1c67ba5407575eac8ef032c746cfa127deaaf743f6e752ef85b4
+  metadata.gz: eb1a0c1e8ae803433d1bd66dcde3646143295fd909faed0000e4c901d06c2b2c
+  data.tar.gz: 2a712de0b5d20e9bbdc6eba1a361ba5ab7d8b3a817df18ec16ed3f9c5f505e7f
 SHA512:
-  metadata.gz: 19c422e8f23f5e914dd184ffdf443ba2fffcd6785b86347823de54e71e07a0481f5fc7ef594c9de9f0d701983864fa06f90f402ee94e889e71e4e3cca2d72cdb
-  data.tar.gz: ba840f913b4b842217b8056d9da914f7fc56e324fe94dbb6d42e0fbec3dc225ae17bc385ec737b836ac7b4e487726b4b6f1d957e9cbb5e727408d4d22d1ab7eb
+  metadata.gz: d802e1bb79a3dc3ff5a7b51ee4ec11303a28c68920d6f4f456145360376672f67a16ff55de9761f1ae88e1a86a350296ebb8b02b684ed83ac0a355b75fa0961b
+  data.tar.gz: 974517dfd01363d23bec8c776e4198da2e510eea042396c59de17e9d1872e075d4a8ba06d10e73099f018e1c0ca4501cbbc7c9524d49dd277fe396c4ee6a034e

data/.github/workflows/test.yml CHANGED Viewed

@@ -14,28 +14,34 @@ jobs:
       fail-fast: false
       matrix:
         include:
-        - ruby: 2.3.5
+        - ruby: 2.5.9
           gemfile: Gemfile.rails-3.2
-        - ruby: 2.3.5
+        - ruby: 2.5.9
           gemfile: Gemfile.rails-4.2.haml-4
-        - ruby: 2.3.5
+        - ruby: 2.5.9
           gemfile: Gemfile.rails-4.2.haml-5
-        - ruby: 2.3.5
+        - ruby: 2.5.9
           gemfile: Gemfile.rails-5.1.haml-4
-        - ruby: 2.3.5
+        - ruby: 2.5.9
           gemfile: Gemfile.rails-5.1.haml-5
         - ruby: 2.7.2
           gemfile: Gemfile.rails-5.1.haml-4
         - ruby: 2.7.2
           gemfile: Gemfile.rails-5.1.haml-5
         - ruby: 2.7.2
           gemfile: Gemfile.rails-6.1.haml-5
+        - ruby: 2.7.2
+          gemfile: Gemfile.rails-7.0.haml-5
         - ruby: 3.0.1
           gemfile: Gemfile.rails-5.1.haml-4
         - ruby: 3.0.1
           gemfile: Gemfile.rails-5.1.haml-5
         - ruby: 3.0.1
           gemfile: Gemfile.rails-6.1.haml-5
+        - ruby: 3.0.1
+          gemfile: Gemfile.rails-7.0.haml-5
     env:
       BUNDLE_GEMFILE: "${{ matrix.gemfile }}"
     steps:

data/CHANGELOG.md CHANGED Viewed

@@ -10,6 +10,13 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
 ### Breaking changes
+## 0.4.1 2022-03-16
+### Compatible changes
+- Add compatibility with Rails 7
+- Require MFA for RubyGems
 ## 0.4.0 2021-08-23
 ### Compatible changes
@@ -69,4 +76,3 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
 ### Compatible changes
 - First version.

data/Gemfile CHANGED Viewed

	@@ -1 +1 @@
1	- ./Gemfile.rails-5.1.haml-5
1	+ Gemfile.rails-5.1.haml-5

data/Gemfile.lock CHANGED Viewed

	@@ -1 +1 @@
1	- ./Gemfile.rails-5.1.haml-5.lock
1	+ Gemfile.rails-5.1.haml-5.lock

data/Gemfile.rails-3.2.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    angular_xss (0.4.0)
+    angular_xss (0.4.1)
       activesupport
       haml (>= 3.1.5)

data/Gemfile.rails-4.2.haml-4.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    angular_xss (0.4.0)
+    angular_xss (0.4.1)
       activesupport
       haml (>= 3.1.5)

data/Gemfile.rails-4.2.haml-5.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    angular_xss (0.4.0)
+    angular_xss (0.4.1)
       activesupport
       haml (>= 3.1.5)

data/Gemfile.rails-5.1.haml-4.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    angular_xss (0.4.0)
+    angular_xss (0.4.1)
       activesupport
       haml (>= 3.1.5)

data/Gemfile.rails-5.1.haml-5.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    angular_xss (0.4.0)
+    angular_xss (0.4.1)
       activesupport
       haml (>= 3.1.5)

data/Gemfile.rails-6.1.haml-5.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    angular_xss (0.4.0)
+    angular_xss (0.4.1)
       activesupport
       haml (>= 3.1.5)

data/Gemfile.rails-7.0.haml-5 ADDED Viewed

@@ -0,0 +1,8 @@
+source 'http://rubygems.org'
+gem 'actionpack', '~>7.0'
+gem 'rspec'
+gem 'haml', '~> 5'
+gem 'angular_xss', :path => '.'
+gem 'gemika'
+gem 'rake'

data/Gemfile.rails-7.0.haml-5.lock ADDED Viewed

@@ -0,0 +1,86 @@
+PATH
+  remote: .
+  specs:
+    angular_xss (0.4.1)
+      activesupport
+      haml (>= 3.1.5)
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionpack (7.0.0)
+      actionview (= 7.0.0)
+      activesupport (= 7.0.0)
+      rack (~> 2.0, >= 2.2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (7.0.0)
+      activesupport (= 7.0.0)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activesupport (7.0.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    builder (3.2.4)
+    concurrent-ruby (1.1.9)
+    crass (1.0.6)
+    diff-lcs (1.4.4)
+    erubi (1.10.0)
+    gemika (0.6.1)
+    haml (5.2.2)
+      temple (>= 0.8.0)
+      tilt
+    i18n (1.8.11)
+      concurrent-ruby (~> 1.0)
+    loofah (2.13.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    minitest (5.15.0)
+    nokogiri (1.12.5-x86_64-linux)
+      racc (~> 1.4)
+    racc (1.6.0)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.4.2)
+      loofah (~> 2.3)
+    rake (13.0.6)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.3)
+    temple (0.8.2)
+    tilt (2.0.10)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+PLATFORMS
+  x86_64-linux
+DEPENDENCIES
+  actionpack (~> 7.0)
+  angular_xss!
+  gemika
+  haml (~> 5)
+  rake
+  rspec
+BUNDLED WITH
+   2.2.26

data/README.md CHANGED Viewed

@@ -57,6 +57,7 @@ Development
 - Fork the repository.
 - Push your changes with specs. There is a Rails 3 test application in `spec/app_root` if you need to test integration with a live Rails app.
+- You may run single tests with a specified Rails version via `BUNDLE_GEMFILE=Gemfile.rails-7.0.haml-5 bundle exec rspec ./spec/angular_xss`
 - Send a pull request.

data/angular_xss.gemspec CHANGED Viewed

@@ -10,6 +10,7 @@ Gem::Specification.new do |s|
   s.summary = 'Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in unsafe strings.'
   s.description = s.summary
   s.license = 'MIT'
+  s.metadata = { 'rubygems_mfa_required' => 'true' }
   s.files         = `git ls-files`.split($\)
   s.test_files    = s.files.grep(%r{^spec/})

data/lib/angular_xss/safe_buffer.rb CHANGED Viewed

@@ -1,20 +1,44 @@
+##
+# Monkey patch ActiveSupport::SafeBuffer to escape double braces from Angular
+#
+# Link to the original implementation without Angular XSS escaping:
+# https://github.com/rails/rails/blob/7-0-stable/activesupport/lib/active_support/core_ext/string/output_safety.rb#L295
+#
 ActiveSupport::SafeBuffer.class_eval do
-  if private_method_defined? :html_escape_interpolated_argument
+  html_escape = :html_escape_interpolated_argument
+  if private_method_defined?(html_escape) || # Rails < 6.1
+    private_method_defined?(:"explicit_#{html_escape}") # Rails >= 6.1
     private
-    def html_escape_interpolated_argument_with_angular_xss(arg)
-      if arg.html_safe?
+    def explicit_html_escape_interpolated_argument_with_angular_xss(arg)
+      if !html_safe? || arg.html_safe?
         arg
       else
-        html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
+        explicit_html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
       end
     end
-    alias_method :html_escape_interpolated_argument_without_angular_xss, :html_escape_interpolated_argument
-    alias_method :html_escape_interpolated_argument, :html_escape_interpolated_argument_with_angular_xss
+    if private_method_defined?(html_escape)
+      alias_method :"explicit_#{html_escape}_without_angular_xss", html_escape
+      alias_method html_escape, :"explicit_#{html_escape}_with_angular_xss"
+    elsif private_method_defined?(:"explicit_#{html_escape}")
+      alias_method :"explicit_#{html_escape}_without_angular_xss", :"explicit_#{html_escape}"
+      alias_method :"explicit_#{html_escape}", :"explicit_#{html_escape}_with_angular_xss"
+    end
+    if private_method_defined?(:"implicit_#{html_escape}")
+      def implicit_html_escape_interpolated_argument_with_angular_xss(arg)
+        if !html_safe? || arg.html_safe?
+          arg
+        else
+          implicit_html_escape_interpolated_argument_without_angular_xss(AngularXss::Escaper.escape(arg))
+        end
+      end
+      alias_method :"implicit_#{html_escape}_without_angular_xss", :"implicit_#{html_escape}"
+      alias_method :"implicit_#{html_escape}", :"implicit_#{html_escape}_with_angular_xss"
+    end
   end
 end

data/lib/angular_xss/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AngularXss
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: angular_xss
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Henning Koch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-23 00:00:00.000000000 Z
+date: 2022-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -64,6 +64,8 @@ files:
 - Gemfile.rails-5.1.haml-5.lock
 - Gemfile.rails-6.1.haml-5
 - Gemfile.rails-6.1.haml-5.lock
+- Gemfile.rails-7.0.haml-5
+- Gemfile.rails-7.0.haml-5.lock
 - LICENSE
 - README.md
 - Rakefile
@@ -85,7 +87,8 @@ files:
 homepage: https://github.com/makandra/angular_xss
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -101,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.3.9
 signing_key:
 specification_version: 4
 summary: Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in