RubyGems - antisamy - Versions diffs - 0.2.0 → 0.2.1 - Mend

antisamy 0.2.0 → 0.2.1

Files changed (3) hide show

data/lib/antisamy/html/sax_filter.rb +1 -1
data/spec/antisamy_spec.rb +9 -3
metadata +2 -2

data/lib/antisamy/html/sax_filter.rb CHANGED

@@ -177,7 +177,7 @@ module AntiSamy
               unless valid
                 attrib.expressions.each do |ae|
                   mc = ae.match(a_value)
-                  if mc and mc.size == a_value.size
+                  if mc and mc.to_s == a_value
                     valid_attributes << [a_name,a_value]
                     valid = true
                     break

data/spec/antisamy_spec.rb CHANGED

@@ -85,8 +85,8 @@ module AntiSamy
       "<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>" => "xss",
       "<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS" => "javascript",
       "<IMG SRC='vbscript:msgbox(\"XSS\")'>" => "vbscript",
-      "<a . href=\"http://www.test.com\">" => "href",
-      "<a - href=\"http://www.test.com\">" => "href",
+      "<a . href=\"http://www.test.com\">" => " . ",
+      "<a - href=\"http://www.test.com\">" => "-",
       "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">" => "meta",
       "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">" => "meta",
       "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">" => "meta",
@@ -114,7 +114,7 @@ module AntiSamy
       "<a href='aim: &c:\\windows\\system32\\calc.exe' ini='C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pwnd.bat'>" => "calc.exe",
       "<!--\n<A href=\n- --><a href=javascript:alert:document.domain>test-->" => "javascript",
       "<a></a style=\"\"xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')\">" => "<a style=",
-      "<a onblur=\"alert(secret)\" href=\"http://www.google.com\">Google</a>" => "href",
+      "<a onblur=\"alert(secret)\" href=\"http://www.google.com\">Google</a>" => "blur",
       "<b><i>Some Text</b></i>" => "<i />",
       "<div style=\"font-family: Geneva, Arial, courier new, sans-serif\">" => "font-family",
       "<style type=\"text/css\"><![CDATA[P {  margin-bottom: 0.08in; } ]]></style>" => "margin"
@@ -132,5 +132,11 @@ module AntiSamy
       r.clean_html.should_not be_empty
     end
+    it "should not touch this url" do
+      input = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>"
+      r = AntiSamy.scan(input,policy_object)
+      r.clean_html.should == input
+    end
   end
 end

metadata CHANGED

@@ -2,7 +2,7 @@
 name: antisamy
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Sal Scotto
@@ -174,7 +174,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: -3694882257398018241
+      hash: -3180054777523401817
       segments:
       - 0
       version: "0"