brakeman 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/scanner.rb +16 -4
- data/lib/version.rb +1 -1
- metadata +3 -3
data/lib/scanner.rb
CHANGED
@@ -214,16 +214,28 @@ end
|
|
214
214
|
|
215
215
|
#This is from Rails 3 version of the Erubis handler
|
216
216
|
class RailsXSSErubis < ::Erubis::Eruby
|
217
|
-
include Erubis::NoTextEnhancer
|
218
217
|
|
219
|
-
#Initializes output buffer.
|
220
218
|
def add_preamble(src)
|
221
219
|
# src << "_buf = ActionView::SafeBuffer.new;\n"
|
222
220
|
end
|
223
221
|
|
224
|
-
#This does nothing.
|
225
222
|
def add_text(src, text)
|
226
|
-
|
223
|
+
if text.include? "\n"
|
224
|
+
lines = text.split("\n")
|
225
|
+
if text.match /\n\z/
|
226
|
+
lines.each do |line|
|
227
|
+
src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n"
|
228
|
+
end
|
229
|
+
else
|
230
|
+
lines[0..-2].each do |line|
|
231
|
+
src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n"
|
232
|
+
end
|
233
|
+
|
234
|
+
src << "@output_buffer << ('" << escape_text(lines.last) << "'.html_safe!);"
|
235
|
+
end
|
236
|
+
else
|
237
|
+
src << "@output_buffer << ('" << escape_text(text) << "'.html_safe!);"
|
238
|
+
end
|
227
239
|
end
|
228
240
|
|
229
241
|
BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
|
data/lib/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Version = "0.4.
|
1
|
+
Version = "0.4.1"
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 4
|
8
|
-
-
|
9
|
-
version: 0.4.
|
8
|
+
- 1
|
9
|
+
version: 0.4.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Justin Collins
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-05-
|
17
|
+
date: 2011-05-23 00:00:00 -07:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|