brakeman 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/scanner.rb +16 -4
  2. data/lib/version.rb +1 -1
  3. metadata +3 -3
data/lib/scanner.rb CHANGED
@@ -214,16 +214,28 @@ end
214
214
 
215
215
  #This is from Rails 3 version of the Erubis handler
216
216
  class RailsXSSErubis < ::Erubis::Eruby
217
- include Erubis::NoTextEnhancer
218
217
 
219
- #Initializes output buffer.
220
218
  def add_preamble(src)
221
219
  # src << "_buf = ActionView::SafeBuffer.new;\n"
222
220
  end
223
221
 
224
- #This does nothing.
225
222
  def add_text(src, text)
226
- # src << "@output_buffer << ('" << escape_text(text) << "'.html_safe!);"
223
+ if text.include? "\n"
224
+ lines = text.split("\n")
225
+ if text.match /\n\z/
226
+ lines.each do |line|
227
+ src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n"
228
+ end
229
+ else
230
+ lines[0..-2].each do |line|
231
+ src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n"
232
+ end
233
+
234
+ src << "@output_buffer << ('" << escape_text(lines.last) << "'.html_safe!);"
235
+ end
236
+ else
237
+ src << "@output_buffer << ('" << escape_text(text) << "'.html_safe!);"
238
+ end
227
239
  end
228
240
 
229
241
  BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
data/lib/version.rb CHANGED
@@ -1 +1 @@
1
- Version = "0.4.0"
1
+ Version = "0.4.1"
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 4
8
- - 0
9
- version: 0.4.0
8
+ - 1
9
+ version: 0.4.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Justin Collins
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2011-05-18 00:00:00 -07:00
17
+ date: 2011-05-23 00:00:00 -07:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency