cacheable_flash 0.3.4 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 961455be26c61651eb110faf6af10b4bfccd10bf
-  data.tar.gz: 9c8087e7e479bf5c8d763871d4a090dde48810ff
+  metadata.gz: 521a436267aa47429182e2543c6e31484b5a26a7
+  data.tar.gz: caa107e1cf418fa914f15841a216dd56907bf047
 SHA512:
-  metadata.gz: 2b86f36dce97b83134ba04e0609e4860e41716b2f5471870354e9e1ac7ca4cd351f59d8e8615209ce8f85b653dc346c40a435acfa0c9442b40464ffba3d01bbf
-  data.tar.gz: e893e5b5bb52d187dc2a792038aabec34f5316a8d98ca545beae27237c6ef9a967269f5b3e165cc2a7f007402e4f74ee8f055df33750d44c709db5b79503cca3
+  metadata.gz: ec4cb4e9f1e8d4851c69fc437d23fb7dcc89bf831774ce7710f580b1d40cc3efdc9d3bfd4b6082f523cbc0ed9d32ccd804f1788440280e4f2b5e63f337254182
+  data.tar.gz: 6cc0f31452e25ea430027c07725f9cdcbdfb6966fbc66145735d7ecab781cd2fdad7adef3a7c42a9cdb3777eb9be36fbc7dce92afab6a28169757655a34da62b

data/CHANGELOG

@@ -1,26 +1,38 @@
-0.3.4 - SEP.28.2015
+### 1.0.0 - APR.11.2017
+* Moved from jquery.cookie to js.cookie
+
+
+### 0.3.5 - AUG.18.2016 (unreleased)
+* `around_filter` is deprecated in Rails 5 and will be removed in Rails 5.1. Uses `around_action` if available and falls back to `around_filter` otherwise.
+
+
+### 0.3.4 - SEP.28.2015
 * Maintenance release with minor changes and a security fix
 * fix JS error when flash cookie is not set (new version of jquery.cookie returns undefined when a cookie does not exist) [nickurban]
 * Reflected XSS vulnerability fix [rubyconvict]
 * If domain is not set, do not force as empty string. Breaks IE. [ndreckshage]
 * Update CacheableFlash::RspecMatchers and rspec test suite for latest Rspec v3.3 [Peter Boling]
 
-0.3.3 - SEP.13.2013
+
+### 0.3.3 - SEP.13.2013
 * Maintenance release with lots of minor changes and fixes.
 * Main gem should be API compatible.
 * Small changes to test helpers which will require updating tests using them.
 
-0.3.2 - AUG.23.2012
+
+### 0.3.2 - AUG.23.2012
 * Properly handles stacked flash in cookie flash according to config :append_as option [Peter Boling]
 
-0.3.1 - AUG.22.2012
+
+### 0.3.1 - AUG.22.2012
 * Add specs for non stacking use [Peter Boling]
 * Use stackable_flash/test_helpers instead of reinventing the wheel [Peter Boling]
 * Config now works! [Peter Boling]
 * Update to stackable_flash 0.0.7 (working config) [Peter Boling]
 * default to non stacking [Peter Boling]
 
-0.3.0 - AUG.21.2012
+
+### 0.3.0 - AUG.21.2012
 - Completed integration with stackable_flash (http://github.com/pboling/stackable_flash)
 - Test::Unit helpers and Rspec Matchers updated to be stackable
 - Expanded test suite
@@ -32,7 +44,8 @@
   - (v0.2.X converted everything to string)
 - the CacheableFlash::Config class is experimental, and no code uses the config settings yet.
 
-0.2.10 - AUG.13.2012
+
+### 0.2.10 - AUG.13.2012
 - Split test_helpers from rspec_matchers (test_helpers may be useful in TestUnit
 - When using Middleware: Flash Cookies now stay in the cookie until cleared out by the javascript: closer to guaranteed delivery.
 - Improved spec suite
@@ -41,44 +54,54 @@
 - Added facets runtime dependency
 - corrected namespace of CacheableFlash::CookieFlash
 
-0.2.9 - AUG.08.2012
+
+### 0.2.9 - AUG.08.2012
 - More rearranging
 - Improved integration test of CacheableFlash & CacheableFlash::TestHelpers
 - Updated to latest jquery.cookie
 
-0.2.8 - AUG.07.2012
+
+### 0.2.8 - AUG.07.2012
 - switch from jeweler to gem-release for bumping and tagging
 - bundler update (1.0.24)
 - Escape HTML in flash values unless they're html_safe
 - Add CacheableFlash rack middleware
 
-0.2.7 - JUN.21.2012
+
+### 0.2.7 - JUN.21.2012
 - Note: Does not support flash.now feature of the FlashHash in Rails
 - Corrected directory names for controllers/layouts
 
-0.2.6 - unreleased
+
+### 0.2.6 - unreleased
 - all specs pass with rspec 2.10
 
-0.2.5 - MAR.01.2012
+
+### 0.2.5 - MAR.01.2012
 - Real integration test!
 
-0.2.4 - FEB.27.2012
+
+### 0.2.4 - FEB.27.2012
 - Dependency diet!  No longer requires all of rails - only railties.
 
-0.2.3 - JAN.13.2012
+
+### 0.2.3 - JAN.13.2012
 - Fixed problems loading assets: Sprockets::FileNotFound - thanks jlxw
 - reflect move back to pivotal's repo in README.
 - Updated specs, to running and passing condition!
 - Made rails > 3.0 a dependency, since it is (uses ::Rails::Engine and :Rails::Railtie)
 
-0.2.2 - SEP.10.2011
+
+### 0.2.2 - SEP.10.2011
 - Improved deprecation warnings about using the generator (not needed with asset pipeline)
 - Improved README setup instructions
 
-0.2.1 - SEP.10.2011
+
+### 0.2.1 - SEP.10.2011
 - Fixed bug in generator for those not using asset pipeline, or pre Rails 3.1
 
-0.2.0 - SEP.10.2011 [Peter Boling begins gemification process]
+
+### 0.2.0 - SEP.10.2011 [Peter Boling begins gemification process]
 - Converted to a gem
 - Updated to improved, patched jquery.cookie from https://github.com/pboling/jquery-cookie
 - Merged a few other forks of cacheable-flash
@@ -89,21 +112,26 @@
 Unreleased
 - Implicitly adding js files to Rails include defaults (Patch from Michael Erb)
 
-0.1.5
+
+### 0.1.5
 - Requiring version >= 1.1.2 of the json gem
 - Converted tests into specs
 
-0.1.4
+
+### 0.1.4
 - Added TestHelpers
 - Added flash_cookie method for tests
 
-0.1.3
+
+### 0.1.3
 - Require json in init.rb
 
-0.1.2
+
+### 0.1.2
 - Flash on the Rails side is cleared when written to the cookie
 - Uses existing cookie flash value
 - Using Scriptaculous cookie.js library
 
-0.1.1
+
+### 0.1.1
 - Added cookies.js

data/README.rdoc

@@ -27,13 +27,13 @@ So if you have config.assets.enabled = false in application.rb then in your layo
   javascript_include_tag :cacheable_flash
 
 Otherwise, in your layout, just source them like normal:
-  javascript_include_tag 'flash', 'jquery.cookie'
+  javascript_include_tag 'flash', 'js.cookie'
 
 === With asset pipeline (requires Rails 3.1)
 
 The asset pipeline should have access to the assets in this gem via your app/assets/javascripts/application.js:
   //= require flash
-  //= require jquery.cookie
+  //= require js.cookie
 
 == Mailing List
 
@@ -95,6 +95,10 @@ Use this method if you set flash messages inside a rescue_from block:
     Flash.writeDataTo('notice', $('#notice_div_id'));
   </script>
 
+== Security warning
+The gem is susceptible to reflected XSS attack. Make sure no non-alphanumerical
+user-generated content is stored inside flash messages (html or plain text).
+
 == Testing
 You can test your flash cookies by making assertions on the json of the "flash" cookie.
 Cacheable Flash provides test helpers which includes the flash_cookie method.
@@ -134,7 +138,7 @@ Cacheable Flash provides test helpers which includes the flash_cookie method.
 
   describe TestController, "#index" do
     include CacheableFlash::TestHelpers
-    
+
     it "writes to the flash cookie" do
       get :index
       flash_cookie["notice"].should == "In index"
@@ -153,14 +157,14 @@ Cacheable Flash provides test helpers which includes the flash_cookie method.
 == Versioning
 
 This library aims to adhere to {Semantic Versioning 2.0.0}[http://semver.org/].
-Violations of this scheme should be reported as bugs. Specifically, 
-if a minor or patch version is released that breaks backward 
+Violations of this scheme should be reported as bugs. Specifically,
+if a minor or patch version is released that breaks backward
 compatibility, a new version should be immediately released that
-restores compatibility. Breaking changes to the public API will 
+restores compatibility. Breaking changes to the public API will
 only be introduced with new major versions.
 
-As a result of this policy, you can (and should) specify a 
-dependency on this gem using the {Pessimistic Version Constraint}[http://docs.rubygems.org/read/chapter/16#page74] with two digits of precision. 
+As a result of this policy, you can (and should) specify a
+dependency on this gem using the {Pessimistic Version Constraint}[http://docs.rubygems.org/read/chapter/16#page74] with two digits of precision.
 
 For example:
 

data/init.rb

@@ -2,5 +2,5 @@ require "json"
 require "cacheable_flash"
 #use Rails::VERSION::STRING for rails < 1 somehow -- or perhaps, who cares??
 if ::Rails::VERSION::MAJOR == 2
-  ActionView::Helpers::AssetTagHelper.register_javascript_include_default('jquery.cookie','flash')
+  ActionView::Helpers::AssetTagHelper.register_javascript_include_default('js.cookie','flash')
 end

data/install.rb

@@ -10,9 +10,9 @@ rails_javascripts_dir = "#{Rails.root}/public/javascripts"
 puts "copying flash.js to #{rails_javascripts_dir}"
 cp "#{dir}/flash.js", rails_javascripts_dir
 
-if File.exists?("#{rails_javascripts_dir}/jquery.cookie.js")
-  puts "#{rails_javascripts_dir}/jquery.cookie.js already exists"
+if File.exists?("#{rails_javascripts_dir}/js.cookie.js")
+  puts "#{rails_javascripts_dir}/js.cookie.js already exists"
 else
-  puts "copying jquery.cookie.js to #{rails_javascripts_dir}"
-  cp "#{dir}/jquery.cookie.js", rails_javascripts_dir
+  puts "copying js.cookie.js to #{rails_javascripts_dir}"
+  cp "#{dir}/js.cookie.js", rails_javascripts_dir
 end

data/lib/cacheable_flash.rb

@@ -23,8 +23,15 @@ module CacheableFlash
   include CacheableFlash::CookieFlash
 
   def self.included(base)
-    #base must define around_filter, as in Rails
-    base.around_filter :write_flash_to_cookie
+    #base must define around_action or around_filter, as in Rails
+
+    around_method = if base.respond_to?(:around_action)
+      :around_action
+    else
+      :around_filter
+    end
+
+    base.send around_method, :write_flash_to_cookie
   end
 
   def write_flash_to_cookie

data/lib/cacheable_flash/railtie.rb

@@ -3,7 +3,7 @@ module CacheableFlash
     # Add cacheable flash JS to defaults for Rails < 3.1 (not needed with asset pipeline)
     if ::Rails::VERSION::MAJOR == 3 && ::Rails::VERSION::MINOR == 0
       config.before_configuration do
-        config.action_view.javascript_expansions[:cacheable_flash] = %w(jquery.cookie flash)
+        config.action_view.javascript_expansions[:cacheable_flash] = %w(js.cookie flash)
       end
     end
   end

data/lib/cacheable_flash/version.rb

@@ -1,3 +1,3 @@
 module CacheableFlash
-  VERSION = "0.3.4"
+  VERSION = "1.0.0"
 end

data/lib/generators/cacheable_flash/install/install_generator.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 
 module CacheableFlash
-  # Copies javascript libraries flash.js and jquery.cookie.js to public/javascripts/ (Rails 3.0.X only, Rails 3.1 has asset pipeline)
+  # Copies javascript libraries flash.js and js.cookie.js to public/javascripts/ (Rails 3.0.X only, Rails 3.1 has asset pipeline)
   #
   # @example
   #   $ rails generate cacheable_flash:install
@@ -18,7 +18,7 @@ module CacheableFlash
         ActiveSupport::Deprecation.warn("Rails 3.1 has the asset pipeline, so you only need to copy javascript files if you aren't using it.")
       end
       template 'flash.js',     'public/javascripts/flash.js'
-      template 'jquery.cookie.js', 'public/javascripts/jquery.cookie.js'
+      template 'js.cookie.js', 'public/javascripts/js.cookie.js'
     end
   end
 end

data/spec/cacheable_flash/cacheable_flash_spec.rb

@@ -4,7 +4,7 @@ describe 'CacheableFlash' do
   attr_reader :controller_class, :controller, :cookies
   before do
     @controller_class = Struct.new(:cookies, :flash)
-    allow(@controller_class).to receive(:around_filter)
+    allow(@controller_class).to receive(:around_action)
     @controller_class.send(:include, CacheableFlash)
     @controller = @controller_class.new({}, {})
     @cookies = {}
@@ -120,8 +120,8 @@ describe 'CacheableFlash' do
   end
 
   describe ".included" do
-    it "sets the around_filter on the controller to call #write_flash_to_cookie" do
-      expect(@controller_class).to receive(:around_filter).with(:write_flash_to_cookie)
+    it "sets the around_action on the controller to call #write_flash_to_cookie" do
+      expect(@controller_class).to receive(:around_action).with(:write_flash_to_cookie)
       @controller_class.send(:include, CacheableFlash)
     end
   end

data/vendor/assets/javascripts/flash.js.erb

@@ -4,10 +4,10 @@ var Flash = new Object();
 Flash.data = {};
 
 Flash.transferFromCookies = function() {
-  var data = JSON.parse(unescape($.cookie("flash") || '{}'));
+  var data = JSON.parse(unescape(Cookies.get("flash") || '{}'));
   if(!data) data = {};
   Flash.data = data;
-  $.cookie('flash', null, {path: '/', domain: '<%=CacheableFlash::Config.config[:domain]%>'});
+  Cookies.set('flash', null, {path: '/', domain: '<%=CacheableFlash::Config.config[:domain]%>'});
 };
 
 Flash.writeDataTo = function(name, element, callback) {
@@ -15,7 +15,7 @@ Flash.writeDataTo = function(name, element, callback) {
   var message = "";
   if (Flash.data[name]) {
     message = Flash.data[name].toString().replace(/\+/g, ' ');
-    element.text(message);
+    element.html(message);
     if (callback && typeof(callback) === 'function') {
       callback(element);
     } else {

data/vendor/assets/javascripts/js.cookie.js

@@ -0,0 +1,137 @@
+/*!
+ * JavaScript Cookie v2.0.0-beta.1
+ * https://github.com/js-cookie/js-cookie
+ *
+ * Copyright 2006, 2015 Klaus Hartl
+ * Released under the MIT license
+ */
+(function (factory) {
+  if (typeof define === 'function' && define.amd) {
+    define(factory);
+  } else if (typeof exports === 'object') {
+    module.exports = factory();
+  } else {
+    var _OldCookies = window.Cookies;
+    var api = window.Cookies = factory(window.jQuery);
+    api.noConflict = function () {
+      window.Cookies = _OldCookies;
+      return api;
+    };
+  }
+}(function () {
+  function extend () {
+    var i = 0;
+    var result = {};
+    for (; i < arguments.length; i++) {
+      var attributes = arguments[ i ];
+      for (var key in attributes) {
+        result[key] = attributes[key];
+      }
+    }
+    return result;
+  }
+
+  function init (converter) {
+    function api (key, value, attributes) {
+      var result;
+
+      // Write
+
+      if (arguments.length > 1) {
+        attributes = extend({
+          path: '/'
+        }, api.defaults, attributes);
+
+        if (typeof attributes.expires === 'number') {
+          var expires = new Date();
+          expires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5);
+          attributes.expires = expires;
+        }
+
+        try {
+          result = JSON.stringify(value);
+          if (/^[\{\[]/.test(result)) {
+            value = result;
+          }
+        } catch (e) {}
+
+        value = encodeURIComponent(String(value));
+        value = value.replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);
+
+        key = encodeURIComponent(String(key));
+        key = key.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent);
+        key = key.replace(/[\(\)]/g, escape);
+
+        return (document.cookie = [
+          key, '=', value,
+          attributes.expires && '; expires=' + attributes.expires.toUTCString(), // use expires attribute, max-age is not supported by IE
+          attributes.path    && '; path=' + attributes.path,
+          attributes.domain  && '; domain=' + attributes.domain,
+          attributes.secure  && '; secure'
+        ].join(''));
+      }
+
+      // Read
+
+      if (!key) {
+        result = {};
+      }
+
+      // To prevent the for loop in the first place assign an empty array
+      // in case there are no cookies at all. Also prevents odd result when
+      // calling "get()"
+      var cookies = document.cookie ? document.cookie.split('; ') : [];
+      var rdecode = /(%[0-9A-Z]{2})+/g;
+      var i = 0;
+
+      for (; i < cookies.length; i++) {
+        var parts = cookies[i].split('=');
+        var name = parts[0].replace(rdecode, decodeURIComponent);
+        var cookie = parts.slice(1).join('=');
+
+        if (cookie.charAt(0) === '"') {
+          cookie = cookie.slice(1, -1);
+        }
+
+        cookie = converter && converter(cookie, name) || cookie.replace(rdecode, decodeURIComponent);
+
+        if (this.json) {
+          try {
+            cookie = JSON.parse(cookie);
+          } catch (e) {}
+        }
+
+        if (key === name) {
+          result = cookie;
+          break;
+        }
+
+        if (!key) {
+          result[name] = cookie;
+        }
+      }
+
+      return result;
+    }
+
+    api.get = api.set = api;
+    api.getJSON = function () {
+      return api.apply({
+        json: true
+      }, [].slice.call(arguments));
+    };
+    api.defaults = {};
+
+    api.remove = function (key, attributes) {
+      api(key, '', extend(attributes, {
+        expires: -1
+      }));
+    };
+
+    api.withConverter = init;
+
+    return api;
+  }
+
+  return init();
+}));

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cacheable_flash
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 1.0.0
 platform: ruby
 authors:
 - Peter H. Boling
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-28 00:00:00.000000000 Z
+date: 2017-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: stackable_flash
@@ -219,7 +219,7 @@ files:
 - spec/spec_helper.rb
 - tasks/cacheable_flash_tasks.rake
 - vendor/assets/javascripts/flash.js.erb
-- vendor/assets/javascripts/jquery.cookie.js
+- vendor/assets/javascripts/js.cookie.js
 homepage: http://github.com/pivotal/cacheable-flash
 licenses:
 - MIT
@@ -240,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Render flash messages from a cookie using JavaScript, instead of in your
@@ -292,4 +292,3 @@ test_files:
 - spec/js_unit/flash_test.html
 - spec/requests/integration_spec.rb
 - spec/spec_helper.rb
-has_rdoc: 

data/vendor/assets/javascripts/jquery.cookie.js

@@ -1,47 +0,0 @@
-/*!
- * jQuery Cookie Plugin
- * https://github.com/carhartl/jquery-cookie
- *
- * Copyright 2011, Klaus Hartl
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://www.opensource.org/licenses/mit-license.php
- * http://www.opensource.org/licenses/GPL-2.0
- */
-(function($) {
-    $.cookie = function(key, value, options) {
-
-        // key and at least value given, set cookie...
-        if (arguments.length > 1 && (!/Object/.test(Object.prototype.toString.call(value)) || value === null || value === undefined)) {
-            options = $.extend({}, options);
-
-            if (value === null || value === undefined) {
-                options.expires = -1;
-            }
-
-            if (typeof options.expires === 'number') {
-                var days = options.expires, t = options.expires = new Date();
-                t.setDate(t.getDate() + days);
-            }
-
-            value = String(value);
-
-            return (document.cookie = [
-                encodeURIComponent(key), '=', options.raw ? value : encodeURIComponent(value),
-                options.expires ? '; expires=' + options.expires.toUTCString() : '', // use expires attribute, max-age is not supported by IE
-                options.path    ? '; path=' + options.path : '',
-                options.domain  ? '; domain=' + options.domain : '',
-                options.secure  ? '; secure' : ''
-            ].join(''));
-        }
-
-        // key and possibly options given, get cookie...
-        options = value || {};
-        var decode = options.raw ? function(s) { return s; } : decodeURIComponent;
-
-        var pairs = document.cookie.split('; ');
-        for (var i = 0, pair; pair = pairs[i] && pairs[i].split('='); i++) {
-            if (decode(pair[0]) === key) return decode(pair[1] || ''); // IE saves cookies with empty string as "c; ", e.g. without "=" as opposed to EOMB, thus pair[1] may be undefined
-        }
-        return null;
-    };
-})(jQuery);