erb_safe_ext 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -1
- data/erb_safe_ext.gemspec +2 -1
- data/lib/erb_safe_ext/sinatra/exception_template.rb +295 -0
- data/lib/erb_safe_ext.rb +0 -1
- data/test/erb_safe_test.rb +2 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d1463d83243d6e11785a43a520e3103e3c06e176
|
4
|
+
data.tar.gz: 5d259dae6dfb15d2eb4905a971b5624a57993850
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4cf47113b3d29d022ec517dac60c0d35b0e275ffae913d7673c2238e8388c20a590bde8db60ab1818e1299b702a91de883e70dddc55d5e950599cbd096a71d45
|
7
|
+
data.tar.gz: cb0edf151bf69d510037900a0518f9d71efa8607393311cf29215bb83d040d3b251bbe038a0ad8cb7da44e340dfeecaa36e5e4c83e4516ec71a1b03c968f1e8e
|
data/README.md
CHANGED
@@ -29,7 +29,7 @@ the `<%==` is the backup of ERB's original `<%=` function.
|
|
29
29
|
```
|
30
30
|
|
31
31
|
|
32
|
-
Test code
|
32
|
+
## Test code
|
33
33
|
|
34
34
|
``` ruby
|
35
35
|
require 'erb_safe_ext'
|
@@ -42,4 +42,21 @@ EOF
|
|
42
42
|
puts template.result
|
43
43
|
```
|
44
44
|
|
45
|
+
## About Sinatra
|
46
|
+
work fine with sinatra(current version is 1.4.4).
|
47
|
+
|
48
|
+
but you should know that sinatra use [tilt](http://rubygems.org/gems/tilt) to render template.
|
49
|
+
|
50
|
+
and sinatra also got Runtime Dependencies with `tilt >= 1.3.4, ~> 1.3`, that will do something make this gem lose effectiveness when you got `erubis` in your environment.
|
51
|
+
|
52
|
+
So don't do following things:
|
53
|
+
|
54
|
+
1. `require 'erubis'`
|
55
|
+
|
56
|
+
2. add gems that dependent on erubis, such as `better_errors` (you may find out all dependences in file `Gemfile.lock`)
|
57
|
+
|
58
|
+
yeah.happy coding:)
|
59
|
+
|
60
|
+
|
61
|
+
|
45
62
|
|
data/erb_safe_ext.gemspec
CHANGED
@@ -5,7 +5,7 @@ require 'sinarey_cache/version'
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "erb_safe_ext"
|
8
|
-
spec.version = "1.0.
|
8
|
+
spec.version = "1.0.3"
|
9
9
|
spec.authors = ["Jeffrey"]
|
10
10
|
spec.email = ["jeffrey6052@163.com"]
|
11
11
|
spec.description = "make ERB default html safe.protect from XSS attack."
|
@@ -14,6 +14,7 @@ Gem::Specification.new do |spec|
|
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
16
|
spec.files = ['lib/erb_safe_ext.rb',
|
17
|
+
'lib/erb_safe_ext/sinatra/exception_template.rb',
|
17
18
|
'test/erb_safe_test.rb',
|
18
19
|
'erb_safe_ext.gemspec',
|
19
20
|
'README.md']
|
@@ -0,0 +1,295 @@
|
|
1
|
+
|
2
|
+
#modify sinatra original exception template,fixed to erb_safe_ext.
|
3
|
+
|
4
|
+
module Sinatra
|
5
|
+
|
6
|
+
class ShowExceptions < Rack::ShowExceptions
|
7
|
+
|
8
|
+
defined?(TEMPLATE) and remove_const(:TEMPLATE)
|
9
|
+
|
10
|
+
TEMPLATE = <<-HTML # :nodoc:
|
11
|
+
<!DOCTYPE html>
|
12
|
+
<html>
|
13
|
+
<head>
|
14
|
+
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
|
15
|
+
<title><%= exception.class %> at <%= path %></title>
|
16
|
+
|
17
|
+
<script type="text/javascript">
|
18
|
+
//<!--
|
19
|
+
function toggle(id) {
|
20
|
+
var pre = document.getElementById("pre-" + id);
|
21
|
+
var post = document.getElementById("post-" + id);
|
22
|
+
var context = document.getElementById("context-" + id);
|
23
|
+
|
24
|
+
if (pre.style.display == 'block') {
|
25
|
+
pre.style.display = 'none';
|
26
|
+
post.style.display = 'none';
|
27
|
+
context.style.background = "none";
|
28
|
+
} else {
|
29
|
+
pre.style.display = 'block';
|
30
|
+
post.style.display = 'block';
|
31
|
+
context.style.background = "#fffed9";
|
32
|
+
}
|
33
|
+
}
|
34
|
+
|
35
|
+
function toggleBacktrace(){
|
36
|
+
var bt = document.getElementById("backtrace");
|
37
|
+
var toggler = document.getElementById("expando");
|
38
|
+
|
39
|
+
if (bt.className == 'condensed') {
|
40
|
+
bt.className = 'expanded';
|
41
|
+
toggler.innerHTML = "(condense)";
|
42
|
+
} else {
|
43
|
+
bt.className = 'condensed';
|
44
|
+
toggler.innerHTML = "(expand)";
|
45
|
+
}
|
46
|
+
}
|
47
|
+
//-->
|
48
|
+
</script>
|
49
|
+
|
50
|
+
<style type="text/css" media="screen">
|
51
|
+
* {margin: 0; padding: 0; border: 0; outline: 0;}
|
52
|
+
div.clear {clear: both;}
|
53
|
+
body {background: #EEEEEE; margin: 0; padding: 0;
|
54
|
+
font-family: 'Lucida Grande', 'Lucida Sans Unicode',
|
55
|
+
'Garuda';}
|
56
|
+
code {font-family: 'Lucida Console', monospace;
|
57
|
+
font-size: 12px;}
|
58
|
+
li {height: 18px;}
|
59
|
+
ul {list-style: none; margin: 0; padding: 0;}
|
60
|
+
ol:hover {cursor: pointer;}
|
61
|
+
ol li {white-space: pre;}
|
62
|
+
#explanation {font-size: 12px; color: #666666;
|
63
|
+
margin: 20px 0 0 100px;}
|
64
|
+
/* WRAP */
|
65
|
+
#wrap {width: 1000px; background: #FFFFFF; margin: 0 auto;
|
66
|
+
padding: 30px 50px 20px 50px;
|
67
|
+
border-left: 1px solid #DDDDDD;
|
68
|
+
border-right: 1px solid #DDDDDD;}
|
69
|
+
/* HEADER */
|
70
|
+
#header {margin: 0 auto 25px auto;}
|
71
|
+
#header img {float: left;}
|
72
|
+
#header #summary {float: left; margin: 12px 0 0 20px; width:660px;
|
73
|
+
font-family: 'Lucida Grande', 'Lucida Sans Unicode';}
|
74
|
+
h1 {margin: 0; font-size: 36px; color: #981919;}
|
75
|
+
h2 {margin: 0; font-size: 22px; color: #333333;}
|
76
|
+
#header ul {margin: 0; font-size: 12px; color: #666666;}
|
77
|
+
#header ul li strong{color: #444444;}
|
78
|
+
#header ul li {display: inline; padding: 0 10px;}
|
79
|
+
#header ul li.first {padding-left: 0;}
|
80
|
+
#header ul li.last {border: 0; padding-right: 0;}
|
81
|
+
/* BODY */
|
82
|
+
#backtrace,
|
83
|
+
#get,
|
84
|
+
#post,
|
85
|
+
#cookies,
|
86
|
+
#rack {width: 980px; margin: 0 auto 10px auto;}
|
87
|
+
p#nav {float: right; font-size: 14px;}
|
88
|
+
/* BACKTRACE */
|
89
|
+
a#expando {float: left; padding-left: 5px; color: #666666;
|
90
|
+
font-size: 14px; text-decoration: none; cursor: pointer;}
|
91
|
+
a#expando:hover {text-decoration: underline;}
|
92
|
+
h3 {float: left; width: 100px; margin-bottom: 10px;
|
93
|
+
color: #981919; font-size: 14px; font-weight: bold;}
|
94
|
+
#nav a {color: #666666; text-decoration: none; padding: 0 5px;}
|
95
|
+
#backtrace li.frame-info {background: #f7f7f7; padding-left: 10px;
|
96
|
+
font-size: 12px; color: #333333;}
|
97
|
+
#backtrace ul {list-style-position: outside; border: 1px solid #E9E9E9;
|
98
|
+
border-bottom: 0;}
|
99
|
+
#backtrace ol {width: 920px; margin-left: 50px;
|
100
|
+
font: 10px 'Lucida Console', monospace; color: #666666;}
|
101
|
+
#backtrace ol li {border: 0; border-left: 1px solid #E9E9E9;
|
102
|
+
padding: 2px 0;}
|
103
|
+
#backtrace ol code {font-size: 10px; color: #555555; padding-left: 5px;}
|
104
|
+
#backtrace-ul li {border-bottom: 1px solid #E9E9E9; height: auto;
|
105
|
+
padding: 3px 0;}
|
106
|
+
#backtrace-ul .code {padding: 6px 0 4px 0;}
|
107
|
+
#backtrace.condensed .system,
|
108
|
+
#backtrace.condensed .framework {display:none;}
|
109
|
+
/* REQUEST DATA */
|
110
|
+
p.no-data {padding-top: 2px; font-size: 12px; color: #666666;}
|
111
|
+
table.req {width: 980px; text-align: left; font-size: 12px;
|
112
|
+
color: #666666; padding: 0; border-spacing: 0;
|
113
|
+
border: 1px solid #EEEEEE; border-bottom: 0;
|
114
|
+
border-left: 0;
|
115
|
+
clear:both}
|
116
|
+
table.req tr th {padding: 2px 10px; font-weight: bold;
|
117
|
+
background: #F7F7F7; border-bottom: 1px solid #EEEEEE;
|
118
|
+
border-left: 1px solid #EEEEEE;}
|
119
|
+
table.req tr td {padding: 2px 20px 2px 10px;
|
120
|
+
border-bottom: 1px solid #EEEEEE;
|
121
|
+
border-left: 1px solid #EEEEEE;}
|
122
|
+
/* HIDE PRE/POST CODE AT START */
|
123
|
+
.pre-context,
|
124
|
+
.post-context {display: none;}
|
125
|
+
|
126
|
+
table td.code {width:750px}
|
127
|
+
table td.code div {width:750px;overflow:hidden}
|
128
|
+
</style>
|
129
|
+
</head>
|
130
|
+
<body>
|
131
|
+
<div id="wrap">
|
132
|
+
<div id="header">
|
133
|
+
<img src="<%== env['SCRIPT_NAME'] %>/__sinatra__/500.png" alt="application error" height="161" width="313" />
|
134
|
+
<div id="summary">
|
135
|
+
<h1><strong><%= exception.class %></strong> at <strong><%= path %>
|
136
|
+
</strong></h1>
|
137
|
+
<h2><%= exception.message %></h2>
|
138
|
+
<ul>
|
139
|
+
<li class="first"><strong>file:</strong> <code>
|
140
|
+
<%= frames.first.filename.split("/").last %></code></li>
|
141
|
+
<li><strong>location:</strong> <code><%= frames.first.function %>
|
142
|
+
</code></li>
|
143
|
+
<li class="last"><strong>line:
|
144
|
+
</strong> <%= frames.first.lineno %></li>
|
145
|
+
</ul>
|
146
|
+
</div>
|
147
|
+
<div class="clear"></div>
|
148
|
+
</div>
|
149
|
+
|
150
|
+
<div id="backtrace" class='condensed'>
|
151
|
+
<h3>BACKTRACE</h3>
|
152
|
+
<p><a href="#" id="expando"
|
153
|
+
onclick="toggleBacktrace(); return false">(expand)</a></p>
|
154
|
+
<p id="nav"><strong>JUMP TO:</strong>
|
155
|
+
<a href="#get-info">GET</a>
|
156
|
+
<a href="#post-info">POST</a>
|
157
|
+
<a href="#cookie-info">COOKIES</a>
|
158
|
+
<a href="#env-info">ENV</a>
|
159
|
+
</p>
|
160
|
+
<div class="clear"></div>
|
161
|
+
|
162
|
+
<ul id="backtrace-ul">
|
163
|
+
|
164
|
+
<% id = 1 %>
|
165
|
+
<% frames.each do |frame| %>
|
166
|
+
<% if frame.context_line && frame.context_line != "#" %>
|
167
|
+
|
168
|
+
<li class="frame-info <%== frame_class(frame) %>">
|
169
|
+
<code><%= frame.filename %></code> in
|
170
|
+
<code><strong><%= frame.function %></strong></code>
|
171
|
+
</li>
|
172
|
+
|
173
|
+
<li class="code <%== frame_class(frame) %>">
|
174
|
+
<% if frame.pre_context %>
|
175
|
+
<ol start="<%= frame.pre_context_lineno + 1 %>"
|
176
|
+
class="pre-context" id="pre-<%== id %>"
|
177
|
+
onclick="toggle(<%== id %>);">
|
178
|
+
<% frame.pre_context.each do |line| %>
|
179
|
+
<li class="pre-context-line"><code><%= line %></code></li>
|
180
|
+
<% end %>
|
181
|
+
</ol>
|
182
|
+
<% end %>
|
183
|
+
|
184
|
+
<ol start="<%== frame.lineno %>" class="context" id="<%== id %>"
|
185
|
+
onclick="toggle(<%== id %>);">
|
186
|
+
<li class="context-line" id="context-<%== id %>"><code><%= frame.context_line %></code></li>
|
187
|
+
</ol>
|
188
|
+
|
189
|
+
<% if frame.post_context %>
|
190
|
+
<ol start="<%= frame.lineno + 1 %>" class="post-context"
|
191
|
+
id="post-<%== id %>" onclick="toggle(<%== id %>);">
|
192
|
+
<% frame.post_context.each do |line| %>
|
193
|
+
<li class="post-context-line"><code><%= line %></code></li>
|
194
|
+
<% end %>
|
195
|
+
</ol>
|
196
|
+
<% end %>
|
197
|
+
<div class="clear"></div>
|
198
|
+
</li>
|
199
|
+
|
200
|
+
<% end %>
|
201
|
+
|
202
|
+
<% id += 1 %>
|
203
|
+
<% end %>
|
204
|
+
|
205
|
+
</ul>
|
206
|
+
</div> <!-- /BACKTRACE -->
|
207
|
+
|
208
|
+
<div id="get">
|
209
|
+
<h3 id="get-info">GET</h3>
|
210
|
+
<% if req.GET and not req.GET.empty? %>
|
211
|
+
<table class="req">
|
212
|
+
<tr>
|
213
|
+
<th>Variable</th>
|
214
|
+
<th>Value</th>
|
215
|
+
</tr>
|
216
|
+
<% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
217
|
+
<tr>
|
218
|
+
<td><%= key %></td>
|
219
|
+
<td class="code"><div><%= val.inspect %></div></td>
|
220
|
+
</tr>
|
221
|
+
<% } %>
|
222
|
+
</table>
|
223
|
+
<% else %>
|
224
|
+
<p class="no-data">No GET data.</p>
|
225
|
+
<% end %>
|
226
|
+
<div class="clear"></div>
|
227
|
+
</div> <!-- /GET -->
|
228
|
+
|
229
|
+
<div id="post">
|
230
|
+
<h3 id="post-info">POST</h3>
|
231
|
+
<% if req.POST and not req.POST.empty? %>
|
232
|
+
<table class="req">
|
233
|
+
<tr>
|
234
|
+
<th>Variable</th>
|
235
|
+
<th>Value</th>
|
236
|
+
</tr>
|
237
|
+
<% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
238
|
+
<tr>
|
239
|
+
<td><%= key %></td>
|
240
|
+
<td class="code"><div><%= val.inspect %></div></td>
|
241
|
+
</tr>
|
242
|
+
<% } %>
|
243
|
+
</table>
|
244
|
+
<% else %>
|
245
|
+
<p class="no-data">No POST data.</p>
|
246
|
+
<% end %>
|
247
|
+
<div class="clear"></div>
|
248
|
+
</div> <!-- /POST -->
|
249
|
+
|
250
|
+
<div id="cookies">
|
251
|
+
<h3 id="cookie-info">COOKIES</h3>
|
252
|
+
<% unless req.cookies.empty? %>
|
253
|
+
<table class="req">
|
254
|
+
<tr>
|
255
|
+
<th>Variable</th>
|
256
|
+
<th>Value</th>
|
257
|
+
</tr>
|
258
|
+
<% req.cookies.each { |key, val| %>
|
259
|
+
<tr>
|
260
|
+
<td><%= key %></td>
|
261
|
+
<td class="code"><div><%= val.inspect %></div></td>
|
262
|
+
</tr>
|
263
|
+
<% } %>
|
264
|
+
</table>
|
265
|
+
<% else %>
|
266
|
+
<p class="no-data">No cookie data.</p>
|
267
|
+
<% end %>
|
268
|
+
<div class="clear"></div>
|
269
|
+
</div> <!-- /COOKIES -->
|
270
|
+
|
271
|
+
<div id="rack">
|
272
|
+
<h3 id="env-info">Rack ENV</h3>
|
273
|
+
<table class="req">
|
274
|
+
<tr>
|
275
|
+
<th>Variable</th>
|
276
|
+
<th>Value</th>
|
277
|
+
</tr>
|
278
|
+
<% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
279
|
+
<tr>
|
280
|
+
<td><%= key %></td>
|
281
|
+
<td class="code"><div><%= val %></div></td>
|
282
|
+
</tr>
|
283
|
+
<% } %>
|
284
|
+
</table>
|
285
|
+
<div class="clear"></div>
|
286
|
+
</div> <!-- /RACK ENV -->
|
287
|
+
|
288
|
+
<p id="explanation">You're seeing this error because you have
|
289
|
+
enabled the <code>show_exceptions</code> setting.</p>
|
290
|
+
</div> <!-- /WRAP -->
|
291
|
+
</body>
|
292
|
+
</html>
|
293
|
+
HTML
|
294
|
+
end
|
295
|
+
end
|
data/lib/erb_safe_ext.rb
CHANGED
data/test/erb_safe_test.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: erb_safe_ext
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeffrey
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-03-04 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: make ERB default html safe.protect from XSS attack.
|
14
14
|
email:
|
@@ -18,6 +18,7 @@ extensions: []
|
|
18
18
|
extra_rdoc_files: []
|
19
19
|
files:
|
20
20
|
- lib/erb_safe_ext.rb
|
21
|
+
- lib/erb_safe_ext/sinatra/exception_template.rb
|
21
22
|
- test/erb_safe_test.rb
|
22
23
|
- erb_safe_ext.gemspec
|
23
24
|
- README.md
|