erb_safe_ext 1.0.3 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +10 -0
- data/erb_safe_ext.gemspec +2 -2
- data/lib/erb_safe_ext/sinatra/exception_template.rb +295 -295
- data/lib/erb_safe_ext.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9640d5151b33178ab899dc49ead4fcaa156c873d
|
4
|
+
data.tar.gz: 9526e84f5cb6bc45b697d37304b82f069c5d2003
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ae4dac2679ad428b821d2960d39e4a6fa8e045335ff4c2e8573e2a96b5bf8948f24134a0c6eb2744c2b60d8ed0ce18d852fc50cf1ab3715d085494cd7eff922a
|
7
|
+
data.tar.gz: 0b9d7e9198b49e3c0837e970155bee80ad397c0427c296fef183f1d5d57acd1e671f3ff2cf2d340d6ce852b5578b3848cd5882876a8ff0ec9b07f9055cf8d188
|
data/README.md
CHANGED
@@ -55,6 +55,16 @@ So don't do following things:
|
|
55
55
|
|
56
56
|
2. add gems that dependent on erubis, such as `better_errors` (you may find out all dependences in file `Gemfile.lock`)
|
57
57
|
|
58
|
+
|
59
|
+
### Sinatra exception template
|
60
|
+
the original sinatra exception template display ugly with erb_safe_ext, so I rewrite it.
|
61
|
+
|
62
|
+
``` ruby
|
63
|
+
require 'sinatra/base'
|
64
|
+
require 'erb_safe_ext/sinatra/exception_template'
|
65
|
+
```
|
66
|
+
|
67
|
+
|
58
68
|
yeah.happy coding:)
|
59
69
|
|
60
70
|
|
data/erb_safe_ext.gemspec
CHANGED
@@ -5,12 +5,12 @@ require 'sinarey_cache/version'
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "erb_safe_ext"
|
8
|
-
spec.version = "1.0.
|
8
|
+
spec.version = "1.0.4"
|
9
9
|
spec.authors = ["Jeffrey"]
|
10
10
|
spec.email = ["jeffrey6052@163.com"]
|
11
11
|
spec.description = "make ERB default html safe.protect from XSS attack."
|
12
12
|
spec.summary = "wrap the dangerous code with ERB::Util.html_escape()"
|
13
|
-
spec.homepage = "https://github.com/
|
13
|
+
spec.homepage = "https://github.com/Jeffrey6052/erb_safe_ext"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
16
|
spec.files = ['lib/erb_safe_ext.rb',
|
@@ -1,295 +1,295 @@
|
|
1
|
-
|
2
|
-
#modify sinatra original exception template,fixed to erb_safe_ext.
|
3
|
-
|
4
|
-
module Sinatra
|
5
|
-
|
6
|
-
class ShowExceptions < Rack::ShowExceptions
|
7
|
-
|
8
|
-
defined?(TEMPLATE) and remove_const(:TEMPLATE)
|
9
|
-
|
10
|
-
TEMPLATE = <<-HTML # :nodoc:
|
11
|
-
<!DOCTYPE html>
|
12
|
-
<html>
|
13
|
-
<head>
|
14
|
-
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
|
15
|
-
<title><%= exception.class %> at <%= path %></title>
|
16
|
-
|
17
|
-
<script type="text/javascript">
|
18
|
-
//<!--
|
19
|
-
function toggle(id) {
|
20
|
-
var pre = document.getElementById("pre-" + id);
|
21
|
-
var post = document.getElementById("post-" + id);
|
22
|
-
var context = document.getElementById("context-" + id);
|
23
|
-
|
24
|
-
if (pre.style.display == 'block') {
|
25
|
-
pre.style.display = 'none';
|
26
|
-
post.style.display = 'none';
|
27
|
-
context.style.background = "none";
|
28
|
-
} else {
|
29
|
-
pre.style.display = 'block';
|
30
|
-
post.style.display = 'block';
|
31
|
-
context.style.background = "#fffed9";
|
32
|
-
}
|
33
|
-
}
|
34
|
-
|
35
|
-
function toggleBacktrace(){
|
36
|
-
var bt = document.getElementById("backtrace");
|
37
|
-
var toggler = document.getElementById("expando");
|
38
|
-
|
39
|
-
if (bt.className == 'condensed') {
|
40
|
-
bt.className = 'expanded';
|
41
|
-
toggler.innerHTML = "(condense)";
|
42
|
-
} else {
|
43
|
-
bt.className = 'condensed';
|
44
|
-
toggler.innerHTML = "(expand)";
|
45
|
-
}
|
46
|
-
}
|
47
|
-
//-->
|
48
|
-
</script>
|
49
|
-
|
50
|
-
<style type="text/css" media="screen">
|
51
|
-
* {margin: 0; padding: 0; border: 0; outline: 0;}
|
52
|
-
div.clear {clear: both;}
|
53
|
-
body {background: #EEEEEE; margin: 0; padding: 0;
|
54
|
-
font-family: 'Lucida Grande', 'Lucida Sans Unicode',
|
55
|
-
'Garuda';}
|
56
|
-
code {font-family: 'Lucida Console', monospace;
|
57
|
-
font-size: 12px;}
|
58
|
-
li {height: 18px;}
|
59
|
-
ul {list-style: none; margin: 0; padding: 0;}
|
60
|
-
ol:hover {cursor: pointer;}
|
61
|
-
ol li {white-space: pre;}
|
62
|
-
#explanation {font-size: 12px; color: #666666;
|
63
|
-
margin: 20px 0 0 100px;}
|
64
|
-
/* WRAP */
|
65
|
-
#wrap {width: 1000px; background: #FFFFFF; margin: 0 auto;
|
66
|
-
padding: 30px 50px 20px 50px;
|
67
|
-
border-left: 1px solid #DDDDDD;
|
68
|
-
border-right: 1px solid #DDDDDD;}
|
69
|
-
/* HEADER */
|
70
|
-
#header {margin: 0 auto 25px auto;}
|
71
|
-
#header img {float: left;}
|
72
|
-
#header #summary {float: left; margin: 12px 0 0 20px; width:660px;
|
73
|
-
font-family: 'Lucida Grande', 'Lucida Sans Unicode';}
|
74
|
-
h1 {margin: 0; font-size: 36px; color: #981919;}
|
75
|
-
h2 {margin: 0; font-size: 22px; color: #333333;}
|
76
|
-
#header ul {margin: 0; font-size: 12px; color: #666666;}
|
77
|
-
#header ul li strong{color: #444444;}
|
78
|
-
#header ul li {display: inline; padding: 0 10px;}
|
79
|
-
#header ul li.first {padding-left: 0;}
|
80
|
-
#header ul li.last {border: 0; padding-right: 0;}
|
81
|
-
/* BODY */
|
82
|
-
#backtrace,
|
83
|
-
#get,
|
84
|
-
#post,
|
85
|
-
#cookies,
|
86
|
-
#rack {width: 980px; margin: 0 auto 10px auto;}
|
87
|
-
p#nav {float: right; font-size: 14px;}
|
88
|
-
/* BACKTRACE */
|
89
|
-
a#expando {float: left; padding-left: 5px; color: #666666;
|
90
|
-
font-size: 14px; text-decoration: none; cursor: pointer;}
|
91
|
-
a#expando:hover {text-decoration: underline;}
|
92
|
-
h3 {float: left; width: 100px; margin-bottom: 10px;
|
93
|
-
color: #981919; font-size: 14px; font-weight: bold;}
|
94
|
-
#nav a {color: #666666; text-decoration: none; padding: 0 5px;}
|
95
|
-
#backtrace li.frame-info {background: #f7f7f7; padding-left: 10px;
|
96
|
-
font-size: 12px; color: #333333;}
|
97
|
-
#backtrace ul {list-style-position: outside; border: 1px solid #E9E9E9;
|
98
|
-
border-bottom: 0;}
|
99
|
-
#backtrace ol {width: 920px; margin-left: 50px;
|
100
|
-
font: 10px 'Lucida Console', monospace; color: #666666;}
|
101
|
-
#backtrace ol li {border: 0; border-left: 1px solid #E9E9E9;
|
102
|
-
padding: 2px 0;}
|
103
|
-
#backtrace ol code {font-size: 10px; color: #555555; padding-left: 5px;}
|
104
|
-
#backtrace-ul li {border-bottom: 1px solid #E9E9E9; height: auto;
|
105
|
-
padding: 3px 0;}
|
106
|
-
#backtrace-ul .code {padding: 6px 0 4px 0;}
|
107
|
-
#backtrace.condensed .system,
|
108
|
-
#backtrace.condensed .framework {display:none;}
|
109
|
-
/* REQUEST DATA */
|
110
|
-
p.no-data {padding-top: 2px; font-size: 12px; color: #666666;}
|
111
|
-
table.req {width: 980px; text-align: left; font-size: 12px;
|
112
|
-
color: #666666; padding: 0; border-spacing: 0;
|
113
|
-
border: 1px solid #EEEEEE; border-bottom: 0;
|
114
|
-
border-left: 0;
|
115
|
-
clear:both}
|
116
|
-
table.req tr th {padding: 2px 10px; font-weight: bold;
|
117
|
-
background: #F7F7F7; border-bottom: 1px solid #EEEEEE;
|
118
|
-
border-left: 1px solid #EEEEEE;}
|
119
|
-
table.req tr td {padding: 2px 20px 2px 10px;
|
120
|
-
border-bottom: 1px solid #EEEEEE;
|
121
|
-
border-left: 1px solid #EEEEEE;}
|
122
|
-
/* HIDE PRE/POST CODE AT START */
|
123
|
-
.pre-context,
|
124
|
-
.post-context {display: none;}
|
125
|
-
|
126
|
-
table td.code {width:750px}
|
127
|
-
table td.code div {width:750px;overflow:hidden}
|
128
|
-
</style>
|
129
|
-
</head>
|
130
|
-
<body>
|
131
|
-
<div id="wrap">
|
132
|
-
<div id="header">
|
133
|
-
<img src="<%== env['SCRIPT_NAME'] %>/__sinatra__/500.png" alt="application error" height="161" width="313" />
|
134
|
-
<div id="summary">
|
135
|
-
<h1><strong><%= exception.class %></strong> at <strong><%= path %>
|
136
|
-
</strong></h1>
|
137
|
-
<h2><%= exception.message %></h2>
|
138
|
-
<ul>
|
139
|
-
<li class="first"><strong>file:</strong> <code>
|
140
|
-
<%= frames.first.filename.split("/").last %></code></li>
|
141
|
-
<li><strong>location:</strong> <code><%= frames.first.function %>
|
142
|
-
</code></li>
|
143
|
-
<li class="last"><strong>line:
|
144
|
-
</strong> <%= frames.first.lineno %></li>
|
145
|
-
</ul>
|
146
|
-
</div>
|
147
|
-
<div class="clear"></div>
|
148
|
-
</div>
|
149
|
-
|
150
|
-
<div id="backtrace" class='condensed'>
|
151
|
-
<h3>BACKTRACE</h3>
|
152
|
-
<p><a href="#" id="expando"
|
153
|
-
onclick="toggleBacktrace(); return false">(expand)</a></p>
|
154
|
-
<p id="nav"><strong>JUMP TO:</strong>
|
155
|
-
<a href="#get-info">GET</a>
|
156
|
-
<a href="#post-info">POST</a>
|
157
|
-
<a href="#cookie-info">COOKIES</a>
|
158
|
-
<a href="#env-info">ENV</a>
|
159
|
-
</p>
|
160
|
-
<div class="clear"></div>
|
161
|
-
|
162
|
-
<ul id="backtrace-ul">
|
163
|
-
|
164
|
-
<% id = 1 %>
|
165
|
-
<% frames.each do |frame| %>
|
166
|
-
<% if frame.context_line && frame.context_line != "#" %>
|
167
|
-
|
168
|
-
<li class="frame-info <%== frame_class(frame) %>">
|
169
|
-
<code><%= frame.filename %></code> in
|
170
|
-
<code><strong><%= frame.function %></strong></code>
|
171
|
-
</li>
|
172
|
-
|
173
|
-
<li class="code <%== frame_class(frame) %>">
|
174
|
-
<% if frame.pre_context %>
|
175
|
-
<ol start="<%= frame.pre_context_lineno + 1 %>"
|
176
|
-
class="pre-context" id="pre-<%== id %>"
|
177
|
-
onclick="toggle(<%== id %>);">
|
178
|
-
<% frame.pre_context.each do |line| %>
|
179
|
-
<li class="pre-context-line"><code><%= line %></code></li>
|
180
|
-
<% end %>
|
181
|
-
</ol>
|
182
|
-
<% end %>
|
183
|
-
|
184
|
-
<ol start="<%== frame.lineno %>" class="context" id="<%== id %>"
|
185
|
-
onclick="toggle(<%== id %>);">
|
186
|
-
<li class="context-line" id="context-<%== id %>"><code><%= frame.context_line %></code></li>
|
187
|
-
</ol>
|
188
|
-
|
189
|
-
<% if frame.post_context %>
|
190
|
-
<ol start="<%= frame.lineno + 1 %>" class="post-context"
|
191
|
-
id="post-<%== id %>" onclick="toggle(<%== id %>);">
|
192
|
-
<% frame.post_context.each do |line| %>
|
193
|
-
<li class="post-context-line"><code><%= line %></code></li>
|
194
|
-
<% end %>
|
195
|
-
</ol>
|
196
|
-
<% end %>
|
197
|
-
<div class="clear"></div>
|
198
|
-
</li>
|
199
|
-
|
200
|
-
<% end %>
|
201
|
-
|
202
|
-
<% id += 1 %>
|
203
|
-
<% end %>
|
204
|
-
|
205
|
-
</ul>
|
206
|
-
</div> <!-- /BACKTRACE -->
|
207
|
-
|
208
|
-
<div id="get">
|
209
|
-
<h3 id="get-info">GET</h3>
|
210
|
-
<% if req.GET and not req.GET.empty? %>
|
211
|
-
<table class="req">
|
212
|
-
<tr>
|
213
|
-
<th>Variable</th>
|
214
|
-
<th>Value</th>
|
215
|
-
</tr>
|
216
|
-
<% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
217
|
-
<tr>
|
218
|
-
<td><%= key %></td>
|
219
|
-
<td class="code"><div><%= val.inspect %></div></td>
|
220
|
-
</tr>
|
221
|
-
<% } %>
|
222
|
-
</table>
|
223
|
-
<% else %>
|
224
|
-
<p class="no-data">No GET data.</p>
|
225
|
-
<% end %>
|
226
|
-
<div class="clear"></div>
|
227
|
-
</div> <!-- /GET -->
|
228
|
-
|
229
|
-
<div id="post">
|
230
|
-
<h3 id="post-info">POST</h3>
|
231
|
-
<% if req.POST and not req.POST.empty? %>
|
232
|
-
<table class="req">
|
233
|
-
<tr>
|
234
|
-
<th>Variable</th>
|
235
|
-
<th>Value</th>
|
236
|
-
</tr>
|
237
|
-
<% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
238
|
-
<tr>
|
239
|
-
<td><%= key %></td>
|
240
|
-
<td class="code"><div><%= val.inspect %></div></td>
|
241
|
-
</tr>
|
242
|
-
<% } %>
|
243
|
-
</table>
|
244
|
-
<% else %>
|
245
|
-
<p class="no-data">No POST data.</p>
|
246
|
-
<% end %>
|
247
|
-
<div class="clear"></div>
|
248
|
-
</div> <!-- /POST -->
|
249
|
-
|
250
|
-
<div id="cookies">
|
251
|
-
<h3 id="cookie-info">COOKIES</h3>
|
252
|
-
<% unless req.cookies.empty? %>
|
253
|
-
<table class="req">
|
254
|
-
<tr>
|
255
|
-
<th>Variable</th>
|
256
|
-
<th>Value</th>
|
257
|
-
</tr>
|
258
|
-
<% req.cookies.each { |key, val| %>
|
259
|
-
<tr>
|
260
|
-
<td><%= key %></td>
|
261
|
-
<td class="code"><div><%= val.inspect %></div></td>
|
262
|
-
</tr>
|
263
|
-
<% } %>
|
264
|
-
</table>
|
265
|
-
<% else %>
|
266
|
-
<p class="no-data">No cookie data.</p>
|
267
|
-
<% end %>
|
268
|
-
<div class="clear"></div>
|
269
|
-
</div> <!-- /COOKIES -->
|
270
|
-
|
271
|
-
<div id="rack">
|
272
|
-
<h3 id="env-info">Rack ENV</h3>
|
273
|
-
<table class="req">
|
274
|
-
<tr>
|
275
|
-
<th>Variable</th>
|
276
|
-
<th>Value</th>
|
277
|
-
</tr>
|
278
|
-
<% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
279
|
-
<tr>
|
280
|
-
<td><%= key %></td>
|
281
|
-
<td class="code"><div><%= val %></div></td>
|
282
|
-
</tr>
|
283
|
-
<% } %>
|
284
|
-
</table>
|
285
|
-
<div class="clear"></div>
|
286
|
-
</div> <!-- /RACK ENV -->
|
287
|
-
|
288
|
-
<p id="explanation">You're seeing this error because you have
|
289
|
-
enabled the <code>show_exceptions</code> setting.</p>
|
290
|
-
</div> <!-- /WRAP -->
|
291
|
-
</body>
|
292
|
-
</html>
|
293
|
-
HTML
|
294
|
-
end
|
295
|
-
end
|
1
|
+
|
2
|
+
#modify sinatra original exception template,fixed to erb_safe_ext.
|
3
|
+
|
4
|
+
module Sinatra
|
5
|
+
|
6
|
+
class ShowExceptions < Rack::ShowExceptions
|
7
|
+
|
8
|
+
defined?(TEMPLATE) and remove_const(:TEMPLATE)
|
9
|
+
|
10
|
+
TEMPLATE = <<-HTML # :nodoc:
|
11
|
+
<!DOCTYPE html>
|
12
|
+
<html>
|
13
|
+
<head>
|
14
|
+
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
|
15
|
+
<title><%= exception.class %> at <%= path %></title>
|
16
|
+
|
17
|
+
<script type="text/javascript">
|
18
|
+
//<!--
|
19
|
+
function toggle(id) {
|
20
|
+
var pre = document.getElementById("pre-" + id);
|
21
|
+
var post = document.getElementById("post-" + id);
|
22
|
+
var context = document.getElementById("context-" + id);
|
23
|
+
|
24
|
+
if (pre.style.display == 'block') {
|
25
|
+
pre.style.display = 'none';
|
26
|
+
post.style.display = 'none';
|
27
|
+
context.style.background = "none";
|
28
|
+
} else {
|
29
|
+
pre.style.display = 'block';
|
30
|
+
post.style.display = 'block';
|
31
|
+
context.style.background = "#fffed9";
|
32
|
+
}
|
33
|
+
}
|
34
|
+
|
35
|
+
function toggleBacktrace(){
|
36
|
+
var bt = document.getElementById("backtrace");
|
37
|
+
var toggler = document.getElementById("expando");
|
38
|
+
|
39
|
+
if (bt.className == 'condensed') {
|
40
|
+
bt.className = 'expanded';
|
41
|
+
toggler.innerHTML = "(condense)";
|
42
|
+
} else {
|
43
|
+
bt.className = 'condensed';
|
44
|
+
toggler.innerHTML = "(expand)";
|
45
|
+
}
|
46
|
+
}
|
47
|
+
//-->
|
48
|
+
</script>
|
49
|
+
|
50
|
+
<style type="text/css" media="screen">
|
51
|
+
* {margin: 0; padding: 0; border: 0; outline: 0;}
|
52
|
+
div.clear {clear: both;}
|
53
|
+
body {background: #EEEEEE; margin: 0; padding: 0;
|
54
|
+
font-family: 'Lucida Grande', 'Lucida Sans Unicode',
|
55
|
+
'Garuda';}
|
56
|
+
code {font-family: 'Lucida Console', monospace;
|
57
|
+
font-size: 12px;}
|
58
|
+
li {height: 18px;}
|
59
|
+
ul {list-style: none; margin: 0; padding: 0;}
|
60
|
+
ol:hover {cursor: pointer;}
|
61
|
+
ol li {white-space: pre;}
|
62
|
+
#explanation {font-size: 12px; color: #666666;
|
63
|
+
margin: 20px 0 0 100px;}
|
64
|
+
/* WRAP */
|
65
|
+
#wrap {width: 1000px; background: #FFFFFF; margin: 0 auto;
|
66
|
+
padding: 30px 50px 20px 50px;
|
67
|
+
border-left: 1px solid #DDDDDD;
|
68
|
+
border-right: 1px solid #DDDDDD;}
|
69
|
+
/* HEADER */
|
70
|
+
#header {margin: 0 auto 25px auto;}
|
71
|
+
#header img {float: left;}
|
72
|
+
#header #summary {float: left; margin: 12px 0 0 20px; width:660px;
|
73
|
+
font-family: 'Lucida Grande', 'Lucida Sans Unicode';}
|
74
|
+
h1 {margin: 0; font-size: 36px; color: #981919;}
|
75
|
+
h2 {margin: 0; font-size: 22px; color: #333333;}
|
76
|
+
#header ul {margin: 0; font-size: 12px; color: #666666;}
|
77
|
+
#header ul li strong{color: #444444;}
|
78
|
+
#header ul li {display: inline; padding: 0 10px;}
|
79
|
+
#header ul li.first {padding-left: 0;}
|
80
|
+
#header ul li.last {border: 0; padding-right: 0;}
|
81
|
+
/* BODY */
|
82
|
+
#backtrace,
|
83
|
+
#get,
|
84
|
+
#post,
|
85
|
+
#cookies,
|
86
|
+
#rack {width: 980px; margin: 0 auto 10px auto;}
|
87
|
+
p#nav {float: right; font-size: 14px;}
|
88
|
+
/* BACKTRACE */
|
89
|
+
a#expando {float: left; padding-left: 5px; color: #666666;
|
90
|
+
font-size: 14px; text-decoration: none; cursor: pointer;}
|
91
|
+
a#expando:hover {text-decoration: underline;}
|
92
|
+
h3 {float: left; width: 100px; margin-bottom: 10px;
|
93
|
+
color: #981919; font-size: 14px; font-weight: bold;}
|
94
|
+
#nav a {color: #666666; text-decoration: none; padding: 0 5px;}
|
95
|
+
#backtrace li.frame-info {background: #f7f7f7; padding-left: 10px;
|
96
|
+
font-size: 12px; color: #333333;}
|
97
|
+
#backtrace ul {list-style-position: outside; border: 1px solid #E9E9E9;
|
98
|
+
border-bottom: 0;}
|
99
|
+
#backtrace ol {width: 920px; margin-left: 50px;
|
100
|
+
font: 10px 'Lucida Console', monospace; color: #666666;}
|
101
|
+
#backtrace ol li {border: 0; border-left: 1px solid #E9E9E9;
|
102
|
+
padding: 2px 0;}
|
103
|
+
#backtrace ol code {font-size: 10px; color: #555555; padding-left: 5px;}
|
104
|
+
#backtrace-ul li {border-bottom: 1px solid #E9E9E9; height: auto;
|
105
|
+
padding: 3px 0;}
|
106
|
+
#backtrace-ul .code {padding: 6px 0 4px 0;}
|
107
|
+
#backtrace.condensed .system,
|
108
|
+
#backtrace.condensed .framework {display:none;}
|
109
|
+
/* REQUEST DATA */
|
110
|
+
p.no-data {padding-top: 2px; font-size: 12px; color: #666666;}
|
111
|
+
table.req {width: 980px; text-align: left; font-size: 12px;
|
112
|
+
color: #666666; padding: 0; border-spacing: 0;
|
113
|
+
border: 1px solid #EEEEEE; border-bottom: 0;
|
114
|
+
border-left: 0;
|
115
|
+
clear:both}
|
116
|
+
table.req tr th {padding: 2px 10px; font-weight: bold;
|
117
|
+
background: #F7F7F7; border-bottom: 1px solid #EEEEEE;
|
118
|
+
border-left: 1px solid #EEEEEE;}
|
119
|
+
table.req tr td {padding: 2px 20px 2px 10px;
|
120
|
+
border-bottom: 1px solid #EEEEEE;
|
121
|
+
border-left: 1px solid #EEEEEE;}
|
122
|
+
/* HIDE PRE/POST CODE AT START */
|
123
|
+
.pre-context,
|
124
|
+
.post-context {display: none;}
|
125
|
+
|
126
|
+
table td.code {width:750px}
|
127
|
+
table td.code div {width:750px;overflow:hidden}
|
128
|
+
</style>
|
129
|
+
</head>
|
130
|
+
<body>
|
131
|
+
<div id="wrap">
|
132
|
+
<div id="header">
|
133
|
+
<img src="<%== env['SCRIPT_NAME'] %>/__sinatra__/500.png" alt="application error" height="161" width="313" />
|
134
|
+
<div id="summary">
|
135
|
+
<h1><strong><%= exception.class %></strong> at <strong><%= path %>
|
136
|
+
</strong></h1>
|
137
|
+
<h2><%= exception.message %></h2>
|
138
|
+
<ul>
|
139
|
+
<li class="first"><strong>file:</strong> <code>
|
140
|
+
<%= frames.first.filename.split("/").last %></code></li>
|
141
|
+
<li><strong>location:</strong> <code><%= frames.first.function %>
|
142
|
+
</code></li>
|
143
|
+
<li class="last"><strong>line:
|
144
|
+
</strong> <%= frames.first.lineno %></li>
|
145
|
+
</ul>
|
146
|
+
</div>
|
147
|
+
<div class="clear"></div>
|
148
|
+
</div>
|
149
|
+
|
150
|
+
<div id="backtrace" class='condensed'>
|
151
|
+
<h3>BACKTRACE</h3>
|
152
|
+
<p><a href="#" id="expando"
|
153
|
+
onclick="toggleBacktrace(); return false">(expand)</a></p>
|
154
|
+
<p id="nav"><strong>JUMP TO:</strong>
|
155
|
+
<a href="#get-info">GET</a>
|
156
|
+
<a href="#post-info">POST</a>
|
157
|
+
<a href="#cookie-info">COOKIES</a>
|
158
|
+
<a href="#env-info">ENV</a>
|
159
|
+
</p>
|
160
|
+
<div class="clear"></div>
|
161
|
+
|
162
|
+
<ul id="backtrace-ul">
|
163
|
+
|
164
|
+
<% id = 1 %>
|
165
|
+
<% frames.each do |frame| %>
|
166
|
+
<% if frame.context_line && frame.context_line != "#" %>
|
167
|
+
|
168
|
+
<li class="frame-info <%== frame_class(frame) %>">
|
169
|
+
<code><%= frame.filename %></code> in
|
170
|
+
<code><strong><%= frame.function %></strong></code>
|
171
|
+
</li>
|
172
|
+
|
173
|
+
<li class="code <%== frame_class(frame) %>">
|
174
|
+
<% if frame.pre_context %>
|
175
|
+
<ol start="<%= frame.pre_context_lineno + 1 %>"
|
176
|
+
class="pre-context" id="pre-<%== id %>"
|
177
|
+
onclick="toggle(<%== id %>);">
|
178
|
+
<% frame.pre_context.each do |line| %>
|
179
|
+
<li class="pre-context-line"><code><%= line %></code></li>
|
180
|
+
<% end %>
|
181
|
+
</ol>
|
182
|
+
<% end %>
|
183
|
+
|
184
|
+
<ol start="<%== frame.lineno %>" class="context" id="<%== id %>"
|
185
|
+
onclick="toggle(<%== id %>);">
|
186
|
+
<li class="context-line" id="context-<%== id %>"><code><%= frame.context_line %></code></li>
|
187
|
+
</ol>
|
188
|
+
|
189
|
+
<% if frame.post_context %>
|
190
|
+
<ol start="<%= frame.lineno + 1 %>" class="post-context"
|
191
|
+
id="post-<%== id %>" onclick="toggle(<%== id %>);">
|
192
|
+
<% frame.post_context.each do |line| %>
|
193
|
+
<li class="post-context-line"><code><%= line %></code></li>
|
194
|
+
<% end %>
|
195
|
+
</ol>
|
196
|
+
<% end %>
|
197
|
+
<div class="clear"></div>
|
198
|
+
</li>
|
199
|
+
|
200
|
+
<% end %>
|
201
|
+
|
202
|
+
<% id += 1 %>
|
203
|
+
<% end %>
|
204
|
+
|
205
|
+
</ul>
|
206
|
+
</div> <!-- /BACKTRACE -->
|
207
|
+
|
208
|
+
<div id="get">
|
209
|
+
<h3 id="get-info">GET</h3>
|
210
|
+
<% if req.GET and not req.GET.empty? %>
|
211
|
+
<table class="req">
|
212
|
+
<tr>
|
213
|
+
<th>Variable</th>
|
214
|
+
<th>Value</th>
|
215
|
+
</tr>
|
216
|
+
<% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
217
|
+
<tr>
|
218
|
+
<td><%= key %></td>
|
219
|
+
<td class="code"><div><%= val.inspect %></div></td>
|
220
|
+
</tr>
|
221
|
+
<% } %>
|
222
|
+
</table>
|
223
|
+
<% else %>
|
224
|
+
<p class="no-data">No GET data.</p>
|
225
|
+
<% end %>
|
226
|
+
<div class="clear"></div>
|
227
|
+
</div> <!-- /GET -->
|
228
|
+
|
229
|
+
<div id="post">
|
230
|
+
<h3 id="post-info">POST</h3>
|
231
|
+
<% if req.POST and not req.POST.empty? %>
|
232
|
+
<table class="req">
|
233
|
+
<tr>
|
234
|
+
<th>Variable</th>
|
235
|
+
<th>Value</th>
|
236
|
+
</tr>
|
237
|
+
<% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
238
|
+
<tr>
|
239
|
+
<td><%= key %></td>
|
240
|
+
<td class="code"><div><%= val.inspect %></div></td>
|
241
|
+
</tr>
|
242
|
+
<% } %>
|
243
|
+
</table>
|
244
|
+
<% else %>
|
245
|
+
<p class="no-data">No POST data.</p>
|
246
|
+
<% end %>
|
247
|
+
<div class="clear"></div>
|
248
|
+
</div> <!-- /POST -->
|
249
|
+
|
250
|
+
<div id="cookies">
|
251
|
+
<h3 id="cookie-info">COOKIES</h3>
|
252
|
+
<% unless req.cookies.empty? %>
|
253
|
+
<table class="req">
|
254
|
+
<tr>
|
255
|
+
<th>Variable</th>
|
256
|
+
<th>Value</th>
|
257
|
+
</tr>
|
258
|
+
<% req.cookies.each { |key, val| %>
|
259
|
+
<tr>
|
260
|
+
<td><%= key %></td>
|
261
|
+
<td class="code"><div><%= val.inspect %></div></td>
|
262
|
+
</tr>
|
263
|
+
<% } %>
|
264
|
+
</table>
|
265
|
+
<% else %>
|
266
|
+
<p class="no-data">No cookie data.</p>
|
267
|
+
<% end %>
|
268
|
+
<div class="clear"></div>
|
269
|
+
</div> <!-- /COOKIES -->
|
270
|
+
|
271
|
+
<div id="rack">
|
272
|
+
<h3 id="env-info">Rack ENV</h3>
|
273
|
+
<table class="req">
|
274
|
+
<tr>
|
275
|
+
<th>Variable</th>
|
276
|
+
<th>Value</th>
|
277
|
+
</tr>
|
278
|
+
<% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
|
279
|
+
<tr>
|
280
|
+
<td><%= key %></td>
|
281
|
+
<td class="code"><div><%= val %></div></td>
|
282
|
+
</tr>
|
283
|
+
<% } %>
|
284
|
+
</table>
|
285
|
+
<div class="clear"></div>
|
286
|
+
</div> <!-- /RACK ENV -->
|
287
|
+
|
288
|
+
<p id="explanation">You're seeing this error because you have
|
289
|
+
enabled the <code>show_exceptions</code> setting.</p>
|
290
|
+
</div> <!-- /WRAP -->
|
291
|
+
</body>
|
292
|
+
</html>
|
293
|
+
HTML
|
294
|
+
end
|
295
|
+
end
|
data/lib/erb_safe_ext.rb
CHANGED
@@ -68,7 +68,7 @@ class ERB
|
|
68
68
|
return out.script, enc
|
69
69
|
end
|
70
70
|
def add_insert_escapehtml_cmd(out, content)
|
71
|
-
out.push("#{@insert_cmd}(ERB::Util.html_escape(#{content}))")
|
71
|
+
out.push("#{@insert_cmd}(ERB::Util.html_escape((#{content})))")
|
72
72
|
end
|
73
73
|
class TrimScanner < Scanner
|
74
74
|
def scan_line(line)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: erb_safe_ext
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeffrey
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-04-22 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: make ERB default html safe.protect from XSS attack.
|
14
14
|
email:
|
@@ -22,7 +22,7 @@ files:
|
|
22
22
|
- test/erb_safe_test.rb
|
23
23
|
- erb_safe_ext.gemspec
|
24
24
|
- README.md
|
25
|
-
homepage: https://github.com/
|
25
|
+
homepage: https://github.com/Jeffrey6052/erb_safe_ext
|
26
26
|
licenses:
|
27
27
|
- MIT
|
28
28
|
metadata: {}
|