erb_safe_ext 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +10 -0
  3. data/erb_safe_ext.gemspec +2 -2
  4. data/lib/erb_safe_ext/sinatra/exception_template.rb +295 -295
  5. data/lib/erb_safe_ext.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d1463d83243d6e11785a43a520e3103e3c06e176
4
- data.tar.gz: 5d259dae6dfb15d2eb4905a971b5624a57993850
3
+ metadata.gz: 9640d5151b33178ab899dc49ead4fcaa156c873d
4
+ data.tar.gz: 9526e84f5cb6bc45b697d37304b82f069c5d2003
5
5
  SHA512:
6
- metadata.gz: 4cf47113b3d29d022ec517dac60c0d35b0e275ffae913d7673c2238e8388c20a590bde8db60ab1818e1299b702a91de883e70dddc55d5e950599cbd096a71d45
7
- data.tar.gz: cb0edf151bf69d510037900a0518f9d71efa8607393311cf29215bb83d040d3b251bbe038a0ad8cb7da44e340dfeecaa36e5e4c83e4516ec71a1b03c968f1e8e
6
+ metadata.gz: ae4dac2679ad428b821d2960d39e4a6fa8e045335ff4c2e8573e2a96b5bf8948f24134a0c6eb2744c2b60d8ed0ce18d852fc50cf1ab3715d085494cd7eff922a
7
+ data.tar.gz: 0b9d7e9198b49e3c0837e970155bee80ad397c0427c296fef183f1d5d57acd1e671f3ff2cf2d340d6ce852b5578b3848cd5882876a8ff0ec9b07f9055cf8d188
data/README.md CHANGED
@@ -55,6 +55,16 @@ So don't do following things:
55
55
 
56
56
  2. add gems that dependent on erubis, such as `better_errors` (you may find out all dependences in file `Gemfile.lock`)
57
57
 
58
+
59
+ ### Sinatra exception template
60
+ the original sinatra exception template display ugly with erb_safe_ext, so I rewrite it.
61
+
62
+ ``` ruby
63
+ require 'sinatra/base'
64
+ require 'erb_safe_ext/sinatra/exception_template'
65
+ ```
66
+
67
+
58
68
  yeah.happy coding:)
59
69
 
60
70
 
data/erb_safe_ext.gemspec CHANGED
@@ -5,12 +5,12 @@ require 'sinarey_cache/version'
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "erb_safe_ext"
8
- spec.version = "1.0.3"
8
+ spec.version = "1.0.4"
9
9
  spec.authors = ["Jeffrey"]
10
10
  spec.email = ["jeffrey6052@163.com"]
11
11
  spec.description = "make ERB default html safe.protect from XSS attack."
12
12
  spec.summary = "wrap the dangerous code with ERB::Util.html_escape()"
13
- spec.homepage = "https://github.com/maymay25/erb_safe_ext"
13
+ spec.homepage = "https://github.com/Jeffrey6052/erb_safe_ext"
14
14
  spec.license = "MIT"
15
15
 
16
16
  spec.files = ['lib/erb_safe_ext.rb',
data/lib/erb_safe_ext/sinatra/exception_template.rb CHANGED
@@ -1,295 +1,295 @@
1
-
2
- #modify sinatra original exception template,fixed to erb_safe_ext.
3
-
4
- module Sinatra
5
-
6
- class ShowExceptions < Rack::ShowExceptions
7
-
8
- defined?(TEMPLATE) and remove_const(:TEMPLATE)
9
-
10
- TEMPLATE = <<-HTML # :nodoc:
11
- <!DOCTYPE html>
12
- <html>
13
- <head>
14
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
15
- <title><%= exception.class %> at <%= path %></title>
16
-
17
- <script type="text/javascript">
18
- //<!--
19
- function toggle(id) {
20
- var pre = document.getElementById("pre-" + id);
21
- var post = document.getElementById("post-" + id);
22
- var context = document.getElementById("context-" + id);
23
-
24
- if (pre.style.display == 'block') {
25
- pre.style.display = 'none';
26
- post.style.display = 'none';
27
- context.style.background = "none";
28
- } else {
29
- pre.style.display = 'block';
30
- post.style.display = 'block';
31
- context.style.background = "#fffed9";
32
- }
33
- }
34
-
35
- function toggleBacktrace(){
36
- var bt = document.getElementById("backtrace");
37
- var toggler = document.getElementById("expando");
38
-
39
- if (bt.className == 'condensed') {
40
- bt.className = 'expanded';
41
- toggler.innerHTML = "(condense)";
42
- } else {
43
- bt.className = 'condensed';
44
- toggler.innerHTML = "(expand)";
45
- }
46
- }
47
- //-->
48
- </script>
49
-
50
- <style type="text/css" media="screen">
51
- * {margin: 0; padding: 0; border: 0; outline: 0;}
52
- div.clear {clear: both;}
53
- body {background: #EEEEEE; margin: 0; padding: 0;
54
- font-family: 'Lucida Grande', 'Lucida Sans Unicode',
55
- 'Garuda';}
56
- code {font-family: 'Lucida Console', monospace;
57
- font-size: 12px;}
58
- li {height: 18px;}
59
- ul {list-style: none; margin: 0; padding: 0;}
60
- ol:hover {cursor: pointer;}
61
- ol li {white-space: pre;}
62
- #explanation {font-size: 12px; color: #666666;
63
- margin: 20px 0 0 100px;}
64
- /* WRAP */
65
- #wrap {width: 1000px; background: #FFFFFF; margin: 0 auto;
66
- padding: 30px 50px 20px 50px;
67
- border-left: 1px solid #DDDDDD;
68
- border-right: 1px solid #DDDDDD;}
69
- /* HEADER */
70
- #header {margin: 0 auto 25px auto;}
71
- #header img {float: left;}
72
- #header #summary {float: left; margin: 12px 0 0 20px; width:660px;
73
- font-family: 'Lucida Grande', 'Lucida Sans Unicode';}
74
- h1 {margin: 0; font-size: 36px; color: #981919;}
75
- h2 {margin: 0; font-size: 22px; color: #333333;}
76
- #header ul {margin: 0; font-size: 12px; color: #666666;}
77
- #header ul li strong{color: #444444;}
78
- #header ul li {display: inline; padding: 0 10px;}
79
- #header ul li.first {padding-left: 0;}
80
- #header ul li.last {border: 0; padding-right: 0;}
81
- /* BODY */
82
- #backtrace,
83
- #get,
84
- #post,
85
- #cookies,
86
- #rack {width: 980px; margin: 0 auto 10px auto;}
87
- p#nav {float: right; font-size: 14px;}
88
- /* BACKTRACE */
89
- a#expando {float: left; padding-left: 5px; color: #666666;
90
- font-size: 14px; text-decoration: none; cursor: pointer;}
91
- a#expando:hover {text-decoration: underline;}
92
- h3 {float: left; width: 100px; margin-bottom: 10px;
93
- color: #981919; font-size: 14px; font-weight: bold;}
94
- #nav a {color: #666666; text-decoration: none; padding: 0 5px;}
95
- #backtrace li.frame-info {background: #f7f7f7; padding-left: 10px;
96
- font-size: 12px; color: #333333;}
97
- #backtrace ul {list-style-position: outside; border: 1px solid #E9E9E9;
98
- border-bottom: 0;}
99
- #backtrace ol {width: 920px; margin-left: 50px;
100
- font: 10px 'Lucida Console', monospace; color: #666666;}
101
- #backtrace ol li {border: 0; border-left: 1px solid #E9E9E9;
102
- padding: 2px 0;}
103
- #backtrace ol code {font-size: 10px; color: #555555; padding-left: 5px;}
104
- #backtrace-ul li {border-bottom: 1px solid #E9E9E9; height: auto;
105
- padding: 3px 0;}
106
- #backtrace-ul .code {padding: 6px 0 4px 0;}
107
- #backtrace.condensed .system,
108
- #backtrace.condensed .framework {display:none;}
109
- /* REQUEST DATA */
110
- p.no-data {padding-top: 2px; font-size: 12px; color: #666666;}
111
- table.req {width: 980px; text-align: left; font-size: 12px;
112
- color: #666666; padding: 0; border-spacing: 0;
113
- border: 1px solid #EEEEEE; border-bottom: 0;
114
- border-left: 0;
115
- clear:both}
116
- table.req tr th {padding: 2px 10px; font-weight: bold;
117
- background: #F7F7F7; border-bottom: 1px solid #EEEEEE;
118
- border-left: 1px solid #EEEEEE;}
119
- table.req tr td {padding: 2px 20px 2px 10px;
120
- border-bottom: 1px solid #EEEEEE;
121
- border-left: 1px solid #EEEEEE;}
122
- /* HIDE PRE/POST CODE AT START */
123
- .pre-context,
124
- .post-context {display: none;}
125
-
126
- table td.code {width:750px}
127
- table td.code div {width:750px;overflow:hidden}
128
- </style>
129
- </head>
130
- <body>
131
- <div id="wrap">
132
- <div id="header">
133
- <img src="<%== env['SCRIPT_NAME'] %>/__sinatra__/500.png" alt="application error" height="161" width="313" />
134
- <div id="summary">
135
- <h1><strong><%= exception.class %></strong> at <strong><%= path %>
136
- </strong></h1>
137
- <h2><%= exception.message %></h2>
138
- <ul>
139
- <li class="first"><strong>file:</strong> <code>
140
- <%= frames.first.filename.split("/").last %></code></li>
141
- <li><strong>location:</strong> <code><%= frames.first.function %>
142
- </code></li>
143
- <li class="last"><strong>line:
144
- </strong> <%= frames.first.lineno %></li>
145
- </ul>
146
- </div>
147
- <div class="clear"></div>
148
- </div>
149
-
150
- <div id="backtrace" class='condensed'>
151
- <h3>BACKTRACE</h3>
152
- <p><a href="#" id="expando"
153
- onclick="toggleBacktrace(); return false">(expand)</a></p>
154
- <p id="nav"><strong>JUMP TO:</strong>
155
- <a href="#get-info">GET</a>
156
- <a href="#post-info">POST</a>
157
- <a href="#cookie-info">COOKIES</a>
158
- <a href="#env-info">ENV</a>
159
- </p>
160
- <div class="clear"></div>
161
-
162
- <ul id="backtrace-ul">
163
-
164
- <% id = 1 %>
165
- <% frames.each do |frame| %>
166
- <% if frame.context_line && frame.context_line != "#" %>
167
-
168
- <li class="frame-info <%== frame_class(frame) %>">
169
- <code><%= frame.filename %></code> in
170
- <code><strong><%= frame.function %></strong></code>
171
- </li>
172
-
173
- <li class="code <%== frame_class(frame) %>">
174
- <% if frame.pre_context %>
175
- <ol start="<%= frame.pre_context_lineno + 1 %>"
176
- class="pre-context" id="pre-<%== id %>"
177
- onclick="toggle(<%== id %>);">
178
- <% frame.pre_context.each do |line| %>
179
- <li class="pre-context-line"><code><%= line %></code></li>
180
- <% end %>
181
- </ol>
182
- <% end %>
183
-
184
- <ol start="<%== frame.lineno %>" class="context" id="<%== id %>"
185
- onclick="toggle(<%== id %>);">
186
- <li class="context-line" id="context-<%== id %>"><code><%= frame.context_line %></code></li>
187
- </ol>
188
-
189
- <% if frame.post_context %>
190
- <ol start="<%= frame.lineno + 1 %>" class="post-context"
191
- id="post-<%== id %>" onclick="toggle(<%== id %>);">
192
- <% frame.post_context.each do |line| %>
193
- <li class="post-context-line"><code><%= line %></code></li>
194
- <% end %>
195
- </ol>
196
- <% end %>
197
- <div class="clear"></div>
198
- </li>
199
-
200
- <% end %>
201
-
202
- <% id += 1 %>
203
- <% end %>
204
-
205
- </ul>
206
- </div> <!-- /BACKTRACE -->
207
-
208
- <div id="get">
209
- <h3 id="get-info">GET</h3>
210
- <% if req.GET and not req.GET.empty? %>
211
- <table class="req">
212
- <tr>
213
- <th>Variable</th>
214
- <th>Value</th>
215
- </tr>
216
- <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
217
- <tr>
218
- <td><%= key %></td>
219
- <td class="code"><div><%= val.inspect %></div></td>
220
- </tr>
221
- <% } %>
222
- </table>
223
- <% else %>
224
- <p class="no-data">No GET data.</p>
225
- <% end %>
226
- <div class="clear"></div>
227
- </div> <!-- /GET -->
228
-
229
- <div id="post">
230
- <h3 id="post-info">POST</h3>
231
- <% if req.POST and not req.POST.empty? %>
232
- <table class="req">
233
- <tr>
234
- <th>Variable</th>
235
- <th>Value</th>
236
- </tr>
237
- <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
238
- <tr>
239
- <td><%= key %></td>
240
- <td class="code"><div><%= val.inspect %></div></td>
241
- </tr>
242
- <% } %>
243
- </table>
244
- <% else %>
245
- <p class="no-data">No POST data.</p>
246
- <% end %>
247
- <div class="clear"></div>
248
- </div> <!-- /POST -->
249
-
250
- <div id="cookies">
251
- <h3 id="cookie-info">COOKIES</h3>
252
- <% unless req.cookies.empty? %>
253
- <table class="req">
254
- <tr>
255
- <th>Variable</th>
256
- <th>Value</th>
257
- </tr>
258
- <% req.cookies.each { |key, val| %>
259
- <tr>
260
- <td><%= key %></td>
261
- <td class="code"><div><%= val.inspect %></div></td>
262
- </tr>
263
- <% } %>
264
- </table>
265
- <% else %>
266
- <p class="no-data">No cookie data.</p>
267
- <% end %>
268
- <div class="clear"></div>
269
- </div> <!-- /COOKIES -->
270
-
271
- <div id="rack">
272
- <h3 id="env-info">Rack ENV</h3>
273
- <table class="req">
274
- <tr>
275
- <th>Variable</th>
276
- <th>Value</th>
277
- </tr>
278
- <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
279
- <tr>
280
- <td><%= key %></td>
281
- <td class="code"><div><%= val %></div></td>
282
- </tr>
283
- <% } %>
284
- </table>
285
- <div class="clear"></div>
286
- </div> <!-- /RACK ENV -->
287
-
288
- <p id="explanation">You're seeing this error because you have
289
- enabled the <code>show_exceptions</code> setting.</p>
290
- </div> <!-- /WRAP -->
291
- </body>
292
- </html>
293
- HTML
294
- end
295
- end
1
+
2
+ #modify sinatra original exception template,fixed to erb_safe_ext.
3
+
4
+ module Sinatra
5
+
6
+ class ShowExceptions < Rack::ShowExceptions
7
+
8
+ defined?(TEMPLATE) and remove_const(:TEMPLATE)
9
+
10
+ TEMPLATE = <<-HTML # :nodoc:
11
+ <!DOCTYPE html>
12
+ <html>
13
+ <head>
14
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
15
+ <title><%= exception.class %> at <%= path %></title>
16
+
17
+ <script type="text/javascript">
18
+ //<!--
19
+ function toggle(id) {
20
+ var pre = document.getElementById("pre-" + id);
21
+ var post = document.getElementById("post-" + id);
22
+ var context = document.getElementById("context-" + id);
23
+
24
+ if (pre.style.display == 'block') {
25
+ pre.style.display = 'none';
26
+ post.style.display = 'none';
27
+ context.style.background = "none";
28
+ } else {
29
+ pre.style.display = 'block';
30
+ post.style.display = 'block';
31
+ context.style.background = "#fffed9";
32
+ }
33
+ }
34
+
35
+ function toggleBacktrace(){
36
+ var bt = document.getElementById("backtrace");
37
+ var toggler = document.getElementById("expando");
38
+
39
+ if (bt.className == 'condensed') {
40
+ bt.className = 'expanded';
41
+ toggler.innerHTML = "(condense)";
42
+ } else {
43
+ bt.className = 'condensed';
44
+ toggler.innerHTML = "(expand)";
45
+ }
46
+ }
47
+ //-->
48
+ </script>
49
+
50
+ <style type="text/css" media="screen">
51
+ * {margin: 0; padding: 0; border: 0; outline: 0;}
52
+ div.clear {clear: both;}
53
+ body {background: #EEEEEE; margin: 0; padding: 0;
54
+ font-family: 'Lucida Grande', 'Lucida Sans Unicode',
55
+ 'Garuda';}
56
+ code {font-family: 'Lucida Console', monospace;
57
+ font-size: 12px;}
58
+ li {height: 18px;}
59
+ ul {list-style: none; margin: 0; padding: 0;}
60
+ ol:hover {cursor: pointer;}
61
+ ol li {white-space: pre;}
62
+ #explanation {font-size: 12px; color: #666666;
63
+ margin: 20px 0 0 100px;}
64
+ /* WRAP */
65
+ #wrap {width: 1000px; background: #FFFFFF; margin: 0 auto;
66
+ padding: 30px 50px 20px 50px;
67
+ border-left: 1px solid #DDDDDD;
68
+ border-right: 1px solid #DDDDDD;}
69
+ /* HEADER */
70
+ #header {margin: 0 auto 25px auto;}
71
+ #header img {float: left;}
72
+ #header #summary {float: left; margin: 12px 0 0 20px; width:660px;
73
+ font-family: 'Lucida Grande', 'Lucida Sans Unicode';}
74
+ h1 {margin: 0; font-size: 36px; color: #981919;}
75
+ h2 {margin: 0; font-size: 22px; color: #333333;}
76
+ #header ul {margin: 0; font-size: 12px; color: #666666;}
77
+ #header ul li strong{color: #444444;}
78
+ #header ul li {display: inline; padding: 0 10px;}
79
+ #header ul li.first {padding-left: 0;}
80
+ #header ul li.last {border: 0; padding-right: 0;}
81
+ /* BODY */
82
+ #backtrace,
83
+ #get,
84
+ #post,
85
+ #cookies,
86
+ #rack {width: 980px; margin: 0 auto 10px auto;}
87
+ p#nav {float: right; font-size: 14px;}
88
+ /* BACKTRACE */
89
+ a#expando {float: left; padding-left: 5px; color: #666666;
90
+ font-size: 14px; text-decoration: none; cursor: pointer;}
91
+ a#expando:hover {text-decoration: underline;}
92
+ h3 {float: left; width: 100px; margin-bottom: 10px;
93
+ color: #981919; font-size: 14px; font-weight: bold;}
94
+ #nav a {color: #666666; text-decoration: none; padding: 0 5px;}
95
+ #backtrace li.frame-info {background: #f7f7f7; padding-left: 10px;
96
+ font-size: 12px; color: #333333;}
97
+ #backtrace ul {list-style-position: outside; border: 1px solid #E9E9E9;
98
+ border-bottom: 0;}
99
+ #backtrace ol {width: 920px; margin-left: 50px;
100
+ font: 10px 'Lucida Console', monospace; color: #666666;}
101
+ #backtrace ol li {border: 0; border-left: 1px solid #E9E9E9;
102
+ padding: 2px 0;}
103
+ #backtrace ol code {font-size: 10px; color: #555555; padding-left: 5px;}
104
+ #backtrace-ul li {border-bottom: 1px solid #E9E9E9; height: auto;
105
+ padding: 3px 0;}
106
+ #backtrace-ul .code {padding: 6px 0 4px 0;}
107
+ #backtrace.condensed .system,
108
+ #backtrace.condensed .framework {display:none;}
109
+ /* REQUEST DATA */
110
+ p.no-data {padding-top: 2px; font-size: 12px; color: #666666;}
111
+ table.req {width: 980px; text-align: left; font-size: 12px;
112
+ color: #666666; padding: 0; border-spacing: 0;
113
+ border: 1px solid #EEEEEE; border-bottom: 0;
114
+ border-left: 0;
115
+ clear:both}
116
+ table.req tr th {padding: 2px 10px; font-weight: bold;
117
+ background: #F7F7F7; border-bottom: 1px solid #EEEEEE;
118
+ border-left: 1px solid #EEEEEE;}
119
+ table.req tr td {padding: 2px 20px 2px 10px;
120
+ border-bottom: 1px solid #EEEEEE;
121
+ border-left: 1px solid #EEEEEE;}
122
+ /* HIDE PRE/POST CODE AT START */
123
+ .pre-context,
124
+ .post-context {display: none;}
125
+
126
+ table td.code {width:750px}
127
+ table td.code div {width:750px;overflow:hidden}
128
+ </style>
129
+ </head>
130
+ <body>
131
+ <div id="wrap">
132
+ <div id="header">
133
+ <img src="<%== env['SCRIPT_NAME'] %>/__sinatra__/500.png" alt="application error" height="161" width="313" />
134
+ <div id="summary">
135
+ <h1><strong><%= exception.class %></strong> at <strong><%= path %>
136
+ </strong></h1>
137
+ <h2><%= exception.message %></h2>
138
+ <ul>
139
+ <li class="first"><strong>file:</strong> <code>
140
+ <%= frames.first.filename.split("/").last %></code></li>
141
+ <li><strong>location:</strong> <code><%= frames.first.function %>
142
+ </code></li>
143
+ <li class="last"><strong>line:
144
+ </strong> <%= frames.first.lineno %></li>
145
+ </ul>
146
+ </div>
147
+ <div class="clear"></div>
148
+ </div>
149
+
150
+ <div id="backtrace" class='condensed'>
151
+ <h3>BACKTRACE</h3>
152
+ <p><a href="#" id="expando"
153
+ onclick="toggleBacktrace(); return false">(expand)</a></p>
154
+ <p id="nav"><strong>JUMP TO:</strong>
155
+ <a href="#get-info">GET</a>
156
+ <a href="#post-info">POST</a>
157
+ <a href="#cookie-info">COOKIES</a>
158
+ <a href="#env-info">ENV</a>
159
+ </p>
160
+ <div class="clear"></div>
161
+
162
+ <ul id="backtrace-ul">
163
+
164
+ <% id = 1 %>
165
+ <% frames.each do |frame| %>
166
+ <% if frame.context_line && frame.context_line != "#" %>
167
+
168
+ <li class="frame-info <%== frame_class(frame) %>">
169
+ <code><%= frame.filename %></code> in
170
+ <code><strong><%= frame.function %></strong></code>
171
+ </li>
172
+
173
+ <li class="code <%== frame_class(frame) %>">
174
+ <% if frame.pre_context %>
175
+ <ol start="<%= frame.pre_context_lineno + 1 %>"
176
+ class="pre-context" id="pre-<%== id %>"
177
+ onclick="toggle(<%== id %>);">
178
+ <% frame.pre_context.each do |line| %>
179
+ <li class="pre-context-line"><code><%= line %></code></li>
180
+ <% end %>
181
+ </ol>
182
+ <% end %>
183
+
184
+ <ol start="<%== frame.lineno %>" class="context" id="<%== id %>"
185
+ onclick="toggle(<%== id %>);">
186
+ <li class="context-line" id="context-<%== id %>"><code><%= frame.context_line %></code></li>
187
+ </ol>
188
+
189
+ <% if frame.post_context %>
190
+ <ol start="<%= frame.lineno + 1 %>" class="post-context"
191
+ id="post-<%== id %>" onclick="toggle(<%== id %>);">
192
+ <% frame.post_context.each do |line| %>
193
+ <li class="post-context-line"><code><%= line %></code></li>
194
+ <% end %>
195
+ </ol>
196
+ <% end %>
197
+ <div class="clear"></div>
198
+ </li>
199
+
200
+ <% end %>
201
+
202
+ <% id += 1 %>
203
+ <% end %>
204
+
205
+ </ul>
206
+ </div> <!-- /BACKTRACE -->
207
+
208
+ <div id="get">
209
+ <h3 id="get-info">GET</h3>
210
+ <% if req.GET and not req.GET.empty? %>
211
+ <table class="req">
212
+ <tr>
213
+ <th>Variable</th>
214
+ <th>Value</th>
215
+ </tr>
216
+ <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
217
+ <tr>
218
+ <td><%= key %></td>
219
+ <td class="code"><div><%= val.inspect %></div></td>
220
+ </tr>
221
+ <% } %>
222
+ </table>
223
+ <% else %>
224
+ <p class="no-data">No GET data.</p>
225
+ <% end %>
226
+ <div class="clear"></div>
227
+ </div> <!-- /GET -->
228
+
229
+ <div id="post">
230
+ <h3 id="post-info">POST</h3>
231
+ <% if req.POST and not req.POST.empty? %>
232
+ <table class="req">
233
+ <tr>
234
+ <th>Variable</th>
235
+ <th>Value</th>
236
+ </tr>
237
+ <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
238
+ <tr>
239
+ <td><%= key %></td>
240
+ <td class="code"><div><%= val.inspect %></div></td>
241
+ </tr>
242
+ <% } %>
243
+ </table>
244
+ <% else %>
245
+ <p class="no-data">No POST data.</p>
246
+ <% end %>
247
+ <div class="clear"></div>
248
+ </div> <!-- /POST -->
249
+
250
+ <div id="cookies">
251
+ <h3 id="cookie-info">COOKIES</h3>
252
+ <% unless req.cookies.empty? %>
253
+ <table class="req">
254
+ <tr>
255
+ <th>Variable</th>
256
+ <th>Value</th>
257
+ </tr>
258
+ <% req.cookies.each { |key, val| %>
259
+ <tr>
260
+ <td><%= key %></td>
261
+ <td class="code"><div><%= val.inspect %></div></td>
262
+ </tr>
263
+ <% } %>
264
+ </table>
265
+ <% else %>
266
+ <p class="no-data">No cookie data.</p>
267
+ <% end %>
268
+ <div class="clear"></div>
269
+ </div> <!-- /COOKIES -->
270
+
271
+ <div id="rack">
272
+ <h3 id="env-info">Rack ENV</h3>
273
+ <table class="req">
274
+ <tr>
275
+ <th>Variable</th>
276
+ <th>Value</th>
277
+ </tr>
278
+ <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
279
+ <tr>
280
+ <td><%= key %></td>
281
+ <td class="code"><div><%= val %></div></td>
282
+ </tr>
283
+ <% } %>
284
+ </table>
285
+ <div class="clear"></div>
286
+ </div> <!-- /RACK ENV -->
287
+
288
+ <p id="explanation">You're seeing this error because you have
289
+ enabled the <code>show_exceptions</code> setting.</p>
290
+ </div> <!-- /WRAP -->
291
+ </body>
292
+ </html>
293
+ HTML
294
+ end
295
+ end
data/lib/erb_safe_ext.rb CHANGED
@@ -68,7 +68,7 @@ class ERB
68
68
  return out.script, enc
69
69
  end
70
70
  def add_insert_escapehtml_cmd(out, content)
71
- out.push("#{@insert_cmd}(ERB::Util.html_escape(#{content}))")
71
+ out.push("#{@insert_cmd}(ERB::Util.html_escape((#{content})))")
72
72
  end
73
73
  class TrimScanner < Scanner
74
74
  def scan_line(line)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: erb_safe_ext
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeffrey
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-04 00:00:00.000000000 Z
11
+ date: 2014-04-22 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: make ERB default html safe.protect from XSS attack.
14
14
  email:
@@ -22,7 +22,7 @@ files:
22
22
  - test/erb_safe_test.rb
23
23
  - erb_safe_ext.gemspec
24
24
  - README.md
25
- homepage: https://github.com/maymay25/erb_safe_ext
25
+ homepage: https://github.com/Jeffrey6052/erb_safe_ext
26
26
  licenses:
27
27
  - MIT
28
28
  metadata: {}