erb_safe_ext 1.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/erb_safe_ext.gemspec +20 -20
  4. data/lib/erb_safe_ext.rb +190 -190
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4b0b6a5f0daa578acddae3d8949d930a82785e59
4
- data.tar.gz: 1c853f1d551d56c70c6fc61461e63f85a6dd99d3
3
+ metadata.gz: 4bbe369982d016cef9f8a980d1f727714e0c6218
4
+ data.tar.gz: 0d289e416f94930154528c83498f7d6121be984c
5
5
  SHA512:
6
- metadata.gz: fc649276d7b03e42808a468a92209cb40aa802036f7efddbe19f03c3dc6524c72c644b73ef5c5b901c181b030aaa8ea26598fe01f47a6b2d092f43ca566b4aad
7
- data.tar.gz: 1624272061c380efd61ed94b731e210308ce35f84bf6e4bca722c9ec7a72e8f07c18c0286cb590fd35ca43b2d3a7b7c2e172b0a487e4e01dd4a1fe6a5be9f36d
6
+ metadata.gz: b78bdf731aea95181a12eaa27200b58718ffad9e5a081705fa51dc22001b0c4fe2b52ee0a70152703a90c09ee8d2104fdb3bbc7036b196437baed53aa1b3c337
7
+ data.tar.gz: 133870f896dc7ae33daf71229e93c26d8136377c7b81c86773064462d2799bc4a5cdf74f2d58b4fa350594d3b6e678a5a68e3cb2ba2314ae81c181e29f95c1d4
data/README.md CHANGED
@@ -15,7 +15,7 @@ $ gem install erb_safe_ext
15
15
  ## => <script>alert('safety:)');</script>
16
16
  ```
17
17
 
18
- it will default wrap the dangerous code with `Rack::Utils.escape_html(code)`
18
+ it will default wrap the dangerous code with `ERB::Util.html_escape(code)`
19
19
 
20
20
  works fine with ruby2.1.
21
21
 
data/erb_safe_ext.gemspec CHANGED
@@ -1,20 +1,20 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'sinarey_cache/version'
5
-
6
- Gem::Specification.new do |spec|
7
- spec.name = "erb_safe_ext"
8
- spec.version = '1.0'
9
- spec.authors = ["Jeffrey"]
10
- spec.email = ["jeffrey6052@163.com"]
11
- spec.description = "make ERB default html safe.protect from XSS attack."
12
- spec.summary = "wrap the dangerous code with Rack::Utils.escape_html()"
13
- spec.homepage = "https://github.com/maymay25/erb_safe_ext"
14
- spec.license = "MIT"
15
-
16
- spec.files = ['lib/erb_safe_ext.rb',
17
- 'test/erb_safe_test.rb',
18
- 'erb_safe_ext.gemspec',
19
- 'README.md']
20
- end
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'sinarey_cache/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "erb_safe_ext"
8
+ spec.version = "1.0.1"
9
+ spec.authors = ["Jeffrey"]
10
+ spec.email = ["jeffrey6052@163.com"]
11
+ spec.description = "make ERB default html safe.protect from XSS attack."
12
+ spec.summary = "wrap the dangerous code with ERB::Util.html_escape()"
13
+ spec.homepage = ""
14
+ spec.license = "MIT"
15
+
16
+ spec.files = ['lib/erb_safe_ext.rb',
17
+ 'test/erb_safe_test.rb',
18
+ 'erb_safe_ext.gemspec',
19
+ 'README.md']
20
+ end
data/lib/erb_safe_ext.rb CHANGED
@@ -1,190 +1,190 @@
1
- require 'erb'
2
- require 'rack'
3
-
4
- class ERB
5
- class Compiler
6
- def compile(s)
7
- enc = s.encoding
8
- raise ArgumentError, "#{enc} is not ASCII compatible" if enc.dummy?
9
- s = s.dup.force_encoding("ASCII-8BIT") # don't use constant Enoding::ASCII_8BIT for miniruby
10
- enc = detect_magic_comment(s) || enc
11
- out = Buffer.new(self, enc)
12
- content = ''
13
- scanner = make_scanner(s)
14
- scanner.scan do |token|
15
- next if token.nil?
16
- next if token == ''
17
- if scanner.stag.nil?
18
- case token
19
- when PercentLine
20
- add_put_cmd(out, content) if content.size > 0
21
- content = ''
22
- out.push(token.to_s)
23
- out.cr
24
- when :cr
25
- out.cr
26
- when '<%', '<%==', '<%=', '<%#'
27
- scanner.stag = token
28
- add_put_cmd(out, content) if content.size > 0
29
- content = ''
30
- when "\n"
31
- content << "\n"
32
- add_put_cmd(out, content)
33
- content = ''
34
- when '<%%'
35
- content << '<%'
36
- else
37
- content << token
38
- end
39
- else
40
- case token
41
- when '%>'
42
- case scanner.stag
43
- when '<%'
44
- if content[-1] == ?\n
45
- content.chop!
46
- out.push(content)
47
- out.cr
48
- else
49
- out.push(content)
50
- end
51
- when '<%=='
52
- add_insert_cmd(out, content)
53
- when '<%='
54
- add_insert_escapehtml_cmd(out, content)
55
- when '<%#'
56
- # out.push("# #{content_dump(content)}")
57
- end
58
- scanner.stag = nil
59
- content = ''
60
- when '%%>'
61
- content << '%>'
62
- else
63
- content << token
64
- end
65
- end
66
- end
67
- add_put_cmd(out, content) if content.size > 0
68
- out.close
69
- return out.script, enc
70
- end
71
- def add_insert_escapehtml_cmd(out, content)
72
- out.push("#{@insert_cmd}(('#{Rack::Utils.escape_html(eval(content))}').to_s)")
73
- end
74
- class TrimScanner < Scanner
75
- def scan_line(line)
76
- line.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>|\n|\z)/m) do |tokens|
77
- tokens.each do |token|
78
- next if token.empty?
79
- yield(token)
80
- end
81
- end
82
- end
83
- def trim_line1(line)
84
- line.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>\n|%>|\n|\z)/m) do |tokens|
85
- tokens.each do |token|
86
- next if token.empty?
87
- if token == "%>\n"
88
- yield('%>')
89
- yield(:cr)
90
- else
91
- yield(token)
92
- end
93
- end
94
- end
95
- end
96
- def trim_line2(line)
97
- head = nil
98
- line.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>\n|%>|\n|\z)/m) do |tokens|
99
- tokens.each do |token|
100
- next if token.empty?
101
- head = token unless head
102
- if token == "%>\n"
103
- yield('%>')
104
- if is_erb_stag?(head)
105
- yield(:cr)
106
- else
107
- yield("\n")
108
- end
109
- head = nil
110
- else
111
- yield(token)
112
- head = nil if token == "\n"
113
- end
114
- end
115
- end
116
- end
117
- def explicit_trim_line(line)
118
- line.scan(/(.*?)(^[ \t]*<%\-|<%\-|<%%|%%>|<%==|<%=|<%#|<%|-%>\n|-%>|%>|\z)/m) do |tokens|
119
- tokens.each do |token|
120
- next if token.empty?
121
- if @stag.nil? && /[ \t]*<%-/ =~ token
122
- yield('<%')
123
- elsif @stag && token == "-%>\n"
124
- yield('%>')
125
- yield(:cr)
126
- elsif @stag && token == '-%>'
127
- yield('%>')
128
- else
129
- yield(token)
130
- end
131
- end
132
- end
133
- end
134
- ERB_STAG << '<%=='
135
- def is_erb_stag?(s)
136
- ERB_STAG.member?(s)
137
- end
138
- end
139
- Scanner.default_scanner = TrimScanner
140
- class SimpleScanner < Scanner # :nodoc:
141
- def scan
142
- @src.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>|\n|\z)/m) do |tokens|
143
- tokens.each do |token|
144
- next if token.empty?
145
- yield(token)
146
- end
147
- end
148
- end
149
- end
150
- Scanner.regist_scanner(SimpleScanner, nil, false)
151
- begin
152
- require 'strscan'
153
- class SimpleScanner2 < Scanner # :nodoc:
154
- def scan
155
- stag_reg = /(.*?)(<%%|<%==|<%=|<%#|<%|\z)/m
156
- etag_reg = /(.*?)(%%>|%>|\z)/m
157
- scanner = StringScanner.new(@src)
158
- while ! scanner.eos?
159
- scanner.scan(@stag ? etag_reg : stag_reg)
160
- yield(scanner[1])
161
- yield(scanner[2])
162
- end
163
- end
164
- end
165
- Scanner.regist_scanner(SimpleScanner2, nil, false)
166
- class ExplicitScanner < Scanner # :nodoc:
167
- def scan
168
- stag_reg = /(.*?)(^[ \t]*<%-|<%%|<%==|<%=|<%#|<%-|<%|\z)/m
169
- etag_reg = /(.*?)(%%>|-%>|%>|\z)/m
170
- scanner = StringScanner.new(@src)
171
- while ! scanner.eos?
172
- scanner.scan(@stag ? etag_reg : stag_reg)
173
- yield(scanner[1])
174
- elem = scanner[2]
175
- if /[ \t]*<%-/ =~ elem
176
- yield('<%')
177
- elsif elem == '-%>'
178
- yield('%>')
179
- yield(:cr) if scanner.scan(/(\n|\z)/)
180
- else
181
- yield(elem)
182
- end
183
- end
184
- end
185
- end
186
- Scanner.regist_scanner(ExplicitScanner, '-', false)
187
- rescue LoadError
188
- end
189
- end
190
- end
1
+ require 'erb'
2
+ require 'rack'
3
+
4
+ class ERB
5
+ class Compiler
6
+ def compile(s)
7
+ enc = s.encoding
8
+ raise ArgumentError, "#{enc} is not ASCII compatible" if enc.dummy?
9
+ s = s.dup.force_encoding("ASCII-8BIT") # don't use constant Enoding::ASCII_8BIT for miniruby
10
+ enc = detect_magic_comment(s) || enc
11
+ out = Buffer.new(self, enc)
12
+ content = ''
13
+ scanner = make_scanner(s)
14
+ scanner.scan do |token|
15
+ next if token.nil?
16
+ next if token == ''
17
+ if scanner.stag.nil?
18
+ case token
19
+ when PercentLine
20
+ add_put_cmd(out, content) if content.size > 0
21
+ content = ''
22
+ out.push(token.to_s)
23
+ out.cr
24
+ when :cr
25
+ out.cr
26
+ when '<%', '<%==', '<%=', '<%#'
27
+ scanner.stag = token
28
+ add_put_cmd(out, content) if content.size > 0
29
+ content = ''
30
+ when "\n"
31
+ content << "\n"
32
+ add_put_cmd(out, content)
33
+ content = ''
34
+ when '<%%'
35
+ content << '<%'
36
+ else
37
+ content << token
38
+ end
39
+ else
40
+ case token
41
+ when '%>'
42
+ case scanner.stag
43
+ when '<%'
44
+ if content[-1] == ?\n
45
+ content.chop!
46
+ out.push(content)
47
+ out.cr
48
+ else
49
+ out.push(content)
50
+ end
51
+ when '<%=='
52
+ add_insert_cmd(out, content)
53
+ when '<%='
54
+ add_insert_escapehtml_cmd(out, content)
55
+ when '<%#'
56
+ # out.push("# #{content_dump(content)}")
57
+ end
58
+ scanner.stag = nil
59
+ content = ''
60
+ when '%%>'
61
+ content << '%>'
62
+ else
63
+ content << token
64
+ end
65
+ end
66
+ end
67
+ add_put_cmd(out, content) if content.size > 0
68
+ out.close
69
+ return out.script, enc
70
+ end
71
+ def add_insert_escapehtml_cmd(out, content)
72
+ out.push("#{@insert_cmd}(ERB::Util.html_escape(#{content}))")
73
+ end
74
+ class TrimScanner < Scanner
75
+ def scan_line(line)
76
+ line.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>|\n|\z)/m) do |tokens|
77
+ tokens.each do |token|
78
+ next if token.empty?
79
+ yield(token)
80
+ end
81
+ end
82
+ end
83
+ def trim_line1(line)
84
+ line.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>\n|%>|\n|\z)/m) do |tokens|
85
+ tokens.each do |token|
86
+ next if token.empty?
87
+ if token == "%>\n"
88
+ yield('%>')
89
+ yield(:cr)
90
+ else
91
+ yield(token)
92
+ end
93
+ end
94
+ end
95
+ end
96
+ def trim_line2(line)
97
+ head = nil
98
+ line.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>\n|%>|\n|\z)/m) do |tokens|
99
+ tokens.each do |token|
100
+ next if token.empty?
101
+ head = token unless head
102
+ if token == "%>\n"
103
+ yield('%>')
104
+ if is_erb_stag?(head)
105
+ yield(:cr)
106
+ else
107
+ yield("\n")
108
+ end
109
+ head = nil
110
+ else
111
+ yield(token)
112
+ head = nil if token == "\n"
113
+ end
114
+ end
115
+ end
116
+ end
117
+ def explicit_trim_line(line)
118
+ line.scan(/(.*?)(^[ \t]*<%\-|<%\-|<%%|%%>|<%==|<%=|<%#|<%|-%>\n|-%>|%>|\z)/m) do |tokens|
119
+ tokens.each do |token|
120
+ next if token.empty?
121
+ if @stag.nil? && /[ \t]*<%-/ =~ token
122
+ yield('<%')
123
+ elsif @stag && token == "-%>\n"
124
+ yield('%>')
125
+ yield(:cr)
126
+ elsif @stag && token == '-%>'
127
+ yield('%>')
128
+ else
129
+ yield(token)
130
+ end
131
+ end
132
+ end
133
+ end
134
+ ERB_STAG << '<%=='
135
+ def is_erb_stag?(s)
136
+ ERB_STAG.member?(s)
137
+ end
138
+ end
139
+ Scanner.default_scanner = TrimScanner
140
+ class SimpleScanner < Scanner # :nodoc:
141
+ def scan
142
+ @src.scan(/(.*?)(<%%|%%>|<%==|<%=|<%#|<%|%>|\n|\z)/m) do |tokens|
143
+ tokens.each do |token|
144
+ next if token.empty?
145
+ yield(token)
146
+ end
147
+ end
148
+ end
149
+ end
150
+ Scanner.regist_scanner(SimpleScanner, nil, false)
151
+ begin
152
+ require 'strscan'
153
+ class SimpleScanner2 < Scanner # :nodoc:
154
+ def scan
155
+ stag_reg = /(.*?)(<%%|<%==|<%=|<%#|<%|\z)/m
156
+ etag_reg = /(.*?)(%%>|%>|\z)/m
157
+ scanner = StringScanner.new(@src)
158
+ while ! scanner.eos?
159
+ scanner.scan(@stag ? etag_reg : stag_reg)
160
+ yield(scanner[1])
161
+ yield(scanner[2])
162
+ end
163
+ end
164
+ end
165
+ Scanner.regist_scanner(SimpleScanner2, nil, false)
166
+ class ExplicitScanner < Scanner # :nodoc:
167
+ def scan
168
+ stag_reg = /(.*?)(^[ \t]*<%-|<%%|<%==|<%=|<%#|<%-|<%|\z)/m
169
+ etag_reg = /(.*?)(%%>|-%>|%>|\z)/m
170
+ scanner = StringScanner.new(@src)
171
+ while ! scanner.eos?
172
+ scanner.scan(@stag ? etag_reg : stag_reg)
173
+ yield(scanner[1])
174
+ elem = scanner[2]
175
+ if /[ \t]*<%-/ =~ elem
176
+ yield('<%')
177
+ elsif elem == '-%>'
178
+ yield('%>')
179
+ yield(:cr) if scanner.scan(/(\n|\z)/)
180
+ else
181
+ yield(elem)
182
+ end
183
+ end
184
+ end
185
+ end
186
+ Scanner.regist_scanner(ExplicitScanner, '-', false)
187
+ rescue LoadError
188
+ end
189
+ end
190
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: erb_safe_ext
3
3
  version: !ruby/object:Gem::Version
4
- version: '1.0'
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeffrey
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-02-27 00:00:00.000000000 Z
11
+ date: 2014-02-28 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: make ERB default html safe.protect from XSS attack.
14
14
  email:
@@ -21,7 +21,7 @@ files:
21
21
  - test/erb_safe_test.rb
22
22
  - erb_safe_ext.gemspec
23
23
  - README.md
24
- homepage: https://github.com/maymay25/erb_safe_ext
24
+ homepage: ''
25
25
  licenses:
26
26
  - MIT
27
27
  metadata: {}
@@ -31,12 +31,12 @@ require_paths:
31
31
  - lib
32
32
  required_ruby_version: !ruby/object:Gem::Requirement
33
33
  requirements:
34
- - - '>='
34
+ - - ">="
35
35
  - !ruby/object:Gem::Version
36
36
  version: '0'
37
37
  required_rubygems_version: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - '>='
39
+ - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
42
  requirements: []
@@ -44,5 +44,5 @@ rubyforge_project:
44
44
  rubygems_version: 2.0.14
45
45
  signing_key:
46
46
  specification_version: 4
47
- summary: wrap the dangerous code with Rack::Utils.escape_html()
47
+ summary: wrap the dangerous code with ERB::Util.html_escape()
48
48
  test_files: []