erb_safe_ext 1.0.2 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eca8b6fb8317a63a61c4e899fefd90dc0a755dbc
-  data.tar.gz: 5a3d952dbf524dfab0789411a6880996a6cf1edb
+  metadata.gz: d1463d83243d6e11785a43a520e3103e3c06e176
+  data.tar.gz: 5d259dae6dfb15d2eb4905a971b5624a57993850
 SHA512:
-  metadata.gz: 580faa34fbcdabdbeee88be4eecb7059841ec70cbfde124b0aa7fa787a8b35694e04e2509bbe57187a58e4bec1c5f049bb00350c05bf2792a728ed8a9778bf25
-  data.tar.gz: c030adfb3b5009ad385e3b6492ebedfcceb221c72f0710f0157cb9485e92cfc7c87d3b10c8dc2b5f3908392f35ffae6cee318ac26c299faebedb7f1744a47d0f
+  metadata.gz: 4cf47113b3d29d022ec517dac60c0d35b0e275ffae913d7673c2238e8388c20a590bde8db60ab1818e1299b702a91de883e70dddc55d5e950599cbd096a71d45
+  data.tar.gz: cb0edf151bf69d510037900a0518f9d71efa8607393311cf29215bb83d040d3b251bbe038a0ad8cb7da44e340dfeecaa36e5e4c83e4516ec71a1b03c968f1e8e

data/README.md

@@ -29,7 +29,7 @@ the `<%==` is the backup of ERB's original `<%=` function.
 ```
 
 
-Test code
+## Test code
 
 ``` ruby
 require 'erb_safe_ext'
@@ -42,4 +42,21 @@ EOF
 puts template.result
 ```
 
+## About Sinatra
+work fine with sinatra(current version is 1.4.4).
+
+but you should know that sinatra use [tilt](http://rubygems.org/gems/tilt) to render template.
+
+and sinatra also got Runtime Dependencies with `tilt >= 1.3.4, ~> 1.3`, that will do something make this gem lose effectiveness when you got `erubis` in your environment.
+
+So don't do following things:
+
+1. `require 'erubis'`
+
+2. add gems that dependent on erubis, such as `better_errors` (you may find out all dependences in file `Gemfile.lock`)
+
+yeah.happy coding:)
+
+
+
 

data/erb_safe_ext.gemspec

@@ -5,7 +5,7 @@ require 'sinarey_cache/version'
 
 Gem::Specification.new do |spec|
   spec.name          = "erb_safe_ext"
-  spec.version       = "1.0.2"
+  spec.version       = "1.0.3"
   spec.authors       = ["Jeffrey"]
   spec.email         = ["jeffrey6052@163.com"]
   spec.description   = "make ERB default html safe.protect from XSS attack."
@@ -14,6 +14,7 @@ Gem::Specification.new do |spec|
   spec.license       = "MIT"
 
   spec.files         = ['lib/erb_safe_ext.rb',
+                        'lib/erb_safe_ext/sinatra/exception_template.rb',
                         'test/erb_safe_test.rb',
                         'erb_safe_ext.gemspec',
                         'README.md']

data/lib/erb_safe_ext/sinatra/exception_template.rb

@@ -0,0 +1,295 @@
+
+#modify sinatra original exception template,fixed to erb_safe_ext.
+
+module Sinatra
+
+  class ShowExceptions < Rack::ShowExceptions
+
+    defined?(TEMPLATE) and remove_const(:TEMPLATE)
+
+TEMPLATE = <<-HTML # :nodoc:
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+  <title><%= exception.class %> at <%= path %></title>
+
+  <script type="text/javascript">
+  //<!--
+  function toggle(id) {
+    var pre  = document.getElementById("pre-" + id);
+    var post = document.getElementById("post-" + id);
+    var context = document.getElementById("context-" + id);
+
+    if (pre.style.display == 'block') {
+      pre.style.display = 'none';
+      post.style.display = 'none';
+      context.style.background = "none";
+    } else {
+      pre.style.display = 'block';
+      post.style.display = 'block';
+      context.style.background = "#fffed9";
+    }
+  }
+
+  function toggleBacktrace(){
+    var bt = document.getElementById("backtrace");
+    var toggler = document.getElementById("expando");
+
+    if (bt.className == 'condensed') {
+      bt.className = 'expanded';
+      toggler.innerHTML = "(condense)";
+    } else {
+      bt.className = 'condensed';
+      toggler.innerHTML = "(expand)";
+    }
+  }
+  //-->
+  </script>
+
+<style type="text/css" media="screen">
+  *                   {margin: 0; padding: 0; border: 0; outline: 0;}
+  div.clear           {clear: both;}
+  body                {background: #EEEEEE; margin: 0; padding: 0;
+                       font-family: 'Lucida Grande', 'Lucida Sans Unicode',
+                       'Garuda';}
+  code                {font-family: 'Lucida Console', monospace;
+                       font-size: 12px;}
+  li                  {height: 18px;}
+  ul                  {list-style: none; margin: 0; padding: 0;}
+  ol:hover            {cursor: pointer;}
+  ol li               {white-space: pre;}
+  #explanation        {font-size: 12px; color: #666666;
+                       margin: 20px 0 0 100px;}
+/* WRAP */
+  #wrap               {width: 1000px; background: #FFFFFF; margin: 0 auto;
+                       padding: 30px 50px 20px 50px;
+                       border-left: 1px solid #DDDDDD;
+                       border-right: 1px solid #DDDDDD;}
+/* HEADER */
+  #header             {margin: 0 auto 25px auto;}
+  #header img         {float: left;}
+  #header #summary    {float: left; margin: 12px 0 0 20px; width:660px;
+                       font-family: 'Lucida Grande', 'Lucida Sans Unicode';}
+  h1                  {margin: 0; font-size: 36px; color: #981919;}
+  h2                  {margin: 0; font-size: 22px; color: #333333;}
+  #header ul          {margin: 0; font-size: 12px; color: #666666;}
+  #header ul li strong{color: #444444;}
+  #header ul li       {display: inline; padding: 0 10px;}
+  #header ul li.first {padding-left: 0;}
+  #header ul li.last  {border: 0; padding-right: 0;}
+/* BODY */
+  #backtrace,
+  #get,
+  #post,
+  #cookies,
+  #rack               {width: 980px; margin: 0 auto 10px auto;}
+  p#nav               {float: right; font-size: 14px;}
+/* BACKTRACE */
+  a#expando           {float: left; padding-left: 5px; color: #666666;
+                      font-size: 14px; text-decoration: none; cursor: pointer;}
+  a#expando:hover     {text-decoration: underline;}
+  h3                  {float: left; width: 100px; margin-bottom: 10px;
+                       color: #981919; font-size: 14px; font-weight: bold;}
+  #nav a              {color: #666666; text-decoration: none; padding: 0 5px;}
+  #backtrace li.frame-info {background: #f7f7f7; padding-left: 10px;
+                           font-size: 12px; color: #333333;}
+  #backtrace ul       {list-style-position: outside; border: 1px solid #E9E9E9;
+                       border-bottom: 0;}
+  #backtrace ol       {width: 920px; margin-left: 50px;
+                       font: 10px 'Lucida Console', monospace; color: #666666;}
+  #backtrace ol li    {border: 0; border-left: 1px solid #E9E9E9;
+                       padding: 2px 0;}
+  #backtrace ol code  {font-size: 10px; color: #555555; padding-left: 5px;}
+  #backtrace-ul li    {border-bottom: 1px solid #E9E9E9; height: auto;
+                       padding: 3px 0;}
+  #backtrace-ul .code {padding: 6px 0 4px 0;}
+  #backtrace.condensed .system,
+  #backtrace.condensed .framework {display:none;}
+/* REQUEST DATA */
+  p.no-data           {padding-top: 2px; font-size: 12px; color: #666666;}
+  table.req           {width: 980px; text-align: left; font-size: 12px;
+                       color: #666666; padding: 0; border-spacing: 0;
+                       border: 1px solid #EEEEEE; border-bottom: 0;
+                       border-left: 0;
+                       clear:both}
+  table.req tr th     {padding: 2px 10px; font-weight: bold;
+                       background: #F7F7F7; border-bottom: 1px solid #EEEEEE;
+                       border-left: 1px solid #EEEEEE;}
+  table.req tr td     {padding: 2px 20px 2px 10px;
+                       border-bottom: 1px solid #EEEEEE;
+                       border-left: 1px solid #EEEEEE;}
+/* HIDE PRE/POST CODE AT START */
+  .pre-context,
+  .post-context       {display: none;}
+
+  table td.code       {width:750px}
+  table td.code div   {width:750px;overflow:hidden}
+</style>
+</head>
+<body>
+  <div id="wrap">
+    <div id="header">
+      <img src="<%== env['SCRIPT_NAME'] %>/__sinatra__/500.png" alt="application error" height="161" width="313" />
+      <div id="summary">
+        <h1><strong><%= exception.class %></strong> at <strong><%= path %>
+          </strong></h1>
+        <h2><%= exception.message %></h2>
+        <ul>
+          <li class="first"><strong>file:</strong> <code>
+            <%= frames.first.filename.split("/").last %></code></li>
+          <li><strong>location:</strong> <code><%= frames.first.function %>
+            </code></li>
+          <li class="last"><strong>line:
+            </strong> <%= frames.first.lineno %></li>
+        </ul>
+      </div>
+      <div class="clear"></div>
+    </div>
+
+    <div id="backtrace" class='condensed'>
+      <h3>BACKTRACE</h3>
+      <p><a href="#" id="expando"
+            onclick="toggleBacktrace(); return false">(expand)</a></p>
+      <p id="nav"><strong>JUMP TO:</strong>
+         <a href="#get-info">GET</a>
+         <a href="#post-info">POST</a>
+         <a href="#cookie-info">COOKIES</a>
+         <a href="#env-info">ENV</a>
+      </p>
+      <div class="clear"></div>
+
+      <ul id="backtrace-ul">
+
+      <% id = 1 %>
+      <% frames.each do |frame| %>
+          <% if frame.context_line && frame.context_line != "#" %>
+
+            <li class="frame-info <%== frame_class(frame) %>">
+              <code><%= frame.filename %></code> in
+                <code><strong><%= frame.function %></strong></code>
+            </li>
+
+            <li class="code <%== frame_class(frame) %>">
+              <% if frame.pre_context %>
+              <ol start="<%= frame.pre_context_lineno + 1 %>"
+                  class="pre-context" id="pre-<%== id %>"
+                  onclick="toggle(<%== id %>);">
+                <% frame.pre_context.each do |line| %>
+                <li class="pre-context-line"><code><%= line %></code></li>
+                <% end %>
+              </ol>
+              <% end %>
+
+              <ol start="<%== frame.lineno %>" class="context" id="<%== id %>"
+                  onclick="toggle(<%== id %>);">
+                <li class="context-line" id="context-<%== id %>"><code><%= frame.context_line %></code></li>
+              </ol>
+
+              <% if frame.post_context %>
+              <ol start="<%= frame.lineno + 1 %>" class="post-context"
+                  id="post-<%== id %>" onclick="toggle(<%== id %>);">
+                <% frame.post_context.each do |line| %>
+                <li class="post-context-line"><code><%= line %></code></li>
+                <% end %>
+              </ol>
+              <% end %>
+              <div class="clear"></div>
+            </li>
+
+          <% end %>
+
+        <% id += 1 %>
+      <% end %>
+
+      </ul>
+    </div> <!-- /BACKTRACE -->
+
+    <div id="get">
+      <h3 id="get-info">GET</h3>
+      <% if req.GET and not req.GET.empty? %>
+        <table class="req">
+          <tr>
+            <th>Variable</th>
+            <th>Value</th>
+          </tr>
+           <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
+          <tr>
+            <td><%= key %></td>
+            <td class="code"><div><%= val.inspect %></div></td>
+          </tr>
+          <% } %>
+        </table>
+      <% else %>
+        <p class="no-data">No GET data.</p>
+      <% end %>
+      <div class="clear"></div>
+    </div> <!-- /GET -->
+
+    <div id="post">
+      <h3 id="post-info">POST</h3>
+      <% if req.POST and not req.POST.empty? %>
+        <table class="req">
+          <tr>
+            <th>Variable</th>
+            <th>Value</th>
+          </tr>
+          <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
+          <tr>
+            <td><%= key %></td>
+            <td class="code"><div><%= val.inspect %></div></td>
+          </tr>
+          <% } %>
+        </table>
+      <% else %>
+        <p class="no-data">No POST data.</p>
+      <% end %>
+      <div class="clear"></div>
+    </div> <!-- /POST -->
+
+    <div id="cookies">
+      <h3 id="cookie-info">COOKIES</h3>
+      <% unless req.cookies.empty? %>
+        <table class="req">
+          <tr>
+            <th>Variable</th>
+            <th>Value</th>
+          </tr>
+          <% req.cookies.each { |key, val| %>
+            <tr>
+              <td><%= key %></td>
+              <td class="code"><div><%= val.inspect %></div></td>
+            </tr>
+          <% } %>
+        </table>
+      <% else %>
+        <p class="no-data">No cookie data.</p>
+      <% end %>
+      <div class="clear"></div>
+    </div> <!-- /COOKIES -->
+
+    <div id="rack">
+      <h3 id="env-info">Rack ENV</h3>
+      <table class="req">
+        <tr>
+          <th>Variable</th>
+          <th>Value</th>
+        </tr>
+         <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
+         <tr>
+           <td><%= key %></td>
+           <td class="code"><div><%= val %></div></td>
+         </tr>
+         <% } %>
+      </table>
+      <div class="clear"></div>
+    </div> <!-- /RACK ENV -->
+
+    <p id="explanation">You're seeing this error because you have
+enabled the <code>show_exceptions</code> setting.</p>
+  </div> <!-- /WRAP -->
+  </body>
+</html>
+HTML
+  end
+end

data/lib/erb_safe_ext.rb

@@ -1,5 +1,4 @@
 require 'erb'
-require 'rack'
 
 class ERB
   class Compiler

data/test/erb_safe_test.rb

@@ -9,6 +9,8 @@ template = ERB.new <<-EOF
 <%== "<script>alert('danger!');</script>" %>
 this is the end.
 EOF
+
+#puts template.src
 puts template.result
 
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: erb_safe_ext
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors:
 - Jeffrey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-28 00:00:00.000000000 Z
+date: 2014-03-04 00:00:00.000000000 Z
 dependencies: []
 description: make ERB default html safe.protect from XSS attack.
 email:
@@ -18,6 +18,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - lib/erb_safe_ext.rb
+- lib/erb_safe_ext/sinatra/exception_template.rb
 - test/erb_safe_test.rb
 - erb_safe_ext.gemspec
 - README.md