escape_escape_escape 1.4.1 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 475be5e9a0ff5184bf31e21eb5e2af467bd63a24
4
- data.tar.gz: 79f586268536dfc6c6c21ffdaf3f3f38a9adfadd
3
+ metadata.gz: f2a5d5a848cf1a178a86f45870811a4a534475e9
4
+ data.tar.gz: 7912ea4b395f8b1ba8e63370dec8a9b528848051
5
5
  SHA512:
6
- metadata.gz: ae1c2d11044288d7d1e0dc4036873247c35e969c35e3f64550ee52c629ca48b0cce081dd2e58fe92af8c8b8f51051ffd77df7c032298aad26c138b6756abc485
7
- data.tar.gz: 72561e7f4040d2f2395c61e13c5e6516146014f1d1d2fdb8f630806590a5da5b5f7c478281d3e7bde24fad8f199dceda7395e13f15bc6dcc64250cb30d4a05fa
6
+ metadata.gz: 404be22bef004e7ee70286229a43d1fa167dd8d1f475be0c9da05398b42d8b21fb304fe130d192151ee5988dd9c87d2b85de8a26645d5fd5e8c5d71cb30e95b8
7
+ data.tar.gz: 7c4652e9c6343603207a64d168f5fce319f1c09cd10bc85cef06c4b78217a4fa37f5bfbcc66846597af3bf1041b3f7b9c73f517f12f723d5446c409d1f1a27cf
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.4.1
1
+ 1.4.2
@@ -50,7 +50,7 @@ class Escape_Escape_Escape
50
50
 
51
51
  TAG_PATTERN = /\A[a-z]([a-z0-9\_]{0,}[a-z]{1,})?\z/i
52
52
 
53
- VALID_CSS_VALUE = /\A[a-z0-9\;\-\_\#\ ]+\z/i
53
+ VALID_CSS_VALUE = /\A[a-z0-9\;\-\_\#\,\ ]+\z/i
54
54
  VALID_CSS_SELECTOR = /\A[a-z0-9\#\:\_\-\.\ ]+\z/i
55
55
  VALID_CSS_ATTR = /\A[a-z0-9-]+\z/i
56
56
  VALID_CSS_CLASS_NAME = /\A[a-z0-9\_]+\z/i
@@ -200,7 +200,7 @@ class Escape_Escape_Escape
200
200
  fail( Invalid_HREF, "javascript:// is not allowed" ) if (uri.scheme || ''.freeze)['javascript'.freeze]
201
201
  fail( Invalid_HREF, "address is invalid") if !uri.host && !uri.relative?
202
202
 
203
- html(EscapeUtils.escape_uri uri.to_s)
203
+ html(EscapeUtils.escape_uri(EscapeUtils.unescape_uri uri.to_s))
204
204
  rescue URI::InvalidURIError => e
205
205
  raise Invalid_HREF, e.message
206
206
  end
@@ -1,4 +1,8 @@
1
1
 
2
+ it 'allows commas and spaces'
3
+ input "Ubuntu, Segoe UI, Helvetica, sans-serif"
4
+ output "Ubuntu, Segoe UI, Helvetica, sans-serif"
5
+
2
6
  it 'sanitizes :css :expression regardless of the case'
3
7
  input "eXprEssioN(alert('xss!'));"
4
8
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
@@ -7,7 +11,6 @@ it 'sanitizes :css :expression when ( or ) is an html entity: ( )'
7
11
  input "eXprEssioN(alert('xss!'))"
8
12
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
9
13
 
10
-
11
14
  it 'sanitizes :css :expression when ( is html entity regardless of case: &rPaR;'
12
15
  input "eXprEssioN&rPaR;alert('xss!'))"
13
16
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
@@ -33,15 +36,15 @@ it 'sanitizes css_href with encoded slashes'
33
36
  input "smtp://file.com/img.png"
34
37
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
35
38
 
36
- it 'sanitizes javascript: href'
39
+ it 'sanitizes javascript: protocol w/js code'
37
40
  input 'jAvAscript://alert()'
38
41
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
39
42
 
40
- it 'sanitizes javascript: href with encoded colons:'
43
+ it 'sanitizes javascript: protocol with encoded colons:'
41
44
  input "javascript://alert()"
42
45
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
43
46
 
44
- it 'sanitizes javascript: href with encoded slashes'
47
+ it 'sanitizes javascript: protocol with encoded slashes'
45
48
  input "javascript://alert()"
46
49
  raises Escape_Escape_Escape::Invalid, /contains invalid chars/
47
50
 
@@ -65,7 +65,7 @@ output "/path/mine/&"
65
65
 
66
66
  it "raises Invalid_HREF if it contains unicode:"
67
67
  input "http://кц.рф"
68
- raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
68
+ raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
69
69
 
70
70
 
71
71
  it 'normalizes address:'
@@ -85,17 +85,17 @@ output "http://www.test.com/?test='something/"
85
85
 
86
86
  it 'fails w/ Invalid_HREF if HTML entities in uri:'
87
87
  input "http://6	6.000146.0x7.147/"
88
- raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
88
+ raises Escape_Escape_Escape::Invalid_HREF, /bad URI\(is not URI\?\)/
89
89
 
90
90
 
91
91
  it 'fails w/ Invalid_HREF if path contains html entities:'
92
92
  input "http://www.test.com/ s/"
93
- raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
93
+ raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
94
94
 
95
95
 
96
96
  it 'fails w/ Invalid_HREF if query string contains HTML entities:'
97
97
  input "http://www.test.com/s/test?t test"
98
- raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
98
+ raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
99
99
 
100
100
 
101
101
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: escape_escape_escape
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - da99
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-19 00:00:00.000000000 Z
11
+ date: 2015-03-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: addressable
@@ -229,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
229
229
  version: '0'
230
230
  requirements: []
231
231
  rubyforge_project:
232
- rubygems_version: 2.4.1
232
+ rubygems_version: 2.4.5
233
233
  signing_key:
234
234
  specification_version: 4
235
235
  summary: My way of escaping/encoding HTML.