RubyGems - escape_escape_escape - Versions diffs - 1.4.1 → 1.4.2 - Mend

escape_escape_escape 1.4.1 → 1.4.2

Files changed (6) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/lib/escape_escape_escape.rb +2 -2
data/specs/as_ruby/0003-css_value.rb +7 -4
data/specs/as_ruby/0020-href.rb +4 -4
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 475be5e9a0ff5184bf31e21eb5e2af467bd63a24
-  data.tar.gz: 79f586268536dfc6c6c21ffdaf3f3f38a9adfadd
+  metadata.gz: f2a5d5a848cf1a178a86f45870811a4a534475e9
+  data.tar.gz: 7912ea4b395f8b1ba8e63370dec8a9b528848051
 SHA512:
-  metadata.gz: ae1c2d11044288d7d1e0dc4036873247c35e969c35e3f64550ee52c629ca48b0cce081dd2e58fe92af8c8b8f51051ffd77df7c032298aad26c138b6756abc485
-  data.tar.gz: 72561e7f4040d2f2395c61e13c5e6516146014f1d1d2fdb8f630806590a5da5b5f7c478281d3e7bde24fad8f199dceda7395e13f15bc6dcc64250cb30d4a05fa
+  metadata.gz: 404be22bef004e7ee70286229a43d1fa167dd8d1f475be0c9da05398b42d8b21fb304fe130d192151ee5988dd9c87d2b85de8a26645d5fd5e8c5d71cb30e95b8
+  data.tar.gz: 7c4652e9c6343603207a64d168f5fce319f1c09cd10bc85cef06c4b78217a4fa37f5bfbcc66846597af3bf1041b3f7b9c73f517f12f723d5446c409d1f1a27cf

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.4.1
1	+ 1.4.2

data/lib/escape_escape_escape.rb CHANGED

@@ -50,7 +50,7 @@ class Escape_Escape_Escape
   TAG_PATTERN        = /\A[a-z]([a-z0-9\_]{0,}[a-z]{1,})?\z/i
-  VALID_CSS_VALUE      = /\A[a-z0-9\;\-\_\#\ ]+\z/i
+  VALID_CSS_VALUE      = /\A[a-z0-9\;\-\_\#\,\ ]+\z/i
   VALID_CSS_SELECTOR   = /\A[a-z0-9\#\:\_\-\.\ ]+\z/i
   VALID_CSS_ATTR       = /\A[a-z0-9-]+\z/i
   VALID_CSS_CLASS_NAME = /\A[a-z0-9\_]+\z/i
@@ -200,7 +200,7 @@ class Escape_Escape_Escape
         fail( Invalid_HREF, "javascript:// is not allowed" ) if (uri.scheme || ''.freeze)['javascript'.freeze]
         fail( Invalid_HREF, "address is invalid") if !uri.host && !uri.relative?
-        html(EscapeUtils.escape_uri uri.to_s)
+        html(EscapeUtils.escape_uri(EscapeUtils.unescape_uri uri.to_s))
       rescue URI::InvalidURIError => e
         raise Invalid_HREF, e.message
       end

data/specs/as_ruby/0003-css_value.rb CHANGED

@@ -1,4 +1,8 @@
+it     'allows commas and spaces'
+input  "Ubuntu, Segoe UI, Helvetica, sans-serif"
+output "Ubuntu, Segoe UI, Helvetica, sans-serif"
 it     'sanitizes :css :expression regardless of the case'
 input  "eXprEssioN(alert('xss!'));"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
@@ -7,7 +11,6 @@ it    'sanitizes :css :expression when ( or ) is an html entity: &#40; &#41;'
 input "eXprEssioN&#40;alert('xss!')&#41;"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
 it     'sanitizes :css :expression when ( is html entity regardless of case: &rPaR;'
 input  "eXprEssioN&rPaR;alert('xss!'))"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
@@ -33,15 +36,15 @@ it     'sanitizes css_href with encoded slashes'
 input  "smtp:&#047;&#047;file.com&#047;img.png"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
-it    'sanitizes javascript: href'
+it    'sanitizes javascript: protocol w/js code'
 input 'jAvAscript://alert()'
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
-it    'sanitizes javascript: href with encoded colons:'
+it    'sanitizes javascript: protocol with encoded colons:'
 input "javascript&#058;//alert()"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
-it     'sanitizes javascript: href with encoded slashes'
+it     'sanitizes javascript: protocol with encoded slashes'
 input  "javascript:&#047;&#047;alert()"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/

data/specs/as_ruby/0020-href.rb CHANGED

@@ -65,7 +65,7 @@ output "&#47;path&#47;mine&#47;&amp;"
 it     "raises Invalid_HREF if it contains unicode:"
 input  "http://кц.рф"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
 it    'normalizes address:'
@@ -85,17 +85,17 @@ output "http:&#47;&#47;www.test.com&#47;?test=&#39;something&#47;"
 it    'fails w/ Invalid_HREF if HTML entities in uri:'
 input "http://6&#9;6.000146.0x7.147/"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /bad URI\(is not URI\?\)/
 it     'fails w/ Invalid_HREF if path contains html entities:'
 input  "http://www.test.com/&nbsp;s/"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
 it     'fails w/ Invalid_HREF if query string contains HTML entities:'
 input  "http://www.test.com/s/test?t&nbsp;test"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: escape_escape_escape
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.4.2
 platform: ruby
 authors:
 - da99
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-09-19 00:00:00.000000000 Z
+date: 2015-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -229,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.1
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: My way of escaping/encoding HTML.