RubyGems - escape_escape_escape - Versions diffs - 1.4.1 → 1.4.2 - Mend

escape_escape_escape 1.4.1 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/lib/escape_escape_escape.rb +2 -2
data/specs/as_ruby/0003-css_value.rb +7 -4
data/specs/as_ruby/0020-href.rb +4 -4
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 475be5e9a0ff5184bf31e21eb5e2af467bd63a24
-  data.tar.gz: 79f586268536dfc6c6c21ffdaf3f3f38a9adfadd
+  metadata.gz: f2a5d5a848cf1a178a86f45870811a4a534475e9
+  data.tar.gz: 7912ea4b395f8b1ba8e63370dec8a9b528848051
 SHA512:
-  metadata.gz: ae1c2d11044288d7d1e0dc4036873247c35e969c35e3f64550ee52c629ca48b0cce081dd2e58fe92af8c8b8f51051ffd77df7c032298aad26c138b6756abc485
-  data.tar.gz: 72561e7f4040d2f2395c61e13c5e6516146014f1d1d2fdb8f630806590a5da5b5f7c478281d3e7bde24fad8f199dceda7395e13f15bc6dcc64250cb30d4a05fa
+  metadata.gz: 404be22bef004e7ee70286229a43d1fa167dd8d1f475be0c9da05398b42d8b21fb304fe130d192151ee5988dd9c87d2b85de8a26645d5fd5e8c5d71cb30e95b8
+  data.tar.gz: 7c4652e9c6343603207a64d168f5fce319f1c09cd10bc85cef06c4b78217a4fa37f5bfbcc66846597af3bf1041b3f7b9c73f517f12f723d5446c409d1f1a27cf

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.4.1
1	+ 1.4.2

data/lib/escape_escape_escape.rb CHANGED

@@ -50,7 +50,7 @@ class Escape_Escape_Escape
   TAG_PATTERN        = /\A[a-z]([a-z0-9\_]{0,}[a-z]{1,})?\z/i
-  VALID_CSS_VALUE      = /\A[a-z0-9\;\-\_\#\ ]+\z/i
+  VALID_CSS_VALUE      = /\A[a-z0-9\;\-\_\#\,\ ]+\z/i
   VALID_CSS_SELECTOR   = /\A[a-z0-9\#\:\_\-\.\ ]+\z/i
   VALID_CSS_ATTR       = /\A[a-z0-9-]+\z/i
   VALID_CSS_CLASS_NAME = /\A[a-z0-9\_]+\z/i
@@ -200,7 +200,7 @@ class Escape_Escape_Escape
         fail( Invalid_HREF, "javascript:// is not allowed" ) if (uri.scheme || ''.freeze)['javascript'.freeze]
         fail( Invalid_HREF, "address is invalid") if !uri.host && !uri.relative?
-        html(EscapeUtils.escape_uri uri.to_s)
+        html(EscapeUtils.escape_uri(EscapeUtils.unescape_uri uri.to_s))
       rescue URI::InvalidURIError => e
         raise Invalid_HREF, e.message
       end

data/specs/as_ruby/0003-css_value.rb CHANGED

@@ -1,4 +1,8 @@
+it     'allows commas and spaces'
+input  "Ubuntu, Segoe UI, Helvetica, sans-serif"
+output "Ubuntu, Segoe UI, Helvetica, sans-serif"
 it     'sanitizes :css :expression regardless of the case'
 input  "eXprEssioN(alert('xss!'));"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
@@ -7,7 +11,6 @@ it    'sanitizes :css :expression when ( or ) is an html entity: &#40; &#41;'
 input "eXprEssioN&#40;alert('xss!')&#41;"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
 it     'sanitizes :css :expression when ( is html entity regardless of case: &rPaR;'
 input  "eXprEssioN&rPaR;alert('xss!'))"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
@@ -33,15 +36,15 @@ it     'sanitizes css_href with encoded slashes'
 input  "smtp:&#047;&#047;file.com&#047;img.png"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
-it    'sanitizes javascript: href'
+it    'sanitizes javascript: protocol w/js code'
 input 'jAvAscript://alert()'
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
-it    'sanitizes javascript: href with encoded colons:'
+it    'sanitizes javascript: protocol with encoded colons:'
 input "javascript&#058;//alert()"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/
-it     'sanitizes javascript: href with encoded slashes'
+it     'sanitizes javascript: protocol with encoded slashes'
 input  "javascript:&#047;&#047;alert()"
 raises Escape_Escape_Escape::Invalid, /contains invalid chars/

data/specs/as_ruby/0020-href.rb CHANGED

@@ -65,7 +65,7 @@ output "&#47;path&#47;mine&#47;&amp;"
 it     "raises Invalid_HREF if it contains unicode:"
 input  "http://кц.рф"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
 it    'normalizes address:'
@@ -85,17 +85,17 @@ output "http:&#47;&#47;www.test.com&#47;?test=&#39;something&#47;"
 it    'fails w/ Invalid_HREF if HTML entities in uri:'
 input "http://6&#9;6.000146.0x7.147/"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /bad URI\(is not URI\?\)/
 it     'fails w/ Invalid_HREF if path contains html entities:'
 input  "http://www.test.com/&nbsp;s/"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/
 it     'fails w/ Invalid_HREF if query string contains HTML entities:'
 input  "http://www.test.com/s/test?t&nbsp;test"
-raises Escape_Escape_Escape::Invalid_HREF, /bad URI/
+raises Escape_Escape_Escape::Invalid_HREF, /URI must be ascii only/

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: escape_escape_escape
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.4.2
 platform: ruby
 authors:
 - da99
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-09-19 00:00:00.000000000 Z
+date: 2015-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -229,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.1
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: My way of escaping/encoding HTML.