escape_escape_escape 1.5.1 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/escape_escape_escape.rb +33 -2
  4. data/specs/as_ruby/0001-html.rb +5 -1
  5. data/specs/as_ruby/0001-num.rb +8 -0
  6. data/specs/as_ruby/0003-css.rb +63 -0
  7. data/specs/as_ruby/0040-escape.rb +4 -4
  8. data/specs/escape_escape_escape.rb +5 -5
  9. metadata +5 -4
  10. data/specs/as_ruby/0003-css_value.rb +0 -56
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b3f2670b659a6e2db5264b09fa0867aebb759c87
4
- data.tar.gz: 7e6dcb8be999b12eca501b4a11ed9b07190cc7a6
3
+ metadata.gz: 251b396b4850add2712600d6167f429b59dc04cc
4
+ data.tar.gz: c17d22cac0059acd00dab01f64fccbe04daab0f7
5
5
  SHA512:
6
- metadata.gz: 8dc29c74e9cbc84fd4d6675c254ddbc5cd1eb4a007d2c428670e504fa58235609879632ee6a4ca0b4646cda5ff18b846131dbeb52b900975ecdee5612710a3a3
7
- data.tar.gz: 9beb6a73c47e598a09eeb421055ae31891a70588734ec9cf9a13723a28ca6b3d8a5743365e22f3e536ea15d65abfe878f49046f05152f0476cf82a0fc3e31fe8
6
+ metadata.gz: 9495213354e7ff51e47cad4ee3cbba65ebe65d847dd2058c340ff9af737a2503379b3dbd655878e39adf210353c28db7c09410b758b427486e535f81e9606141
7
+ data.tar.gz: 47e43582cc487ef12e0cf4f08c756e60b82eee0a7daf070b9c6858b210926b87cc1f63db7f36b63bb6b50011f5b01ad1c562c330fcf00747ae12a39c73da6176
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.5.1
1
+ 1.7.0
data/lib/escape_escape_escape.rb CHANGED
@@ -50,10 +50,11 @@ class Escape_Escape_Escape
50
50
 
51
51
  TAG_PATTERN = /\A[a-z]([a-z0-9\_]{0,}[a-z]{1,})?\z/i
52
52
 
53
- VALID_CSS_VALUE = /\A[a-z0-9\;\-\_\#\,\ ]+\z/i
53
+ VALID_CSS_VALUE = /\A[a-z0-9\;\-\_\#\,\ \.]+\z/i
54
54
  VALID_CSS_SELECTOR = /\A[a-z0-9\#\:\_\-\.\ ]+\z/i
55
55
  VALID_CSS_ATTR = /\A[a-z0-9-]+\z/i
56
56
  VALID_CSS_CLASS_NAME = /\A[a-z0-9\_]+\z/i
57
+ VALID_CSS_WIDTH = /\A[a-z0-9\ %\.]+\Z/
57
58
 
58
59
  VALID_HTML_ID = /\A[a-z][0-9a-z_]*\z/;
59
60
  VALID_HTML_TAG = /\A[a-z][0-9a-z_]*\z/;
@@ -225,7 +226,7 @@ class Escape_Escape_Escape
225
226
 
226
227
  def decode_html raw
227
228
  fail("Not a string: #{raw.inspect}") unless raw.is_a?(String)
228
- CODER.decode clean_utf8(raw)
229
+ CODER.decode clean_utf8(raw, :spaces)
229
230
  end
230
231
 
231
232
  %w{attr selector value}.each { |name|
@@ -239,6 +240,31 @@ class Escape_Escape_Escape
239
240
  EOF
240
241
  }
241
242
 
243
+ def css *args
244
+ case
245
+ when args.size == 1
246
+ raw_name = :unknown
247
+ raw = args.first
248
+ when args.size == 2
249
+ raw_name, raw = args
250
+ else
251
+ fail ArgumentError, "Unknown args: #{args.inspect}"
252
+ end
253
+
254
+ name = raw_name.to_s.strip
255
+ clean = html(raw)
256
+
257
+ passes = case
258
+ when name['width'.freeze]
259
+ clean[VALID_CSS_WIDTH]
260
+ else
261
+ clean[VALID_CSS_VALUE]
262
+ end
263
+
264
+ fail ArgumentError, "contains invalid chars: #{raw.inspect}" unless passes
265
+ clean
266
+ end
267
+
242
268
  def css_class_name val
243
269
  return val if val.is_a?(String) && val[VALID_CSS_CLASS_NAME]
244
270
  fail(Invalid, "CSS class name: #{val.inspect}")
@@ -297,6 +323,11 @@ class Escape_Escape_Escape
297
323
  fail Invalid, "Not a String, Number, Array, or Hash"
298
324
  end # === def
299
325
 
326
+ def num v
327
+ fail ArgumentError, "Not a Numeric: #{v.inspect}" unless v.is_a?(Numeric)
328
+ v
329
+ end
330
+
300
331
  def json_encode o
301
332
  case o
302
333
  when Hash
data/specs/as_ruby/0001-html.rb CHANGED
@@ -43,7 +43,7 @@ raises RuntimeError, /Not a string: 1/
43
43
 
44
44
  it 'removes Unicode characters that do not belong in html'
45
45
  input "b \u0340 \u0341 \u17a3 \u17d3 \u2028 \u2029 \u202a"
46
- output "b"
46
+ output "b "
47
47
 
48
48
  it "removes unprintable characters"
49
49
  input "end-\u2028-\u2029-"
@@ -58,3 +58,7 @@ input "&soL; &SoL; /"
58
58
  output "&soL; &SoL; /"
59
59
 
60
60
 
61
+ it "does not strip text"
62
+ input " test "
63
+ output " test "
64
+
data/specs/as_ruby/0001-num.rb ADDED
@@ -0,0 +1,8 @@
1
+
2
+ it "returns the original value"
3
+ input 5.0
4
+ output 5.0
5
+
6
+ it "fails w/ArgumentError if not a Numeric"
7
+ input :sym
8
+ raises ArgumentError, /Not a Numeric: :sym/
data/specs/as_ruby/0003-css.rb ADDED
@@ -0,0 +1,63 @@
1
+
2
+ it 'allows commas and spaces'
3
+ input :font, "Ubuntu, Segoe UI, Helvetica, sans-serif"
4
+ output "Ubuntu, Segoe UI, Helvetica, sans-serif"
5
+
6
+ it 'sanitizes :css :expression regardless of the case'
7
+ input :url, "eXprEssioN(alert('xss!'));"
8
+ raises ArgumentError, /contains invalid chars/
9
+
10
+ it 'sanitizes :css :expression when ( or ) is an html entity: ( )'
11
+ input 'border', "eXprEssioN(alert('xss!'))"
12
+ raises ArgumentError, /contains invalid chars/
13
+
14
+ it 'sanitizes :css :expression when ( is html entity regardless of case: &rPaR;'
15
+ input 'title', "eXprEssioN&rPaR;alert('xss!'))"
16
+ raises ArgumentError, /contains invalid chars/
17
+
18
+ it 'sanitizes css_href'
19
+ input 'css_href', "smtp://file.com/img.png"
20
+ raises ArgumentError, /contains invalid chars/
21
+
22
+ it 'sanitizes css_href event if slash is html entity: /'
23
+ input :img_url, "smtp://file.com/img.png"
24
+ raises ArgumentError, /contains invalid chars/
25
+
26
+ it 'sanitizes css_href event if slash is html entity: /'
27
+ input 'random', "smtp://file.com/img.png"
28
+ raises ArgumentError, /contains invalid chars/
29
+
30
+
31
+ it 'sanitizes css_href event if slash is html entity: /'
32
+ input "smtp://file.com/img.png"
33
+ raises ArgumentError, /contains invalid chars/
34
+
35
+ it 'sanitizes css_href with encoded slashes'
36
+ input "smtp://file.com/img.png"
37
+ raises ArgumentError, /contains invalid chars/
38
+
39
+ it 'sanitizes javascript: protocol w/js code'
40
+ input 'jAvAscript://alert()'
41
+ raises ArgumentError, /contains invalid chars/
42
+
43
+ it 'sanitizes javascript: protocol with encoded colons:'
44
+ input "javascript://alert()"
45
+ raises ArgumentError, /contains invalid chars/
46
+
47
+ it 'sanitizes javascript: protocol with encoded slashes'
48
+ input "javascript://alert()"
49
+ raises ArgumentError, /contains invalid chars/
50
+
51
+ it 'returns cleaned string'
52
+ input '1px solid #000'
53
+ output '1px solid #000'
54
+
55
+ it 'allows multiple border_width sizes: 0 0 0.5em 3px'
56
+ input 'border_width', '0 0 0.5em 3px'
57
+ output '0 0 0.5em 3px'
58
+
59
+ it 'allows % sign in border_width sizes: 0 0 0.5% 3%'
60
+ input 'border_width', '0 0 0.5% 3%'
61
+ output '0 0 0.5% 3%'
62
+
63
+
data/specs/as_ruby/0040-escape.rb CHANGED
@@ -14,8 +14,8 @@ raises Escape_Escape_Escape::Invalid, /Not a String, Number, Array, or Hash/i
14
14
  it 'escapes all String keys in nested objects'
15
15
  input({" a >" => {" a > " => "<b>test</b>"}})
16
16
  output({
17
- "a &gt;" => {
18
- "a &gt;" => "&lt;b&gt;test&lt;&#47;b&gt;"
17
+ " a &gt;" => {
18
+ " a &gt; " => "&lt;b&gt;test&lt;&#47;b&gt;"
19
19
  }
20
20
  })
21
21
 
@@ -23,8 +23,8 @@ output({
23
23
  it 'escapes all Symbol keys in nested objects'
24
24
  input({:" a > " => {:" a >" => "<b>test</b>"}})
25
25
  output({
26
- :"a &gt;" => {
27
- :"a &gt;" => "&lt;b&gt;test&lt;&#47;b&gt;"
26
+ :" a &gt; " => {
27
+ :" a &gt;" => "&lt;b&gt;test&lt;&#47;b&gt;"
28
28
  }
29
29
  })
30
30
 
data/specs/escape_escape_escape.rb CHANGED
@@ -40,7 +40,7 @@ class It_Dsl
40
40
  args << str
41
41
  end
42
42
 
43
- def input o
43
+ def input *o
44
44
  args << o
45
45
  end
46
46
 
@@ -99,21 +99,21 @@ It_Dsl.tests.each { |o|
99
99
  case
100
100
 
101
101
  when o[:describe] == :==
102
- t[:input].should == t[:output]
102
+ t[:input].should == [t[:output]]
103
103
 
104
104
  when t.has_key?(:output)
105
- Escape_Escape_Escape.send(o[:describe], t[:input])
105
+ Escape_Escape_Escape.send(o[:describe], *t[:input])
106
106
  .should == t[:output]
107
107
 
108
108
  when !t.has_key?(:output) && t[:raises]
109
109
  should.raise(t[:raises].first) {
110
- Escape_Escape_Escape.send(o[:describe], t[:input])
110
+ Escape_Escape_Escape.send(o[:describe], *t[:input])
111
111
  }.message.should.match(t[:raises].last)
112
112
 
113
113
  when t.has_key?(:stack) && t[:stack].is_a?(Array)
114
114
 
115
115
  stack = t[:stack]
116
- actual = Escape_Escape_Escape.send(o[:describe], t[:input])
116
+ actual = Escape_Escape_Escape.send(o[:describe], *t[:input])
117
117
  target = stack.pop
118
118
 
119
119
  begin
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: escape_escape_escape
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - da99
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-27 00:00:00.000000000 Z
11
+ date: 2015-05-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: addressable
@@ -193,11 +193,12 @@ files:
193
193
  - escape_escape_escape.gemspec
194
194
  - lib/escape_escape_escape.rb
195
195
  - specs/as_ruby/0001-html.rb
196
+ - specs/as_ruby/0001-num.rb
196
197
  - specs/as_ruby/0002-decode_html.rb
198
+ - specs/as_ruby/0003-css.rb
197
199
  - specs/as_ruby/0003-css_attr.rb
198
200
  - specs/as_ruby/0003-css_class_name.rb
199
201
  - specs/as_ruby/0003-css_selector.rb
200
- - specs/as_ruby/0003-css_value.rb
201
202
  - specs/as_ruby/0004-==.rb
202
203
  - specs/as_ruby/0005-html_id.rb
203
204
  - specs/as_ruby/0005-html_tag.rb
@@ -229,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
229
230
  version: '0'
230
231
  requirements: []
231
232
  rubyforge_project:
232
- rubygems_version: 2.4.5
233
+ rubygems_version: 2.4.6
233
234
  signing_key:
234
235
  specification_version: 4
235
236
  summary: My way of escaping/encoding HTML.
data/specs/as_ruby/0003-css_value.rb DELETED
@@ -1,56 +0,0 @@
1
-
2
- it 'allows commas and spaces'
3
- input "Ubuntu, Segoe UI, Helvetica, sans-serif"
4
- output "Ubuntu, Segoe UI, Helvetica, sans-serif"
5
-
6
- it 'sanitizes :css :expression regardless of the case'
7
- input "eXprEssioN(alert('xss!'));"
8
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
9
-
10
- it 'sanitizes :css :expression when ( or ) is an html entity: &#40; &#41;'
11
- input "eXprEssioN&#40;alert('xss!')&#41;"
12
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
13
-
14
- it 'sanitizes :css :expression when ( is html entity regardless of case: &rPaR;'
15
- input "eXprEssioN&rPaR;alert('xss!'))"
16
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
17
-
18
- it 'sanitizes css_href'
19
- input "smtp://file.com/img.png"
20
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
21
-
22
- it 'sanitizes css_href event if slash is html entity: &#47;'
23
- input "smtp:&#47;&#47;file.com/img.png"
24
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
25
-
26
- it 'sanitizes css_href event if slash is html entity: &#x0002F;'
27
- input "smtp:&#x0002F;&#x0002F;file.com/img.png"
28
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
29
-
30
-
31
- it 'sanitizes css_href event if slash is html entity: &sol;'
32
- input "smtp:&sol;&sol;file.com/img.png"
33
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
34
-
35
- it 'sanitizes css_href with encoded slashes'
36
- input "smtp:&#047;&#047;file.com&#047;img.png"
37
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
38
-
39
- it 'sanitizes javascript: protocol w/js code'
40
- input 'jAvAscript://alert()'
41
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
42
-
43
- it 'sanitizes javascript: protocol with encoded colons:'
44
- input "javascript&#058;//alert()"
45
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
46
-
47
- it 'sanitizes javascript: protocol with encoded slashes'
48
- input "javascript:&#047;&#047;alert()"
49
- raises Escape_Escape_Escape::Invalid, /contains invalid chars/
50
-
51
- it 'returns cleaned string'
52
- input '1px solid #000'
53
- output '1px solid #000'
54
-
55
-
56
-