inquisition 0.3 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/lib/inquisition.rb +4 -2
  2. data/test/inquisition_test.rb +5 -0
  3. data/test/models.rb +2 -0
  4. metadata +2 -2
data/lib/inquisition.rb CHANGED
@@ -38,7 +38,8 @@ module Inquisition
38
38
  define_method(:read_attribute_with_cleansing) do |attribute|
39
39
  value = read_attribute_without_cleansing(attribute)
40
40
  if cleansed_attr_readers.include?(attribute.to_sym) && !value.blank?
41
- Inquisition.sanitize(value,cleansed_attr_reader_options[:allow][attribute.to_sym])
41
+ Inquisition.sanitize(value,
42
+ cleansed_attr_reader_options[:allow] ? cleansed_attr_reader_options[:allow][attribute.to_sym] : nil)
42
43
  else
43
44
  value
44
45
  end
@@ -62,7 +63,8 @@ module Inquisition
62
63
 
63
64
  define_method(:write_attribute_with_cleansing) do |attribute, value|
64
65
  if cleansed_attr_writers.include?(attribute.to_sym) && !value.blank?
65
- Inquisition.sanitize(value,cleansed_attr_writer_options[:allow][attribute.to_sym])
66
+ Inquisition.sanitize(value,
67
+ cleansed_attr_writer_options[:allow] ? cleansed_attr_writer_options[:allow][attribute.to_sym] : nil)
66
68
  end
67
69
  write_attribute_without_cleansing(attribute, value)
68
70
  end
data/test/inquisition_test.rb CHANGED
@@ -84,4 +84,9 @@ class InquisitionTest < Test::Unit::TestCase
84
84
  assert_equal "&lt;script&gt;alert('Cragganmore')&lt;/script&gt;", @whisky.measure
85
85
  end
86
86
  end
87
+
88
+ should "not die gruesomely without options specified" do
89
+ animal = Animal.new(:name => "<script>alert('Grue')</script>")
90
+ assert_equal "&lt;script&gt;alert('Grue')&lt;/script&gt;", animal.name
91
+ end
87
92
  end
data/test/models.rb CHANGED
@@ -15,6 +15,8 @@ end
15
15
  CreateSchema.suppress_messages { CreateSchema.migrate(:up) }
16
16
 
17
17
  class Animal < ActiveRecord::Base
18
+ sanitize_attribute :name
19
+
18
20
  def bark
19
21
  "#{noise.capitalize}! #{noise.capitalize}!"
20
22
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inquisition
3
3
  version: !ruby/object:Gem::Version
4
- version: "0.3"
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - toothrot
@@ -69,7 +69,7 @@ requirements: []
69
69
  rubyforge_project:
70
70
  rubygems_version: 1.3.5
71
71
  signing_key:
72
- specification_version: 3
72
+ specification_version: 4
73
73
  summary: Inquisition is a fancy way to protect your ActiveRecord attributes from XSS
74
74
  test_files: []
75
75