inquisition 0.3 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/lib/inquisition.rb +4 -2
  2. data/test/inquisition_test.rb +5 -0
  3. data/test/models.rb +2 -0
  4. metadata +2 -2
data/lib/inquisition.rb CHANGED
@@ -38,7 +38,8 @@ module Inquisition
38
38
  define_method(:read_attribute_with_cleansing) do |attribute|
39
39
  value = read_attribute_without_cleansing(attribute)
40
40
  if cleansed_attr_readers.include?(attribute.to_sym) && !value.blank?
41
- Inquisition.sanitize(value,cleansed_attr_reader_options[:allow][attribute.to_sym])
41
+ Inquisition.sanitize(value,
42
+ cleansed_attr_reader_options[:allow] ? cleansed_attr_reader_options[:allow][attribute.to_sym] : nil)
42
43
  else
43
44
  value
44
45
  end
@@ -62,7 +63,8 @@ module Inquisition
62
63
 
63
64
  define_method(:write_attribute_with_cleansing) do |attribute, value|
64
65
  if cleansed_attr_writers.include?(attribute.to_sym) && !value.blank?
65
- Inquisition.sanitize(value,cleansed_attr_writer_options[:allow][attribute.to_sym])
66
+ Inquisition.sanitize(value,
67
+ cleansed_attr_writer_options[:allow] ? cleansed_attr_writer_options[:allow][attribute.to_sym] : nil)
66
68
  end
67
69
  write_attribute_without_cleansing(attribute, value)
68
70
  end
data/test/inquisition_test.rb CHANGED
@@ -84,4 +84,9 @@ class InquisitionTest < Test::Unit::TestCase
84
84
  assert_equal "&lt;script&gt;alert('Cragganmore')&lt;/script&gt;", @whisky.measure
85
85
  end
86
86
  end
87
+
88
+ should "not die gruesomely without options specified" do
89
+ animal = Animal.new(:name => "<script>alert('Grue')</script>")
90
+ assert_equal "&lt;script&gt;alert('Grue')&lt;/script&gt;", animal.name
91
+ end
87
92
  end
data/test/models.rb CHANGED
@@ -15,6 +15,8 @@ end
15
15
  CreateSchema.suppress_messages { CreateSchema.migrate(:up) }
16
16
 
17
17
  class Animal < ActiveRecord::Base
18
+ sanitize_attribute :name
19
+
18
20
  def bark
19
21
  "#{noise.capitalize}! #{noise.capitalize}!"
20
22
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inquisition
3
3
  version: !ruby/object:Gem::Version
4
- version: "0.3"
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - toothrot
@@ -69,7 +69,7 @@ requirements: []
69
69
  rubyforge_project:
70
70
  rubygems_version: 1.3.5
71
71
  signing_key:
72
- specification_version: 3
72
+ specification_version: 4
73
73
  summary: Inquisition is a fancy way to protect your ActiveRecord attributes from XSS
74
74
  test_files: []
75
75