intercom-rails 0.2.13 → 0.2.14
Sign up to get free protection for your applications and to get access to all the features.
@@ -37,7 +37,7 @@ module IntercomRails
|
|
37
37
|
raise ImportError, "You can only import your users from your production environment" unless Rails.env.production?
|
38
38
|
raise ImportError, "We couldn't find your user class, please set one in config/initializers/intercom_rails.rb" unless user_klass.present?
|
39
39
|
info "Found user class: #{user_klass}"
|
40
|
-
raise ImportError, "Only ActiveRecord models are supported" unless (user_klass < ActiveRecord::Base)
|
40
|
+
raise ImportError, "Only ActiveRecord models are supported" unless defined?(ActiveRecord::Base) && (user_klass < ActiveRecord::Base)
|
41
41
|
raise ImportError, "Please add an Intercom API Key to config/initializers/intercom.rb" unless IntercomRails.config.api_key.present?
|
42
42
|
info "Intercom API key found"
|
43
43
|
end
|
@@ -1,5 +1,6 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require 'active_support/json'
|
2
|
+
require 'active_support/core_ext/hash/indifferent_access'
|
3
|
+
require 'active_support/core_ext/string/output_safety'
|
3
4
|
|
4
5
|
module IntercomRails
|
5
6
|
|
@@ -36,9 +37,11 @@ module IntercomRails
|
|
36
37
|
end
|
37
38
|
|
38
39
|
def output
|
40
|
+
intercom_settings_json = ActiveSupport::JSON.encode(intercom_settings).gsub('<', '\u003C')
|
41
|
+
|
39
42
|
str = <<-INTERCOM_SCRIPT
|
40
43
|
<script id="IntercomSettingsScriptTag">
|
41
|
-
window.intercomSettings = #{
|
44
|
+
window.intercomSettings = #{intercom_settings_json};
|
42
45
|
</script>
|
43
46
|
<script>(function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='#{Config.library_url || 'https://api.intercom.io/api/js/library.js'}';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}};})()</script>
|
44
47
|
INTERCOM_SCRIPT
|
@@ -4,7 +4,7 @@ IntercomRails.config do |config|
|
|
4
4
|
config.app_id = ENV["INTERCOM_APP_ID"] || "<%= @app_id %>"
|
5
5
|
|
6
6
|
# == Intercom secret key
|
7
|
-
# This is
|
7
|
+
# This is required to enable secure mode, you can find it on your Intercom
|
8
8
|
# "security" configuration page.
|
9
9
|
#
|
10
10
|
<%- if @api_secret -%>
|
@@ -102,4 +102,10 @@ class ScriptTagTest < MiniTest::Unit::TestCase
|
|
102
102
|
assert_equal expected_company, script_tag.intercom_settings[:company]
|
103
103
|
end
|
104
104
|
|
105
|
+
def test_escapes_html_attributes
|
106
|
+
nasty_email = "</script><script>alert('sup?');</script>"
|
107
|
+
script_tag = ScriptTag.new(:user_details => {:email => nasty_email})
|
108
|
+
assert !script_tag.output.include?(nasty_email), "script tag included"
|
109
|
+
end
|
110
|
+
|
105
111
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: intercom-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.14
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2013-
|
14
|
+
date: 2013-02-06 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: activesupport
|
@@ -180,7 +180,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
180
180
|
version: '0'
|
181
181
|
segments:
|
182
182
|
- 0
|
183
|
-
hash:
|
183
|
+
hash: 672914866495773286
|
184
184
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
185
185
|
none: false
|
186
186
|
requirements:
|
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
189
189
|
version: '0'
|
190
190
|
segments:
|
191
191
|
- 0
|
192
|
-
hash:
|
192
|
+
hash: 672914866495773286
|
193
193
|
requirements: []
|
194
194
|
rubyforge_project: intercom-rails
|
195
195
|
rubygems_version: 1.8.23
|