intercom-rails 0.2.13 → 0.2.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/lib/intercom-rails/import.rb +1 -1
  2. data/lib/intercom-rails/script_tag.rb +6 -3
  3. data/lib/intercom-rails/version.rb +1 -1
  4. data/lib/rails/generators/intercom/config/intercom.rb.erb +1 -1
  5. data/test/intercom-rails/script_tag_test.rb +6 -0
  6. metadata +4 -4
data/lib/intercom-rails/import.rb CHANGED
@@ -37,7 +37,7 @@ module IntercomRails
37
37
  raise ImportError, "You can only import your users from your production environment" unless Rails.env.production?
38
38
  raise ImportError, "We couldn't find your user class, please set one in config/initializers/intercom_rails.rb" unless user_klass.present?
39
39
  info "Found user class: #{user_klass}"
40
- raise ImportError, "Only ActiveRecord models are supported" unless (user_klass < ActiveRecord::Base)
40
+ raise ImportError, "Only ActiveRecord models are supported" unless defined?(ActiveRecord::Base) && (user_klass < ActiveRecord::Base)
41
41
  raise ImportError, "Please add an Intercom API Key to config/initializers/intercom.rb" unless IntercomRails.config.api_key.present?
42
42
  info "Intercom API key found"
43
43
  end
data/lib/intercom-rails/script_tag.rb CHANGED
@@ -1,5 +1,6 @@
1
- require "active_support/json"
2
- require "active_support/core_ext/hash/indifferent_access"
1
+ require 'active_support/json'
2
+ require 'active_support/core_ext/hash/indifferent_access'
3
+ require 'active_support/core_ext/string/output_safety'
3
4
 
4
5
  module IntercomRails
5
6
 
@@ -36,9 +37,11 @@ module IntercomRails
36
37
  end
37
38
 
38
39
  def output
40
+ intercom_settings_json = ActiveSupport::JSON.encode(intercom_settings).gsub('<', '\u003C')
41
+
39
42
  str = <<-INTERCOM_SCRIPT
40
43
  <script id="IntercomSettingsScriptTag">
41
- window.intercomSettings = #{ActiveSupport::JSON.encode(intercom_settings)};
44
+ window.intercomSettings = #{intercom_settings_json};
42
45
  </script>
43
46
  <script>(function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='#{Config.library_url || 'https://api.intercom.io/api/js/library.js'}';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}};})()</script>
44
47
  INTERCOM_SCRIPT
data/lib/intercom-rails/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module IntercomRails
2
- VERSION = "0.2.13"
2
+ VERSION = "0.2.14"
3
3
  end
data/lib/rails/generators/intercom/config/intercom.rb.erb CHANGED
@@ -4,7 +4,7 @@ IntercomRails.config do |config|
4
4
  config.app_id = ENV["INTERCOM_APP_ID"] || "<%= @app_id %>"
5
5
 
6
6
  # == Intercom secret key
7
- # This is reuqired to enable secure mode, you can find it on your Intercom
7
+ # This is required to enable secure mode, you can find it on your Intercom
8
8
  # "security" configuration page.
9
9
  #
10
10
  <%- if @api_secret -%>
data/test/intercom-rails/script_tag_test.rb CHANGED
@@ -102,4 +102,10 @@ class ScriptTagTest < MiniTest::Unit::TestCase
102
102
  assert_equal expected_company, script_tag.intercom_settings[:company]
103
103
  end
104
104
 
105
+ def test_escapes_html_attributes
106
+ nasty_email = "</script><script>alert('sup?');</script>"
107
+ script_tag = ScriptTag.new(:user_details => {:email => nasty_email})
108
+ assert !script_tag.output.include?(nasty_email), "script tag included"
109
+ end
110
+
105
111
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: intercom-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.13
4
+ version: 0.2.14
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2013-01-15 00:00:00.000000000 Z
14
+ date: 2013-02-06 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: activesupport
@@ -180,7 +180,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
180
180
  version: '0'
181
181
  segments:
182
182
  - 0
183
- hash: 1447193965659527356
183
+ hash: 672914866495773286
184
184
  required_rubygems_version: !ruby/object:Gem::Requirement
185
185
  none: false
186
186
  requirements:
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
189
189
  version: '0'
190
190
  segments:
191
191
  - 0
192
- hash: 1447193965659527356
192
+ hash: 672914866495773286
193
193
  requirements: []
194
194
  rubyforge_project: intercom-rails
195
195
  rubygems_version: 1.8.23