loofah-activerecord 1.0.0.beta.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (573) hide show
  1. data/CHANGELOG.rdoc +9 -0
  2. data/Gemfile +14 -0
  3. data/MIT-LICENSE.txt +21 -0
  4. data/Manifest.txt +572 -0
  5. data/README.rdoc +110 -0
  6. data/Rakefile +56 -0
  7. data/lib/loofah-activerecord.rb +19 -0
  8. data/lib/loofah-activerecord/active_record.rb +60 -0
  9. data/lib/loofah-activerecord/railtie.rb +12 -0
  10. data/lib/loofah-activerecord/xss_foliate.rb +207 -0
  11. data/rails_test/Rakefile +72 -0
  12. data/rails_test/common/active_record/app/models/post.rb +3 -0
  13. data/rails_test/common/active_record/test/unit/posts_test.rb +15 -0
  14. data/rails_test/common/all/config/database.yml +22 -0
  15. data/rails_test/common/all/db/migrate/1_create_posts.rb +11 -0
  16. data/rails_test/common/xss_foliate/app/models/post.rb +2 -0
  17. data/rails_test/common/xss_foliate/test/unit/posts_test.rb +14 -0
  18. data/rails_test/generate_test_directory +51 -0
  19. data/rails_test/rails-1.2.6-active_record/README +211 -0
  20. data/rails_test/rails-1.2.6-active_record/Rakefile +10 -0
  21. data/rails_test/rails-1.2.6-active_record/app/controllers/application.rb +7 -0
  22. data/rails_test/rails-1.2.6-active_record/app/helpers/application_helper.rb +3 -0
  23. data/rails_test/rails-1.2.6-active_record/app/models/post.rb +3 -0
  24. data/rails_test/rails-1.2.6-active_record/config/boot.rb +39 -0
  25. data/rails_test/rails-1.2.6-active_record/config/database.yml +22 -0
  26. data/rails_test/rails-1.2.6-active_record/config/environment.rb +61 -0
  27. data/rails_test/rails-1.2.6-active_record/config/environments/development.rb +21 -0
  28. data/rails_test/rails-1.2.6-active_record/config/environments/production.rb +18 -0
  29. data/rails_test/rails-1.2.6-active_record/config/environments/test.rb +19 -0
  30. data/rails_test/rails-1.2.6-active_record/config/routes.rb +23 -0
  31. data/rails_test/rails-1.2.6-active_record/db/migrate/1_create_posts.rb +11 -0
  32. data/rails_test/rails-1.2.6-active_record/public/.htaccess +40 -0
  33. data/rails_test/rails-1.2.6-active_record/public/404.html +30 -0
  34. data/rails_test/rails-1.2.6-active_record/public/500.html +30 -0
  35. data/rails_test/rails-1.2.6-active_record/public/dispatch.cgi +10 -0
  36. data/rails_test/rails-1.2.6-active_record/public/dispatch.fcgi +24 -0
  37. data/rails_test/rails-1.2.6-active_record/public/dispatch.rb +10 -0
  38. data/rails_test/rails-1.2.6-active_record/public/favicon.ico +0 -0
  39. data/rails_test/rails-1.2.6-active_record/public/images/rails.png +0 -0
  40. data/rails_test/rails-1.2.6-active_record/public/index.html +277 -0
  41. data/rails_test/rails-1.2.6-active_record/public/javascripts/application.js +2 -0
  42. data/rails_test/rails-1.2.6-active_record/public/javascripts/controls.js +833 -0
  43. data/rails_test/rails-1.2.6-active_record/public/javascripts/dragdrop.js +942 -0
  44. data/rails_test/rails-1.2.6-active_record/public/javascripts/effects.js +1088 -0
  45. data/rails_test/rails-1.2.6-active_record/public/javascripts/prototype.js +2515 -0
  46. data/rails_test/rails-1.2.6-active_record/public/robots.txt +1 -0
  47. data/rails_test/rails-1.2.6-active_record/script/about +3 -0
  48. data/rails_test/rails-1.2.6-active_record/script/breakpointer +3 -0
  49. data/rails_test/rails-1.2.6-active_record/script/console +3 -0
  50. data/rails_test/rails-1.2.6-active_record/script/destroy +3 -0
  51. data/rails_test/rails-1.2.6-active_record/script/generate +3 -0
  52. data/rails_test/rails-1.2.6-active_record/script/performance/benchmarker +3 -0
  53. data/rails_test/rails-1.2.6-active_record/script/performance/profiler +3 -0
  54. data/rails_test/rails-1.2.6-active_record/script/plugin +3 -0
  55. data/rails_test/rails-1.2.6-active_record/script/process/inspector +3 -0
  56. data/rails_test/rails-1.2.6-active_record/script/process/reaper +3 -0
  57. data/rails_test/rails-1.2.6-active_record/script/process/spawner +3 -0
  58. data/rails_test/rails-1.2.6-active_record/script/runner +3 -0
  59. data/rails_test/rails-1.2.6-active_record/script/server +3 -0
  60. data/rails_test/rails-1.2.6-active_record/test/test_helper.rb +28 -0
  61. data/rails_test/rails-1.2.6-active_record/test/unit/posts_test.rb +15 -0
  62. data/rails_test/rails-1.2.6-xss_foliate/README +211 -0
  63. data/rails_test/rails-1.2.6-xss_foliate/Rakefile +10 -0
  64. data/rails_test/rails-1.2.6-xss_foliate/app/controllers/application.rb +7 -0
  65. data/rails_test/rails-1.2.6-xss_foliate/app/helpers/application_helper.rb +3 -0
  66. data/rails_test/rails-1.2.6-xss_foliate/app/models/post.rb +2 -0
  67. data/rails_test/rails-1.2.6-xss_foliate/config/boot.rb +39 -0
  68. data/rails_test/rails-1.2.6-xss_foliate/config/database.yml +22 -0
  69. data/rails_test/rails-1.2.6-xss_foliate/config/environment.rb +63 -0
  70. data/rails_test/rails-1.2.6-xss_foliate/config/environments/development.rb +21 -0
  71. data/rails_test/rails-1.2.6-xss_foliate/config/environments/production.rb +18 -0
  72. data/rails_test/rails-1.2.6-xss_foliate/config/environments/test.rb +19 -0
  73. data/rails_test/rails-1.2.6-xss_foliate/config/routes.rb +23 -0
  74. data/rails_test/rails-1.2.6-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  75. data/rails_test/rails-1.2.6-xss_foliate/public/.htaccess +40 -0
  76. data/rails_test/rails-1.2.6-xss_foliate/public/404.html +30 -0
  77. data/rails_test/rails-1.2.6-xss_foliate/public/500.html +30 -0
  78. data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.cgi +10 -0
  79. data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.fcgi +24 -0
  80. data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.rb +10 -0
  81. data/rails_test/rails-1.2.6-xss_foliate/public/favicon.ico +0 -0
  82. data/rails_test/rails-1.2.6-xss_foliate/public/images/rails.png +0 -0
  83. data/rails_test/rails-1.2.6-xss_foliate/public/index.html +277 -0
  84. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/application.js +2 -0
  85. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/controls.js +833 -0
  86. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/dragdrop.js +942 -0
  87. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/effects.js +1088 -0
  88. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/prototype.js +2515 -0
  89. data/rails_test/rails-1.2.6-xss_foliate/public/robots.txt +1 -0
  90. data/rails_test/rails-1.2.6-xss_foliate/script/about +3 -0
  91. data/rails_test/rails-1.2.6-xss_foliate/script/breakpointer +3 -0
  92. data/rails_test/rails-1.2.6-xss_foliate/script/console +3 -0
  93. data/rails_test/rails-1.2.6-xss_foliate/script/destroy +3 -0
  94. data/rails_test/rails-1.2.6-xss_foliate/script/generate +3 -0
  95. data/rails_test/rails-1.2.6-xss_foliate/script/performance/benchmarker +3 -0
  96. data/rails_test/rails-1.2.6-xss_foliate/script/performance/profiler +3 -0
  97. data/rails_test/rails-1.2.6-xss_foliate/script/plugin +3 -0
  98. data/rails_test/rails-1.2.6-xss_foliate/script/process/inspector +3 -0
  99. data/rails_test/rails-1.2.6-xss_foliate/script/process/reaper +3 -0
  100. data/rails_test/rails-1.2.6-xss_foliate/script/process/spawner +3 -0
  101. data/rails_test/rails-1.2.6-xss_foliate/script/runner +3 -0
  102. data/rails_test/rails-1.2.6-xss_foliate/script/server +3 -0
  103. data/rails_test/rails-1.2.6-xss_foliate/test/test_helper.rb +28 -0
  104. data/rails_test/rails-1.2.6-xss_foliate/test/unit/posts_test.rb +14 -0
  105. data/rails_test/rails-2.0.5-active_record/README +203 -0
  106. data/rails_test/rails-2.0.5-active_record/Rakefile +10 -0
  107. data/rails_test/rails-2.0.5-active_record/app/controllers/application.rb +10 -0
  108. data/rails_test/rails-2.0.5-active_record/app/helpers/application_helper.rb +3 -0
  109. data/rails_test/rails-2.0.5-active_record/app/models/post.rb +3 -0
  110. data/rails_test/rails-2.0.5-active_record/config/boot.rb +108 -0
  111. data/rails_test/rails-2.0.5-active_record/config/database.yml +22 -0
  112. data/rails_test/rails-2.0.5-active_record/config/environment.rb +59 -0
  113. data/rails_test/rails-2.0.5-active_record/config/environments/development.rb +18 -0
  114. data/rails_test/rails-2.0.5-active_record/config/environments/production.rb +19 -0
  115. data/rails_test/rails-2.0.5-active_record/config/environments/test.rb +22 -0
  116. data/rails_test/rails-2.0.5-active_record/config/initializers/inflections.rb +10 -0
  117. data/rails_test/rails-2.0.5-active_record/config/initializers/loofah.rb +1 -0
  118. data/rails_test/rails-2.0.5-active_record/config/initializers/mime_types.rb +5 -0
  119. data/rails_test/rails-2.0.5-active_record/config/routes.rb +35 -0
  120. data/rails_test/rails-2.0.5-active_record/db/migrate/1_create_posts.rb +11 -0
  121. data/rails_test/rails-2.0.5-active_record/public/.htaccess +40 -0
  122. data/rails_test/rails-2.0.5-active_record/public/404.html +30 -0
  123. data/rails_test/rails-2.0.5-active_record/public/422.html +30 -0
  124. data/rails_test/rails-2.0.5-active_record/public/500.html +30 -0
  125. data/rails_test/rails-2.0.5-active_record/public/dispatch.cgi +10 -0
  126. data/rails_test/rails-2.0.5-active_record/public/dispatch.fcgi +24 -0
  127. data/rails_test/rails-2.0.5-active_record/public/dispatch.rb +10 -0
  128. data/rails_test/rails-2.0.5-active_record/public/favicon.ico +0 -0
  129. data/rails_test/rails-2.0.5-active_record/public/images/rails.png +0 -0
  130. data/rails_test/rails-2.0.5-active_record/public/index.html +277 -0
  131. data/rails_test/rails-2.0.5-active_record/public/javascripts/application.js +2 -0
  132. data/rails_test/rails-2.0.5-active_record/public/javascripts/controls.js +963 -0
  133. data/rails_test/rails-2.0.5-active_record/public/javascripts/dragdrop.js +972 -0
  134. data/rails_test/rails-2.0.5-active_record/public/javascripts/effects.js +1120 -0
  135. data/rails_test/rails-2.0.5-active_record/public/javascripts/prototype.js +4225 -0
  136. data/rails_test/rails-2.0.5-active_record/public/robots.txt +5 -0
  137. data/rails_test/rails-2.0.5-active_record/script/about +3 -0
  138. data/rails_test/rails-2.0.5-active_record/script/console +3 -0
  139. data/rails_test/rails-2.0.5-active_record/script/destroy +3 -0
  140. data/rails_test/rails-2.0.5-active_record/script/generate +3 -0
  141. data/rails_test/rails-2.0.5-active_record/script/performance/benchmarker +3 -0
  142. data/rails_test/rails-2.0.5-active_record/script/performance/profiler +3 -0
  143. data/rails_test/rails-2.0.5-active_record/script/performance/request +3 -0
  144. data/rails_test/rails-2.0.5-active_record/script/plugin +3 -0
  145. data/rails_test/rails-2.0.5-active_record/script/process/inspector +3 -0
  146. data/rails_test/rails-2.0.5-active_record/script/process/reaper +3 -0
  147. data/rails_test/rails-2.0.5-active_record/script/process/spawner +3 -0
  148. data/rails_test/rails-2.0.5-active_record/script/runner +3 -0
  149. data/rails_test/rails-2.0.5-active_record/script/server +3 -0
  150. data/rails_test/rails-2.0.5-active_record/test/test_helper.rb +38 -0
  151. data/rails_test/rails-2.0.5-active_record/test/unit/posts_test.rb +15 -0
  152. data/rails_test/rails-2.0.5-xss_foliate/README +203 -0
  153. data/rails_test/rails-2.0.5-xss_foliate/Rakefile +10 -0
  154. data/rails_test/rails-2.0.5-xss_foliate/app/controllers/application.rb +10 -0
  155. data/rails_test/rails-2.0.5-xss_foliate/app/helpers/application_helper.rb +3 -0
  156. data/rails_test/rails-2.0.5-xss_foliate/app/models/post.rb +2 -0
  157. data/rails_test/rails-2.0.5-xss_foliate/config/boot.rb +108 -0
  158. data/rails_test/rails-2.0.5-xss_foliate/config/database.yml +22 -0
  159. data/rails_test/rails-2.0.5-xss_foliate/config/environment.rb +59 -0
  160. data/rails_test/rails-2.0.5-xss_foliate/config/environments/development.rb +18 -0
  161. data/rails_test/rails-2.0.5-xss_foliate/config/environments/production.rb +19 -0
  162. data/rails_test/rails-2.0.5-xss_foliate/config/environments/test.rb +22 -0
  163. data/rails_test/rails-2.0.5-xss_foliate/config/initializers/inflections.rb +10 -0
  164. data/rails_test/rails-2.0.5-xss_foliate/config/initializers/loofah.rb +2 -0
  165. data/rails_test/rails-2.0.5-xss_foliate/config/initializers/mime_types.rb +5 -0
  166. data/rails_test/rails-2.0.5-xss_foliate/config/routes.rb +35 -0
  167. data/rails_test/rails-2.0.5-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  168. data/rails_test/rails-2.0.5-xss_foliate/public/.htaccess +40 -0
  169. data/rails_test/rails-2.0.5-xss_foliate/public/404.html +30 -0
  170. data/rails_test/rails-2.0.5-xss_foliate/public/422.html +30 -0
  171. data/rails_test/rails-2.0.5-xss_foliate/public/500.html +30 -0
  172. data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.cgi +10 -0
  173. data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.fcgi +24 -0
  174. data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.rb +10 -0
  175. data/rails_test/rails-2.0.5-xss_foliate/public/favicon.ico +0 -0
  176. data/rails_test/rails-2.0.5-xss_foliate/public/images/rails.png +0 -0
  177. data/rails_test/rails-2.0.5-xss_foliate/public/index.html +277 -0
  178. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/application.js +2 -0
  179. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/controls.js +963 -0
  180. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/dragdrop.js +972 -0
  181. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/effects.js +1120 -0
  182. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/prototype.js +4225 -0
  183. data/rails_test/rails-2.0.5-xss_foliate/public/robots.txt +5 -0
  184. data/rails_test/rails-2.0.5-xss_foliate/script/about +3 -0
  185. data/rails_test/rails-2.0.5-xss_foliate/script/console +3 -0
  186. data/rails_test/rails-2.0.5-xss_foliate/script/destroy +3 -0
  187. data/rails_test/rails-2.0.5-xss_foliate/script/generate +3 -0
  188. data/rails_test/rails-2.0.5-xss_foliate/script/performance/benchmarker +3 -0
  189. data/rails_test/rails-2.0.5-xss_foliate/script/performance/profiler +3 -0
  190. data/rails_test/rails-2.0.5-xss_foliate/script/performance/request +3 -0
  191. data/rails_test/rails-2.0.5-xss_foliate/script/plugin +3 -0
  192. data/rails_test/rails-2.0.5-xss_foliate/script/process/inspector +3 -0
  193. data/rails_test/rails-2.0.5-xss_foliate/script/process/reaper +3 -0
  194. data/rails_test/rails-2.0.5-xss_foliate/script/process/spawner +3 -0
  195. data/rails_test/rails-2.0.5-xss_foliate/script/runner +3 -0
  196. data/rails_test/rails-2.0.5-xss_foliate/script/server +3 -0
  197. data/rails_test/rails-2.0.5-xss_foliate/test/test_helper.rb +38 -0
  198. data/rails_test/rails-2.0.5-xss_foliate/test/unit/posts_test.rb +14 -0
  199. data/rails_test/rails-2.1.2-active_record/README +256 -0
  200. data/rails_test/rails-2.1.2-active_record/Rakefile +10 -0
  201. data/rails_test/rails-2.1.2-active_record/app/controllers/application.rb +15 -0
  202. data/rails_test/rails-2.1.2-active_record/app/helpers/application_helper.rb +3 -0
  203. data/rails_test/rails-2.1.2-active_record/app/models/post.rb +3 -0
  204. data/rails_test/rails-2.1.2-active_record/config/boot.rb +109 -0
  205. data/rails_test/rails-2.1.2-active_record/config/database.yml +22 -0
  206. data/rails_test/rails-2.1.2-active_record/config/environment.rb +67 -0
  207. data/rails_test/rails-2.1.2-active_record/config/environments/development.rb +17 -0
  208. data/rails_test/rails-2.1.2-active_record/config/environments/production.rb +22 -0
  209. data/rails_test/rails-2.1.2-active_record/config/environments/test.rb +22 -0
  210. data/rails_test/rails-2.1.2-active_record/config/initializers/inflections.rb +10 -0
  211. data/rails_test/rails-2.1.2-active_record/config/initializers/loofah.rb +1 -0
  212. data/rails_test/rails-2.1.2-active_record/config/initializers/mime_types.rb +5 -0
  213. data/rails_test/rails-2.1.2-active_record/config/initializers/new_rails_defaults.rb +17 -0
  214. data/rails_test/rails-2.1.2-active_record/config/routes.rb +43 -0
  215. data/rails_test/rails-2.1.2-active_record/db/migrate/1_create_posts.rb +11 -0
  216. data/rails_test/rails-2.1.2-active_record/public/404.html +30 -0
  217. data/rails_test/rails-2.1.2-active_record/public/422.html +30 -0
  218. data/rails_test/rails-2.1.2-active_record/public/500.html +30 -0
  219. data/rails_test/rails-2.1.2-active_record/public/dispatch.cgi +10 -0
  220. data/rails_test/rails-2.1.2-active_record/public/dispatch.fcgi +24 -0
  221. data/rails_test/rails-2.1.2-active_record/public/dispatch.rb +10 -0
  222. data/rails_test/rails-2.1.2-active_record/public/favicon.ico +0 -0
  223. data/rails_test/rails-2.1.2-active_record/public/images/rails.png +0 -0
  224. data/rails_test/rails-2.1.2-active_record/public/index.html +274 -0
  225. data/rails_test/rails-2.1.2-active_record/public/javascripts/application.js +2 -0
  226. data/rails_test/rails-2.1.2-active_record/public/javascripts/controls.js +963 -0
  227. data/rails_test/rails-2.1.2-active_record/public/javascripts/dragdrop.js +972 -0
  228. data/rails_test/rails-2.1.2-active_record/public/javascripts/effects.js +1120 -0
  229. data/rails_test/rails-2.1.2-active_record/public/javascripts/prototype.js +4225 -0
  230. data/rails_test/rails-2.1.2-active_record/public/robots.txt +5 -0
  231. data/rails_test/rails-2.1.2-active_record/script/about +4 -0
  232. data/rails_test/rails-2.1.2-active_record/script/console +3 -0
  233. data/rails_test/rails-2.1.2-active_record/script/dbconsole +3 -0
  234. data/rails_test/rails-2.1.2-active_record/script/destroy +3 -0
  235. data/rails_test/rails-2.1.2-active_record/script/generate +3 -0
  236. data/rails_test/rails-2.1.2-active_record/script/performance/benchmarker +3 -0
  237. data/rails_test/rails-2.1.2-active_record/script/performance/profiler +3 -0
  238. data/rails_test/rails-2.1.2-active_record/script/performance/request +3 -0
  239. data/rails_test/rails-2.1.2-active_record/script/plugin +3 -0
  240. data/rails_test/rails-2.1.2-active_record/script/process/inspector +3 -0
  241. data/rails_test/rails-2.1.2-active_record/script/process/reaper +3 -0
  242. data/rails_test/rails-2.1.2-active_record/script/process/spawner +3 -0
  243. data/rails_test/rails-2.1.2-active_record/script/runner +3 -0
  244. data/rails_test/rails-2.1.2-active_record/script/server +3 -0
  245. data/rails_test/rails-2.1.2-active_record/test/test_helper.rb +38 -0
  246. data/rails_test/rails-2.1.2-active_record/test/unit/posts_test.rb +15 -0
  247. data/rails_test/rails-2.1.2-xss_foliate/README +256 -0
  248. data/rails_test/rails-2.1.2-xss_foliate/Rakefile +10 -0
  249. data/rails_test/rails-2.1.2-xss_foliate/app/controllers/application.rb +15 -0
  250. data/rails_test/rails-2.1.2-xss_foliate/app/helpers/application_helper.rb +3 -0
  251. data/rails_test/rails-2.1.2-xss_foliate/app/models/post.rb +2 -0
  252. data/rails_test/rails-2.1.2-xss_foliate/config/boot.rb +109 -0
  253. data/rails_test/rails-2.1.2-xss_foliate/config/database.yml +22 -0
  254. data/rails_test/rails-2.1.2-xss_foliate/config/environment.rb +67 -0
  255. data/rails_test/rails-2.1.2-xss_foliate/config/environments/development.rb +17 -0
  256. data/rails_test/rails-2.1.2-xss_foliate/config/environments/production.rb +22 -0
  257. data/rails_test/rails-2.1.2-xss_foliate/config/environments/test.rb +22 -0
  258. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/inflections.rb +10 -0
  259. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/loofah.rb +2 -0
  260. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/mime_types.rb +5 -0
  261. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/new_rails_defaults.rb +17 -0
  262. data/rails_test/rails-2.1.2-xss_foliate/config/routes.rb +43 -0
  263. data/rails_test/rails-2.1.2-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  264. data/rails_test/rails-2.1.2-xss_foliate/public/404.html +30 -0
  265. data/rails_test/rails-2.1.2-xss_foliate/public/422.html +30 -0
  266. data/rails_test/rails-2.1.2-xss_foliate/public/500.html +30 -0
  267. data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.cgi +10 -0
  268. data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.fcgi +24 -0
  269. data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.rb +10 -0
  270. data/rails_test/rails-2.1.2-xss_foliate/public/favicon.ico +0 -0
  271. data/rails_test/rails-2.1.2-xss_foliate/public/images/rails.png +0 -0
  272. data/rails_test/rails-2.1.2-xss_foliate/public/index.html +274 -0
  273. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/application.js +2 -0
  274. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/controls.js +963 -0
  275. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/dragdrop.js +972 -0
  276. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/effects.js +1120 -0
  277. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/prototype.js +4225 -0
  278. data/rails_test/rails-2.1.2-xss_foliate/public/robots.txt +5 -0
  279. data/rails_test/rails-2.1.2-xss_foliate/script/about +4 -0
  280. data/rails_test/rails-2.1.2-xss_foliate/script/console +3 -0
  281. data/rails_test/rails-2.1.2-xss_foliate/script/dbconsole +3 -0
  282. data/rails_test/rails-2.1.2-xss_foliate/script/destroy +3 -0
  283. data/rails_test/rails-2.1.2-xss_foliate/script/generate +3 -0
  284. data/rails_test/rails-2.1.2-xss_foliate/script/performance/benchmarker +3 -0
  285. data/rails_test/rails-2.1.2-xss_foliate/script/performance/profiler +3 -0
  286. data/rails_test/rails-2.1.2-xss_foliate/script/performance/request +3 -0
  287. data/rails_test/rails-2.1.2-xss_foliate/script/plugin +3 -0
  288. data/rails_test/rails-2.1.2-xss_foliate/script/process/inspector +3 -0
  289. data/rails_test/rails-2.1.2-xss_foliate/script/process/reaper +3 -0
  290. data/rails_test/rails-2.1.2-xss_foliate/script/process/spawner +3 -0
  291. data/rails_test/rails-2.1.2-xss_foliate/script/runner +3 -0
  292. data/rails_test/rails-2.1.2-xss_foliate/script/server +3 -0
  293. data/rails_test/rails-2.1.2-xss_foliate/test/test_helper.rb +38 -0
  294. data/rails_test/rails-2.1.2-xss_foliate/test/unit/posts_test.rb +14 -0
  295. data/rails_test/rails-2.2.2-active_record/README +256 -0
  296. data/rails_test/rails-2.2.2-active_record/Rakefile +10 -0
  297. data/rails_test/rails-2.2.2-active_record/app/controllers/application.rb +15 -0
  298. data/rails_test/rails-2.2.2-active_record/app/helpers/application_helper.rb +3 -0
  299. data/rails_test/rails-2.2.2-active_record/app/models/post.rb +3 -0
  300. data/rails_test/rails-2.2.2-active_record/config/boot.rb +109 -0
  301. data/rails_test/rails-2.2.2-active_record/config/database.yml +22 -0
  302. data/rails_test/rails-2.2.2-active_record/config/environment.rb +75 -0
  303. data/rails_test/rails-2.2.2-active_record/config/environments/development.rb +17 -0
  304. data/rails_test/rails-2.2.2-active_record/config/environments/production.rb +24 -0
  305. data/rails_test/rails-2.2.2-active_record/config/environments/test.rb +22 -0
  306. data/rails_test/rails-2.2.2-active_record/config/initializers/inflections.rb +10 -0
  307. data/rails_test/rails-2.2.2-active_record/config/initializers/loofah.rb +1 -0
  308. data/rails_test/rails-2.2.2-active_record/config/initializers/mime_types.rb +5 -0
  309. data/rails_test/rails-2.2.2-active_record/config/initializers/new_rails_defaults.rb +17 -0
  310. data/rails_test/rails-2.2.2-active_record/config/locales/en.yml +5 -0
  311. data/rails_test/rails-2.2.2-active_record/config/routes.rb +43 -0
  312. data/rails_test/rails-2.2.2-active_record/db/migrate/1_create_posts.rb +11 -0
  313. data/rails_test/rails-2.2.2-active_record/public/404.html +30 -0
  314. data/rails_test/rails-2.2.2-active_record/public/422.html +30 -0
  315. data/rails_test/rails-2.2.2-active_record/public/500.html +33 -0
  316. data/rails_test/rails-2.2.2-active_record/public/dispatch.cgi +10 -0
  317. data/rails_test/rails-2.2.2-active_record/public/dispatch.fcgi +24 -0
  318. data/rails_test/rails-2.2.2-active_record/public/dispatch.rb +10 -0
  319. data/rails_test/rails-2.2.2-active_record/public/favicon.ico +0 -0
  320. data/rails_test/rails-2.2.2-active_record/public/images/rails.png +0 -0
  321. data/rails_test/rails-2.2.2-active_record/public/index.html +274 -0
  322. data/rails_test/rails-2.2.2-active_record/public/javascripts/application.js +2 -0
  323. data/rails_test/rails-2.2.2-active_record/public/javascripts/controls.js +963 -0
  324. data/rails_test/rails-2.2.2-active_record/public/javascripts/dragdrop.js +973 -0
  325. data/rails_test/rails-2.2.2-active_record/public/javascripts/effects.js +1128 -0
  326. data/rails_test/rails-2.2.2-active_record/public/javascripts/prototype.js +4320 -0
  327. data/rails_test/rails-2.2.2-active_record/public/robots.txt +5 -0
  328. data/rails_test/rails-2.2.2-active_record/script/about +4 -0
  329. data/rails_test/rails-2.2.2-active_record/script/console +3 -0
  330. data/rails_test/rails-2.2.2-active_record/script/dbconsole +3 -0
  331. data/rails_test/rails-2.2.2-active_record/script/destroy +3 -0
  332. data/rails_test/rails-2.2.2-active_record/script/generate +3 -0
  333. data/rails_test/rails-2.2.2-active_record/script/performance/benchmarker +3 -0
  334. data/rails_test/rails-2.2.2-active_record/script/performance/profiler +3 -0
  335. data/rails_test/rails-2.2.2-active_record/script/performance/request +3 -0
  336. data/rails_test/rails-2.2.2-active_record/script/plugin +3 -0
  337. data/rails_test/rails-2.2.2-active_record/script/process/inspector +3 -0
  338. data/rails_test/rails-2.2.2-active_record/script/process/reaper +3 -0
  339. data/rails_test/rails-2.2.2-active_record/script/process/spawner +3 -0
  340. data/rails_test/rails-2.2.2-active_record/script/runner +3 -0
  341. data/rails_test/rails-2.2.2-active_record/script/server +3 -0
  342. data/rails_test/rails-2.2.2-active_record/test/performance/browsing_test.rb +9 -0
  343. data/rails_test/rails-2.2.2-active_record/test/test_helper.rb +38 -0
  344. data/rails_test/rails-2.2.2-active_record/test/unit/posts_test.rb +15 -0
  345. data/rails_test/rails-2.2.2-xss_foliate/README +256 -0
  346. data/rails_test/rails-2.2.2-xss_foliate/Rakefile +10 -0
  347. data/rails_test/rails-2.2.2-xss_foliate/app/controllers/application.rb +15 -0
  348. data/rails_test/rails-2.2.2-xss_foliate/app/helpers/application_helper.rb +3 -0
  349. data/rails_test/rails-2.2.2-xss_foliate/app/models/post.rb +2 -0
  350. data/rails_test/rails-2.2.2-xss_foliate/config/boot.rb +109 -0
  351. data/rails_test/rails-2.2.2-xss_foliate/config/database.yml +22 -0
  352. data/rails_test/rails-2.2.2-xss_foliate/config/environment.rb +75 -0
  353. data/rails_test/rails-2.2.2-xss_foliate/config/environments/development.rb +17 -0
  354. data/rails_test/rails-2.2.2-xss_foliate/config/environments/production.rb +24 -0
  355. data/rails_test/rails-2.2.2-xss_foliate/config/environments/test.rb +22 -0
  356. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/inflections.rb +10 -0
  357. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/loofah.rb +2 -0
  358. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/mime_types.rb +5 -0
  359. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/new_rails_defaults.rb +17 -0
  360. data/rails_test/rails-2.2.2-xss_foliate/config/locales/en.yml +5 -0
  361. data/rails_test/rails-2.2.2-xss_foliate/config/routes.rb +43 -0
  362. data/rails_test/rails-2.2.2-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  363. data/rails_test/rails-2.2.2-xss_foliate/public/404.html +30 -0
  364. data/rails_test/rails-2.2.2-xss_foliate/public/422.html +30 -0
  365. data/rails_test/rails-2.2.2-xss_foliate/public/500.html +33 -0
  366. data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.cgi +10 -0
  367. data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.fcgi +24 -0
  368. data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.rb +10 -0
  369. data/rails_test/rails-2.2.2-xss_foliate/public/favicon.ico +0 -0
  370. data/rails_test/rails-2.2.2-xss_foliate/public/images/rails.png +0 -0
  371. data/rails_test/rails-2.2.2-xss_foliate/public/index.html +274 -0
  372. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/application.js +2 -0
  373. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/controls.js +963 -0
  374. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/dragdrop.js +973 -0
  375. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/effects.js +1128 -0
  376. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/prototype.js +4320 -0
  377. data/rails_test/rails-2.2.2-xss_foliate/public/robots.txt +5 -0
  378. data/rails_test/rails-2.2.2-xss_foliate/script/about +4 -0
  379. data/rails_test/rails-2.2.2-xss_foliate/script/console +3 -0
  380. data/rails_test/rails-2.2.2-xss_foliate/script/dbconsole +3 -0
  381. data/rails_test/rails-2.2.2-xss_foliate/script/destroy +3 -0
  382. data/rails_test/rails-2.2.2-xss_foliate/script/generate +3 -0
  383. data/rails_test/rails-2.2.2-xss_foliate/script/performance/benchmarker +3 -0
  384. data/rails_test/rails-2.2.2-xss_foliate/script/performance/profiler +3 -0
  385. data/rails_test/rails-2.2.2-xss_foliate/script/performance/request +3 -0
  386. data/rails_test/rails-2.2.2-xss_foliate/script/plugin +3 -0
  387. data/rails_test/rails-2.2.2-xss_foliate/script/process/inspector +3 -0
  388. data/rails_test/rails-2.2.2-xss_foliate/script/process/reaper +3 -0
  389. data/rails_test/rails-2.2.2-xss_foliate/script/process/spawner +3 -0
  390. data/rails_test/rails-2.2.2-xss_foliate/script/runner +3 -0
  391. data/rails_test/rails-2.2.2-xss_foliate/script/server +3 -0
  392. data/rails_test/rails-2.2.2-xss_foliate/test/performance/browsing_test.rb +9 -0
  393. data/rails_test/rails-2.2.2-xss_foliate/test/test_helper.rb +38 -0
  394. data/rails_test/rails-2.2.2-xss_foliate/test/unit/posts_test.rb +14 -0
  395. data/rails_test/rails-2.3.8-active_record/README +243 -0
  396. data/rails_test/rails-2.3.8-active_record/Rakefile +10 -0
  397. data/rails_test/rails-2.3.8-active_record/app/controllers/application_controller.rb +10 -0
  398. data/rails_test/rails-2.3.8-active_record/app/helpers/application_helper.rb +3 -0
  399. data/rails_test/rails-2.3.8-active_record/app/models/post.rb +3 -0
  400. data/rails_test/rails-2.3.8-active_record/config/boot.rb +110 -0
  401. data/rails_test/rails-2.3.8-active_record/config/database.yml +22 -0
  402. data/rails_test/rails-2.3.8-active_record/config/environment.rb +41 -0
  403. data/rails_test/rails-2.3.8-active_record/config/environments/development.rb +17 -0
  404. data/rails_test/rails-2.3.8-active_record/config/environments/production.rb +28 -0
  405. data/rails_test/rails-2.3.8-active_record/config/environments/test.rb +28 -0
  406. data/rails_test/rails-2.3.8-active_record/config/initializers/backtrace_silencers.rb +7 -0
  407. data/rails_test/rails-2.3.8-active_record/config/initializers/cookie_verification_secret.rb +7 -0
  408. data/rails_test/rails-2.3.8-active_record/config/initializers/inflections.rb +10 -0
  409. data/rails_test/rails-2.3.8-active_record/config/initializers/loofah.rb +1 -0
  410. data/rails_test/rails-2.3.8-active_record/config/initializers/mime_types.rb +5 -0
  411. data/rails_test/rails-2.3.8-active_record/config/initializers/new_rails_defaults.rb +21 -0
  412. data/rails_test/rails-2.3.8-active_record/config/initializers/session_store.rb +15 -0
  413. data/rails_test/rails-2.3.8-active_record/config/locales/en.yml +5 -0
  414. data/rails_test/rails-2.3.8-active_record/config/routes.rb +43 -0
  415. data/rails_test/rails-2.3.8-active_record/db/migrate/1_create_posts.rb +11 -0
  416. data/rails_test/rails-2.3.8-active_record/db/seeds.rb +7 -0
  417. data/rails_test/rails-2.3.8-active_record/public/404.html +30 -0
  418. data/rails_test/rails-2.3.8-active_record/public/422.html +30 -0
  419. data/rails_test/rails-2.3.8-active_record/public/500.html +30 -0
  420. data/rails_test/rails-2.3.8-active_record/public/favicon.ico +0 -0
  421. data/rails_test/rails-2.3.8-active_record/public/images/rails.png +0 -0
  422. data/rails_test/rails-2.3.8-active_record/public/index.html +275 -0
  423. data/rails_test/rails-2.3.8-active_record/public/javascripts/application.js +2 -0
  424. data/rails_test/rails-2.3.8-active_record/public/javascripts/controls.js +963 -0
  425. data/rails_test/rails-2.3.8-active_record/public/javascripts/dragdrop.js +973 -0
  426. data/rails_test/rails-2.3.8-active_record/public/javascripts/effects.js +1128 -0
  427. data/rails_test/rails-2.3.8-active_record/public/javascripts/prototype.js +4320 -0
  428. data/rails_test/rails-2.3.8-active_record/public/robots.txt +5 -0
  429. data/rails_test/rails-2.3.8-active_record/script/about +4 -0
  430. data/rails_test/rails-2.3.8-active_record/script/console +3 -0
  431. data/rails_test/rails-2.3.8-active_record/script/dbconsole +3 -0
  432. data/rails_test/rails-2.3.8-active_record/script/destroy +3 -0
  433. data/rails_test/rails-2.3.8-active_record/script/generate +3 -0
  434. data/rails_test/rails-2.3.8-active_record/script/performance/benchmarker +3 -0
  435. data/rails_test/rails-2.3.8-active_record/script/performance/profiler +3 -0
  436. data/rails_test/rails-2.3.8-active_record/script/plugin +3 -0
  437. data/rails_test/rails-2.3.8-active_record/script/runner +3 -0
  438. data/rails_test/rails-2.3.8-active_record/script/server +3 -0
  439. data/rails_test/rails-2.3.8-active_record/test/performance/browsing_test.rb +9 -0
  440. data/rails_test/rails-2.3.8-active_record/test/test_helper.rb +38 -0
  441. data/rails_test/rails-2.3.8-active_record/test/unit/posts_test.rb +15 -0
  442. data/rails_test/rails-2.3.8-xss_foliate/README +243 -0
  443. data/rails_test/rails-2.3.8-xss_foliate/Rakefile +10 -0
  444. data/rails_test/rails-2.3.8-xss_foliate/app/controllers/application_controller.rb +10 -0
  445. data/rails_test/rails-2.3.8-xss_foliate/app/helpers/application_helper.rb +3 -0
  446. data/rails_test/rails-2.3.8-xss_foliate/app/models/post.rb +2 -0
  447. data/rails_test/rails-2.3.8-xss_foliate/config/boot.rb +110 -0
  448. data/rails_test/rails-2.3.8-xss_foliate/config/database.yml +22 -0
  449. data/rails_test/rails-2.3.8-xss_foliate/config/environment.rb +41 -0
  450. data/rails_test/rails-2.3.8-xss_foliate/config/environments/development.rb +17 -0
  451. data/rails_test/rails-2.3.8-xss_foliate/config/environments/production.rb +28 -0
  452. data/rails_test/rails-2.3.8-xss_foliate/config/environments/test.rb +28 -0
  453. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/backtrace_silencers.rb +7 -0
  454. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/cookie_verification_secret.rb +7 -0
  455. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/inflections.rb +10 -0
  456. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/loofah.rb +2 -0
  457. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/mime_types.rb +5 -0
  458. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/new_rails_defaults.rb +21 -0
  459. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/session_store.rb +15 -0
  460. data/rails_test/rails-2.3.8-xss_foliate/config/locales/en.yml +5 -0
  461. data/rails_test/rails-2.3.8-xss_foliate/config/routes.rb +43 -0
  462. data/rails_test/rails-2.3.8-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  463. data/rails_test/rails-2.3.8-xss_foliate/db/seeds.rb +7 -0
  464. data/rails_test/rails-2.3.8-xss_foliate/public/404.html +30 -0
  465. data/rails_test/rails-2.3.8-xss_foliate/public/422.html +30 -0
  466. data/rails_test/rails-2.3.8-xss_foliate/public/500.html +30 -0
  467. data/rails_test/rails-2.3.8-xss_foliate/public/favicon.ico +0 -0
  468. data/rails_test/rails-2.3.8-xss_foliate/public/images/rails.png +0 -0
  469. data/rails_test/rails-2.3.8-xss_foliate/public/index.html +275 -0
  470. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/application.js +2 -0
  471. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/controls.js +963 -0
  472. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/dragdrop.js +973 -0
  473. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/effects.js +1128 -0
  474. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/prototype.js +4320 -0
  475. data/rails_test/rails-2.3.8-xss_foliate/public/robots.txt +5 -0
  476. data/rails_test/rails-2.3.8-xss_foliate/script/about +4 -0
  477. data/rails_test/rails-2.3.8-xss_foliate/script/console +3 -0
  478. data/rails_test/rails-2.3.8-xss_foliate/script/dbconsole +3 -0
  479. data/rails_test/rails-2.3.8-xss_foliate/script/destroy +3 -0
  480. data/rails_test/rails-2.3.8-xss_foliate/script/generate +3 -0
  481. data/rails_test/rails-2.3.8-xss_foliate/script/performance/benchmarker +3 -0
  482. data/rails_test/rails-2.3.8-xss_foliate/script/performance/profiler +3 -0
  483. data/rails_test/rails-2.3.8-xss_foliate/script/plugin +3 -0
  484. data/rails_test/rails-2.3.8-xss_foliate/script/runner +3 -0
  485. data/rails_test/rails-2.3.8-xss_foliate/script/server +3 -0
  486. data/rails_test/rails-2.3.8-xss_foliate/test/performance/browsing_test.rb +9 -0
  487. data/rails_test/rails-2.3.8-xss_foliate/test/test_helper.rb +38 -0
  488. data/rails_test/rails-2.3.8-xss_foliate/test/unit/posts_test.rb +14 -0
  489. data/rails_test/rails-3.0.0.beta4-active_record/README +281 -0
  490. data/rails_test/rails-3.0.0.beta4-active_record/Rakefile +7 -0
  491. data/rails_test/rails-3.0.0.beta4-active_record/app/controllers/application_controller.rb +4 -0
  492. data/rails_test/rails-3.0.0.beta4-active_record/app/helpers/application_helper.rb +2 -0
  493. data/rails_test/rails-3.0.0.beta4-active_record/app/models/post.rb +3 -0
  494. data/rails_test/rails-3.0.0.beta4-active_record/app/views/layouts/application.html.erb +14 -0
  495. data/rails_test/rails-3.0.0.beta4-active_record/config.ru +4 -0
  496. data/rails_test/rails-3.0.0.beta4-active_record/config/application.rb +46 -0
  497. data/rails_test/rails-3.0.0.beta4-active_record/config/boot.rb +13 -0
  498. data/rails_test/rails-3.0.0.beta4-active_record/config/database.yml +22 -0
  499. data/rails_test/rails-3.0.0.beta4-active_record/config/environment.rb +5 -0
  500. data/rails_test/rails-3.0.0.beta4-active_record/config/environments/development.rb +19 -0
  501. data/rails_test/rails-3.0.0.beta4-active_record/config/environments/production.rb +46 -0
  502. data/rails_test/rails-3.0.0.beta4-active_record/config/environments/test.rb +32 -0
  503. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/backtrace_silencers.rb +7 -0
  504. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/inflections.rb +10 -0
  505. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/mime_types.rb +5 -0
  506. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/secret_token.rb +7 -0
  507. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/session_store.rb +8 -0
  508. data/rails_test/rails-3.0.0.beta4-active_record/config/locales/en.yml +5 -0
  509. data/rails_test/rails-3.0.0.beta4-active_record/config/routes.rb +58 -0
  510. data/rails_test/rails-3.0.0.beta4-active_record/db/migrate/1_create_posts.rb +11 -0
  511. data/rails_test/rails-3.0.0.beta4-active_record/db/seeds.rb +7 -0
  512. data/rails_test/rails-3.0.0.beta4-active_record/public/404.html +26 -0
  513. data/rails_test/rails-3.0.0.beta4-active_record/public/422.html +26 -0
  514. data/rails_test/rails-3.0.0.beta4-active_record/public/500.html +26 -0
  515. data/rails_test/rails-3.0.0.beta4-active_record/public/favicon.ico +0 -0
  516. data/rails_test/rails-3.0.0.beta4-active_record/public/images/rails.png +0 -0
  517. data/rails_test/rails-3.0.0.beta4-active_record/public/index.html +279 -0
  518. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/application.js +2 -0
  519. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/controls.js +965 -0
  520. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/dragdrop.js +974 -0
  521. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/effects.js +1123 -0
  522. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/prototype.js +4874 -0
  523. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/rails.js +118 -0
  524. data/rails_test/rails-3.0.0.beta4-active_record/public/robots.txt +5 -0
  525. data/rails_test/rails-3.0.0.beta4-active_record/script/rails +6 -0
  526. data/rails_test/rails-3.0.0.beta4-active_record/test/performance/browsing_test.rb +9 -0
  527. data/rails_test/rails-3.0.0.beta4-active_record/test/test_helper.rb +13 -0
  528. data/rails_test/rails-3.0.0.beta4-active_record/test/unit/posts_test.rb +15 -0
  529. data/rails_test/rails-3.0.0.beta4-xss_foliate/README +281 -0
  530. data/rails_test/rails-3.0.0.beta4-xss_foliate/Rakefile +7 -0
  531. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/controllers/application_controller.rb +4 -0
  532. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/helpers/application_helper.rb +2 -0
  533. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/models/post.rb +2 -0
  534. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/views/layouts/application.html.erb +14 -0
  535. data/rails_test/rails-3.0.0.beta4-xss_foliate/config.ru +4 -0
  536. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/application.rb +46 -0
  537. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/boot.rb +13 -0
  538. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/database.yml +22 -0
  539. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environment.rb +5 -0
  540. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/development.rb +19 -0
  541. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/production.rb +46 -0
  542. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/test.rb +32 -0
  543. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/backtrace_silencers.rb +7 -0
  544. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/inflections.rb +10 -0
  545. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/loofah.rb +2 -0
  546. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/mime_types.rb +5 -0
  547. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/secret_token.rb +7 -0
  548. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/session_store.rb +8 -0
  549. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/locales/en.yml +5 -0
  550. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/routes.rb +58 -0
  551. data/rails_test/rails-3.0.0.beta4-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  552. data/rails_test/rails-3.0.0.beta4-xss_foliate/db/seeds.rb +7 -0
  553. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/404.html +26 -0
  554. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/422.html +26 -0
  555. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/500.html +26 -0
  556. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/favicon.ico +0 -0
  557. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/images/rails.png +0 -0
  558. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/index.html +279 -0
  559. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/application.js +2 -0
  560. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/controls.js +965 -0
  561. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/dragdrop.js +974 -0
  562. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/effects.js +1123 -0
  563. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/prototype.js +4874 -0
  564. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/rails.js +118 -0
  565. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/robots.txt +5 -0
  566. data/rails_test/rails-3.0.0.beta4-xss_foliate/script/rails +6 -0
  567. data/rails_test/rails-3.0.0.beta4-xss_foliate/test/performance/browsing_test.rb +9 -0
  568. data/rails_test/rails-3.0.0.beta4-xss_foliate/test/test_helper.rb +13 -0
  569. data/rails_test/rails-3.0.0.beta4-xss_foliate/test/unit/posts_test.rb +14 -0
  570. data/test/helper.rb +9 -0
  571. data/test/unit/test_active_record.rb +141 -0
  572. data/test/unit/test_xss_foliate.rb +215 -0
  573. metadata +772 -0
data/README.rdoc ADDED
@@ -0,0 +1,110 @@
1
+ = loofah-activerecord
2
+
3
+ * http://github.com/flavorjones/loofah-activerecord
4
+ * http://loofah.rubyforge.org
5
+ * http://rubyforge.org/projects/loofah
6
+
7
+ == Description
8
+
9
+ loofah-activerecord extends loofah's HTML sanitization into Rails
10
+ ActiveRecord models.
11
+
12
+ == Features
13
+
14
+ * Two ActiveRecord extensions:
15
+ * Loofah::XssFoliate, an XssTerminate[http://github.com/look/xss_terminate/tree/master] drop-in replacement, is an *opt-out* sanitizer. By default all models and attributes are sanitized.
16
+ * Loofah::ActiveRecordExtension is an *opt-in* sanitizer. You must explicitly declare attributes to be sanitized.
17
+
18
+ === ActiveRecord Extension \#1: Opt-In
19
+
20
+ See Loofah::ActiveRecordExtension for full documentation. The methods
21
+ mixed into ActiveRecord are:
22
+
23
+ * Loofah::ActiveRecordExtension.html_document
24
+ * Loofah::ActiveRecordExtension.html_fragment
25
+
26
+ which are used to declare how specific string and text attributes
27
+ should be scrubbed at +before_validation+.
28
+
29
+ # app/model/post.rb
30
+ class Post < ActiveRecord::Base
31
+ html_fragment :body, :scrub => :prune # scrubs 'body' at before_validation
32
+ end
33
+
34
+ === ActiveRecord Extension \#2: Opt-Out
35
+
36
+ See Loofah::XssFoliate::ClassMethods for more documentation. The methods mixed into ActiveRecord are:
37
+
38
+ * Loofah::XssFoliate::ClassMethods.xss_foliate
39
+ * Loofah::XssFoliate::ClassMethods.xss_foliated?
40
+
41
+ which are used to declare how specific string and text attributes
42
+ should be scrubbed at +before_validation+.
43
+
44
+ Attributes are stripped by default, unless another scrubber is
45
+ specified or the attribute is present in an +:except+ clause.
46
+
47
+ == Requirements
48
+
49
+ * Nokogiri >= 1.3.3
50
+ * Rails 2.3, 2.2, 2.1, 2.0 or 1.2 (if you're using the ActiveRecord extensions)
51
+
52
+ == Installation
53
+
54
+ Unsurprisingly:
55
+
56
+ * gem install loofah-activerecord
57
+
58
+ == Support
59
+
60
+ The bug tracker is available here (the Loofah project):
61
+
62
+ * http://github.com/flavorjones/loofah/issues
63
+
64
+ And the mailing list is on librelist (also the Loofah mailing list):
65
+
66
+ * loofah@librelist.com / http://librelist.com
67
+
68
+ And the IRC channel is \#loofah on freenode.
69
+
70
+ == Related Links
71
+
72
+ * Loofah: http://github.com/flavorjones/loofah
73
+ * XssTerminate: http://github.com/look/xss_terminate/tree/master
74
+
75
+ == Authors
76
+
77
+ * {Mike Dalessio}[http://mike.daless.io] (@flavorjones[http://twitter.com/flavorjones])
78
+
79
+ Featuring code contributed by:
80
+
81
+ * Josh Nichols
82
+ * Damon P. Cortesi
83
+
84
+ == Historical Note
85
+
86
+ This library was split out of the Loofah project for version 1.0.0.
87
+
88
+ == License
89
+
90
+ The MIT License
91
+
92
+ Copyright (c) 2009, 2010 by Mike Dalessio
93
+
94
+ Permission is hereby granted, free of charge, to any person obtaining a copy
95
+ of this software and associated documentation files (the "Software"), to deal
96
+ in the Software without restriction, including without limitation the rights
97
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
98
+ copies of the Software, and to permit persons to whom the Software is
99
+ furnished to do so, subject to the following conditions:
100
+
101
+ The above copyright notice and this permission notice shall be included in
102
+ all copies or substantial portions of the Software.
103
+
104
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
105
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
106
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
107
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
108
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
109
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
110
+ THE SOFTWARE.
data/Rakefile ADDED
@@ -0,0 +1,56 @@
1
+ require 'rubygems'
2
+ gem 'hoe', '>= 2.3.0'
3
+ require 'hoe'
4
+
5
+ Hoe.plugin :git
6
+ Hoe.plugin :bundler
7
+
8
+ Hoe.spec "loofah-activerecord" do
9
+ developer "Mike Dalessio", "mike.dalessio@gmail.com"
10
+
11
+ self.extra_rdoc_files = FileList["*.rdoc"]
12
+ self.history_file = "CHANGELOG.rdoc"
13
+ self.readme_file = "README.rdoc"
14
+
15
+ extra_deps << ["loofah", ">= 1.0.0.beta.1"]
16
+ extra_dev_deps << ["mocha", ">=0.9"]
17
+ extra_dev_deps << ["shoulda", ">=2.10"]
18
+ extra_dev_deps << ["acts_as_fu", ">=0.0.5"]
19
+ extra_dev_deps << ["sqlite3-ruby", ">=1.2"] # acts_as_fu dependency
20
+ end
21
+
22
+ load "rails_test/Rakefile"
23
+
24
+ task :gemspec do
25
+ system %q(rake debug_gem | grep -v "^\(in " > loofah-activerecord.gemspec)
26
+ end
27
+ task "test:rails" => :gemspec
28
+
29
+ task :redocs => :fix_css
30
+ task :docs => :fix_css
31
+ task :fix_css do
32
+ better_css = <<-EOT
33
+ .method-description pre {
34
+ margin : 1em 0 ;
35
+ }
36
+
37
+ .method-description ul {
38
+ padding : .5em 0 .5em 2em ;
39
+ }
40
+
41
+ .method-description p {
42
+ margin-top : .5em ;
43
+ }
44
+
45
+ #main ul, div#documentation ul {
46
+ list-style-type : disc ! IMPORTANT ;
47
+ list-style-position : inside ! IMPORTANT ;
48
+ }
49
+
50
+ h2 + ul {
51
+ margin-top : 1em;
52
+ }
53
+ EOT
54
+ puts "* fixing css"
55
+ File.open("doc/rdoc.css", "a") { |f| f.write better_css }
56
+ end
data/lib/loofah-activerecord.rb ADDED
@@ -0,0 +1,19 @@
1
+ $LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__))) unless $LOAD_PATH.include?(File.expand_path(File.dirname(__FILE__)))
2
+
3
+ require 'loofah'
4
+
5
+ module Loofah::ActiveRecord
6
+ VERSION = "1.0.0.beta.1"
7
+ end
8
+
9
+ if defined?(Rails) && Rails::VERSION::MAJOR == 3
10
+ require 'loofah-activerecord/railtie'
11
+ elsif defined? Rails.configuration and Rails.configuration.frameworks.include?([:active_record]) # >= 2.1
12
+ Rails.configuration.after_initialize do
13
+ require 'loofah-activerecord/active_record'
14
+ require 'loofah-activerecord/xss_foliate'
15
+ end
16
+ elsif defined? ActiveRecord::Base # <= 2.0
17
+ require 'loofah-activerecord/active_record'
18
+ require 'loofah-activerecord/xss_foliate'
19
+ end
data/lib/loofah-activerecord/active_record.rb ADDED
@@ -0,0 +1,60 @@
1
+ module Loofah
2
+ #
3
+ # Loofah can scrub ActiveRecord attributes in a before_validation callback:
4
+ #
5
+ # # config/initializers/loofah.rb
6
+ # require 'loofah'
7
+ #
8
+ # # db/schema.rb
9
+ # create_table "posts" do |t|
10
+ # t.string "title"
11
+ # t.string "body"
12
+ # end
13
+ #
14
+ # # app/model/post.rb
15
+ # class Post < ActiveRecord::Base
16
+ # html_fragment :body, :scrub => :prune # scrubs 'body' in a before_validation
17
+ # end
18
+ #
19
+ module ActiveRecordExtension
20
+ #
21
+ # :call-seq:
22
+ # html_fragment(attribute, :scrub => scrubber_specification)
23
+ #
24
+ # Scrub an ActiveRecord attribute +attribute+ as an HTML *fragment*
25
+ # using the method specified by +scrubber_specification+.
26
+ #
27
+ # +scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
28
+ #
29
+ # * a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
30
+ # * or a Scrubber instance. (see Loofah::Scrubber for help on implementing a custom scrubber)
31
+ #
32
+ def html_fragment(attr, options={})
33
+ raise ArgumentError, "html_fragment requires :scrub option" unless method = options[:scrub]
34
+ before_validation do |record|
35
+ record[attr] = Loofah.scrub_fragment(record[attr], method).to_s
36
+ end
37
+ end
38
+
39
+ #
40
+ # :call-seq:
41
+ # model.html_document(attribute, :scrub => scrubber_specification)
42
+ #
43
+ # Scrub an ActiveRecord attribute +attribute+ as an HTML *document*
44
+ # using the method specified by +scrubber_specification+.
45
+ #
46
+ # +scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
47
+ #
48
+ # * a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
49
+ # * or a Scrubber instance.
50
+ #
51
+ def html_document(attr, options={})
52
+ raise ArgumentError, "html_document requires :scrub option" unless method = options[:scrub]
53
+ before_validation do |record|
54
+ record[attr] = Loofah.scrub_document(record[attr], method).to_s
55
+ end
56
+ end
57
+ end
58
+ end
59
+
60
+ ActiveRecord::Base.extend(Loofah::ActiveRecordExtension)
data/lib/loofah-activerecord/railtie.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'rails'
2
+ module Loofah::ActiveRecord
3
+ class Railtie < Rails::Railtie
4
+ initializer "loofah-activerecord.initialize" do |app|
5
+ activerecord_railtie = app.railties.all.select {|railtie| railtie.class.to_s == "ActiveRecord::Railtie" }
6
+ if activerecord_railtie
7
+ require 'loofah-activerecord/active_record'
8
+ require 'loofah-activerecord/xss_foliate'
9
+ end
10
+ end
11
+ end
12
+ end
data/lib/loofah-activerecord/xss_foliate.rb ADDED
@@ -0,0 +1,207 @@
1
+ module Loofah
2
+ #
3
+ # A replacement for
4
+ # XssTerminate[http://github.com/look/xss_terminate/tree/master],
5
+ # XssFoliate will strip all tags from your ActiveRecord models'
6
+ # string and text attributes.
7
+ #
8
+ # Please read the Loofah documentation for an explanation of the
9
+ # different scrubbing methods, and
10
+ # Loofah::XssFoliate::ClassMethods for more information on the
11
+ # methods.
12
+ #
13
+ # If you'd like to scrub all fields in all your models (and perhaps *opt-out* in specific models):
14
+ #
15
+ # # config/initializers/loofah.rb
16
+ # require 'loofah'
17
+ # Loofah::XssFoliate.xss_foliate_all_models
18
+ #
19
+ # # db/schema.rb
20
+ # create_table "posts" do |t|
21
+ # t.string "title"
22
+ # t.text "body"
23
+ # t.string "author"
24
+ # end
25
+ #
26
+ # # app/model/post.rb
27
+ # class Post < ActiveRecord::Base
28
+ # # by default, title, body and author will all be scrubbed down to their inner text
29
+ # end
30
+ #
31
+ # OR
32
+ #
33
+ # # app/model/post.rb
34
+ # class Post < ActiveRecord::Base
35
+ # xss_foliate :except => :author # opt-out of sanitizing author
36
+ # end
37
+ #
38
+ # OR
39
+ #
40
+ # xss_foliate :strip => [:title, body] # strip unsafe tags from both title and body
41
+ #
42
+ # OR
43
+ #
44
+ # xss_foliate :except => :title # scrub body and author but not title
45
+ #
46
+ # OR
47
+ #
48
+ # # remove all tags from title, remove unsafe tags from body
49
+ # xss_foliate :sanitize => :title, :scrub => :body
50
+ #
51
+ # OR
52
+ #
53
+ # # old xss_terminate code will work if you s/_terminate/_foliate/
54
+ # # was: xss_terminate :except => [:title], :sanitize => [:body]
55
+ # xss_foliate :except => [:title], :sanitize => [:body]
56
+ #
57
+ # Alternatively, if you would like to *opt-in* to the models and attributes that are sanitized:
58
+ #
59
+ # # config/initializers/loofah.rb
60
+ # require 'loofah'
61
+ # ## note omission of call to Loofah::XssFoliate.xss_foliate_all_models
62
+ #
63
+ # # db/schema.rb
64
+ # create_table "posts" do |t|
65
+ # t.string "title"
66
+ # t.text "body"
67
+ # t.string "author"
68
+ # end
69
+ #
70
+ # # app/model/post.rb
71
+ # class Post < ActiveRecord::Base
72
+ # xss_foliate # scrub title, body and author down to their inner text
73
+ # end
74
+ #
75
+ module XssFoliate
76
+ #
77
+ # A replacement for
78
+ # XssTerminate[http://github.com/look/xss_terminate/tree/master],
79
+ # XssFoliate will strip all tags from your ActiveRecord models'
80
+ # string and text attributes.
81
+ #
82
+ # See Loofah::XssFoliate for more example usage.
83
+ #
84
+ module ClassMethods
85
+ # :stopdoc:
86
+ VALID_OPTIONS = [:except, :html5lib_sanitize, :sanitize] + Loofah::Scrubbers.scrubber_symbols
87
+ ALIASED_OPTIONS = {:html5lib_sanitize => :escape, :sanitize => :strip}
88
+ REAL_OPTIONS = VALID_OPTIONS - ALIASED_OPTIONS.keys
89
+ # :startdoc:
90
+
91
+ #
92
+ # Annotate your model with this method to specify which fields
93
+ # you want scrubbed, and how you want them scrubbed. XssFoliate
94
+ # assumes all character fields are HTML fragments (as opposed to
95
+ # full documents, see the Loofah[http://loofah.rubyforge.org/]
96
+ # documentation for a full explanation of the difference).
97
+ #
98
+ # Example call:
99
+ #
100
+ # xss_foliate :except => :author, :strip => :body, :prune => [:title, :description]
101
+ #
102
+ # *Note* that the values in the options hash can be either an
103
+ # array of attributes or a single attribute.
104
+ #
105
+ # Options:
106
+ #
107
+ # :except => [fields] # don't scrub these fields
108
+ # :strip => [fields] # strip unsafe tags from these fields
109
+ # :escape => [fields] # escape unsafe tags from these fields
110
+ # :prune => [fields] # prune unsafe tags and subtrees from these fields
111
+ # :text => [fields] # remove everything except the inner text from these fields
112
+ #
113
+ # XssTerminate compatibility options (note that the default
114
+ # behavior in XssTerminate corresponds to :text)
115
+ #
116
+ # :html5lib_sanitize => [fields] # same as :escape
117
+ # :sanitize => [fields] # same as :strip
118
+ #
119
+ # The default is :text for all fields unless otherwise specified.
120
+ #
121
+ def xss_foliate(options = {})
122
+ callback_already_declared = \
123
+ if respond_to?(:before_validation_callback_chain)
124
+ # Rails 2.1 and later
125
+ before_validation_callback_chain.any? {|cb| cb.method == :xss_foliate_fields}
126
+ else
127
+ # Rails 2.0
128
+ cbs = read_inheritable_attribute(:before_validation)
129
+ (! cbs.nil?) && cbs.any? {|cb| cb == :xss_foliate_fields}
130
+ end
131
+
132
+ unless callback_already_declared
133
+ before_validation :xss_foliate_fields
134
+ class_inheritable_reader :xss_foliate_options
135
+ include XssFoliate::InstanceMethods
136
+ end
137
+
138
+ options.keys.each do |option|
139
+ raise ArgumentError, "unknown xss_foliate option #{option}" unless VALID_OPTIONS.include?(option)
140
+ end
141
+
142
+ REAL_OPTIONS.each do |option|
143
+ options[option] = Array(options[option]).collect { |val| val.to_sym }
144
+ end
145
+
146
+ ALIASED_OPTIONS.each do |option, real|
147
+ options[real] += Array(options.delete(option)).collect { |val| val.to_sym } if options[option]
148
+ end
149
+
150
+ write_inheritable_attribute(:xss_foliate_options, options)
151
+ end
152
+
153
+ #
154
+ # Class method to determine whether or not this model is applying
155
+ # xss_foliation to its attributes. Could be useful in test suites.
156
+ #
157
+ def xss_foliated?
158
+ options = read_inheritable_attribute(:xss_foliate_options)
159
+ ! (options.nil? || options.empty?)
160
+ end
161
+ end
162
+
163
+ module InstanceMethods
164
+ def xss_foliate_fields # :nodoc:
165
+ # fix a bug with Rails internal AR::Base models that get loaded before
166
+ # the plugin, like CGI::Sessions::ActiveRecordStore::Session
167
+ return if xss_foliate_options.nil?
168
+
169
+ self.class.columns.each do |column|
170
+ next unless (column.type == :string || column.type == :text)
171
+
172
+ field = column.name.to_sym
173
+ value = self[field]
174
+
175
+ next if value.nil? || !value.is_a?(String)
176
+
177
+ next if xss_foliate_options[:except].include?(field)
178
+
179
+ next if xss_foliated_with_standard_scrubber(field)
180
+
181
+ # :text if we're here
182
+ fragment = Loofah.scrub_fragment(value, :strip)
183
+ self[field] = fragment.nil? ? "" : fragment.text
184
+ end
185
+ end
186
+
187
+ private
188
+
189
+ def xss_foliated_with_standard_scrubber(field)
190
+ Loofah::Scrubbers.scrubber_symbols.each do |method|
191
+ if xss_foliate_options[method].include?(field)
192
+ fragment = Loofah.scrub_fragment(self[field], method)
193
+ self[field] = fragment.nil? ? "" : fragment.to_s
194
+ return true
195
+ end
196
+ end
197
+ false
198
+ end
199
+ end
200
+
201
+ def self.xss_foliate_all_models
202
+ ::ActiveRecord::Base.xss_foliate
203
+ end
204
+ end
205
+ end
206
+
207
+ ::ActiveRecord::Base.extend(Loofah::XssFoliate::ClassMethods)