loofah-activerecord 1.0.0.beta.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +9 -0
- data/Gemfile +14 -0
- data/MIT-LICENSE.txt +21 -0
- data/Manifest.txt +572 -0
- data/README.rdoc +110 -0
- data/Rakefile +56 -0
- data/lib/loofah-activerecord.rb +19 -0
- data/lib/loofah-activerecord/active_record.rb +60 -0
- data/lib/loofah-activerecord/railtie.rb +12 -0
- data/lib/loofah-activerecord/xss_foliate.rb +207 -0
- data/rails_test/Rakefile +72 -0
- data/rails_test/common/active_record/app/models/post.rb +3 -0
- data/rails_test/common/active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/common/all/config/database.yml +22 -0
- data/rails_test/common/all/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/common/xss_foliate/app/models/post.rb +2 -0
- data/rails_test/common/xss_foliate/test/unit/posts_test.rb +14 -0
- data/rails_test/generate_test_directory +51 -0
- data/rails_test/rails-1.2.6-active_record/README +211 -0
- data/rails_test/rails-1.2.6-active_record/Rakefile +10 -0
- data/rails_test/rails-1.2.6-active_record/app/controllers/application.rb +7 -0
- data/rails_test/rails-1.2.6-active_record/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-1.2.6-active_record/app/models/post.rb +3 -0
- data/rails_test/rails-1.2.6-active_record/config/boot.rb +39 -0
- data/rails_test/rails-1.2.6-active_record/config/database.yml +22 -0
- data/rails_test/rails-1.2.6-active_record/config/environment.rb +61 -0
- data/rails_test/rails-1.2.6-active_record/config/environments/development.rb +21 -0
- data/rails_test/rails-1.2.6-active_record/config/environments/production.rb +18 -0
- data/rails_test/rails-1.2.6-active_record/config/environments/test.rb +19 -0
- data/rails_test/rails-1.2.6-active_record/config/routes.rb +23 -0
- data/rails_test/rails-1.2.6-active_record/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-1.2.6-active_record/public/.htaccess +40 -0
- data/rails_test/rails-1.2.6-active_record/public/404.html +30 -0
- data/rails_test/rails-1.2.6-active_record/public/500.html +30 -0
- data/rails_test/rails-1.2.6-active_record/public/dispatch.cgi +10 -0
- data/rails_test/rails-1.2.6-active_record/public/dispatch.fcgi +24 -0
- data/rails_test/rails-1.2.6-active_record/public/dispatch.rb +10 -0
- data/rails_test/rails-1.2.6-active_record/public/favicon.ico +0 -0
- data/rails_test/rails-1.2.6-active_record/public/images/rails.png +0 -0
- data/rails_test/rails-1.2.6-active_record/public/index.html +277 -0
- data/rails_test/rails-1.2.6-active_record/public/javascripts/application.js +2 -0
- data/rails_test/rails-1.2.6-active_record/public/javascripts/controls.js +833 -0
- data/rails_test/rails-1.2.6-active_record/public/javascripts/dragdrop.js +942 -0
- data/rails_test/rails-1.2.6-active_record/public/javascripts/effects.js +1088 -0
- data/rails_test/rails-1.2.6-active_record/public/javascripts/prototype.js +2515 -0
- data/rails_test/rails-1.2.6-active_record/public/robots.txt +1 -0
- data/rails_test/rails-1.2.6-active_record/script/about +3 -0
- data/rails_test/rails-1.2.6-active_record/script/breakpointer +3 -0
- data/rails_test/rails-1.2.6-active_record/script/console +3 -0
- data/rails_test/rails-1.2.6-active_record/script/destroy +3 -0
- data/rails_test/rails-1.2.6-active_record/script/generate +3 -0
- data/rails_test/rails-1.2.6-active_record/script/performance/benchmarker +3 -0
- data/rails_test/rails-1.2.6-active_record/script/performance/profiler +3 -0
- data/rails_test/rails-1.2.6-active_record/script/plugin +3 -0
- data/rails_test/rails-1.2.6-active_record/script/process/inspector +3 -0
- data/rails_test/rails-1.2.6-active_record/script/process/reaper +3 -0
- data/rails_test/rails-1.2.6-active_record/script/process/spawner +3 -0
- data/rails_test/rails-1.2.6-active_record/script/runner +3 -0
- data/rails_test/rails-1.2.6-active_record/script/server +3 -0
- data/rails_test/rails-1.2.6-active_record/test/test_helper.rb +28 -0
- data/rails_test/rails-1.2.6-active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/rails-1.2.6-xss_foliate/README +211 -0
- data/rails_test/rails-1.2.6-xss_foliate/Rakefile +10 -0
- data/rails_test/rails-1.2.6-xss_foliate/app/controllers/application.rb +7 -0
- data/rails_test/rails-1.2.6-xss_foliate/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/app/models/post.rb +2 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/boot.rb +39 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/database.yml +22 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/environment.rb +63 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/environments/development.rb +21 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/environments/production.rb +18 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/environments/test.rb +19 -0
- data/rails_test/rails-1.2.6-xss_foliate/config/routes.rb +23 -0
- data/rails_test/rails-1.2.6-xss_foliate/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/.htaccess +40 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/404.html +30 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/500.html +30 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.cgi +10 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.fcgi +24 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.rb +10 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/favicon.ico +0 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/images/rails.png +0 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/index.html +277 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/application.js +2 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/controls.js +833 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/dragdrop.js +942 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/effects.js +1088 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/prototype.js +2515 -0
- data/rails_test/rails-1.2.6-xss_foliate/public/robots.txt +1 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/about +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/breakpointer +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/console +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/destroy +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/generate +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/performance/benchmarker +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/performance/profiler +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/plugin +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/process/inspector +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/process/reaper +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/process/spawner +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/runner +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/script/server +3 -0
- data/rails_test/rails-1.2.6-xss_foliate/test/test_helper.rb +28 -0
- data/rails_test/rails-1.2.6-xss_foliate/test/unit/posts_test.rb +14 -0
- data/rails_test/rails-2.0.5-active_record/README +203 -0
- data/rails_test/rails-2.0.5-active_record/Rakefile +10 -0
- data/rails_test/rails-2.0.5-active_record/app/controllers/application.rb +10 -0
- data/rails_test/rails-2.0.5-active_record/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.0.5-active_record/app/models/post.rb +3 -0
- data/rails_test/rails-2.0.5-active_record/config/boot.rb +108 -0
- data/rails_test/rails-2.0.5-active_record/config/database.yml +22 -0
- data/rails_test/rails-2.0.5-active_record/config/environment.rb +59 -0
- data/rails_test/rails-2.0.5-active_record/config/environments/development.rb +18 -0
- data/rails_test/rails-2.0.5-active_record/config/environments/production.rb +19 -0
- data/rails_test/rails-2.0.5-active_record/config/environments/test.rb +22 -0
- data/rails_test/rails-2.0.5-active_record/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.0.5-active_record/config/initializers/loofah.rb +1 -0
- data/rails_test/rails-2.0.5-active_record/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.0.5-active_record/config/routes.rb +35 -0
- data/rails_test/rails-2.0.5-active_record/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.0.5-active_record/public/.htaccess +40 -0
- data/rails_test/rails-2.0.5-active_record/public/404.html +30 -0
- data/rails_test/rails-2.0.5-active_record/public/422.html +30 -0
- data/rails_test/rails-2.0.5-active_record/public/500.html +30 -0
- data/rails_test/rails-2.0.5-active_record/public/dispatch.cgi +10 -0
- data/rails_test/rails-2.0.5-active_record/public/dispatch.fcgi +24 -0
- data/rails_test/rails-2.0.5-active_record/public/dispatch.rb +10 -0
- data/rails_test/rails-2.0.5-active_record/public/favicon.ico +0 -0
- data/rails_test/rails-2.0.5-active_record/public/images/rails.png +0 -0
- data/rails_test/rails-2.0.5-active_record/public/index.html +277 -0
- data/rails_test/rails-2.0.5-active_record/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.0.5-active_record/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.0.5-active_record/public/javascripts/dragdrop.js +972 -0
- data/rails_test/rails-2.0.5-active_record/public/javascripts/effects.js +1120 -0
- data/rails_test/rails-2.0.5-active_record/public/javascripts/prototype.js +4225 -0
- data/rails_test/rails-2.0.5-active_record/public/robots.txt +5 -0
- data/rails_test/rails-2.0.5-active_record/script/about +3 -0
- data/rails_test/rails-2.0.5-active_record/script/console +3 -0
- data/rails_test/rails-2.0.5-active_record/script/destroy +3 -0
- data/rails_test/rails-2.0.5-active_record/script/generate +3 -0
- data/rails_test/rails-2.0.5-active_record/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.0.5-active_record/script/performance/profiler +3 -0
- data/rails_test/rails-2.0.5-active_record/script/performance/request +3 -0
- data/rails_test/rails-2.0.5-active_record/script/plugin +3 -0
- data/rails_test/rails-2.0.5-active_record/script/process/inspector +3 -0
- data/rails_test/rails-2.0.5-active_record/script/process/reaper +3 -0
- data/rails_test/rails-2.0.5-active_record/script/process/spawner +3 -0
- data/rails_test/rails-2.0.5-active_record/script/runner +3 -0
- data/rails_test/rails-2.0.5-active_record/script/server +3 -0
- data/rails_test/rails-2.0.5-active_record/test/test_helper.rb +38 -0
- data/rails_test/rails-2.0.5-active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/rails-2.0.5-xss_foliate/README +203 -0
- data/rails_test/rails-2.0.5-xss_foliate/Rakefile +10 -0
- data/rails_test/rails-2.0.5-xss_foliate/app/controllers/application.rb +10 -0
- data/rails_test/rails-2.0.5-xss_foliate/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/app/models/post.rb +2 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/boot.rb +108 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/database.yml +22 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/environment.rb +59 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/environments/development.rb +18 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/environments/production.rb +19 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/environments/test.rb +22 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/initializers/loofah.rb +2 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.0.5-xss_foliate/config/routes.rb +35 -0
- data/rails_test/rails-2.0.5-xss_foliate/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/.htaccess +40 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/404.html +30 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/422.html +30 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/500.html +30 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.cgi +10 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.fcgi +24 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.rb +10 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/favicon.ico +0 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/images/rails.png +0 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/index.html +277 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/dragdrop.js +972 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/effects.js +1120 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/prototype.js +4225 -0
- data/rails_test/rails-2.0.5-xss_foliate/public/robots.txt +5 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/about +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/console +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/destroy +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/generate +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/performance/profiler +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/performance/request +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/plugin +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/process/inspector +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/process/reaper +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/process/spawner +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/runner +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/script/server +3 -0
- data/rails_test/rails-2.0.5-xss_foliate/test/test_helper.rb +38 -0
- data/rails_test/rails-2.0.5-xss_foliate/test/unit/posts_test.rb +14 -0
- data/rails_test/rails-2.1.2-active_record/README +256 -0
- data/rails_test/rails-2.1.2-active_record/Rakefile +10 -0
- data/rails_test/rails-2.1.2-active_record/app/controllers/application.rb +15 -0
- data/rails_test/rails-2.1.2-active_record/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.1.2-active_record/app/models/post.rb +3 -0
- data/rails_test/rails-2.1.2-active_record/config/boot.rb +109 -0
- data/rails_test/rails-2.1.2-active_record/config/database.yml +22 -0
- data/rails_test/rails-2.1.2-active_record/config/environment.rb +67 -0
- data/rails_test/rails-2.1.2-active_record/config/environments/development.rb +17 -0
- data/rails_test/rails-2.1.2-active_record/config/environments/production.rb +22 -0
- data/rails_test/rails-2.1.2-active_record/config/environments/test.rb +22 -0
- data/rails_test/rails-2.1.2-active_record/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.1.2-active_record/config/initializers/loofah.rb +1 -0
- data/rails_test/rails-2.1.2-active_record/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.1.2-active_record/config/initializers/new_rails_defaults.rb +17 -0
- data/rails_test/rails-2.1.2-active_record/config/routes.rb +43 -0
- data/rails_test/rails-2.1.2-active_record/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.1.2-active_record/public/404.html +30 -0
- data/rails_test/rails-2.1.2-active_record/public/422.html +30 -0
- data/rails_test/rails-2.1.2-active_record/public/500.html +30 -0
- data/rails_test/rails-2.1.2-active_record/public/dispatch.cgi +10 -0
- data/rails_test/rails-2.1.2-active_record/public/dispatch.fcgi +24 -0
- data/rails_test/rails-2.1.2-active_record/public/dispatch.rb +10 -0
- data/rails_test/rails-2.1.2-active_record/public/favicon.ico +0 -0
- data/rails_test/rails-2.1.2-active_record/public/images/rails.png +0 -0
- data/rails_test/rails-2.1.2-active_record/public/index.html +274 -0
- data/rails_test/rails-2.1.2-active_record/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.1.2-active_record/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.1.2-active_record/public/javascripts/dragdrop.js +972 -0
- data/rails_test/rails-2.1.2-active_record/public/javascripts/effects.js +1120 -0
- data/rails_test/rails-2.1.2-active_record/public/javascripts/prototype.js +4225 -0
- data/rails_test/rails-2.1.2-active_record/public/robots.txt +5 -0
- data/rails_test/rails-2.1.2-active_record/script/about +4 -0
- data/rails_test/rails-2.1.2-active_record/script/console +3 -0
- data/rails_test/rails-2.1.2-active_record/script/dbconsole +3 -0
- data/rails_test/rails-2.1.2-active_record/script/destroy +3 -0
- data/rails_test/rails-2.1.2-active_record/script/generate +3 -0
- data/rails_test/rails-2.1.2-active_record/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.1.2-active_record/script/performance/profiler +3 -0
- data/rails_test/rails-2.1.2-active_record/script/performance/request +3 -0
- data/rails_test/rails-2.1.2-active_record/script/plugin +3 -0
- data/rails_test/rails-2.1.2-active_record/script/process/inspector +3 -0
- data/rails_test/rails-2.1.2-active_record/script/process/reaper +3 -0
- data/rails_test/rails-2.1.2-active_record/script/process/spawner +3 -0
- data/rails_test/rails-2.1.2-active_record/script/runner +3 -0
- data/rails_test/rails-2.1.2-active_record/script/server +3 -0
- data/rails_test/rails-2.1.2-active_record/test/test_helper.rb +38 -0
- data/rails_test/rails-2.1.2-active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/rails-2.1.2-xss_foliate/README +256 -0
- data/rails_test/rails-2.1.2-xss_foliate/Rakefile +10 -0
- data/rails_test/rails-2.1.2-xss_foliate/app/controllers/application.rb +15 -0
- data/rails_test/rails-2.1.2-xss_foliate/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/app/models/post.rb +2 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/boot.rb +109 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/database.yml +22 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/environment.rb +67 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/environments/development.rb +17 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/environments/production.rb +22 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/environments/test.rb +22 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/initializers/loofah.rb +2 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/initializers/new_rails_defaults.rb +17 -0
- data/rails_test/rails-2.1.2-xss_foliate/config/routes.rb +43 -0
- data/rails_test/rails-2.1.2-xss_foliate/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/404.html +30 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/422.html +30 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/500.html +30 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.cgi +10 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.fcgi +24 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.rb +10 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/favicon.ico +0 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/images/rails.png +0 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/index.html +274 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/dragdrop.js +972 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/effects.js +1120 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/prototype.js +4225 -0
- data/rails_test/rails-2.1.2-xss_foliate/public/robots.txt +5 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/about +4 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/console +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/dbconsole +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/destroy +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/generate +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/performance/profiler +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/performance/request +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/plugin +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/process/inspector +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/process/reaper +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/process/spawner +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/runner +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/script/server +3 -0
- data/rails_test/rails-2.1.2-xss_foliate/test/test_helper.rb +38 -0
- data/rails_test/rails-2.1.2-xss_foliate/test/unit/posts_test.rb +14 -0
- data/rails_test/rails-2.2.2-active_record/README +256 -0
- data/rails_test/rails-2.2.2-active_record/Rakefile +10 -0
- data/rails_test/rails-2.2.2-active_record/app/controllers/application.rb +15 -0
- data/rails_test/rails-2.2.2-active_record/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.2.2-active_record/app/models/post.rb +3 -0
- data/rails_test/rails-2.2.2-active_record/config/boot.rb +109 -0
- data/rails_test/rails-2.2.2-active_record/config/database.yml +22 -0
- data/rails_test/rails-2.2.2-active_record/config/environment.rb +75 -0
- data/rails_test/rails-2.2.2-active_record/config/environments/development.rb +17 -0
- data/rails_test/rails-2.2.2-active_record/config/environments/production.rb +24 -0
- data/rails_test/rails-2.2.2-active_record/config/environments/test.rb +22 -0
- data/rails_test/rails-2.2.2-active_record/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.2.2-active_record/config/initializers/loofah.rb +1 -0
- data/rails_test/rails-2.2.2-active_record/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.2.2-active_record/config/initializers/new_rails_defaults.rb +17 -0
- data/rails_test/rails-2.2.2-active_record/config/locales/en.yml +5 -0
- data/rails_test/rails-2.2.2-active_record/config/routes.rb +43 -0
- data/rails_test/rails-2.2.2-active_record/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.2.2-active_record/public/404.html +30 -0
- data/rails_test/rails-2.2.2-active_record/public/422.html +30 -0
- data/rails_test/rails-2.2.2-active_record/public/500.html +33 -0
- data/rails_test/rails-2.2.2-active_record/public/dispatch.cgi +10 -0
- data/rails_test/rails-2.2.2-active_record/public/dispatch.fcgi +24 -0
- data/rails_test/rails-2.2.2-active_record/public/dispatch.rb +10 -0
- data/rails_test/rails-2.2.2-active_record/public/favicon.ico +0 -0
- data/rails_test/rails-2.2.2-active_record/public/images/rails.png +0 -0
- data/rails_test/rails-2.2.2-active_record/public/index.html +274 -0
- data/rails_test/rails-2.2.2-active_record/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.2.2-active_record/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.2.2-active_record/public/javascripts/dragdrop.js +973 -0
- data/rails_test/rails-2.2.2-active_record/public/javascripts/effects.js +1128 -0
- data/rails_test/rails-2.2.2-active_record/public/javascripts/prototype.js +4320 -0
- data/rails_test/rails-2.2.2-active_record/public/robots.txt +5 -0
- data/rails_test/rails-2.2.2-active_record/script/about +4 -0
- data/rails_test/rails-2.2.2-active_record/script/console +3 -0
- data/rails_test/rails-2.2.2-active_record/script/dbconsole +3 -0
- data/rails_test/rails-2.2.2-active_record/script/destroy +3 -0
- data/rails_test/rails-2.2.2-active_record/script/generate +3 -0
- data/rails_test/rails-2.2.2-active_record/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.2.2-active_record/script/performance/profiler +3 -0
- data/rails_test/rails-2.2.2-active_record/script/performance/request +3 -0
- data/rails_test/rails-2.2.2-active_record/script/plugin +3 -0
- data/rails_test/rails-2.2.2-active_record/script/process/inspector +3 -0
- data/rails_test/rails-2.2.2-active_record/script/process/reaper +3 -0
- data/rails_test/rails-2.2.2-active_record/script/process/spawner +3 -0
- data/rails_test/rails-2.2.2-active_record/script/runner +3 -0
- data/rails_test/rails-2.2.2-active_record/script/server +3 -0
- data/rails_test/rails-2.2.2-active_record/test/performance/browsing_test.rb +9 -0
- data/rails_test/rails-2.2.2-active_record/test/test_helper.rb +38 -0
- data/rails_test/rails-2.2.2-active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/rails-2.2.2-xss_foliate/README +256 -0
- data/rails_test/rails-2.2.2-xss_foliate/Rakefile +10 -0
- data/rails_test/rails-2.2.2-xss_foliate/app/controllers/application.rb +15 -0
- data/rails_test/rails-2.2.2-xss_foliate/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/app/models/post.rb +2 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/boot.rb +109 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/database.yml +22 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/environment.rb +75 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/environments/development.rb +17 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/environments/production.rb +24 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/environments/test.rb +22 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/initializers/loofah.rb +2 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/initializers/new_rails_defaults.rb +17 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/locales/en.yml +5 -0
- data/rails_test/rails-2.2.2-xss_foliate/config/routes.rb +43 -0
- data/rails_test/rails-2.2.2-xss_foliate/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/404.html +30 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/422.html +30 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/500.html +33 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.cgi +10 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.fcgi +24 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.rb +10 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/favicon.ico +0 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/images/rails.png +0 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/index.html +274 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/dragdrop.js +973 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/effects.js +1128 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/prototype.js +4320 -0
- data/rails_test/rails-2.2.2-xss_foliate/public/robots.txt +5 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/about +4 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/console +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/dbconsole +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/destroy +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/generate +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/performance/profiler +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/performance/request +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/plugin +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/process/inspector +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/process/reaper +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/process/spawner +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/runner +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/script/server +3 -0
- data/rails_test/rails-2.2.2-xss_foliate/test/performance/browsing_test.rb +9 -0
- data/rails_test/rails-2.2.2-xss_foliate/test/test_helper.rb +38 -0
- data/rails_test/rails-2.2.2-xss_foliate/test/unit/posts_test.rb +14 -0
- data/rails_test/rails-2.3.8-active_record/README +243 -0
- data/rails_test/rails-2.3.8-active_record/Rakefile +10 -0
- data/rails_test/rails-2.3.8-active_record/app/controllers/application_controller.rb +10 -0
- data/rails_test/rails-2.3.8-active_record/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.3.8-active_record/app/models/post.rb +3 -0
- data/rails_test/rails-2.3.8-active_record/config/boot.rb +110 -0
- data/rails_test/rails-2.3.8-active_record/config/database.yml +22 -0
- data/rails_test/rails-2.3.8-active_record/config/environment.rb +41 -0
- data/rails_test/rails-2.3.8-active_record/config/environments/development.rb +17 -0
- data/rails_test/rails-2.3.8-active_record/config/environments/production.rb +28 -0
- data/rails_test/rails-2.3.8-active_record/config/environments/test.rb +28 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/backtrace_silencers.rb +7 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/cookie_verification_secret.rb +7 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/loofah.rb +1 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/new_rails_defaults.rb +21 -0
- data/rails_test/rails-2.3.8-active_record/config/initializers/session_store.rb +15 -0
- data/rails_test/rails-2.3.8-active_record/config/locales/en.yml +5 -0
- data/rails_test/rails-2.3.8-active_record/config/routes.rb +43 -0
- data/rails_test/rails-2.3.8-active_record/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.3.8-active_record/db/seeds.rb +7 -0
- data/rails_test/rails-2.3.8-active_record/public/404.html +30 -0
- data/rails_test/rails-2.3.8-active_record/public/422.html +30 -0
- data/rails_test/rails-2.3.8-active_record/public/500.html +30 -0
- data/rails_test/rails-2.3.8-active_record/public/favicon.ico +0 -0
- data/rails_test/rails-2.3.8-active_record/public/images/rails.png +0 -0
- data/rails_test/rails-2.3.8-active_record/public/index.html +275 -0
- data/rails_test/rails-2.3.8-active_record/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.3.8-active_record/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.3.8-active_record/public/javascripts/dragdrop.js +973 -0
- data/rails_test/rails-2.3.8-active_record/public/javascripts/effects.js +1128 -0
- data/rails_test/rails-2.3.8-active_record/public/javascripts/prototype.js +4320 -0
- data/rails_test/rails-2.3.8-active_record/public/robots.txt +5 -0
- data/rails_test/rails-2.3.8-active_record/script/about +4 -0
- data/rails_test/rails-2.3.8-active_record/script/console +3 -0
- data/rails_test/rails-2.3.8-active_record/script/dbconsole +3 -0
- data/rails_test/rails-2.3.8-active_record/script/destroy +3 -0
- data/rails_test/rails-2.3.8-active_record/script/generate +3 -0
- data/rails_test/rails-2.3.8-active_record/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.3.8-active_record/script/performance/profiler +3 -0
- data/rails_test/rails-2.3.8-active_record/script/plugin +3 -0
- data/rails_test/rails-2.3.8-active_record/script/runner +3 -0
- data/rails_test/rails-2.3.8-active_record/script/server +3 -0
- data/rails_test/rails-2.3.8-active_record/test/performance/browsing_test.rb +9 -0
- data/rails_test/rails-2.3.8-active_record/test/test_helper.rb +38 -0
- data/rails_test/rails-2.3.8-active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/rails-2.3.8-xss_foliate/README +243 -0
- data/rails_test/rails-2.3.8-xss_foliate/Rakefile +10 -0
- data/rails_test/rails-2.3.8-xss_foliate/app/controllers/application_controller.rb +10 -0
- data/rails_test/rails-2.3.8-xss_foliate/app/helpers/application_helper.rb +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/app/models/post.rb +2 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/boot.rb +110 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/database.yml +22 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/environment.rb +41 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/environments/development.rb +17 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/environments/production.rb +28 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/environments/test.rb +28 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/backtrace_silencers.rb +7 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/cookie_verification_secret.rb +7 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/loofah.rb +2 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/new_rails_defaults.rb +21 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/initializers/session_store.rb +15 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/locales/en.yml +5 -0
- data/rails_test/rails-2.3.8-xss_foliate/config/routes.rb +43 -0
- data/rails_test/rails-2.3.8-xss_foliate/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-2.3.8-xss_foliate/db/seeds.rb +7 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/404.html +30 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/422.html +30 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/500.html +30 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/favicon.ico +0 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/images/rails.png +0 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/index.html +275 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/application.js +2 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/controls.js +963 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/dragdrop.js +973 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/effects.js +1128 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/prototype.js +4320 -0
- data/rails_test/rails-2.3.8-xss_foliate/public/robots.txt +5 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/about +4 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/console +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/dbconsole +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/destroy +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/generate +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/performance/benchmarker +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/performance/profiler +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/plugin +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/runner +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/script/server +3 -0
- data/rails_test/rails-2.3.8-xss_foliate/test/performance/browsing_test.rb +9 -0
- data/rails_test/rails-2.3.8-xss_foliate/test/test_helper.rb +38 -0
- data/rails_test/rails-2.3.8-xss_foliate/test/unit/posts_test.rb +14 -0
- data/rails_test/rails-3.0.0.beta4-active_record/README +281 -0
- data/rails_test/rails-3.0.0.beta4-active_record/Rakefile +7 -0
- data/rails_test/rails-3.0.0.beta4-active_record/app/controllers/application_controller.rb +4 -0
- data/rails_test/rails-3.0.0.beta4-active_record/app/helpers/application_helper.rb +2 -0
- data/rails_test/rails-3.0.0.beta4-active_record/app/models/post.rb +3 -0
- data/rails_test/rails-3.0.0.beta4-active_record/app/views/layouts/application.html.erb +14 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config.ru +4 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/application.rb +46 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/boot.rb +13 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/database.yml +22 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/environment.rb +5 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/environments/development.rb +19 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/environments/production.rb +46 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/environments/test.rb +32 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/backtrace_silencers.rb +7 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/secret_token.rb +7 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/session_store.rb +8 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/locales/en.yml +5 -0
- data/rails_test/rails-3.0.0.beta4-active_record/config/routes.rb +58 -0
- data/rails_test/rails-3.0.0.beta4-active_record/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-3.0.0.beta4-active_record/db/seeds.rb +7 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/404.html +26 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/422.html +26 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/500.html +26 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/favicon.ico +0 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/images/rails.png +0 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/index.html +279 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/application.js +2 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/controls.js +965 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/dragdrop.js +974 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/effects.js +1123 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/prototype.js +4874 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/rails.js +118 -0
- data/rails_test/rails-3.0.0.beta4-active_record/public/robots.txt +5 -0
- data/rails_test/rails-3.0.0.beta4-active_record/script/rails +6 -0
- data/rails_test/rails-3.0.0.beta4-active_record/test/performance/browsing_test.rb +9 -0
- data/rails_test/rails-3.0.0.beta4-active_record/test/test_helper.rb +13 -0
- data/rails_test/rails-3.0.0.beta4-active_record/test/unit/posts_test.rb +15 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/README +281 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/Rakefile +7 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/app/controllers/application_controller.rb +4 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/app/helpers/application_helper.rb +2 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/app/models/post.rb +2 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/app/views/layouts/application.html.erb +14 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config.ru +4 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/application.rb +46 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/boot.rb +13 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/database.yml +22 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environment.rb +5 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/development.rb +19 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/production.rb +46 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/test.rb +32 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/backtrace_silencers.rb +7 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/inflections.rb +10 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/loofah.rb +2 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/mime_types.rb +5 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/secret_token.rb +7 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/session_store.rb +8 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/locales/en.yml +5 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/config/routes.rb +58 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/db/migrate/1_create_posts.rb +11 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/db/seeds.rb +7 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/404.html +26 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/422.html +26 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/500.html +26 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/favicon.ico +0 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/images/rails.png +0 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/index.html +279 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/application.js +2 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/controls.js +965 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/dragdrop.js +974 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/effects.js +1123 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/prototype.js +4874 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/rails.js +118 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/public/robots.txt +5 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/script/rails +6 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/test/performance/browsing_test.rb +9 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/test/test_helper.rb +13 -0
- data/rails_test/rails-3.0.0.beta4-xss_foliate/test/unit/posts_test.rb +14 -0
- data/test/helper.rb +9 -0
- data/test/unit/test_active_record.rb +141 -0
- data/test/unit/test_xss_foliate.rb +215 -0
- metadata +772 -0
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
document.observe("dom:loaded", function() {
|
|
2
|
+
function handleRemote(element) {
|
|
3
|
+
var method, url, params;
|
|
4
|
+
|
|
5
|
+
if (element.tagName.toLowerCase() === 'form') {
|
|
6
|
+
method = element.readAttribute('method') || 'post';
|
|
7
|
+
url = element.readAttribute('action');
|
|
8
|
+
params = element.serialize(true);
|
|
9
|
+
} else {
|
|
10
|
+
method = element.readAttribute('data-method') || 'get';
|
|
11
|
+
url = element.readAttribute('href');
|
|
12
|
+
params = {};
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
var event = element.fire("ajax:before");
|
|
16
|
+
if (event.stopped) return false;
|
|
17
|
+
|
|
18
|
+
new Ajax.Request(url, {
|
|
19
|
+
method: method,
|
|
20
|
+
parameters: params,
|
|
21
|
+
asynchronous: true,
|
|
22
|
+
evalScripts: true,
|
|
23
|
+
|
|
24
|
+
onLoading: function(request) { element.fire("ajax:loading", {request: request}); },
|
|
25
|
+
onLoaded: function(request) { element.fire("ajax:loaded", {request: request}); },
|
|
26
|
+
onInteractive: function(request) { element.fire("ajax:interactive", {request: request}); },
|
|
27
|
+
onComplete: function(request) { element.fire("ajax:complete", {request: request}); },
|
|
28
|
+
onSuccess: function(request) { element.fire("ajax:success", {request: request}); },
|
|
29
|
+
onFailure: function(request) { element.fire("ajax:failure", {request: request}); }
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
element.fire("ajax:after");
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
function handleMethod(element) {
|
|
36
|
+
var method, url, token_name, token;
|
|
37
|
+
|
|
38
|
+
method = element.readAttribute('data-method');
|
|
39
|
+
url = element.readAttribute('href');
|
|
40
|
+
csrf_param = $$('meta[name=csrf-param]').first();
|
|
41
|
+
csrf_token = $$('meta[name=csrf-token]').first();
|
|
42
|
+
|
|
43
|
+
var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
|
|
44
|
+
element.parentNode.appendChild(form);
|
|
45
|
+
|
|
46
|
+
if (method != 'post') {
|
|
47
|
+
var field = new Element('input', { type: 'hidden', name: '_method', value: method });
|
|
48
|
+
form.appendChild(field);
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
if (csrf_param) {
|
|
52
|
+
var param = csrf_param.readAttribute('content');
|
|
53
|
+
var token = csrf_token.readAttribute('content');
|
|
54
|
+
var field = new Element('input', { type: 'hidden', name: param, value: token });
|
|
55
|
+
form.appendChild(field);
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
form.submit();
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
$(document.body).observe("click", function(event) {
|
|
62
|
+
var message = event.findElement().readAttribute('data-confirm');
|
|
63
|
+
if (message && !confirm(message)) {
|
|
64
|
+
event.stop();
|
|
65
|
+
return false;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
var element = event.findElement("a[data-remote]");
|
|
69
|
+
if (element) {
|
|
70
|
+
handleRemote(element);
|
|
71
|
+
event.stop();
|
|
72
|
+
return true;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
var element = event.findElement("a[data-method]");
|
|
76
|
+
if (element) {
|
|
77
|
+
handleMethod(element);
|
|
78
|
+
event.stop();
|
|
79
|
+
return true;
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
|
|
83
|
+
// TODO: I don't think submit bubbles in IE
|
|
84
|
+
$(document.body).observe("submit", function(event) {
|
|
85
|
+
var element = event.findElement(),
|
|
86
|
+
message = element.readAttribute('data-confirm');
|
|
87
|
+
if (message && !confirm(message)) {
|
|
88
|
+
event.stop();
|
|
89
|
+
return false;
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
var inputs = element.select("input[type=submit][data-disable-with]");
|
|
93
|
+
inputs.each(function(input) {
|
|
94
|
+
input.disabled = true;
|
|
95
|
+
input.writeAttribute('data-original-value', input.value);
|
|
96
|
+
input.value = input.readAttribute('data-disable-with');
|
|
97
|
+
});
|
|
98
|
+
|
|
99
|
+
var element = event.findElement("form[data-remote]");
|
|
100
|
+
if (element) {
|
|
101
|
+
handleRemote(element);
|
|
102
|
+
event.stop();
|
|
103
|
+
}
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
$(document.body).observe("ajax:after", function(event) {
|
|
107
|
+
var element = event.findElement();
|
|
108
|
+
|
|
109
|
+
if (element.tagName.toLowerCase() === 'form') {
|
|
110
|
+
var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
|
|
111
|
+
inputs.each(function(input) {
|
|
112
|
+
input.value = input.readAttribute('data-original-value');
|
|
113
|
+
input.writeAttribute('data-original-value', null);
|
|
114
|
+
input.disabled = false;
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
});
|
|
118
|
+
});
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
#!/usr/bin/env ruby1.8
|
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
|
3
|
+
|
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
|
6
|
+
require 'rails/commands'
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
ENV["RAILS_ENV"] = "test"
|
|
2
|
+
require File.expand_path('../../config/environment', __FILE__)
|
|
3
|
+
require 'rails/test_help'
|
|
4
|
+
|
|
5
|
+
class ActiveSupport::TestCase
|
|
6
|
+
# Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
|
|
7
|
+
#
|
|
8
|
+
# Note: You'll currently still have to declare fixtures explicitly in integration tests
|
|
9
|
+
# -- they do not yet inherit this setting
|
|
10
|
+
fixtures :all
|
|
11
|
+
|
|
12
|
+
# Add more helper methods to be used by all tests here...
|
|
13
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), "../test_helper")
|
|
2
|
+
|
|
3
|
+
class PostsTest < Test::Unit::TestCase
|
|
4
|
+
def test_loofah_scrubbing
|
|
5
|
+
post = Post.new :title => "<script>yo dawg</script>", :body => "<script>omgwtfbbq</script>"
|
|
6
|
+
post.valid?
|
|
7
|
+
assert_equal "yo dawg", post.title
|
|
8
|
+
assert_equal "omgwtfbbq", post.body
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def test_xss_foliation
|
|
12
|
+
assert Post.xss_foliated?
|
|
13
|
+
end
|
|
14
|
+
end
|
data/test/helper.rb
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
require 'rubygems'
|
|
2
|
+
require 'test/unit'
|
|
3
|
+
require 'shoulda'
|
|
4
|
+
require 'mocha'
|
|
5
|
+
require 'acts_as_fu'
|
|
6
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "..", "lib", "loofah-activerecord"))
|
|
7
|
+
|
|
8
|
+
puts "=> testing with Nokogiri #{Nokogiri::VERSION_INFO.inspect}"
|
|
9
|
+
puts "=> testing with Loofah #{Loofah::VERSION}"
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
|
|
2
|
+
|
|
3
|
+
class TestActiveRecord < Test::Unit::TestCase
|
|
4
|
+
|
|
5
|
+
HTML_STRING = "<div>omgwtfbbq</div>"
|
|
6
|
+
PLAIN_TEXT = "vanilla text"
|
|
7
|
+
|
|
8
|
+
context "with a Post model" do
|
|
9
|
+
setup do
|
|
10
|
+
ActsAsFu.build_model(:posts) do
|
|
11
|
+
string :plain_text
|
|
12
|
+
string :html_string
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
context "scrubbing a single field as a fragment" do
|
|
17
|
+
context "using a symbol to indicate the attribute" do
|
|
18
|
+
setup do
|
|
19
|
+
Post.html_fragment :html_string, :scrub => :prune
|
|
20
|
+
assert ! Post.xss_foliated?
|
|
21
|
+
@post = Post.new :html_string => HTML_STRING, :plain_text => PLAIN_TEXT
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
should "scrub the specified field" do
|
|
25
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
|
|
26
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).never
|
|
27
|
+
@post.valid?
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
should "only call scrub_fragment once" do
|
|
31
|
+
Loofah.expects(:scrub_fragment).once
|
|
32
|
+
@post.valid?
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
should "generate strings" do
|
|
36
|
+
@post.valid?
|
|
37
|
+
assert_equal String, @post.html_string.class
|
|
38
|
+
assert_equal HTML_STRING, @post.html_string
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
context "using a string to indicate the attribute" do
|
|
43
|
+
setup do
|
|
44
|
+
Post.html_fragment 'html_string', :scrub => :prune
|
|
45
|
+
assert ! Post.xss_foliated?
|
|
46
|
+
@post = Post.new :html_string => HTML_STRING, :plain_text => PLAIN_TEXT
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
should "scrub the specified field" do
|
|
50
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
|
|
51
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).never
|
|
52
|
+
@post.valid?
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
context "scrubbing a single field as a document" do
|
|
58
|
+
context "using a symbol to indicate the attribute" do
|
|
59
|
+
setup do
|
|
60
|
+
Post.html_document :html_string, :scrub => :strip
|
|
61
|
+
@post = Post.new :html_string => HTML_STRING, :plain_text => PLAIN_TEXT
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
should "scrub the specified field, but not other fields" do
|
|
65
|
+
Loofah.expects(:scrub_document).with(HTML_STRING, :strip).once
|
|
66
|
+
Loofah.expects(:scrub_document).with(PLAIN_TEXT, :strip).never
|
|
67
|
+
@post.valid?
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
should "only call scrub_document once" do
|
|
71
|
+
Loofah.expects(:scrub_document).once
|
|
72
|
+
@post.valid?
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
should "generate strings" do
|
|
76
|
+
@post.valid?
|
|
77
|
+
assert_equal String, @post.html_string.class
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
context "using a string to indicate the attribute" do
|
|
82
|
+
setup do
|
|
83
|
+
Post.html_document 'html_string', :scrub => :strip
|
|
84
|
+
@post = Post.new :html_string => HTML_STRING, :plain_text => PLAIN_TEXT
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
should "scrub the specified field, but not other fields" do
|
|
88
|
+
Loofah.expects(:scrub_document).with(HTML_STRING, :strip).once
|
|
89
|
+
Loofah.expects(:scrub_document).with(PLAIN_TEXT, :strip).never
|
|
90
|
+
@post.valid?
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
context "not passing any options" do
|
|
96
|
+
should "raise ArgumentError" do
|
|
97
|
+
assert_raises(ArgumentError) {
|
|
98
|
+
Post.html_fragment :foo
|
|
99
|
+
}
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
context "not passing :scrub option" do
|
|
104
|
+
should "raise ArgumentError" do
|
|
105
|
+
assert_raise(ArgumentError) {
|
|
106
|
+
Post.html_fragment :foo, :bar => :quux
|
|
107
|
+
}
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
context "passing a :scrub option" do
|
|
112
|
+
should "not raise ArgumentError" do
|
|
113
|
+
assert_nothing_raised {
|
|
114
|
+
Post.html_fragment :foo, :scrub => :quux
|
|
115
|
+
}
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
context "passing a Scrubber" do
|
|
120
|
+
setup do
|
|
121
|
+
@called = false
|
|
122
|
+
@scrubber = Loofah::Scrubber.new do |node|
|
|
123
|
+
@called = true
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
should "not raise ArgumentError" do
|
|
128
|
+
assert_nothing_raised {
|
|
129
|
+
Post.html_fragment :html_string, :scrub => @scrubber
|
|
130
|
+
}
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
should "scrub properly" do
|
|
134
|
+
Post.html_fragment :html_string, :scrub => @scrubber
|
|
135
|
+
post = Post.new :html_string => HTML_STRING, :plain_text => PLAIN_TEXT
|
|
136
|
+
post.valid?
|
|
137
|
+
assert @called
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
end
|
|
@@ -0,0 +1,215 @@
|
|
|
1
|
+
require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
|
|
2
|
+
|
|
3
|
+
class TestXssFoliate < Test::Unit::TestCase
|
|
4
|
+
|
|
5
|
+
HTML_STRING = "<div>omgwtfbbq</div>"
|
|
6
|
+
PLAIN_TEXT = "vanilla text"
|
|
7
|
+
INTEGER_VALUE = "1234"
|
|
8
|
+
WHITESPACEY = " <br> "
|
|
9
|
+
|
|
10
|
+
def new_post(overrides={})
|
|
11
|
+
Post.new({:html_string => HTML_STRING, :plain_text => PLAIN_TEXT, :not_a_string => INTEGER_VALUE}.merge(overrides))
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
context "with a Post model" do
|
|
15
|
+
setup do
|
|
16
|
+
ActsAsFu.build_model(:posts) do
|
|
17
|
+
string :plain_text
|
|
18
|
+
string :html_string
|
|
19
|
+
integer :not_a_string
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
context "#xss_foliated?" do
|
|
24
|
+
context "when xss_foliate has not been called" do
|
|
25
|
+
should "return false" do
|
|
26
|
+
assert ! Post.xss_foliated?
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
context "when xss_foliate has been called with no options" do
|
|
31
|
+
setup do
|
|
32
|
+
Post.xss_foliate
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
should "return true" do
|
|
36
|
+
assert Post.xss_foliated?
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
context "when xss_foliate has been called with options" do
|
|
41
|
+
setup do
|
|
42
|
+
Post.xss_foliate :prune => :plain_text
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
should "return true" do
|
|
46
|
+
assert Post.xss_foliated?
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
context "#xss_foliate" do
|
|
52
|
+
context "when passed invalid option" do
|
|
53
|
+
should "raise ArgumentError" do
|
|
54
|
+
assert_raise(ArgumentError) { Post.xss_foliate :quux => [:foo] }
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
context "when passed a symbol" do
|
|
59
|
+
should "calls the right scrubber" do
|
|
60
|
+
assert_nothing_raised(ArgumentError) { Post.xss_foliate :prune => :plain_text }
|
|
61
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
|
|
62
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
|
|
63
|
+
new_post.valid?
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
context "when passed an array of symbols" do
|
|
68
|
+
should "calls the right scrubbers" do
|
|
69
|
+
assert_nothing_raised(ArgumentError) {
|
|
70
|
+
Post.xss_foliate :prune => [:plain_text, :html_string]
|
|
71
|
+
}
|
|
72
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
|
|
73
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
|
|
74
|
+
new_post.valid?
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
context "when passed a string" do
|
|
79
|
+
should "calls the right scrubber" do
|
|
80
|
+
assert_nothing_raised(ArgumentError) { Post.xss_foliate :prune => 'plain_text' }
|
|
81
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
|
|
82
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
|
|
83
|
+
new_post.valid?
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
context "when passed an array of strings" do
|
|
88
|
+
should "calls the right scrubbers" do
|
|
89
|
+
assert_nothing_raised(ArgumentError) {
|
|
90
|
+
Post.xss_foliate :prune => ['plain_text', 'html_string']
|
|
91
|
+
}
|
|
92
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
|
|
93
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
|
|
94
|
+
new_post.valid?
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
context "declaring scrubbed fields" do
|
|
100
|
+
context "on all fields" do
|
|
101
|
+
setup do
|
|
102
|
+
Post.xss_foliate
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
should "scrub all fields" do
|
|
106
|
+
mock_doc = mock
|
|
107
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
|
|
108
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).once.returns(mock_doc)
|
|
109
|
+
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
|
|
110
|
+
mock_doc.expects(:text).twice
|
|
111
|
+
assert new_post.valid?
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
context "omitting one field" do
|
|
116
|
+
setup do
|
|
117
|
+
Post.xss_foliate :except => [:plain_text]
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
should "not scrub omitted field" do
|
|
121
|
+
mock_doc = mock
|
|
122
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
|
|
123
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).never
|
|
124
|
+
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
|
|
125
|
+
mock_doc.expects(:text).once
|
|
126
|
+
new_post.valid?
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
Loofah::Scrubbers.scrubber_symbols.each do |method|
|
|
131
|
+
context "declaring one field to be scrubbed with #{method}" do
|
|
132
|
+
setup do
|
|
133
|
+
Post.xss_foliate method => [:plain_text]
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
should "scrub that field appropriately" do
|
|
137
|
+
mock_doc = mock
|
|
138
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
|
|
139
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, method).once.returns(mock_doc)
|
|
140
|
+
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
|
|
141
|
+
mock_doc.expects(:to_s)
|
|
142
|
+
new_post.valid?
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
context "declaring one field to be scrubbed with html5lib_sanitize" do
|
|
148
|
+
setup do
|
|
149
|
+
Post.xss_foliate :html5lib_sanitize => [:plain_text]
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
should "not that field appropriately" do
|
|
153
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip) .once
|
|
154
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :escape).once
|
|
155
|
+
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip) .never
|
|
156
|
+
new_post.valid?
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
context "invalid model data" do
|
|
162
|
+
setup do
|
|
163
|
+
Post.validates_presence_of :html_string
|
|
164
|
+
Post.xss_foliate
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
should "not be valid after sanitizing" do
|
|
168
|
+
Loofah.expects(:scrub_fragment).with(WHITESPACEY, :strip).once
|
|
169
|
+
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).once
|
|
170
|
+
assert ! new_post(:html_string => WHITESPACEY).valid?
|
|
171
|
+
end
|
|
172
|
+
end
|
|
173
|
+
|
|
174
|
+
context "given an XSS attempt" do
|
|
175
|
+
setup do
|
|
176
|
+
Post.xss_foliate :strip => :html_string
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
should "escape html entities" do
|
|
180
|
+
hackattack = "<div><script>alert('evil')</script></div>"
|
|
181
|
+
post = new_post :html_string => hackattack, :plain_text => hackattack
|
|
182
|
+
post.valid?
|
|
183
|
+
assert_equal "<div><script>alert('evil')</script></div>", post.html_string
|
|
184
|
+
assert_equal "<script>alert('evil')</script>", post.plain_text
|
|
185
|
+
end
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
context "these tests should pass for libxml 2.7.5 and later" do
|
|
189
|
+
should "not scrub double quotes into html entities" do
|
|
190
|
+
answer = new_post(:plain_text => "\"something\"")
|
|
191
|
+
answer.valid?
|
|
192
|
+
assert_equal "\"something\"", answer.plain_text
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
should "not scrub ampersands into html entities" do
|
|
196
|
+
answer = new_post(:plain_text => "& Something")
|
|
197
|
+
answer.valid?
|
|
198
|
+
assert_equal "& Something", answer.plain_text
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
should "not scrub \\r html entities" do
|
|
202
|
+
answer = new_post(:plain_text => "Another \r Something")
|
|
203
|
+
answer.valid?
|
|
204
|
+
assert_equal "Another \r Something", answer.plain_text
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
should "not scrub \\n html entities" do
|
|
208
|
+
answer = new_post(:plain_text => "Another \n Something")
|
|
209
|
+
answer.valid?
|
|
210
|
+
assert_equal "Another \n Something", answer.plain_text
|
|
211
|
+
end
|
|
212
|
+
end
|
|
213
|
+
end
|
|
214
|
+
end
|
|
215
|
+
|