loofah-activerecord 1.0.0.beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (573) hide show
  1. data/CHANGELOG.rdoc +9 -0
  2. data/Gemfile +14 -0
  3. data/MIT-LICENSE.txt +21 -0
  4. data/Manifest.txt +572 -0
  5. data/README.rdoc +110 -0
  6. data/Rakefile +56 -0
  7. data/lib/loofah-activerecord.rb +19 -0
  8. data/lib/loofah-activerecord/active_record.rb +60 -0
  9. data/lib/loofah-activerecord/railtie.rb +12 -0
  10. data/lib/loofah-activerecord/xss_foliate.rb +207 -0
  11. data/rails_test/Rakefile +72 -0
  12. data/rails_test/common/active_record/app/models/post.rb +3 -0
  13. data/rails_test/common/active_record/test/unit/posts_test.rb +15 -0
  14. data/rails_test/common/all/config/database.yml +22 -0
  15. data/rails_test/common/all/db/migrate/1_create_posts.rb +11 -0
  16. data/rails_test/common/xss_foliate/app/models/post.rb +2 -0
  17. data/rails_test/common/xss_foliate/test/unit/posts_test.rb +14 -0
  18. data/rails_test/generate_test_directory +51 -0
  19. data/rails_test/rails-1.2.6-active_record/README +211 -0
  20. data/rails_test/rails-1.2.6-active_record/Rakefile +10 -0
  21. data/rails_test/rails-1.2.6-active_record/app/controllers/application.rb +7 -0
  22. data/rails_test/rails-1.2.6-active_record/app/helpers/application_helper.rb +3 -0
  23. data/rails_test/rails-1.2.6-active_record/app/models/post.rb +3 -0
  24. data/rails_test/rails-1.2.6-active_record/config/boot.rb +39 -0
  25. data/rails_test/rails-1.2.6-active_record/config/database.yml +22 -0
  26. data/rails_test/rails-1.2.6-active_record/config/environment.rb +61 -0
  27. data/rails_test/rails-1.2.6-active_record/config/environments/development.rb +21 -0
  28. data/rails_test/rails-1.2.6-active_record/config/environments/production.rb +18 -0
  29. data/rails_test/rails-1.2.6-active_record/config/environments/test.rb +19 -0
  30. data/rails_test/rails-1.2.6-active_record/config/routes.rb +23 -0
  31. data/rails_test/rails-1.2.6-active_record/db/migrate/1_create_posts.rb +11 -0
  32. data/rails_test/rails-1.2.6-active_record/public/.htaccess +40 -0
  33. data/rails_test/rails-1.2.6-active_record/public/404.html +30 -0
  34. data/rails_test/rails-1.2.6-active_record/public/500.html +30 -0
  35. data/rails_test/rails-1.2.6-active_record/public/dispatch.cgi +10 -0
  36. data/rails_test/rails-1.2.6-active_record/public/dispatch.fcgi +24 -0
  37. data/rails_test/rails-1.2.6-active_record/public/dispatch.rb +10 -0
  38. data/rails_test/rails-1.2.6-active_record/public/favicon.ico +0 -0
  39. data/rails_test/rails-1.2.6-active_record/public/images/rails.png +0 -0
  40. data/rails_test/rails-1.2.6-active_record/public/index.html +277 -0
  41. data/rails_test/rails-1.2.6-active_record/public/javascripts/application.js +2 -0
  42. data/rails_test/rails-1.2.6-active_record/public/javascripts/controls.js +833 -0
  43. data/rails_test/rails-1.2.6-active_record/public/javascripts/dragdrop.js +942 -0
  44. data/rails_test/rails-1.2.6-active_record/public/javascripts/effects.js +1088 -0
  45. data/rails_test/rails-1.2.6-active_record/public/javascripts/prototype.js +2515 -0
  46. data/rails_test/rails-1.2.6-active_record/public/robots.txt +1 -0
  47. data/rails_test/rails-1.2.6-active_record/script/about +3 -0
  48. data/rails_test/rails-1.2.6-active_record/script/breakpointer +3 -0
  49. data/rails_test/rails-1.2.6-active_record/script/console +3 -0
  50. data/rails_test/rails-1.2.6-active_record/script/destroy +3 -0
  51. data/rails_test/rails-1.2.6-active_record/script/generate +3 -0
  52. data/rails_test/rails-1.2.6-active_record/script/performance/benchmarker +3 -0
  53. data/rails_test/rails-1.2.6-active_record/script/performance/profiler +3 -0
  54. data/rails_test/rails-1.2.6-active_record/script/plugin +3 -0
  55. data/rails_test/rails-1.2.6-active_record/script/process/inspector +3 -0
  56. data/rails_test/rails-1.2.6-active_record/script/process/reaper +3 -0
  57. data/rails_test/rails-1.2.6-active_record/script/process/spawner +3 -0
  58. data/rails_test/rails-1.2.6-active_record/script/runner +3 -0
  59. data/rails_test/rails-1.2.6-active_record/script/server +3 -0
  60. data/rails_test/rails-1.2.6-active_record/test/test_helper.rb +28 -0
  61. data/rails_test/rails-1.2.6-active_record/test/unit/posts_test.rb +15 -0
  62. data/rails_test/rails-1.2.6-xss_foliate/README +211 -0
  63. data/rails_test/rails-1.2.6-xss_foliate/Rakefile +10 -0
  64. data/rails_test/rails-1.2.6-xss_foliate/app/controllers/application.rb +7 -0
  65. data/rails_test/rails-1.2.6-xss_foliate/app/helpers/application_helper.rb +3 -0
  66. data/rails_test/rails-1.2.6-xss_foliate/app/models/post.rb +2 -0
  67. data/rails_test/rails-1.2.6-xss_foliate/config/boot.rb +39 -0
  68. data/rails_test/rails-1.2.6-xss_foliate/config/database.yml +22 -0
  69. data/rails_test/rails-1.2.6-xss_foliate/config/environment.rb +63 -0
  70. data/rails_test/rails-1.2.6-xss_foliate/config/environments/development.rb +21 -0
  71. data/rails_test/rails-1.2.6-xss_foliate/config/environments/production.rb +18 -0
  72. data/rails_test/rails-1.2.6-xss_foliate/config/environments/test.rb +19 -0
  73. data/rails_test/rails-1.2.6-xss_foliate/config/routes.rb +23 -0
  74. data/rails_test/rails-1.2.6-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  75. data/rails_test/rails-1.2.6-xss_foliate/public/.htaccess +40 -0
  76. data/rails_test/rails-1.2.6-xss_foliate/public/404.html +30 -0
  77. data/rails_test/rails-1.2.6-xss_foliate/public/500.html +30 -0
  78. data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.cgi +10 -0
  79. data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.fcgi +24 -0
  80. data/rails_test/rails-1.2.6-xss_foliate/public/dispatch.rb +10 -0
  81. data/rails_test/rails-1.2.6-xss_foliate/public/favicon.ico +0 -0
  82. data/rails_test/rails-1.2.6-xss_foliate/public/images/rails.png +0 -0
  83. data/rails_test/rails-1.2.6-xss_foliate/public/index.html +277 -0
  84. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/application.js +2 -0
  85. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/controls.js +833 -0
  86. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/dragdrop.js +942 -0
  87. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/effects.js +1088 -0
  88. data/rails_test/rails-1.2.6-xss_foliate/public/javascripts/prototype.js +2515 -0
  89. data/rails_test/rails-1.2.6-xss_foliate/public/robots.txt +1 -0
  90. data/rails_test/rails-1.2.6-xss_foliate/script/about +3 -0
  91. data/rails_test/rails-1.2.6-xss_foliate/script/breakpointer +3 -0
  92. data/rails_test/rails-1.2.6-xss_foliate/script/console +3 -0
  93. data/rails_test/rails-1.2.6-xss_foliate/script/destroy +3 -0
  94. data/rails_test/rails-1.2.6-xss_foliate/script/generate +3 -0
  95. data/rails_test/rails-1.2.6-xss_foliate/script/performance/benchmarker +3 -0
  96. data/rails_test/rails-1.2.6-xss_foliate/script/performance/profiler +3 -0
  97. data/rails_test/rails-1.2.6-xss_foliate/script/plugin +3 -0
  98. data/rails_test/rails-1.2.6-xss_foliate/script/process/inspector +3 -0
  99. data/rails_test/rails-1.2.6-xss_foliate/script/process/reaper +3 -0
  100. data/rails_test/rails-1.2.6-xss_foliate/script/process/spawner +3 -0
  101. data/rails_test/rails-1.2.6-xss_foliate/script/runner +3 -0
  102. data/rails_test/rails-1.2.6-xss_foliate/script/server +3 -0
  103. data/rails_test/rails-1.2.6-xss_foliate/test/test_helper.rb +28 -0
  104. data/rails_test/rails-1.2.6-xss_foliate/test/unit/posts_test.rb +14 -0
  105. data/rails_test/rails-2.0.5-active_record/README +203 -0
  106. data/rails_test/rails-2.0.5-active_record/Rakefile +10 -0
  107. data/rails_test/rails-2.0.5-active_record/app/controllers/application.rb +10 -0
  108. data/rails_test/rails-2.0.5-active_record/app/helpers/application_helper.rb +3 -0
  109. data/rails_test/rails-2.0.5-active_record/app/models/post.rb +3 -0
  110. data/rails_test/rails-2.0.5-active_record/config/boot.rb +108 -0
  111. data/rails_test/rails-2.0.5-active_record/config/database.yml +22 -0
  112. data/rails_test/rails-2.0.5-active_record/config/environment.rb +59 -0
  113. data/rails_test/rails-2.0.5-active_record/config/environments/development.rb +18 -0
  114. data/rails_test/rails-2.0.5-active_record/config/environments/production.rb +19 -0
  115. data/rails_test/rails-2.0.5-active_record/config/environments/test.rb +22 -0
  116. data/rails_test/rails-2.0.5-active_record/config/initializers/inflections.rb +10 -0
  117. data/rails_test/rails-2.0.5-active_record/config/initializers/loofah.rb +1 -0
  118. data/rails_test/rails-2.0.5-active_record/config/initializers/mime_types.rb +5 -0
  119. data/rails_test/rails-2.0.5-active_record/config/routes.rb +35 -0
  120. data/rails_test/rails-2.0.5-active_record/db/migrate/1_create_posts.rb +11 -0
  121. data/rails_test/rails-2.0.5-active_record/public/.htaccess +40 -0
  122. data/rails_test/rails-2.0.5-active_record/public/404.html +30 -0
  123. data/rails_test/rails-2.0.5-active_record/public/422.html +30 -0
  124. data/rails_test/rails-2.0.5-active_record/public/500.html +30 -0
  125. data/rails_test/rails-2.0.5-active_record/public/dispatch.cgi +10 -0
  126. data/rails_test/rails-2.0.5-active_record/public/dispatch.fcgi +24 -0
  127. data/rails_test/rails-2.0.5-active_record/public/dispatch.rb +10 -0
  128. data/rails_test/rails-2.0.5-active_record/public/favicon.ico +0 -0
  129. data/rails_test/rails-2.0.5-active_record/public/images/rails.png +0 -0
  130. data/rails_test/rails-2.0.5-active_record/public/index.html +277 -0
  131. data/rails_test/rails-2.0.5-active_record/public/javascripts/application.js +2 -0
  132. data/rails_test/rails-2.0.5-active_record/public/javascripts/controls.js +963 -0
  133. data/rails_test/rails-2.0.5-active_record/public/javascripts/dragdrop.js +972 -0
  134. data/rails_test/rails-2.0.5-active_record/public/javascripts/effects.js +1120 -0
  135. data/rails_test/rails-2.0.5-active_record/public/javascripts/prototype.js +4225 -0
  136. data/rails_test/rails-2.0.5-active_record/public/robots.txt +5 -0
  137. data/rails_test/rails-2.0.5-active_record/script/about +3 -0
  138. data/rails_test/rails-2.0.5-active_record/script/console +3 -0
  139. data/rails_test/rails-2.0.5-active_record/script/destroy +3 -0
  140. data/rails_test/rails-2.0.5-active_record/script/generate +3 -0
  141. data/rails_test/rails-2.0.5-active_record/script/performance/benchmarker +3 -0
  142. data/rails_test/rails-2.0.5-active_record/script/performance/profiler +3 -0
  143. data/rails_test/rails-2.0.5-active_record/script/performance/request +3 -0
  144. data/rails_test/rails-2.0.5-active_record/script/plugin +3 -0
  145. data/rails_test/rails-2.0.5-active_record/script/process/inspector +3 -0
  146. data/rails_test/rails-2.0.5-active_record/script/process/reaper +3 -0
  147. data/rails_test/rails-2.0.5-active_record/script/process/spawner +3 -0
  148. data/rails_test/rails-2.0.5-active_record/script/runner +3 -0
  149. data/rails_test/rails-2.0.5-active_record/script/server +3 -0
  150. data/rails_test/rails-2.0.5-active_record/test/test_helper.rb +38 -0
  151. data/rails_test/rails-2.0.5-active_record/test/unit/posts_test.rb +15 -0
  152. data/rails_test/rails-2.0.5-xss_foliate/README +203 -0
  153. data/rails_test/rails-2.0.5-xss_foliate/Rakefile +10 -0
  154. data/rails_test/rails-2.0.5-xss_foliate/app/controllers/application.rb +10 -0
  155. data/rails_test/rails-2.0.5-xss_foliate/app/helpers/application_helper.rb +3 -0
  156. data/rails_test/rails-2.0.5-xss_foliate/app/models/post.rb +2 -0
  157. data/rails_test/rails-2.0.5-xss_foliate/config/boot.rb +108 -0
  158. data/rails_test/rails-2.0.5-xss_foliate/config/database.yml +22 -0
  159. data/rails_test/rails-2.0.5-xss_foliate/config/environment.rb +59 -0
  160. data/rails_test/rails-2.0.5-xss_foliate/config/environments/development.rb +18 -0
  161. data/rails_test/rails-2.0.5-xss_foliate/config/environments/production.rb +19 -0
  162. data/rails_test/rails-2.0.5-xss_foliate/config/environments/test.rb +22 -0
  163. data/rails_test/rails-2.0.5-xss_foliate/config/initializers/inflections.rb +10 -0
  164. data/rails_test/rails-2.0.5-xss_foliate/config/initializers/loofah.rb +2 -0
  165. data/rails_test/rails-2.0.5-xss_foliate/config/initializers/mime_types.rb +5 -0
  166. data/rails_test/rails-2.0.5-xss_foliate/config/routes.rb +35 -0
  167. data/rails_test/rails-2.0.5-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  168. data/rails_test/rails-2.0.5-xss_foliate/public/.htaccess +40 -0
  169. data/rails_test/rails-2.0.5-xss_foliate/public/404.html +30 -0
  170. data/rails_test/rails-2.0.5-xss_foliate/public/422.html +30 -0
  171. data/rails_test/rails-2.0.5-xss_foliate/public/500.html +30 -0
  172. data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.cgi +10 -0
  173. data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.fcgi +24 -0
  174. data/rails_test/rails-2.0.5-xss_foliate/public/dispatch.rb +10 -0
  175. data/rails_test/rails-2.0.5-xss_foliate/public/favicon.ico +0 -0
  176. data/rails_test/rails-2.0.5-xss_foliate/public/images/rails.png +0 -0
  177. data/rails_test/rails-2.0.5-xss_foliate/public/index.html +277 -0
  178. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/application.js +2 -0
  179. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/controls.js +963 -0
  180. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/dragdrop.js +972 -0
  181. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/effects.js +1120 -0
  182. data/rails_test/rails-2.0.5-xss_foliate/public/javascripts/prototype.js +4225 -0
  183. data/rails_test/rails-2.0.5-xss_foliate/public/robots.txt +5 -0
  184. data/rails_test/rails-2.0.5-xss_foliate/script/about +3 -0
  185. data/rails_test/rails-2.0.5-xss_foliate/script/console +3 -0
  186. data/rails_test/rails-2.0.5-xss_foliate/script/destroy +3 -0
  187. data/rails_test/rails-2.0.5-xss_foliate/script/generate +3 -0
  188. data/rails_test/rails-2.0.5-xss_foliate/script/performance/benchmarker +3 -0
  189. data/rails_test/rails-2.0.5-xss_foliate/script/performance/profiler +3 -0
  190. data/rails_test/rails-2.0.5-xss_foliate/script/performance/request +3 -0
  191. data/rails_test/rails-2.0.5-xss_foliate/script/plugin +3 -0
  192. data/rails_test/rails-2.0.5-xss_foliate/script/process/inspector +3 -0
  193. data/rails_test/rails-2.0.5-xss_foliate/script/process/reaper +3 -0
  194. data/rails_test/rails-2.0.5-xss_foliate/script/process/spawner +3 -0
  195. data/rails_test/rails-2.0.5-xss_foliate/script/runner +3 -0
  196. data/rails_test/rails-2.0.5-xss_foliate/script/server +3 -0
  197. data/rails_test/rails-2.0.5-xss_foliate/test/test_helper.rb +38 -0
  198. data/rails_test/rails-2.0.5-xss_foliate/test/unit/posts_test.rb +14 -0
  199. data/rails_test/rails-2.1.2-active_record/README +256 -0
  200. data/rails_test/rails-2.1.2-active_record/Rakefile +10 -0
  201. data/rails_test/rails-2.1.2-active_record/app/controllers/application.rb +15 -0
  202. data/rails_test/rails-2.1.2-active_record/app/helpers/application_helper.rb +3 -0
  203. data/rails_test/rails-2.1.2-active_record/app/models/post.rb +3 -0
  204. data/rails_test/rails-2.1.2-active_record/config/boot.rb +109 -0
  205. data/rails_test/rails-2.1.2-active_record/config/database.yml +22 -0
  206. data/rails_test/rails-2.1.2-active_record/config/environment.rb +67 -0
  207. data/rails_test/rails-2.1.2-active_record/config/environments/development.rb +17 -0
  208. data/rails_test/rails-2.1.2-active_record/config/environments/production.rb +22 -0
  209. data/rails_test/rails-2.1.2-active_record/config/environments/test.rb +22 -0
  210. data/rails_test/rails-2.1.2-active_record/config/initializers/inflections.rb +10 -0
  211. data/rails_test/rails-2.1.2-active_record/config/initializers/loofah.rb +1 -0
  212. data/rails_test/rails-2.1.2-active_record/config/initializers/mime_types.rb +5 -0
  213. data/rails_test/rails-2.1.2-active_record/config/initializers/new_rails_defaults.rb +17 -0
  214. data/rails_test/rails-2.1.2-active_record/config/routes.rb +43 -0
  215. data/rails_test/rails-2.1.2-active_record/db/migrate/1_create_posts.rb +11 -0
  216. data/rails_test/rails-2.1.2-active_record/public/404.html +30 -0
  217. data/rails_test/rails-2.1.2-active_record/public/422.html +30 -0
  218. data/rails_test/rails-2.1.2-active_record/public/500.html +30 -0
  219. data/rails_test/rails-2.1.2-active_record/public/dispatch.cgi +10 -0
  220. data/rails_test/rails-2.1.2-active_record/public/dispatch.fcgi +24 -0
  221. data/rails_test/rails-2.1.2-active_record/public/dispatch.rb +10 -0
  222. data/rails_test/rails-2.1.2-active_record/public/favicon.ico +0 -0
  223. data/rails_test/rails-2.1.2-active_record/public/images/rails.png +0 -0
  224. data/rails_test/rails-2.1.2-active_record/public/index.html +274 -0
  225. data/rails_test/rails-2.1.2-active_record/public/javascripts/application.js +2 -0
  226. data/rails_test/rails-2.1.2-active_record/public/javascripts/controls.js +963 -0
  227. data/rails_test/rails-2.1.2-active_record/public/javascripts/dragdrop.js +972 -0
  228. data/rails_test/rails-2.1.2-active_record/public/javascripts/effects.js +1120 -0
  229. data/rails_test/rails-2.1.2-active_record/public/javascripts/prototype.js +4225 -0
  230. data/rails_test/rails-2.1.2-active_record/public/robots.txt +5 -0
  231. data/rails_test/rails-2.1.2-active_record/script/about +4 -0
  232. data/rails_test/rails-2.1.2-active_record/script/console +3 -0
  233. data/rails_test/rails-2.1.2-active_record/script/dbconsole +3 -0
  234. data/rails_test/rails-2.1.2-active_record/script/destroy +3 -0
  235. data/rails_test/rails-2.1.2-active_record/script/generate +3 -0
  236. data/rails_test/rails-2.1.2-active_record/script/performance/benchmarker +3 -0
  237. data/rails_test/rails-2.1.2-active_record/script/performance/profiler +3 -0
  238. data/rails_test/rails-2.1.2-active_record/script/performance/request +3 -0
  239. data/rails_test/rails-2.1.2-active_record/script/plugin +3 -0
  240. data/rails_test/rails-2.1.2-active_record/script/process/inspector +3 -0
  241. data/rails_test/rails-2.1.2-active_record/script/process/reaper +3 -0
  242. data/rails_test/rails-2.1.2-active_record/script/process/spawner +3 -0
  243. data/rails_test/rails-2.1.2-active_record/script/runner +3 -0
  244. data/rails_test/rails-2.1.2-active_record/script/server +3 -0
  245. data/rails_test/rails-2.1.2-active_record/test/test_helper.rb +38 -0
  246. data/rails_test/rails-2.1.2-active_record/test/unit/posts_test.rb +15 -0
  247. data/rails_test/rails-2.1.2-xss_foliate/README +256 -0
  248. data/rails_test/rails-2.1.2-xss_foliate/Rakefile +10 -0
  249. data/rails_test/rails-2.1.2-xss_foliate/app/controllers/application.rb +15 -0
  250. data/rails_test/rails-2.1.2-xss_foliate/app/helpers/application_helper.rb +3 -0
  251. data/rails_test/rails-2.1.2-xss_foliate/app/models/post.rb +2 -0
  252. data/rails_test/rails-2.1.2-xss_foliate/config/boot.rb +109 -0
  253. data/rails_test/rails-2.1.2-xss_foliate/config/database.yml +22 -0
  254. data/rails_test/rails-2.1.2-xss_foliate/config/environment.rb +67 -0
  255. data/rails_test/rails-2.1.2-xss_foliate/config/environments/development.rb +17 -0
  256. data/rails_test/rails-2.1.2-xss_foliate/config/environments/production.rb +22 -0
  257. data/rails_test/rails-2.1.2-xss_foliate/config/environments/test.rb +22 -0
  258. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/inflections.rb +10 -0
  259. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/loofah.rb +2 -0
  260. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/mime_types.rb +5 -0
  261. data/rails_test/rails-2.1.2-xss_foliate/config/initializers/new_rails_defaults.rb +17 -0
  262. data/rails_test/rails-2.1.2-xss_foliate/config/routes.rb +43 -0
  263. data/rails_test/rails-2.1.2-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  264. data/rails_test/rails-2.1.2-xss_foliate/public/404.html +30 -0
  265. data/rails_test/rails-2.1.2-xss_foliate/public/422.html +30 -0
  266. data/rails_test/rails-2.1.2-xss_foliate/public/500.html +30 -0
  267. data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.cgi +10 -0
  268. data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.fcgi +24 -0
  269. data/rails_test/rails-2.1.2-xss_foliate/public/dispatch.rb +10 -0
  270. data/rails_test/rails-2.1.2-xss_foliate/public/favicon.ico +0 -0
  271. data/rails_test/rails-2.1.2-xss_foliate/public/images/rails.png +0 -0
  272. data/rails_test/rails-2.1.2-xss_foliate/public/index.html +274 -0
  273. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/application.js +2 -0
  274. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/controls.js +963 -0
  275. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/dragdrop.js +972 -0
  276. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/effects.js +1120 -0
  277. data/rails_test/rails-2.1.2-xss_foliate/public/javascripts/prototype.js +4225 -0
  278. data/rails_test/rails-2.1.2-xss_foliate/public/robots.txt +5 -0
  279. data/rails_test/rails-2.1.2-xss_foliate/script/about +4 -0
  280. data/rails_test/rails-2.1.2-xss_foliate/script/console +3 -0
  281. data/rails_test/rails-2.1.2-xss_foliate/script/dbconsole +3 -0
  282. data/rails_test/rails-2.1.2-xss_foliate/script/destroy +3 -0
  283. data/rails_test/rails-2.1.2-xss_foliate/script/generate +3 -0
  284. data/rails_test/rails-2.1.2-xss_foliate/script/performance/benchmarker +3 -0
  285. data/rails_test/rails-2.1.2-xss_foliate/script/performance/profiler +3 -0
  286. data/rails_test/rails-2.1.2-xss_foliate/script/performance/request +3 -0
  287. data/rails_test/rails-2.1.2-xss_foliate/script/plugin +3 -0
  288. data/rails_test/rails-2.1.2-xss_foliate/script/process/inspector +3 -0
  289. data/rails_test/rails-2.1.2-xss_foliate/script/process/reaper +3 -0
  290. data/rails_test/rails-2.1.2-xss_foliate/script/process/spawner +3 -0
  291. data/rails_test/rails-2.1.2-xss_foliate/script/runner +3 -0
  292. data/rails_test/rails-2.1.2-xss_foliate/script/server +3 -0
  293. data/rails_test/rails-2.1.2-xss_foliate/test/test_helper.rb +38 -0
  294. data/rails_test/rails-2.1.2-xss_foliate/test/unit/posts_test.rb +14 -0
  295. data/rails_test/rails-2.2.2-active_record/README +256 -0
  296. data/rails_test/rails-2.2.2-active_record/Rakefile +10 -0
  297. data/rails_test/rails-2.2.2-active_record/app/controllers/application.rb +15 -0
  298. data/rails_test/rails-2.2.2-active_record/app/helpers/application_helper.rb +3 -0
  299. data/rails_test/rails-2.2.2-active_record/app/models/post.rb +3 -0
  300. data/rails_test/rails-2.2.2-active_record/config/boot.rb +109 -0
  301. data/rails_test/rails-2.2.2-active_record/config/database.yml +22 -0
  302. data/rails_test/rails-2.2.2-active_record/config/environment.rb +75 -0
  303. data/rails_test/rails-2.2.2-active_record/config/environments/development.rb +17 -0
  304. data/rails_test/rails-2.2.2-active_record/config/environments/production.rb +24 -0
  305. data/rails_test/rails-2.2.2-active_record/config/environments/test.rb +22 -0
  306. data/rails_test/rails-2.2.2-active_record/config/initializers/inflections.rb +10 -0
  307. data/rails_test/rails-2.2.2-active_record/config/initializers/loofah.rb +1 -0
  308. data/rails_test/rails-2.2.2-active_record/config/initializers/mime_types.rb +5 -0
  309. data/rails_test/rails-2.2.2-active_record/config/initializers/new_rails_defaults.rb +17 -0
  310. data/rails_test/rails-2.2.2-active_record/config/locales/en.yml +5 -0
  311. data/rails_test/rails-2.2.2-active_record/config/routes.rb +43 -0
  312. data/rails_test/rails-2.2.2-active_record/db/migrate/1_create_posts.rb +11 -0
  313. data/rails_test/rails-2.2.2-active_record/public/404.html +30 -0
  314. data/rails_test/rails-2.2.2-active_record/public/422.html +30 -0
  315. data/rails_test/rails-2.2.2-active_record/public/500.html +33 -0
  316. data/rails_test/rails-2.2.2-active_record/public/dispatch.cgi +10 -0
  317. data/rails_test/rails-2.2.2-active_record/public/dispatch.fcgi +24 -0
  318. data/rails_test/rails-2.2.2-active_record/public/dispatch.rb +10 -0
  319. data/rails_test/rails-2.2.2-active_record/public/favicon.ico +0 -0
  320. data/rails_test/rails-2.2.2-active_record/public/images/rails.png +0 -0
  321. data/rails_test/rails-2.2.2-active_record/public/index.html +274 -0
  322. data/rails_test/rails-2.2.2-active_record/public/javascripts/application.js +2 -0
  323. data/rails_test/rails-2.2.2-active_record/public/javascripts/controls.js +963 -0
  324. data/rails_test/rails-2.2.2-active_record/public/javascripts/dragdrop.js +973 -0
  325. data/rails_test/rails-2.2.2-active_record/public/javascripts/effects.js +1128 -0
  326. data/rails_test/rails-2.2.2-active_record/public/javascripts/prototype.js +4320 -0
  327. data/rails_test/rails-2.2.2-active_record/public/robots.txt +5 -0
  328. data/rails_test/rails-2.2.2-active_record/script/about +4 -0
  329. data/rails_test/rails-2.2.2-active_record/script/console +3 -0
  330. data/rails_test/rails-2.2.2-active_record/script/dbconsole +3 -0
  331. data/rails_test/rails-2.2.2-active_record/script/destroy +3 -0
  332. data/rails_test/rails-2.2.2-active_record/script/generate +3 -0
  333. data/rails_test/rails-2.2.2-active_record/script/performance/benchmarker +3 -0
  334. data/rails_test/rails-2.2.2-active_record/script/performance/profiler +3 -0
  335. data/rails_test/rails-2.2.2-active_record/script/performance/request +3 -0
  336. data/rails_test/rails-2.2.2-active_record/script/plugin +3 -0
  337. data/rails_test/rails-2.2.2-active_record/script/process/inspector +3 -0
  338. data/rails_test/rails-2.2.2-active_record/script/process/reaper +3 -0
  339. data/rails_test/rails-2.2.2-active_record/script/process/spawner +3 -0
  340. data/rails_test/rails-2.2.2-active_record/script/runner +3 -0
  341. data/rails_test/rails-2.2.2-active_record/script/server +3 -0
  342. data/rails_test/rails-2.2.2-active_record/test/performance/browsing_test.rb +9 -0
  343. data/rails_test/rails-2.2.2-active_record/test/test_helper.rb +38 -0
  344. data/rails_test/rails-2.2.2-active_record/test/unit/posts_test.rb +15 -0
  345. data/rails_test/rails-2.2.2-xss_foliate/README +256 -0
  346. data/rails_test/rails-2.2.2-xss_foliate/Rakefile +10 -0
  347. data/rails_test/rails-2.2.2-xss_foliate/app/controllers/application.rb +15 -0
  348. data/rails_test/rails-2.2.2-xss_foliate/app/helpers/application_helper.rb +3 -0
  349. data/rails_test/rails-2.2.2-xss_foliate/app/models/post.rb +2 -0
  350. data/rails_test/rails-2.2.2-xss_foliate/config/boot.rb +109 -0
  351. data/rails_test/rails-2.2.2-xss_foliate/config/database.yml +22 -0
  352. data/rails_test/rails-2.2.2-xss_foliate/config/environment.rb +75 -0
  353. data/rails_test/rails-2.2.2-xss_foliate/config/environments/development.rb +17 -0
  354. data/rails_test/rails-2.2.2-xss_foliate/config/environments/production.rb +24 -0
  355. data/rails_test/rails-2.2.2-xss_foliate/config/environments/test.rb +22 -0
  356. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/inflections.rb +10 -0
  357. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/loofah.rb +2 -0
  358. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/mime_types.rb +5 -0
  359. data/rails_test/rails-2.2.2-xss_foliate/config/initializers/new_rails_defaults.rb +17 -0
  360. data/rails_test/rails-2.2.2-xss_foliate/config/locales/en.yml +5 -0
  361. data/rails_test/rails-2.2.2-xss_foliate/config/routes.rb +43 -0
  362. data/rails_test/rails-2.2.2-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  363. data/rails_test/rails-2.2.2-xss_foliate/public/404.html +30 -0
  364. data/rails_test/rails-2.2.2-xss_foliate/public/422.html +30 -0
  365. data/rails_test/rails-2.2.2-xss_foliate/public/500.html +33 -0
  366. data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.cgi +10 -0
  367. data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.fcgi +24 -0
  368. data/rails_test/rails-2.2.2-xss_foliate/public/dispatch.rb +10 -0
  369. data/rails_test/rails-2.2.2-xss_foliate/public/favicon.ico +0 -0
  370. data/rails_test/rails-2.2.2-xss_foliate/public/images/rails.png +0 -0
  371. data/rails_test/rails-2.2.2-xss_foliate/public/index.html +274 -0
  372. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/application.js +2 -0
  373. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/controls.js +963 -0
  374. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/dragdrop.js +973 -0
  375. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/effects.js +1128 -0
  376. data/rails_test/rails-2.2.2-xss_foliate/public/javascripts/prototype.js +4320 -0
  377. data/rails_test/rails-2.2.2-xss_foliate/public/robots.txt +5 -0
  378. data/rails_test/rails-2.2.2-xss_foliate/script/about +4 -0
  379. data/rails_test/rails-2.2.2-xss_foliate/script/console +3 -0
  380. data/rails_test/rails-2.2.2-xss_foliate/script/dbconsole +3 -0
  381. data/rails_test/rails-2.2.2-xss_foliate/script/destroy +3 -0
  382. data/rails_test/rails-2.2.2-xss_foliate/script/generate +3 -0
  383. data/rails_test/rails-2.2.2-xss_foliate/script/performance/benchmarker +3 -0
  384. data/rails_test/rails-2.2.2-xss_foliate/script/performance/profiler +3 -0
  385. data/rails_test/rails-2.2.2-xss_foliate/script/performance/request +3 -0
  386. data/rails_test/rails-2.2.2-xss_foliate/script/plugin +3 -0
  387. data/rails_test/rails-2.2.2-xss_foliate/script/process/inspector +3 -0
  388. data/rails_test/rails-2.2.2-xss_foliate/script/process/reaper +3 -0
  389. data/rails_test/rails-2.2.2-xss_foliate/script/process/spawner +3 -0
  390. data/rails_test/rails-2.2.2-xss_foliate/script/runner +3 -0
  391. data/rails_test/rails-2.2.2-xss_foliate/script/server +3 -0
  392. data/rails_test/rails-2.2.2-xss_foliate/test/performance/browsing_test.rb +9 -0
  393. data/rails_test/rails-2.2.2-xss_foliate/test/test_helper.rb +38 -0
  394. data/rails_test/rails-2.2.2-xss_foliate/test/unit/posts_test.rb +14 -0
  395. data/rails_test/rails-2.3.8-active_record/README +243 -0
  396. data/rails_test/rails-2.3.8-active_record/Rakefile +10 -0
  397. data/rails_test/rails-2.3.8-active_record/app/controllers/application_controller.rb +10 -0
  398. data/rails_test/rails-2.3.8-active_record/app/helpers/application_helper.rb +3 -0
  399. data/rails_test/rails-2.3.8-active_record/app/models/post.rb +3 -0
  400. data/rails_test/rails-2.3.8-active_record/config/boot.rb +110 -0
  401. data/rails_test/rails-2.3.8-active_record/config/database.yml +22 -0
  402. data/rails_test/rails-2.3.8-active_record/config/environment.rb +41 -0
  403. data/rails_test/rails-2.3.8-active_record/config/environments/development.rb +17 -0
  404. data/rails_test/rails-2.3.8-active_record/config/environments/production.rb +28 -0
  405. data/rails_test/rails-2.3.8-active_record/config/environments/test.rb +28 -0
  406. data/rails_test/rails-2.3.8-active_record/config/initializers/backtrace_silencers.rb +7 -0
  407. data/rails_test/rails-2.3.8-active_record/config/initializers/cookie_verification_secret.rb +7 -0
  408. data/rails_test/rails-2.3.8-active_record/config/initializers/inflections.rb +10 -0
  409. data/rails_test/rails-2.3.8-active_record/config/initializers/loofah.rb +1 -0
  410. data/rails_test/rails-2.3.8-active_record/config/initializers/mime_types.rb +5 -0
  411. data/rails_test/rails-2.3.8-active_record/config/initializers/new_rails_defaults.rb +21 -0
  412. data/rails_test/rails-2.3.8-active_record/config/initializers/session_store.rb +15 -0
  413. data/rails_test/rails-2.3.8-active_record/config/locales/en.yml +5 -0
  414. data/rails_test/rails-2.3.8-active_record/config/routes.rb +43 -0
  415. data/rails_test/rails-2.3.8-active_record/db/migrate/1_create_posts.rb +11 -0
  416. data/rails_test/rails-2.3.8-active_record/db/seeds.rb +7 -0
  417. data/rails_test/rails-2.3.8-active_record/public/404.html +30 -0
  418. data/rails_test/rails-2.3.8-active_record/public/422.html +30 -0
  419. data/rails_test/rails-2.3.8-active_record/public/500.html +30 -0
  420. data/rails_test/rails-2.3.8-active_record/public/favicon.ico +0 -0
  421. data/rails_test/rails-2.3.8-active_record/public/images/rails.png +0 -0
  422. data/rails_test/rails-2.3.8-active_record/public/index.html +275 -0
  423. data/rails_test/rails-2.3.8-active_record/public/javascripts/application.js +2 -0
  424. data/rails_test/rails-2.3.8-active_record/public/javascripts/controls.js +963 -0
  425. data/rails_test/rails-2.3.8-active_record/public/javascripts/dragdrop.js +973 -0
  426. data/rails_test/rails-2.3.8-active_record/public/javascripts/effects.js +1128 -0
  427. data/rails_test/rails-2.3.8-active_record/public/javascripts/prototype.js +4320 -0
  428. data/rails_test/rails-2.3.8-active_record/public/robots.txt +5 -0
  429. data/rails_test/rails-2.3.8-active_record/script/about +4 -0
  430. data/rails_test/rails-2.3.8-active_record/script/console +3 -0
  431. data/rails_test/rails-2.3.8-active_record/script/dbconsole +3 -0
  432. data/rails_test/rails-2.3.8-active_record/script/destroy +3 -0
  433. data/rails_test/rails-2.3.8-active_record/script/generate +3 -0
  434. data/rails_test/rails-2.3.8-active_record/script/performance/benchmarker +3 -0
  435. data/rails_test/rails-2.3.8-active_record/script/performance/profiler +3 -0
  436. data/rails_test/rails-2.3.8-active_record/script/plugin +3 -0
  437. data/rails_test/rails-2.3.8-active_record/script/runner +3 -0
  438. data/rails_test/rails-2.3.8-active_record/script/server +3 -0
  439. data/rails_test/rails-2.3.8-active_record/test/performance/browsing_test.rb +9 -0
  440. data/rails_test/rails-2.3.8-active_record/test/test_helper.rb +38 -0
  441. data/rails_test/rails-2.3.8-active_record/test/unit/posts_test.rb +15 -0
  442. data/rails_test/rails-2.3.8-xss_foliate/README +243 -0
  443. data/rails_test/rails-2.3.8-xss_foliate/Rakefile +10 -0
  444. data/rails_test/rails-2.3.8-xss_foliate/app/controllers/application_controller.rb +10 -0
  445. data/rails_test/rails-2.3.8-xss_foliate/app/helpers/application_helper.rb +3 -0
  446. data/rails_test/rails-2.3.8-xss_foliate/app/models/post.rb +2 -0
  447. data/rails_test/rails-2.3.8-xss_foliate/config/boot.rb +110 -0
  448. data/rails_test/rails-2.3.8-xss_foliate/config/database.yml +22 -0
  449. data/rails_test/rails-2.3.8-xss_foliate/config/environment.rb +41 -0
  450. data/rails_test/rails-2.3.8-xss_foliate/config/environments/development.rb +17 -0
  451. data/rails_test/rails-2.3.8-xss_foliate/config/environments/production.rb +28 -0
  452. data/rails_test/rails-2.3.8-xss_foliate/config/environments/test.rb +28 -0
  453. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/backtrace_silencers.rb +7 -0
  454. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/cookie_verification_secret.rb +7 -0
  455. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/inflections.rb +10 -0
  456. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/loofah.rb +2 -0
  457. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/mime_types.rb +5 -0
  458. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/new_rails_defaults.rb +21 -0
  459. data/rails_test/rails-2.3.8-xss_foliate/config/initializers/session_store.rb +15 -0
  460. data/rails_test/rails-2.3.8-xss_foliate/config/locales/en.yml +5 -0
  461. data/rails_test/rails-2.3.8-xss_foliate/config/routes.rb +43 -0
  462. data/rails_test/rails-2.3.8-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  463. data/rails_test/rails-2.3.8-xss_foliate/db/seeds.rb +7 -0
  464. data/rails_test/rails-2.3.8-xss_foliate/public/404.html +30 -0
  465. data/rails_test/rails-2.3.8-xss_foliate/public/422.html +30 -0
  466. data/rails_test/rails-2.3.8-xss_foliate/public/500.html +30 -0
  467. data/rails_test/rails-2.3.8-xss_foliate/public/favicon.ico +0 -0
  468. data/rails_test/rails-2.3.8-xss_foliate/public/images/rails.png +0 -0
  469. data/rails_test/rails-2.3.8-xss_foliate/public/index.html +275 -0
  470. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/application.js +2 -0
  471. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/controls.js +963 -0
  472. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/dragdrop.js +973 -0
  473. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/effects.js +1128 -0
  474. data/rails_test/rails-2.3.8-xss_foliate/public/javascripts/prototype.js +4320 -0
  475. data/rails_test/rails-2.3.8-xss_foliate/public/robots.txt +5 -0
  476. data/rails_test/rails-2.3.8-xss_foliate/script/about +4 -0
  477. data/rails_test/rails-2.3.8-xss_foliate/script/console +3 -0
  478. data/rails_test/rails-2.3.8-xss_foliate/script/dbconsole +3 -0
  479. data/rails_test/rails-2.3.8-xss_foliate/script/destroy +3 -0
  480. data/rails_test/rails-2.3.8-xss_foliate/script/generate +3 -0
  481. data/rails_test/rails-2.3.8-xss_foliate/script/performance/benchmarker +3 -0
  482. data/rails_test/rails-2.3.8-xss_foliate/script/performance/profiler +3 -0
  483. data/rails_test/rails-2.3.8-xss_foliate/script/plugin +3 -0
  484. data/rails_test/rails-2.3.8-xss_foliate/script/runner +3 -0
  485. data/rails_test/rails-2.3.8-xss_foliate/script/server +3 -0
  486. data/rails_test/rails-2.3.8-xss_foliate/test/performance/browsing_test.rb +9 -0
  487. data/rails_test/rails-2.3.8-xss_foliate/test/test_helper.rb +38 -0
  488. data/rails_test/rails-2.3.8-xss_foliate/test/unit/posts_test.rb +14 -0
  489. data/rails_test/rails-3.0.0.beta4-active_record/README +281 -0
  490. data/rails_test/rails-3.0.0.beta4-active_record/Rakefile +7 -0
  491. data/rails_test/rails-3.0.0.beta4-active_record/app/controllers/application_controller.rb +4 -0
  492. data/rails_test/rails-3.0.0.beta4-active_record/app/helpers/application_helper.rb +2 -0
  493. data/rails_test/rails-3.0.0.beta4-active_record/app/models/post.rb +3 -0
  494. data/rails_test/rails-3.0.0.beta4-active_record/app/views/layouts/application.html.erb +14 -0
  495. data/rails_test/rails-3.0.0.beta4-active_record/config.ru +4 -0
  496. data/rails_test/rails-3.0.0.beta4-active_record/config/application.rb +46 -0
  497. data/rails_test/rails-3.0.0.beta4-active_record/config/boot.rb +13 -0
  498. data/rails_test/rails-3.0.0.beta4-active_record/config/database.yml +22 -0
  499. data/rails_test/rails-3.0.0.beta4-active_record/config/environment.rb +5 -0
  500. data/rails_test/rails-3.0.0.beta4-active_record/config/environments/development.rb +19 -0
  501. data/rails_test/rails-3.0.0.beta4-active_record/config/environments/production.rb +46 -0
  502. data/rails_test/rails-3.0.0.beta4-active_record/config/environments/test.rb +32 -0
  503. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/backtrace_silencers.rb +7 -0
  504. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/inflections.rb +10 -0
  505. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/mime_types.rb +5 -0
  506. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/secret_token.rb +7 -0
  507. data/rails_test/rails-3.0.0.beta4-active_record/config/initializers/session_store.rb +8 -0
  508. data/rails_test/rails-3.0.0.beta4-active_record/config/locales/en.yml +5 -0
  509. data/rails_test/rails-3.0.0.beta4-active_record/config/routes.rb +58 -0
  510. data/rails_test/rails-3.0.0.beta4-active_record/db/migrate/1_create_posts.rb +11 -0
  511. data/rails_test/rails-3.0.0.beta4-active_record/db/seeds.rb +7 -0
  512. data/rails_test/rails-3.0.0.beta4-active_record/public/404.html +26 -0
  513. data/rails_test/rails-3.0.0.beta4-active_record/public/422.html +26 -0
  514. data/rails_test/rails-3.0.0.beta4-active_record/public/500.html +26 -0
  515. data/rails_test/rails-3.0.0.beta4-active_record/public/favicon.ico +0 -0
  516. data/rails_test/rails-3.0.0.beta4-active_record/public/images/rails.png +0 -0
  517. data/rails_test/rails-3.0.0.beta4-active_record/public/index.html +279 -0
  518. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/application.js +2 -0
  519. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/controls.js +965 -0
  520. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/dragdrop.js +974 -0
  521. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/effects.js +1123 -0
  522. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/prototype.js +4874 -0
  523. data/rails_test/rails-3.0.0.beta4-active_record/public/javascripts/rails.js +118 -0
  524. data/rails_test/rails-3.0.0.beta4-active_record/public/robots.txt +5 -0
  525. data/rails_test/rails-3.0.0.beta4-active_record/script/rails +6 -0
  526. data/rails_test/rails-3.0.0.beta4-active_record/test/performance/browsing_test.rb +9 -0
  527. data/rails_test/rails-3.0.0.beta4-active_record/test/test_helper.rb +13 -0
  528. data/rails_test/rails-3.0.0.beta4-active_record/test/unit/posts_test.rb +15 -0
  529. data/rails_test/rails-3.0.0.beta4-xss_foliate/README +281 -0
  530. data/rails_test/rails-3.0.0.beta4-xss_foliate/Rakefile +7 -0
  531. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/controllers/application_controller.rb +4 -0
  532. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/helpers/application_helper.rb +2 -0
  533. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/models/post.rb +2 -0
  534. data/rails_test/rails-3.0.0.beta4-xss_foliate/app/views/layouts/application.html.erb +14 -0
  535. data/rails_test/rails-3.0.0.beta4-xss_foliate/config.ru +4 -0
  536. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/application.rb +46 -0
  537. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/boot.rb +13 -0
  538. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/database.yml +22 -0
  539. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environment.rb +5 -0
  540. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/development.rb +19 -0
  541. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/production.rb +46 -0
  542. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/environments/test.rb +32 -0
  543. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/backtrace_silencers.rb +7 -0
  544. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/inflections.rb +10 -0
  545. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/loofah.rb +2 -0
  546. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/mime_types.rb +5 -0
  547. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/secret_token.rb +7 -0
  548. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/initializers/session_store.rb +8 -0
  549. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/locales/en.yml +5 -0
  550. data/rails_test/rails-3.0.0.beta4-xss_foliate/config/routes.rb +58 -0
  551. data/rails_test/rails-3.0.0.beta4-xss_foliate/db/migrate/1_create_posts.rb +11 -0
  552. data/rails_test/rails-3.0.0.beta4-xss_foliate/db/seeds.rb +7 -0
  553. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/404.html +26 -0
  554. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/422.html +26 -0
  555. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/500.html +26 -0
  556. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/favicon.ico +0 -0
  557. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/images/rails.png +0 -0
  558. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/index.html +279 -0
  559. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/application.js +2 -0
  560. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/controls.js +965 -0
  561. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/dragdrop.js +974 -0
  562. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/effects.js +1123 -0
  563. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/prototype.js +4874 -0
  564. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/javascripts/rails.js +118 -0
  565. data/rails_test/rails-3.0.0.beta4-xss_foliate/public/robots.txt +5 -0
  566. data/rails_test/rails-3.0.0.beta4-xss_foliate/script/rails +6 -0
  567. data/rails_test/rails-3.0.0.beta4-xss_foliate/test/performance/browsing_test.rb +9 -0
  568. data/rails_test/rails-3.0.0.beta4-xss_foliate/test/test_helper.rb +13 -0
  569. data/rails_test/rails-3.0.0.beta4-xss_foliate/test/unit/posts_test.rb +14 -0
  570. data/test/helper.rb +9 -0
  571. data/test/unit/test_active_record.rb +141 -0
  572. data/test/unit/test_xss_foliate.rb +215 -0
  573. metadata +772 -0
data/README.rdoc ADDED
@@ -0,0 +1,110 @@
1
+ = loofah-activerecord
2
+
3
+ * http://github.com/flavorjones/loofah-activerecord
4
+ * http://loofah.rubyforge.org
5
+ * http://rubyforge.org/projects/loofah
6
+
7
+ == Description
8
+
9
+ loofah-activerecord extends loofah's HTML sanitization into Rails
10
+ ActiveRecord models.
11
+
12
+ == Features
13
+
14
+ * Two ActiveRecord extensions:
15
+ * Loofah::XssFoliate, an XssTerminate[http://github.com/look/xss_terminate/tree/master] drop-in replacement, is an *opt-out* sanitizer. By default all models and attributes are sanitized.
16
+ * Loofah::ActiveRecordExtension is an *opt-in* sanitizer. You must explicitly declare attributes to be sanitized.
17
+
18
+ === ActiveRecord Extension \#1: Opt-In
19
+
20
+ See Loofah::ActiveRecordExtension for full documentation. The methods
21
+ mixed into ActiveRecord are:
22
+
23
+ * Loofah::ActiveRecordExtension.html_document
24
+ * Loofah::ActiveRecordExtension.html_fragment
25
+
26
+ which are used to declare how specific string and text attributes
27
+ should be scrubbed at +before_validation+.
28
+
29
+ # app/model/post.rb
30
+ class Post < ActiveRecord::Base
31
+ html_fragment :body, :scrub => :prune # scrubs 'body' at before_validation
32
+ end
33
+
34
+ === ActiveRecord Extension \#2: Opt-Out
35
+
36
+ See Loofah::XssFoliate::ClassMethods for more documentation. The methods mixed into ActiveRecord are:
37
+
38
+ * Loofah::XssFoliate::ClassMethods.xss_foliate
39
+ * Loofah::XssFoliate::ClassMethods.xss_foliated?
40
+
41
+ which are used to declare how specific string and text attributes
42
+ should be scrubbed at +before_validation+.
43
+
44
+ Attributes are stripped by default, unless another scrubber is
45
+ specified or the attribute is present in an +:except+ clause.
46
+
47
+ == Requirements
48
+
49
+ * Nokogiri >= 1.3.3
50
+ * Rails 2.3, 2.2, 2.1, 2.0 or 1.2 (if you're using the ActiveRecord extensions)
51
+
52
+ == Installation
53
+
54
+ Unsurprisingly:
55
+
56
+ * gem install loofah-activerecord
57
+
58
+ == Support
59
+
60
+ The bug tracker is available here (the Loofah project):
61
+
62
+ * http://github.com/flavorjones/loofah/issues
63
+
64
+ And the mailing list is on librelist (also the Loofah mailing list):
65
+
66
+ * loofah@librelist.com / http://librelist.com
67
+
68
+ And the IRC channel is \#loofah on freenode.
69
+
70
+ == Related Links
71
+
72
+ * Loofah: http://github.com/flavorjones/loofah
73
+ * XssTerminate: http://github.com/look/xss_terminate/tree/master
74
+
75
+ == Authors
76
+
77
+ * {Mike Dalessio}[http://mike.daless.io] (@flavorjones[http://twitter.com/flavorjones])
78
+
79
+ Featuring code contributed by:
80
+
81
+ * Josh Nichols
82
+ * Damon P. Cortesi
83
+
84
+ == Historical Note
85
+
86
+ This library was split out of the Loofah project for version 1.0.0.
87
+
88
+ == License
89
+
90
+ The MIT License
91
+
92
+ Copyright (c) 2009, 2010 by Mike Dalessio
93
+
94
+ Permission is hereby granted, free of charge, to any person obtaining a copy
95
+ of this software and associated documentation files (the "Software"), to deal
96
+ in the Software without restriction, including without limitation the rights
97
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
98
+ copies of the Software, and to permit persons to whom the Software is
99
+ furnished to do so, subject to the following conditions:
100
+
101
+ The above copyright notice and this permission notice shall be included in
102
+ all copies or substantial portions of the Software.
103
+
104
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
105
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
106
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
107
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
108
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
109
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
110
+ THE SOFTWARE.
data/Rakefile ADDED
@@ -0,0 +1,56 @@
1
+ require 'rubygems'
2
+ gem 'hoe', '>= 2.3.0'
3
+ require 'hoe'
4
+
5
+ Hoe.plugin :git
6
+ Hoe.plugin :bundler
7
+
8
+ Hoe.spec "loofah-activerecord" do
9
+ developer "Mike Dalessio", "mike.dalessio@gmail.com"
10
+
11
+ self.extra_rdoc_files = FileList["*.rdoc"]
12
+ self.history_file = "CHANGELOG.rdoc"
13
+ self.readme_file = "README.rdoc"
14
+
15
+ extra_deps << ["loofah", ">= 1.0.0.beta.1"]
16
+ extra_dev_deps << ["mocha", ">=0.9"]
17
+ extra_dev_deps << ["shoulda", ">=2.10"]
18
+ extra_dev_deps << ["acts_as_fu", ">=0.0.5"]
19
+ extra_dev_deps << ["sqlite3-ruby", ">=1.2"] # acts_as_fu dependency
20
+ end
21
+
22
+ load "rails_test/Rakefile"
23
+
24
+ task :gemspec do
25
+ system %q(rake debug_gem | grep -v "^\(in " > loofah-activerecord.gemspec)
26
+ end
27
+ task "test:rails" => :gemspec
28
+
29
+ task :redocs => :fix_css
30
+ task :docs => :fix_css
31
+ task :fix_css do
32
+ better_css = <<-EOT
33
+ .method-description pre {
34
+ margin : 1em 0 ;
35
+ }
36
+
37
+ .method-description ul {
38
+ padding : .5em 0 .5em 2em ;
39
+ }
40
+
41
+ .method-description p {
42
+ margin-top : .5em ;
43
+ }
44
+
45
+ #main ul, div#documentation ul {
46
+ list-style-type : disc ! IMPORTANT ;
47
+ list-style-position : inside ! IMPORTANT ;
48
+ }
49
+
50
+ h2 + ul {
51
+ margin-top : 1em;
52
+ }
53
+ EOT
54
+ puts "* fixing css"
55
+ File.open("doc/rdoc.css", "a") { |f| f.write better_css }
56
+ end
data/lib/loofah-activerecord.rb ADDED
@@ -0,0 +1,19 @@
1
+ $LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__))) unless $LOAD_PATH.include?(File.expand_path(File.dirname(__FILE__)))
2
+
3
+ require 'loofah'
4
+
5
+ module Loofah::ActiveRecord
6
+ VERSION = "1.0.0.beta.1"
7
+ end
8
+
9
+ if defined?(Rails) && Rails::VERSION::MAJOR == 3
10
+ require 'loofah-activerecord/railtie'
11
+ elsif defined? Rails.configuration and Rails.configuration.frameworks.include?([:active_record]) # >= 2.1
12
+ Rails.configuration.after_initialize do
13
+ require 'loofah-activerecord/active_record'
14
+ require 'loofah-activerecord/xss_foliate'
15
+ end
16
+ elsif defined? ActiveRecord::Base # <= 2.0
17
+ require 'loofah-activerecord/active_record'
18
+ require 'loofah-activerecord/xss_foliate'
19
+ end
data/lib/loofah-activerecord/active_record.rb ADDED
@@ -0,0 +1,60 @@
1
+ module Loofah
2
+ #
3
+ # Loofah can scrub ActiveRecord attributes in a before_validation callback:
4
+ #
5
+ # # config/initializers/loofah.rb
6
+ # require 'loofah'
7
+ #
8
+ # # db/schema.rb
9
+ # create_table "posts" do |t|
10
+ # t.string "title"
11
+ # t.string "body"
12
+ # end
13
+ #
14
+ # # app/model/post.rb
15
+ # class Post < ActiveRecord::Base
16
+ # html_fragment :body, :scrub => :prune # scrubs 'body' in a before_validation
17
+ # end
18
+ #
19
+ module ActiveRecordExtension
20
+ #
21
+ # :call-seq:
22
+ # html_fragment(attribute, :scrub => scrubber_specification)
23
+ #
24
+ # Scrub an ActiveRecord attribute +attribute+ as an HTML *fragment*
25
+ # using the method specified by +scrubber_specification+.
26
+ #
27
+ # +scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
28
+ #
29
+ # * a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
30
+ # * or a Scrubber instance. (see Loofah::Scrubber for help on implementing a custom scrubber)
31
+ #
32
+ def html_fragment(attr, options={})
33
+ raise ArgumentError, "html_fragment requires :scrub option" unless method = options[:scrub]
34
+ before_validation do |record|
35
+ record[attr] = Loofah.scrub_fragment(record[attr], method).to_s
36
+ end
37
+ end
38
+
39
+ #
40
+ # :call-seq:
41
+ # model.html_document(attribute, :scrub => scrubber_specification)
42
+ #
43
+ # Scrub an ActiveRecord attribute +attribute+ as an HTML *document*
44
+ # using the method specified by +scrubber_specification+.
45
+ #
46
+ # +scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
47
+ #
48
+ # * a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
49
+ # * or a Scrubber instance.
50
+ #
51
+ def html_document(attr, options={})
52
+ raise ArgumentError, "html_document requires :scrub option" unless method = options[:scrub]
53
+ before_validation do |record|
54
+ record[attr] = Loofah.scrub_document(record[attr], method).to_s
55
+ end
56
+ end
57
+ end
58
+ end
59
+
60
+ ActiveRecord::Base.extend(Loofah::ActiveRecordExtension)
data/lib/loofah-activerecord/railtie.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'rails'
2
+ module Loofah::ActiveRecord
3
+ class Railtie < Rails::Railtie
4
+ initializer "loofah-activerecord.initialize" do |app|
5
+ activerecord_railtie = app.railties.all.select {|railtie| railtie.class.to_s == "ActiveRecord::Railtie" }
6
+ if activerecord_railtie
7
+ require 'loofah-activerecord/active_record'
8
+ require 'loofah-activerecord/xss_foliate'
9
+ end
10
+ end
11
+ end
12
+ end
data/lib/loofah-activerecord/xss_foliate.rb ADDED
@@ -0,0 +1,207 @@
1
+ module Loofah
2
+ #
3
+ # A replacement for
4
+ # XssTerminate[http://github.com/look/xss_terminate/tree/master],
5
+ # XssFoliate will strip all tags from your ActiveRecord models'
6
+ # string and text attributes.
7
+ #
8
+ # Please read the Loofah documentation for an explanation of the
9
+ # different scrubbing methods, and
10
+ # Loofah::XssFoliate::ClassMethods for more information on the
11
+ # methods.
12
+ #
13
+ # If you'd like to scrub all fields in all your models (and perhaps *opt-out* in specific models):
14
+ #
15
+ # # config/initializers/loofah.rb
16
+ # require 'loofah'
17
+ # Loofah::XssFoliate.xss_foliate_all_models
18
+ #
19
+ # # db/schema.rb
20
+ # create_table "posts" do |t|
21
+ # t.string "title"
22
+ # t.text "body"
23
+ # t.string "author"
24
+ # end
25
+ #
26
+ # # app/model/post.rb
27
+ # class Post < ActiveRecord::Base
28
+ # # by default, title, body and author will all be scrubbed down to their inner text
29
+ # end
30
+ #
31
+ # OR
32
+ #
33
+ # # app/model/post.rb
34
+ # class Post < ActiveRecord::Base
35
+ # xss_foliate :except => :author # opt-out of sanitizing author
36
+ # end
37
+ #
38
+ # OR
39
+ #
40
+ # xss_foliate :strip => [:title, body] # strip unsafe tags from both title and body
41
+ #
42
+ # OR
43
+ #
44
+ # xss_foliate :except => :title # scrub body and author but not title
45
+ #
46
+ # OR
47
+ #
48
+ # # remove all tags from title, remove unsafe tags from body
49
+ # xss_foliate :sanitize => :title, :scrub => :body
50
+ #
51
+ # OR
52
+ #
53
+ # # old xss_terminate code will work if you s/_terminate/_foliate/
54
+ # # was: xss_terminate :except => [:title], :sanitize => [:body]
55
+ # xss_foliate :except => [:title], :sanitize => [:body]
56
+ #
57
+ # Alternatively, if you would like to *opt-in* to the models and attributes that are sanitized:
58
+ #
59
+ # # config/initializers/loofah.rb
60
+ # require 'loofah'
61
+ # ## note omission of call to Loofah::XssFoliate.xss_foliate_all_models
62
+ #
63
+ # # db/schema.rb
64
+ # create_table "posts" do |t|
65
+ # t.string "title"
66
+ # t.text "body"
67
+ # t.string "author"
68
+ # end
69
+ #
70
+ # # app/model/post.rb
71
+ # class Post < ActiveRecord::Base
72
+ # xss_foliate # scrub title, body and author down to their inner text
73
+ # end
74
+ #
75
+ module XssFoliate
76
+ #
77
+ # A replacement for
78
+ # XssTerminate[http://github.com/look/xss_terminate/tree/master],
79
+ # XssFoliate will strip all tags from your ActiveRecord models'
80
+ # string and text attributes.
81
+ #
82
+ # See Loofah::XssFoliate for more example usage.
83
+ #
84
+ module ClassMethods
85
+ # :stopdoc:
86
+ VALID_OPTIONS = [:except, :html5lib_sanitize, :sanitize] + Loofah::Scrubbers.scrubber_symbols
87
+ ALIASED_OPTIONS = {:html5lib_sanitize => :escape, :sanitize => :strip}
88
+ REAL_OPTIONS = VALID_OPTIONS - ALIASED_OPTIONS.keys
89
+ # :startdoc:
90
+
91
+ #
92
+ # Annotate your model with this method to specify which fields
93
+ # you want scrubbed, and how you want them scrubbed. XssFoliate
94
+ # assumes all character fields are HTML fragments (as opposed to
95
+ # full documents, see the Loofah[http://loofah.rubyforge.org/]
96
+ # documentation for a full explanation of the difference).
97
+ #
98
+ # Example call:
99
+ #
100
+ # xss_foliate :except => :author, :strip => :body, :prune => [:title, :description]
101
+ #
102
+ # *Note* that the values in the options hash can be either an
103
+ # array of attributes or a single attribute.
104
+ #
105
+ # Options:
106
+ #
107
+ # :except => [fields] # don't scrub these fields
108
+ # :strip => [fields] # strip unsafe tags from these fields
109
+ # :escape => [fields] # escape unsafe tags from these fields
110
+ # :prune => [fields] # prune unsafe tags and subtrees from these fields
111
+ # :text => [fields] # remove everything except the inner text from these fields
112
+ #
113
+ # XssTerminate compatibility options (note that the default
114
+ # behavior in XssTerminate corresponds to :text)
115
+ #
116
+ # :html5lib_sanitize => [fields] # same as :escape
117
+ # :sanitize => [fields] # same as :strip
118
+ #
119
+ # The default is :text for all fields unless otherwise specified.
120
+ #
121
+ def xss_foliate(options = {})
122
+ callback_already_declared = \
123
+ if respond_to?(:before_validation_callback_chain)
124
+ # Rails 2.1 and later
125
+ before_validation_callback_chain.any? {|cb| cb.method == :xss_foliate_fields}
126
+ else
127
+ # Rails 2.0
128
+ cbs = read_inheritable_attribute(:before_validation)
129
+ (! cbs.nil?) && cbs.any? {|cb| cb == :xss_foliate_fields}
130
+ end
131
+
132
+ unless callback_already_declared
133
+ before_validation :xss_foliate_fields
134
+ class_inheritable_reader :xss_foliate_options
135
+ include XssFoliate::InstanceMethods
136
+ end
137
+
138
+ options.keys.each do |option|
139
+ raise ArgumentError, "unknown xss_foliate option #{option}" unless VALID_OPTIONS.include?(option)
140
+ end
141
+
142
+ REAL_OPTIONS.each do |option|
143
+ options[option] = Array(options[option]).collect { |val| val.to_sym }
144
+ end
145
+
146
+ ALIASED_OPTIONS.each do |option, real|
147
+ options[real] += Array(options.delete(option)).collect { |val| val.to_sym } if options[option]
148
+ end
149
+
150
+ write_inheritable_attribute(:xss_foliate_options, options)
151
+ end
152
+
153
+ #
154
+ # Class method to determine whether or not this model is applying
155
+ # xss_foliation to its attributes. Could be useful in test suites.
156
+ #
157
+ def xss_foliated?
158
+ options = read_inheritable_attribute(:xss_foliate_options)
159
+ ! (options.nil? || options.empty?)
160
+ end
161
+ end
162
+
163
+ module InstanceMethods
164
+ def xss_foliate_fields # :nodoc:
165
+ # fix a bug with Rails internal AR::Base models that get loaded before
166
+ # the plugin, like CGI::Sessions::ActiveRecordStore::Session
167
+ return if xss_foliate_options.nil?
168
+
169
+ self.class.columns.each do |column|
170
+ next unless (column.type == :string || column.type == :text)
171
+
172
+ field = column.name.to_sym
173
+ value = self[field]
174
+
175
+ next if value.nil? || !value.is_a?(String)
176
+
177
+ next if xss_foliate_options[:except].include?(field)
178
+
179
+ next if xss_foliated_with_standard_scrubber(field)
180
+
181
+ # :text if we're here
182
+ fragment = Loofah.scrub_fragment(value, :strip)
183
+ self[field] = fragment.nil? ? "" : fragment.text
184
+ end
185
+ end
186
+
187
+ private
188
+
189
+ def xss_foliated_with_standard_scrubber(field)
190
+ Loofah::Scrubbers.scrubber_symbols.each do |method|
191
+ if xss_foliate_options[method].include?(field)
192
+ fragment = Loofah.scrub_fragment(self[field], method)
193
+ self[field] = fragment.nil? ? "" : fragment.to_s
194
+ return true
195
+ end
196
+ end
197
+ false
198
+ end
199
+ end
200
+
201
+ def self.xss_foliate_all_models
202
+ ::ActiveRecord::Base.xss_foliate
203
+ end
204
+ end
205
+ end
206
+
207
+ ::ActiveRecord::Base.extend(Loofah::XssFoliate::ClassMethods)