loofah 0.4.5 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of loofah might be problematic. Click here for more details.
- data.tar.gz.sig +0 -0
- data/CHANGELOG.rdoc +5 -1
- data/lib/loofah.rb +1 -1
- data/lib/loofah/xss_foliate.rb +1 -1
- data/test/unit/test_xss_foliate.rb +7 -7
- metadata +1 -1
- metadata.gz.sig +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/CHANGELOG.rdoc
CHANGED
data/lib/loofah.rb
CHANGED
data/lib/loofah/xss_foliate.rb
CHANGED
@@ -107,7 +107,7 @@ class TestXssFoliate < Test::Unit::TestCase
|
|
107
107
|
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
|
108
108
|
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).once.returns(mock_doc)
|
109
109
|
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
|
110
|
-
mock_doc.expects(:
|
110
|
+
mock_doc.expects(:text).twice
|
111
111
|
assert new_post.valid?
|
112
112
|
end
|
113
113
|
end
|
@@ -122,7 +122,7 @@ class TestXssFoliate < Test::Unit::TestCase
|
|
122
122
|
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
|
123
123
|
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).never
|
124
124
|
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
|
125
|
-
mock_doc.expects(:
|
125
|
+
mock_doc.expects(:text).once
|
126
126
|
new_post.valid?
|
127
127
|
end
|
128
128
|
end
|
@@ -133,12 +133,12 @@ class TestXssFoliate < Test::Unit::TestCase
|
|
133
133
|
Post.xss_foliate method => [:plain_text]
|
134
134
|
end
|
135
135
|
|
136
|
-
should "
|
136
|
+
should "scrub that field appropriately" do
|
137
137
|
mock_doc = mock
|
138
|
-
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
|
138
|
+
Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
|
139
139
|
Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, method).once.returns(mock_doc)
|
140
140
|
Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
|
141
|
-
mock_doc.expects(:to_s)
|
141
|
+
mock_doc.expects(:to_s)
|
142
142
|
new_post.valid?
|
143
143
|
end
|
144
144
|
end
|
@@ -177,10 +177,10 @@ class TestXssFoliate < Test::Unit::TestCase
|
|
177
177
|
end
|
178
178
|
|
179
179
|
should "escape html entities" do
|
180
|
-
hackattack = "
|
180
|
+
hackattack = "<div><script>alert('evil')</script></div>"
|
181
181
|
post = new_post :html_string => hackattack, :plain_text => hackattack
|
182
182
|
post.valid?
|
183
|
-
assert_equal "
|
183
|
+
assert_equal "<div><script>alert('evil')</script></div>", post.html_string
|
184
184
|
assert_equal "<script>alert('evil')</script>", post.plain_text
|
185
185
|
end
|
186
186
|
end
|
metadata
CHANGED
metadata.gz.sig
CHANGED
Binary file
|