loofah 0.4.5 → 0.4.6

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (7) hide show
  1. data.tar.gz.sig +0 -0
  2. data/CHANGELOG.rdoc +5 -1
  3. data/lib/loofah.rb +1 -1
  4. data/lib/loofah/xss_foliate.rb +1 -1
  5. data/test/unit/test_xss_foliate.rb +7 -7
  6. metadata +1 -1
  7. metadata.gz.sig +0 -0
data.tar.gz.sig CHANGED
Binary file
data/CHANGELOG.rdoc CHANGED
@@ -1,6 +1,10 @@
1
1
  = Changelog
2
2
 
3
- == 0.4.4 (2010-02-01)
3
+ == 0.4.4, 0.4.5, 0.4.6 (2010-02-01)
4
+
5
+ Enhancements:
6
+
7
+ * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text now escape HTML entities.
4
8
 
5
9
  Bug fixes:
6
10
 
data/lib/loofah.rb CHANGED
@@ -26,7 +26,7 @@ require 'loofah/helpers'
26
26
  #
27
27
  module Loofah
28
28
  # The version of Loofah you are using
29
- VERSION = '0.4.5'
29
+ VERSION = '0.4.6'
30
30
 
31
31
  # The minimum required version of Nokogiri
32
32
  REQUIRED_NOKOGIRI_VERSION = '1.3.3'
data/lib/loofah/xss_foliate.rb CHANGED
@@ -180,7 +180,7 @@ module Loofah
180
180
 
181
181
  # :text if we're here
182
182
  fragment = Loofah.scrub_fragment(value, :strip)
183
- self[field] = fragment.nil? ? "" : fragment.to_s
183
+ self[field] = fragment.nil? ? "" : fragment.text
184
184
  end
185
185
  end
186
186
 
data/test/unit/test_xss_foliate.rb CHANGED
@@ -107,7 +107,7 @@ class TestXssFoliate < Test::Unit::TestCase
107
107
  Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
108
108
  Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).once.returns(mock_doc)
109
109
  Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
110
- mock_doc.expects(:to_s).twice
110
+ mock_doc.expects(:text).twice
111
111
  assert new_post.valid?
112
112
  end
113
113
  end
@@ -122,7 +122,7 @@ class TestXssFoliate < Test::Unit::TestCase
122
122
  Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
123
123
  Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).never
124
124
  Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
125
- mock_doc.expects(:to_s).once
125
+ mock_doc.expects(:text).once
126
126
  new_post.valid?
127
127
  end
128
128
  end
@@ -133,12 +133,12 @@ class TestXssFoliate < Test::Unit::TestCase
133
133
  Post.xss_foliate method => [:plain_text]
134
134
  end
135
135
 
136
- should "not that field appropriately" do
136
+ should "scrub that field appropriately" do
137
137
  mock_doc = mock
138
- Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
138
+ Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
139
139
  Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, method).once.returns(mock_doc)
140
140
  Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
141
- mock_doc.expects(:to_s).twice
141
+ mock_doc.expects(:to_s)
142
142
  new_post.valid?
143
143
  end
144
144
  end
@@ -177,10 +177,10 @@ class TestXssFoliate < Test::Unit::TestCase
177
177
  end
178
178
 
179
179
  should "escape html entities" do
180
- hackattack = "&lt;script&gt;alert('evil')&lt;/script&gt;"
180
+ hackattack = "<div>&lt;script&gt;alert('evil')&lt;/script&gt;</div>"
181
181
  post = new_post :html_string => hackattack, :plain_text => hackattack
182
182
  post.valid?
183
- assert_equal "&lt;script&gt;alert('evil')&lt;/script&gt;", post.html_string
183
+ assert_equal "<div>&lt;script&gt;alert('evil')&lt;/script&gt;</div>", post.html_string
184
184
  assert_equal "&lt;script&gt;alert('evil')&lt;/script&gt;", post.plain_text
185
185
  end
186
186
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.5
4
+ version: 0.4.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
metadata.gz.sig CHANGED
Binary file