onebox 1.8.87 → 1.8.88

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: feb212710bc29cb9f40fe3a693fa2f1da63b4c62ef45f95bf16dd5665b6f2ea7
4
- data.tar.gz: 5d1f092e320bd28f3ee17feac0e7b91139e769b0b42a4aeecc20f5e99dab2a00
3
+ metadata.gz: 05ff8777e383e0ca7f85d0b6779042a368bf2b5eeded7d5649acee095687cab5
4
+ data.tar.gz: edd3c4653a5574a5ad8f3720d340e1014cada9134d9f76145197a485dbc93f71
5
5
  SHA512:
6
- metadata.gz: 18bc5e6a7f72de373929ddbcbec7605135911a5126406cb98829f68986332a0d936da17dc0c219daa30619111cb29e1ba0a3c38d6db63d443cb3e83eea441365
7
- data.tar.gz: 0406d24b43f94876bc127b44a5e268ef2a56c4ad6233781d8f9a2d465b0b56e044c96ffaca05f84f6e6623cdb0f7faef5fe047642f20a8d0fb89fab070ee1b39
6
+ metadata.gz: 4bfd753abe8e3f406d729d23491bd86747b90a7e5ae125ae4ec7e7fc4205e16cfddd94355ea19536bed5371f2ad20001f86ef70b773c7f5f78a31390b03217f8
7
+ data.tar.gz: 23f3dcff844057f1c54de48121e163f94a306779a0b4d7312e98aab2da36501ab5f687683c7d36713c05f754642ed3637659cd2024787bb86fba6becef5d5283
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- onebox (1.8.87)
4
+ onebox (1.8.88)
5
5
  htmlentities (~> 4.3)
6
6
  moneta (~> 1.0)
7
7
  multi_json (~> 1.11)
data/lib/onebox/engine.rb CHANGED
@@ -81,12 +81,7 @@ module Onebox
81
81
  end
82
82
 
83
83
  def link
84
- @url.gsub(/['\"<>]/,
85
- "'" => '&#39;',
86
- '"' => '&quot;',
87
- '<' => '&lt;',
88
- '>' => '&gt;',
89
- )
84
+ ::Onebox::Helpers.uri_encode(@url)
90
85
  end
91
86
 
92
87
  def always_https?
@@ -185,5 +185,52 @@ module Onebox
185
185
  end
186
186
  src
187
187
  end
188
+
189
+ RFC_3986_URI_REGEX = /^(?<scheme>([^:\/?#]+):)?(?<authority>\/\/([^\/?#]*))?(?<path>[^?#]*)(\?(?<query>[^#]*))?(#(?<fragment>.*))?$/
190
+
191
+ # Percent-encodes a URI query parameter per RFC3986 - https://tools.ietf.org/html/rfc3986
192
+ def self.uri_query_encode(query_string)
193
+ return "" unless query_string
194
+
195
+ # query can encode space to %20 OR +
196
+ # + MUST be encoded as %2B
197
+ # in RFC3968 both query and fragment are defined as:
198
+ # = *( pchar / "/" / "?" )
199
+ # CGI.escape turns space into + which is the most backward compatible
200
+ # however it doesn't roundtrip through URI.unescape which prefers %20
201
+ CGI.escape(query_string).gsub('+', '%20')
202
+ end
203
+
204
+ # Percent-encodes a URI string per RFC3986 - https://tools.ietf.org/html/rfc3986
205
+ def self.uri_encode(url)
206
+ return "" unless url
207
+
208
+ # parse uri into named matches, then reassemble properly encoded
209
+ parts = url.match(RFC_3986_URI_REGEX)
210
+
211
+ encoded = ""
212
+ encoded += parts[:scheme] unless parts[:scheme].nil?
213
+ encoded += parts[:authority] unless parts[:authority].nil?
214
+
215
+ # path requires space to be encoded as %20 (NEVER +)
216
+ # + should be left unencoded
217
+ # URI::parse and URI::Generic.build don't like paths encoded with CGI.escape
218
+ # URI.escape does not change / to %2F and : to %3A like CGI.escape
219
+ encoded += URI.escape(parts[:path]) unless parts[:path].nil?
220
+
221
+ # each query parameter
222
+ if !parts[:query].nil?
223
+ query_string = parts[:query].split('&').map do |pair|
224
+ # can optionally be separated by an =
225
+ pair.split('=').map do |v|
226
+ uri_query_encode(v)
227
+ end.join('=')
228
+ end.join('&')
229
+ encoded += '?' + query_string
230
+ end
231
+
232
+ encoded += '#' + uri_query_encode(parts[:fragment]) unless parts[:fragment].nil?
233
+ encoded
234
+ end
188
235
  end
189
236
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Onebox
4
- VERSION = "1.8.87"
4
+ VERSION = "1.8.88"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: onebox
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.87
4
+ version: 1.8.88
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joanna Zeta
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2019-04-30 00:00:00.000000000 Z
13
+ date: 2019-05-06 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: multi_json