RubyGems - pdfkit - Versions diffs - 0.8.0 → 0.8.1 - Mend

pdfkit 0.8.0 → 0.8.1

Potentially problematic release.

This version of pdfkit might be problematic. Click here for more details.

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d761c045627c5f9435b7ea06b44d5e23abbbcdd6
-  data.tar.gz: 9f55905b443cfb6532696bf373173fd55435be56
+  metadata.gz: 104694d613ddecebcd67c5373e1309d9da1322d0
+  data.tar.gz: eed2d02a43b9fb425508a4b978a24ffc53191c99
 SHA512:
-  metadata.gz: 19210027b8208466fd91c6c3604b205739973e95ffb876feaecc6f0e0df76d2a78103dd2747c6f00e0d0af171da4235f31518f03da495fe5c9c638a804e3883d
-  data.tar.gz: 7a82596a5548c9ab3fb2557aef2aae5445f0dbae59196c436fd2c6846b2d6d9c1f51be0b6b85e4073c4da07bd160801d028601206ac04de2f81839c0b081dc5e
+  metadata.gz: 1463a8202d9b64d4d90a018b998015f1f6b70fa630994b27ba9cc7ad4f749b285a14fc455058a0b90f9626ecb648daccaa31fc547ca613d59d5efabde816e772
+  data.tar.gz: 9392e87f053d898c9e49cc96f8630e5056f9f58b2cddbc7db95cffd87424e8f1670a9fb0b572b38df81e6901140efb97f09d61564a975c79caf9cb8aa64948be

data/.travis.yml CHANGED

@@ -8,5 +8,5 @@ before_script:
   - "export DISPLAY=:99.0"
   - "sh -e /etc/init.d/xvfb start"
   - "sudo apt-get -qq -y install fontconfig libxrender1"
-  - "wget http://downloads.sourceforge.net/project/wkhtmltopdf/archive/0.12.1/wkhtmltox-0.12.1_linux-precise-amd64.deb"
+  - "wget http://download.gna.org/wkhtmltopdf/0.12/0.12.1/wkhtmltox-0.12.1_linux-precise-amd64.deb"
   - "sudo dpkg -i wkhtmltox-0.12.1_linux-precise-amd64.deb"

data/CHANGELOG.md CHANGED

@@ -1,6 +1,12 @@
+2015-08-20
+=================
+  * Bump to 0.8.1
+  * Fix shell escaping issues for Windows (thanks muness)
+  * Fix shell escaping issues for URLs, introduced in 0.5.3 release
 2015-07-08
 =================
-  * Bump to 0.7.1
+  * Bump to 0.8.0
   * Support Cover and Table Of Contents options (thanks @nicpillinger)
   * Fix repeatings keys with string values
   * Fix caching bug (thanks @jocranford)

data/lib/pdfkit/pdfkit.rb CHANGED

@@ -1,4 +1,5 @@
 require 'shellwords'
+require 'rbconfig'
 class PDFKit
   class NoExecutableError < StandardError
@@ -33,16 +34,15 @@ class PDFKit
   def command(path = nil)
     args = @options.to_a.flatten.compact
+    shell_escaped_command = [executable, shell_escape_for_os(args)].join ' '
-    if @source.html?
-      args << '-' # Get HTML from stdin
-    else
-      args << @source.to_s
-    end
-    args << (path || '-') # Write to file or stdout
+    # In order to allow for URL parameters (e.g. https://www.google.com/search?q=pdfkit) we do
+    # not escape the source. The user is responsible for ensuring that no vulnerabilities exist
+    # in the source. Please see https://github.com/pdfkit/pdfkit/issues/164.
+    input_for_command = @source.to_input_for_command
+    output_for_command = path ? Shellwords.shellescape(path) : '-'
-    [executable, args.shelljoin].join ' '
+    "#{shell_escaped_command} #{input_for_command} #{output_for_command}"
   end
   def executable
@@ -161,7 +161,7 @@ class PDFKit
     when Array
       value.flatten.collect{|x| x.to_s}
     else
-      value.to_s
+      (host_is_windows? && value.to_s.index(' ')) ? "'#{ value.to_s }'" : value.to_s
     end
   end
@@ -196,4 +196,18 @@ class PDFKit
       # https://code.google.com/p/wkhtmltopdf/issues/detail?id=55
       %w(skip ignore).include?(@options['--load-error-handling'])
   end
+  def host_is_windows?
+    @host_is_windows ||= !(RbConfig::CONFIG['host_os'] =~ /mswin|msys|mingw|cygwin|bccwin|wince/).nil?
+  end
+  def shell_escape_for_os(args)
+    if (host_is_windows?)
+      # Windows reserved shell characters are: & | ( ) < > ^
+      # See http://technet.microsoft.com/en-us/library/cc723564.aspx#XSLTsection123121120120
+      args.map { |arg| arg.gsub(/([&|()<>^])/,'^\1') }.join(" ")
+    else
+      args.shelljoin
+    end
+  end
 end

data/lib/pdfkit/source.rb CHANGED

@@ -1,23 +1,45 @@
 class PDFKit
   class Source
+    SOURCE_FROM_STDIN = '-'
     def initialize(url_file_or_html)
       @source = url_file_or_html
     end
     def url?
-      @source.is_a?(String) && @source.match(/\Ahttp/)
+      @is_url ||= @source.is_a?(String) && @source.match(/\Ahttp/)
     end
     def file?
-      @source.kind_of?(File)
+      @is_file ||= @source.kind_of?(File)
     end
     def html?
-      !(url? || file?)
+      @is_html ||= !(url? || file?)
     end
+    def to_input_for_command
+      if file?
+        @source.path
+      elsif url?
+        %{"#{shell_safe_url}"}
+      else
+        SOURCE_FROM_STDIN
+      end
+    end
     def to_s
       file? ? @source.path : @source
     end
+    private
+    def shell_safe_url
+      url_needs_escaping? ? URI::escape(@source) : @source
+    end
+    def url_needs_escaping?
+      URI::decode(@source) == @source
+    end
   end
 end

data/lib/pdfkit/version.rb CHANGED

@@ -1,3 +1,3 @@
 class PDFKit
-  VERSION = "0.8.0"
+  VERSION = "0.8.1"
 end

data/spec/middleware_spec.rb CHANGED

@@ -243,14 +243,14 @@ describe PDFKit::Middleware do
 	end
         context "when header PDFKit-save-pdf is present" do
-          it "should saved the .pdf to disk" do
+          it "saves the .pdf to disk" do
 	    headers = { 'PDFKit-save-pdf' => 'spec/test_save.pdf' }
             mock_app({}, {only: '/public'}, headers)
 	    get 'http://www.example.org/public/test_save.pdf'
             expect(File.exists?('spec/test_save.pdf')).to eq(true)
 	  end
-          it "should not raise when target directory does not exist" do
+          it "does not raise when target directory does not exist" do
 	    headers = { 'PDFKit-save-pdf' => '/this/dir/does/not/exist/spec/test_save.pdf' }
             mock_app({}, {only: '/public'}, headers)
             expect {
@@ -260,7 +260,7 @@ describe PDFKit::Middleware do
         end
         context "when header PDFKit-save-pdf is not present" do
-          it "should not saved the .pdf to disk" do
+          it "does not saved the .pdf to disk" do
             mock_app({}, {only: '/public'}, {} )
 	    get 'http://www.example.org/public/test_save.pdf'
             expect(File.exists?('spec/test_save.pdf')).to eq(false)
@@ -325,31 +325,31 @@ describe PDFKit::Middleware do
       @env = { 'REQUEST_URI' => 'http://example.com/document.pdf', 'rack.url_scheme' => 'http', 'HTTP_HOST' => 'example.com' }
     end
-    it "should correctly parse relative url with single quotes" do
+    it "correctly parses relative url with single quotes" do
       @body = %{<html><head><link href='/stylesheets/application.css' media='screen' rel='stylesheet' type='text/css' /></head><body><img alt='test' src="/test.png" /></body></html>}
       body = @pdf.send :translate_paths, @body, @env
       expect(body).to eq("<html><head><link href='http://example.com/stylesheets/application.css' media='screen' rel='stylesheet' type='text/css' /></head><body><img alt='test' src=\"http://example.com/test.png\" /></body></html>")
     end
-    it "should correctly parse relative url with double quotes" do
+    it "correctly parses relative url with double quotes" do
       @body = %{<link href="/stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" />}
       body = @pdf.send :translate_paths, @body, @env
       expect(body).to eq("<link href=\"http://example.com/stylesheets/application.css\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />")
     end
-    it "should correctly parse relative url with double quotes" do
+    it "correctly parses relative url with double quotes" do
       @body = %{<link href='//fonts.googleapis.com/css?family=Open+Sans:400,600' rel='stylesheet' type='text/css'>}
       body = @pdf.send :translate_paths, @body, @env
       expect(body).to eq("<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,600' rel='stylesheet' type='text/css'>")
     end
-    it "should correctly parse multiple tags where first one is root url" do
+    it "correctly parses multiple tags where first one is root url" do
       @body = %{<a href='/'><img src='/logo.jpg' ></a>}
       body = @pdf.send :translate_paths, @body, @env
-      body.should == "<a href='http://example.com/'><img src='http://example.com/logo.jpg' ></a>"
+      expect(body).to eq "<a href='http://example.com/'><img src='http://example.com/logo.jpg' ></a>"
     end
-    it "should return the body even if there are no valid substitutions found" do
+    it "returns the body even if there are no valid substitutions found" do
       @body = "NO MATCH"
       body = @pdf.send :translate_paths, @body, @env
       expect(body).to eq("NO MATCH")
@@ -365,7 +365,7 @@ describe PDFKit::Middleware do
       end
     end
-    it "should add the root_url" do
+    it "adds the root_url" do
       @body = %{<html><head><link href='/stylesheets/application.css' media='screen' rel='stylesheet' type='text/css' /></head><body><img alt='test' src="/test.png" /></body></html>}
       body = @pdf.send :translate_paths, @body, @env
       expect(body).to eq("<html><head><link href='http://example.net/stylesheets/application.css' media='screen' rel='stylesheet' type='text/css' /></head><body><img alt='test' src=\"http://example.net/test.png\" /></body></html>")
@@ -378,7 +378,7 @@ describe PDFKit::Middleware do
     end
   end
-  it "should not get stuck rendering each request as pdf" do
+  it "does not get stuck rendering each request as pdf" do
     mock_app
     # false by default. No requests.
     expect(@app.send(:rendering_pdf?)).to eq(false)

data/spec/pdfkit_spec.rb CHANGED

@@ -4,19 +4,19 @@ require 'spec_helper'
 describe PDFKit do
   describe "initialization" do
     # Source
-    it "should accept HTML as the source" do
+    it "accepts HTML as the source" do
       pdfkit = PDFKit.new('<h1>Oh Hai</h1>')
       expect(pdfkit.source).to be_html
       expect(pdfkit.source.to_s).to eq('<h1>Oh Hai</h1>')
     end
-    it "should accept a URL as the source" do
+    it "accepts a URL as the source" do
       pdfkit = PDFKit.new('http://google.com')
       expect(pdfkit.source).to be_url
       expect(pdfkit.source.to_s).to eq('http://google.com')
     end
-    it "should accept a File as the source" do
+    it "accepts a File as the source" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(File.new(file_path))
       expect(pdfkit.source).to be_file
@@ -126,26 +126,26 @@ describe PDFKit do
       expect(pdfkit.options[['--allow', 'http://google.com']]).to eql nil
     end
-    # Stylesheets
-    it "has no stylesheet by default" do
-      pdfkit = PDFKit.new('<h1>Oh Hai</h1>')
-      expect(pdfkit.stylesheets).to be_empty
-    end
-    it "should not prepend cover with --" do
+    it "does not prepend cover option with --" do
       pdfkit = PDFKit.new('html', "cover" => 'http://google.com')
       expect(pdfkit.options).to have_key('cover')
     end
-    it "should not prepend toc with --" do
+    it "does not prepend the toc option with --" do
       pdfkit = PDFKit.new('html', 'toc' => '')
       expect(pdfkit.options).to have_key('toc')
     end
-    it "should handle special params passed as symbols" do
+    it "handles cover and toc  params passed as symbols" do
       pdfkit = PDFKit.new('html', {toc: true})
       expect(pdfkit.options).to have_key('toc')
     end
+    # Stylesheets
+    it "has no stylesheet by default" do
+      pdfkit = PDFKit.new('<h1>Oh Hai</h1>')
+      expect(pdfkit.stylesheets).to be_empty
+    end
   end
   describe "#options" do
@@ -163,7 +163,7 @@ describe PDFKit do
   end
   describe "#command" do
-    it "should construct the correct command" do
+    it "constructs the correct command" do
       pdfkit = PDFKit.new('html', :page_size => 'Letter', :toc_l1_font_size => 12, :replace => {'foo' => 'bar'})
       command = pdfkit.command
       expect(command).to include "wkhtmltopdf"
@@ -172,26 +172,37 @@ describe PDFKit do
       expect(command).to include "--replace foo bar"
     end
-    it "should setup one cookie only" do
+    it "sets up one cookie when hash has only one cookie" do
       pdfkit = PDFKit.new('html', cookie: {cookie_name: :cookie_value})
       command = pdfkit.command
       expect(command).to include "--cookie cookie_name cookie_value"
     end
-    it "should not break Windows paths" do
+    it "does not break Windows paths" do
       pdfkit = PDFKit.new('html')
       allow(PDFKit.configuration).to receive(:wkhtmltopdf).and_return 'c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe'
       expect(pdfkit.command).not_to include('Program\ Files')
     end
-    it "should setup multiple cookies when passed a hash" do
+    it "does not shell escape source URLs" do
+      pdfkit = PDFKit.new('https://www.google.com/search?q=pdfkit')
+      expect(pdfkit.command).to include "https://www.google.com/search?q=pdfkit"
+    end
+    it "formats source for the command" do
+      pdfkit = PDFKit.new('https://www.google.com/search?q=pdfkit')
+      expect(pdfkit.source).to receive(:to_input_for_command)
+      pdfkit.command
+    end
+    it "sets up multiple cookies when passed multiple cookies" do
       pdfkit = PDFKit.new('html', :cookie => {:cookie_name1 => :cookie_val1, :cookie_name2 => :cookie_val2})
       command = pdfkit.command
       expect(command).to include "--cookie cookie_name1 cookie_val1"
       expect(command).to include "--cookie cookie_name2 cookie_val2"
     end
-    it "should setup multiple cookies when passed an array of tuples" do
+    it "sets up multiple cookies when passed an array of tuples" do
       pdfkit = PDFKit.new('html', :cookie => [[:cookie_name1, :cookie_val1], [:cookie_name2, :cookie_val2]])
       command = pdfkit.command
       expect(command).to include "--cookie cookie_name1 cookie_val1"
@@ -209,12 +220,12 @@ describe PDFKit do
       expect(pdfkit.command).not_to include('--disable-smart-shrinking')
     end
-    it "should encapsulate string arguments in quotes" do
+    it "encapsulates string arguments in quotes" do
       pdfkit = PDFKit.new('html', :header_center => "foo [page]")
       expect(pdfkit.command).to include "--header-center foo\\ \\[page\\]"
     end
-    it "should sanitize string arguments" do
+    it "sanitizes string arguments" do
       pdfkit = PDFKit.new('html', :header_center => "$(ls)")
       expect(pdfkit.command).to include "--header-center \\$\\(ls\\)"
     end
@@ -224,24 +235,30 @@ describe PDFKit do
       expect(pdfkit.command).to match /- -$/
     end
-    it "specify the URL to the source if it is a url" do
+    it "specifies the URL to the source if it is a url" do
       pdfkit = PDFKit.new('http://google.com')
-      expect(pdfkit.command).to match /http:\/\/google.com -$/
+      expect(pdfkit.command).to match /"http:\/\/google.com" -$/
     end
-    it "should specify the path to the source if it is a file" do
+    it "does not break Windows paths" do
+      pdfkit = PDFKit.new('html')
+      allow(PDFKit.configuration).to receive(:wkhtmltopdf).and_return 'c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe'
+      expect(pdfkit.command).not_to include('Program\ Files')
+    end
+    it "specifies the path to the source if it is a file" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(File.new(file_path))
       expect(pdfkit.command).to match /#{file_path} -$/
     end
-    it "should specify the path for the ouput if a path is given" do
+    it "specifies the path for the ouput if a path is given" do
       file_path = "/path/to/output.pdf"
       pdfkit = PDFKit.new("html")
       expect(pdfkit.command(file_path)).to match /#{file_path}$/
     end
-    it "should detect special pdfkit meta tags" do
+    it "detects special pdfkit meta tags" do
       body = %{
         <html>
           <head>
@@ -256,7 +273,7 @@ describe PDFKit do
       expect(command).to include "--orientation Landscape"
     end
-    it "should detect cookies meta tag" do
+    it "detects cookies meta tag" do
       body = %{
         <html>
           <head>
@@ -270,7 +287,7 @@ describe PDFKit do
       expect(command).to include "--cookie rails_session rails_session_value --cookie cookie_variable cookie_variable_value"
     end
-    it "should detect disable_smart_shrinking meta tag" do
+    it "detects disable_smart_shrinking meta tag" do
       body = %{
         <html>
           <head>
@@ -284,7 +301,7 @@ describe PDFKit do
       expect(command).not_to include "--disable-smart-shrinking true"
     end
-    it "should detect names with hyphens instead of underscores" do
+    it "detects names with hyphens instead of underscores" do
       body = %{
         <html>
           <head>
@@ -298,7 +315,7 @@ describe PDFKit do
       expect(pdfkit.command).not_to include 'name\='
     end
-    it "should detect special pdfkit meta tags despite bad markup" do
+    it "detects special pdfkit meta tags despite bad markup" do
       body = %{
         <html>
           <head>
@@ -314,7 +331,7 @@ describe PDFKit do
       expect(command).to include "--orientation Landscape"
     end
-    it "should skip non-pdfkit meta tags" do
+    it "skips non-pdfkit meta tags" do
       body = %{
         <html>
           <head>
@@ -330,17 +347,17 @@ describe PDFKit do
       expect(command).to include "--orientation Landscape"
     end
-    it "should not use quiet" do
+    it "does not use quiet when told to" do
       pdfkit = PDFKit.new('html', quiet: false)
       expect(pdfkit.command).not_to include '--quiet'
     end
-    it "should use quiet option by default" do
+    it "uses quiet option by default" do
       pdfkit = PDFKit.new('html')
       expect(pdfkit.command).to include '--quiet'
     end
-    it "should not use quiet option in verbose mode" do
+    it "does not use quiet option in verbose mode" do
       PDFKit.configure do |config|
         config.verbose = true
       end
@@ -353,7 +370,7 @@ describe PDFKit do
       end
     end
-    it "should not use quiet option in verbose mode when option of quiet is configured" do
+    it "does not use quiet option in verbose mode when option of quiet is configured" do
       PDFKit.configure do |config|
         config.verbose = true
         config.default_options[:quiet] = true
@@ -366,10 +383,26 @@ describe PDFKit do
         config.verbose = false
       end
     end
+    context "on windows" do
+      before do
+        allow_any_instance_of(PDFKit).to receive(:host_is_windows?).and_return(true)
+      end
+      it "escapes special windows characters" do
+        pdf = PDFKit.new('html', :title => 'hello(world)')
+        expect(pdf.command).to include 'hello^(world^)'
+      end
+      it "quotes spaces in options" do
+        pdf = PDFKit.new('html', :title => 'hello world')
+        expect(pdf.command).to include "--title 'hello world'"
+      end
+    end
   end
   describe "#to_pdf" do
-    it "should not read the contents of the pdf when saving it as a file" do
+    it "does not read the contents of the pdf when saving it as a file" do
       file_path = "/my/file/path.pdf"
       pdfkit = PDFKit.new('html', :page_size => 'Letter')
@@ -388,25 +421,25 @@ describe PDFKit do
       pdfkit.to_pdf(file_path)
     end
-    it "should generate a PDF of the HTML" do
+    it "generates a PDF of the HTML" do
       pdfkit = PDFKit.new('html', :page_size => 'Letter')
       pdf = pdfkit.to_pdf
       expect(pdf[0...4]).to eq("%PDF") # PDF Signature at beginning of file
     end
-    it "should generate a PDF with a numerical parameter" do
+    it "generates a PDF with a numerical parameter" do
       pdfkit = PDFKit.new('html', :header_spacing => 1)
       pdf = pdfkit.to_pdf
       expect(pdf[0...4]).to eq("%PDF") # PDF Signature at beginning of file
     end
-    it "should generate a PDF with a symbol parameter" do
+    it "generates a PDF with a symbol parameter" do
       pdfkit = PDFKit.new('html', :page_size => :Letter)
       pdf = pdfkit.to_pdf
       expect(pdf[0...4]).to eq("%PDF") # PDF Signature at beginning of file
     end
-    it "should have the stylesheet added to the head if it has one" do
+    it "adds the stylesheet to the head tag if it has a head tag" do
       pdfkit = PDFKit.new("<html><head></head><body>Hai!</body></html>")
       css = File.join(SPEC_ROOT,'fixtures','example.css')
       pdfkit.stylesheets << css
@@ -414,7 +447,7 @@ describe PDFKit do
       expect(pdfkit.source.to_s).to include("<style>#{File.read(css)}</style>")
     end
-    it "should prepend style tags if the HTML doesn't have a head tag" do
+    it "prepends style tags if the HTML doesn't have a head tag" do
       pdfkit = PDFKit.new("<html><body>Hai!</body></html>")
       css = File.join(SPEC_ROOT,'fixtures','example.css')
       pdfkit.stylesheets << css
@@ -422,14 +455,14 @@ describe PDFKit do
       expect(pdfkit.source.to_s).to include("<style>#{File.read(css)}</style><html>")
     end
-    it "should throw an error if the source is not html and stylesheets have been added" do
+    it "throws an error if the source is not html and stylesheets have been added" do
       pdfkit = PDFKit.new('http://google.com')
       css = File.join(SPEC_ROOT,'fixtures','example.css')
       pdfkit.stylesheets << css
       expect { pdfkit.to_pdf }.to raise_error(PDFKit::ImproperSourceError)
     end
-    it "should be able to deal with ActiveSupport::SafeBuffer" do
+    it "can deal with ActiveSupport::SafeBuffer" do
       pdfkit = PDFKit.new(ActiveSupport::SafeBuffer.new "<html><head></head><body>Hai!</body></html>")
       css = File.join(SPEC_ROOT,'fixtures','example.css')
       pdfkit.stylesheets << css
@@ -437,7 +470,7 @@ describe PDFKit do
       expect(pdfkit.source.to_s).to include("<style>#{File.read(css)}</style></head>")
     end
-    it "should escape \\X in stylesheets" do
+    it "escapes \\X in stylesheets" do
       pdfkit = PDFKit.new("<html><head></head><body>Hai!</body></html>")
       css = File.join(SPEC_ROOT,'fixtures','example_with_hex_symbol.css')
       pdfkit.stylesheets << css
@@ -446,22 +479,28 @@ describe PDFKit do
     end
     #NOTICE: This test is failed if use wkhtmltopdf-binary (0.9.9.1)
-    it "should throw an error if it is unable to connect" do
+    it "throws an error if it is unable to connect" do
       pdfkit = PDFKit.new("http://google.com/this-should-not-be-found/404.html")
       expect { pdfkit.to_pdf }.to raise_error /exitstatus=1/
     end
-    it "should not throw an error if it is unable to connect", pending: 'this test works for wkhtmltopdf-binary (0.9.9.1)' do
+    it "does not throw an error if it is unable to connect", pending: 'this test works for wkhtmltopdf-binary (0.9.9.1)' do
       pdfkit = PDFKit.new("http://localhost/this-should-not-be-found/404.html")
       pdf = pdfkit.to_pdf
       expect(pdf[0...4]).to eq("%PDF") # PDF Signature at the beginning
     end
-    it "should generate PDF if there are missing assets" do
+    it "generates a PDF if there are missing assets" do
       pdfkit = PDFKit.new("<html><body><img alt='' src='http://example.com/surely-it-doesnt-exist.gif' /></body></html>")
       pdf = pdfkit.to_pdf
       expect(pdf[0...4]).to eq("%PDF") # PDF Signature at the beginning
     end
+    it "can handle ampersands in URLs" do
+      pdfkit = PDFKit.new('https://www.google.com/search?q=pdfkit&sort=ASC')
+      pdf = pdfkit.to_pdf
+      expect(pdf[0...4]).to eq("%PDF") # PDF Signature at the beginning
+    end
   end
   describe "#to_file" do
@@ -474,14 +513,14 @@ describe PDFKit do
       File.delete(@file_path)
     end
-    it "should create a file with the PDF as content" do
+    it "creates a file with the PDF as content" do
       pdfkit = PDFKit.new('html', :page_size => 'Letter')
       file = pdfkit.to_file(@file_path)
       expect(file).to be_instance_of(File)
       expect(File.read(file.path)[0...4]).to eq("%PDF") # PDF Signature at beginning of file
     end
-    it "should not truncate data (in Ruby 1.8.6)" do
+    it "does not truncate data (in Ruby 1.8.6)" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(File.new(file_path))
       pdf_data = pdfkit.to_pdf
@@ -501,7 +540,7 @@ describe PDFKit do
       File.delete(@test_path) if File.exist?(@test_path)
     end
-    it "should not allow shell injection in options" do
+    it "does not allow shell injection in options" do
       pdfkit = PDFKit.new('html', :header_center => "a title\"; touch #{@test_path} #")
       pdfkit.to_pdf
       expect(File.exist?(@test_path)).to eq(false)

data/spec/source_spec.rb CHANGED

@@ -2,73 +2,95 @@ require 'spec_helper'
 describe PDFKit::Source do
   describe "#url?" do
-    it "should return true if passed a url like string" do
+    it "returns true if passed a url like string" do
       source = PDFKit::Source.new('http://google.com')
       expect(source).to be_url
     end
-    it "should return false if passed a file" do
+    it "returns false if passed a file" do
       source = PDFKit::Source.new(File.new(__FILE__))
       expect(source).not_to be_url
     end
-    it "should return false if passed HTML" do
+    it "returns false if passed HTML" do
       source = PDFKit::Source.new('<blink>Oh Hai!</blink>')
       expect(source).not_to be_url
     end
-    it "should return false if passed HTML with embedded urls at the beginning of a line" do
+    it "returns false if passed HTML with embedded urls at the beginning of a line" do
       source = PDFKit::Source.new("<blink>Oh Hai!</blink>\nhttp://www.google.com")
       expect(source).not_to be_url
     end
   end
   describe "#file?" do
-    it "should return true if passed a file" do
+    it "returns true if passed a file" do
       source = PDFKit::Source.new(::File.new(__FILE__))
       expect(source).to be_file
     end
-    it "should return false if passed a url like string" do
+    it "returns false if passed a url like string" do
       source = PDFKit::Source.new('http://google.com')
       expect(source).not_to be_file
     end
-    it "should return false if passed HTML" do
+    it "returns false if passed HTML" do
       source = PDFKit::Source.new('<blink>Oh Hai!</blink>')
       expect(source).not_to be_file
     end
   end
   describe "#html?" do
-    it "should return true if passed HTML" do
+    it "returns true if passed HTML" do
       source = PDFKit::Source.new('<blink>Oh Hai!</blink>')
       expect(source).to be_html
     end
-    it "should return false if passed a file" do
+    it "returns false if passed a file" do
       source = PDFKit::Source.new(::File.new(__FILE__))
       expect(source).not_to be_html
     end
-    it "should return false if passed a url like string" do
+    it "returns false if passed a url like string" do
       source = PDFKit::Source.new('http://google.com')
       expect(source).not_to be_html
     end
   end
+  describe "#to_input_for_command" do
+    it "URI escapes source URLs and encloses them in quotes to accomodate ampersands" do
+      source = PDFKit::Source.new("https://www.google.com/search?q='cat<dev/zero>/dev/null'")
+      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'\""
+    end
+    it "does not URI escape previously escaped source URLs" do
+      source = PDFKit::Source.new("https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'")
+      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'\""
+    end
+    it "returns a '-' for HTML strings to indicate that we send that content through STDIN" do
+      source = PDFKit::Source.new('<blink>Oh Hai!</blink>')
+      expect(source.to_input_for_command).to eq '-'
+    end
+    it "returns the file path for file sources" do
+      source = PDFKit::Source.new(::File.new(__FILE__))
+      expect(source.to_input_for_command).to match 'spec/source_spec.rb'
+    end
+  end
   describe "#to_s" do
-    it "should return the HTML if passed HTML" do
+    it "returns the HTML if passed HTML" do
       source = PDFKit::Source.new('<blink>Oh Hai!</blink>')
       expect(source.to_s).to eq('<blink>Oh Hai!</blink>')
     end
-    it "should return a path if passed a file" do
+    it "returns a path if passed a file" do
       source = PDFKit::Source.new(::File.new(__FILE__))
       expect(source.to_s).to eq(__FILE__)
     end
-    it "should return the url if passed a url like string" do
+    it "returns the url if passed a url like string" do
       source = PDFKit::Source.new('http://google.com')
       expect(source.to_s).to eq('http://google.com')
     end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pdfkit
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - Jared Pace
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-07-08 00:00:00.000000000 Z
+date: 2015-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport