rack-escapee 0.1.0

data/.document

@@ -0,0 +1,4 @@
+lib/**/*.rb
+bin/*
+-
+LICENSE.txt

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.1"
+  gem "rspec", "~> 2.1.0"
+  gem "sinatra", "~> 1.0"
+end

data/Gemfile.lock

@@ -0,0 +1,32 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.2)
+    git (1.2.5)
+    jeweler (1.5.1)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    rack (1.2.1)
+    rake (0.8.7)
+    rspec (2.1.0)
+      rspec-core (~> 2.1.0)
+      rspec-expectations (~> 2.1.0)
+      rspec-mocks (~> 2.1.0)
+    rspec-core (2.1.0)
+    rspec-expectations (2.1.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.1.0)
+    sinatra (1.1.0)
+      rack (~> 1.1)
+      tilt (~> 1.1)
+    tilt (1.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.5.1)
+  rspec (~> 2.1.0)
+  sinatra (~> 1.0)

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Bobby Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+rack-escapee
+============
+
+rack-escapee is a rack middleware that logs any time you are rendering escaped
+html tags and entities, because this is usually unwanted behavior. This is an
+attempt to make it easier to switch from an unescaped by default view rendering
+to escaped by default view rendering, such as adding the rails_xss plugin to
+Rails 2.x projects or moving from Rails 2 to Rails 3.
+
+Uses
+----
+
+The most automated way to take advantage of this tool is with integration
+tests. When your integration test suite runs, rack-escapee will be logging as
+usual. After your tests run, you will have a log full of anything that your
+integration tests touch (hopefully most of your app).
+
+Configuration
+-------------
+
+Escapee by default outputs to STDOUT but can be optionally configured to use a
+log file. The logfile is my preferred way so that it is all in one place
+especially if you are running your integration suite with escapee.
+
+Rails
+-----
+
+    Rails::Initializer.run do |config|
+      config.gem 'rack-escapee', :lib => 'rack/escapee'
+
+      config.middleware.use "Rack::Escapee", "log/escapee.log"
+    end
+
+Sinatra
+-------
+
+    require 'rack/escapee'
+
+    use Rack::Escapee, "log/stuff_to_fix.log"
+
+Contributing to rack-escapee
+----------------------------
+
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+Copyright
+---------
+
+Copyright (c) 2010 Bobby Wilson. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,52 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "rack-escapee"
+  gem.homepage = "http://github.com/bobbyw/rack-escaped-tags"
+  gem.license = "MIT"
+  gem.summary = %Q{log when escaped html tags and entities are rendered}
+  gem.description = %Q{middleware to let you know when escaped html tags are being rendered, so you can fix them}
+  gem.email = "bobbywilson0@gmail.com"
+  gem.authors = ["Bobby Wilson"]
+  # Include your dependencies below. Runtime dependencies are required when using your gem,
+  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
+  gem.development_dependencies << ["rspec", "~> 2.1.0"]
+  gem.development_dependencies << ["bundler", "~> 2.1.0"]
+  gem.development_dependencies << ["sinatra", "~> 1.0"]
+end
+
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+    spec.pattern = FileList['spec/**/*_spec.rb']
+    end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+    spec.pattern = 'spec/**/*_spec.rb'
+      spec.rcov = true
+      end
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "example #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/rack/escapee.rb

@@ -0,0 +1,40 @@
+require 'logger'
+
+module Rack
+  class Escapee
+    ESCAPED_TAG    = /(<\w+>)/
+    ESCAPED_ENTITY = /(&\w+;)/
+
+
+    def initialize(app, options = {})
+      @app = app
+      @options = {
+        :logfile => false
+      }.merge(options)
+
+      if @options[:logfile]
+        @logger = ::Logger.new(@options[:logfile])
+      else
+        @logger = ::Logger.new(STDOUT)
+      end
+      @logger.datetime_format = "%Y-%m-%d %H:%M:%S"
+    end
+
+    def call(env)
+      req = Request.new(env)
+      path = req.path_info
+      status, headers, response = @app.call(env)
+      response_body = []
+      response.each do |part|
+        if part =~ ESCAPED_TAG
+          @logger.warn("rendering escaped tag: #{$1} - #{path}")
+        elsif part =~ ESCAPED_ENTITY
+          @logger.warn("rendering escaped entity: #{$1} - #{path}")
+        end
+        response_body << part
+      end
+
+      [status, headers, response_body]
+    end
+  end
+end

data/rack-escapee.gemspec

@@ -0,0 +1,68 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rack-escapee}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Bobby Wilson"]
+  s.date = %q{2010-11-19}
+  s.description = %q{middleware to let you know when escaped html tags are being rendered, so you can fix them}
+  s.email = %q{bobbywilson0@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "lib/rack/escapee.rb",
+    "rack-escapee.gemspec",
+    "spec/escaped_tags_and_entities_spec.rb",
+    "spec/fixtures/test_app.rb",
+    "spec/log/.gitignore",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/bobbyw/rack-escaped-tags}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{log when escaped html tags and entities are rendered}
+  s.test_files = [
+    "spec/escaped_tags_and_entities_spec.rb",
+    "spec/fixtures/test_app.rb",
+    "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.1"])
+      s.add_development_dependency(%q<rspec>, ["~> 2.1.0"])
+      s.add_development_dependency(%q<sinatra>, ["~> 1.0"])
+    else
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.1"])
+      s.add_dependency(%q<rspec>, ["~> 2.1.0"])
+      s.add_dependency(%q<sinatra>, ["~> 1.0"])
+    end
+  else
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.1"])
+    s.add_dependency(%q<rspec>, ["~> 2.1.0"])
+    s.add_dependency(%q<sinatra>, ["~> 1.0"])
+  end
+end
+

data/spec/escaped_tags_and_entities_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe 'Find escaped tags and entities' do
+
+  before :each do
+    @escaped_tag_notice = Rack::Escapee.new(TestApp.new, {:logfile => LOG_FILE})
+    end
+
+  it 'finds escaped strong tag' do
+    @escaped_tag_notice.call Rack::MockRequest.env_for('/escaped_tag')
+    last_line = ''
+    File.open(LOG_FILE, 'r') do |f|
+      while line = f.gets
+        last_line = line
+      end
+    end
+
+    last_line[32..-2].should == "WARN -- : rendering escaped tag: <strong> - /escaped_tag"
+  end
+
+  it 'finds escaped ampersand entity' do
+    @escaped_tag_notice.call Rack::MockRequest.env_for('/escaped_entity')
+    last_line = ''
+    File.open(LOG_FILE, 'r') do |f|
+      while line = f.gets
+        last_line = line
+      end
+    end
+
+    last_line[32..-2].should == "WARN -- : rendering escaped entity: & - /escaped_entity"
+  end
+
+end

data/spec/fixtures/test_app.rb

@@ -0,0 +1,37 @@
+require 'sinatra/base'
+
+class TestApp < Sinatra::Base
+
+  get '/escaped_tag' do
+    <<-HTML
+      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+        <head>
+          <meta http-equiv="Content-Type" content="text/htmll; charset=utf-8"/>
+          <title>sample</title>
+        </head>
+        <body>
+          &lt;strong&gt;just some text inside escaped tags&lt;strong&gt;
+        </body>
+      </html>
+    HTML
+  end
+
+  get '/escaped_entity' do
+    <<-HTML
+      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+        <head>
+          <meta http-equiv="Content-Type" content="text/htmll; charset=utf-8"/>
+          <title>sample</title>
+        </head>
+        <body>
+          Tom&amp;Jerry
+        </body>
+      </html>
+    HTML
+  end
+
+end

data/spec/log/.gitignore

@@ -0,0 +1 @@
+*.log

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'sinatra'
+require 'rack/escapee'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+Dir["#{File.dirname(__FILE__)}/fixtures/**/*.rb"].each {|f| require f}
+
+LOG_FILE = File.dirname(__FILE__) + '/log/example.log'
+
+RSpec.configure do |config|
+
+end

metadata

@@ -0,0 +1,139 @@
+--- !ruby/object:Gem::Specification 
+name: rack-escapee
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Bobby Wilson
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-11-19 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 5
+        - 1
+        version: 1.5.1
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 1
+        - 0
+        version: 2.1.0
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 0
+        version: "1.0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+description: middleware to let you know when escaped html tags are being rendered, so you can fix them
+email: bobbywilson0@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.md
+files: 
+- .document
+- .rspec
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- lib/rack/escapee.rb
+- rack-escapee.gemspec
+- spec/escaped_tags_and_entities_spec.rb
+- spec/fixtures/test_app.rb
+- spec/log/.gitignore
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/bobbyw/rack-escaped-tags
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: -2802512562520839201
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: log when escaped html tags and entities are rendered
+test_files: 
+- spec/escaped_tags_and_entities_spec.rb
+- spec/fixtures/test_app.rb
+- spec/spec_helper.rb