rack-utf8_sanitizer 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53093765db81984315b860f92ab0c1b51cc2e458147bc3cfb3d289424fb9b6d0
-  data.tar.gz: 21493f9709c2db974d65612a8f22328824f74118ee500f37eeafe957a3dd1d39
+  metadata.gz: 4156ca74bbd8c43750cdb733ca500a1cb974492ceb823ffa50e9adaa5733d7d9
+  data.tar.gz: 2acc566fb2020de35fa94822f3fcf018988e9166682ccf2f72f7bb9ca7c209d7
 SHA512:
-  metadata.gz: 621f2ea1b68feaf198d558d22cdc9dbb22a1133cb61f755450c80757bc4e848a80b337657f0356d59ebef869633e348bb3392612ec7fe7954dc1134f03b04e5a
-  data.tar.gz: 917f05a6ed39b0656c84f60a076b072ed141418f15aa7b26d43c707be8268a739b1ce698955669bb8620f6e9f0c887e2c24a354f508a7e574af308c513e9da96
+  metadata.gz: 5332f698e7d2a06427fe009a1e2f368ca56c4ab04d5b4551f79689dabbce3351733d657e9df14266c6416f5627305e45e511aee701f5a2d783f1b28d7a7d4435
+  data.tar.gz: 7df6257e5945eec1c928ab2ab9e446fe9d853c74b572732b5318e655b1b34d89557d949ee1300004ac67111fd170fddba7ab89b842dbbf65c9ca79717bdf1aa2

data/README.md

@@ -1,6 +1,9 @@
 # Rack::UTF8Sanitizer
 
-Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
+Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers. Additionally,
+it cleans up invalid UTF8 characters in the request body (depending on the configurable content type filters) by reading
+the input into a string, sanitizing the string, then replacing the Rack input stream with a rewindable input stream backed
+by the sanitized string.
 
 ## Installation
 
@@ -45,7 +48,7 @@ For fields with "percent-encoded data", the algorithm is applied twice to catch
 
 ### Sanitizable content types
 
-The default content types to be sanitized are 'text/plain', 'application/x-www-form-urlencoded', 'application/json', 'text/javascript'. You may wish to modify this, for example if your app accepts specific or custom media types in the CONTENT_TYPE header. If you want to change the sanitizable content types, you can pass options when using Rack::UTF8Sanitizer. 
+The default content types to be sanitized are 'text/plain', 'application/x-www-form-urlencoded', 'application/json', 'text/javascript'. You may wish to modify this, for example if your app accepts specific or custom media types in the CONTENT_TYPE header. If you want to change the sanitizable content types, you can pass options when using Rack::UTF8Sanitizer.
 
 To add sanitizable content types to the list of defaults, pass the `additional_content_types` options when using Rack::UTF8Sanitizer, e.g.
 
@@ -75,7 +78,35 @@ config.middleware.insert 0, Rack::UTF8Sanitizer, except: [/HTTP_.+/]
 
 There are two built in strategies for handling invalid characters. The default strategy is `:replace`, which will cause any invalid characters to be replaces with the unicode replacement character (�). The second built in strategy is `:exception` which will cause an `EncodingError` exception to be raised if invalid characters are found (the exception can then be handled by another Rack middleware).
 
-An object that responds to `#call` and accepts the offending string with invalid characters as an argumant can also be passed as a `:strategy`. This is how you can define custom strategies.
+This is an example of handling the `:exception` strategy with additional middleware:
+
+```ruby
+require "./your/middleware/directory/utf8_sanitizer_exception_handler.rb"
+
+config.middleware.insert 0, Rack::UTF8SanitizerExceptionHandler
+config.middleware.insert_after Rack::UTF8SanitizerExceptionHandler, Rack::UTF8Sanitizer, strategy: :exception
+```
+
+Note: The exception handling middleware must be inserted before `Rack::UTF8Sanitizer`
+
+```ruby
+module Rack
+  class UTF8SanitizerExceptionHandler
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    rescue EncodingError => exception
+      # OPTIONAL: Add error logging service of your choice here
+      return [400, {}, ["Bad Request"]]
+    end
+  end
+end
+```
+
+An object that responds to `#call` and accepts the offending string with invalid characters as an argument can also be passed as a `:strategy`. This is how you can define custom strategies.
 
 ```ruby
 config.middleware.insert 0, Rack::UTF8Sanitizer, strategy: :exception

data/lib/rack/utf8_sanitizer.rb

@@ -231,7 +231,7 @@ module Rack
     # Performs the reverse function of `unescape_unreserved`. Unlike
     # the previous function, we can reuse the logic in URI#encode
     def escape_unreserved(input)
-      URI.encode(input, UNSAFE)
+      URI::DEFAULT_PARSER.escape(input, UNSAFE)
     end
 
     def sanitize_string(input)

data/rack-utf8_sanitizer.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |gem|
   gem.name          = "rack-utf8_sanitizer"
-  gem.version       = '1.6.0'
+  gem.version       = '1.7.0'
   gem.authors       = ["whitequark"]
   gem.license       = "MIT"
   gem.email         = ["whitequark@whitequark.org"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-utf8_sanitizer
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - whitequark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-06 00:00:00.000000000 Z
+date: 2020-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -110,7 +110,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters