rails-security 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +4 -0
- data/lib/rails-security.rb +3 -0
- data/lib/rails-security/xss.rb +39 -0
- metadata +6 -4
data/README.md
ADDED
data/lib/rails-security.rb
CHANGED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module RailsSecurity
|
|
2
|
+
module Xss
|
|
3
|
+
SAFE_TAGS = %w(span div p font)
|
|
4
|
+
TAG_BEG = "[rs:beg]"
|
|
5
|
+
TAG_END = "[rs:end]"
|
|
6
|
+
|
|
7
|
+
class << self
|
|
8
|
+
def html_safe(str)
|
|
9
|
+
str = replace_keyword(str)
|
|
10
|
+
str = replace_tag(str)
|
|
11
|
+
str = replace_dirty(str)
|
|
12
|
+
str = revert_tag(str)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
def replace_keyword(str)
|
|
17
|
+
str.gsub(/\[(rs\:(beg|end))\]/, "[\\1]")
|
|
18
|
+
end
|
|
19
|
+
def replace_tag(str)
|
|
20
|
+
str.gsub(instance_safe_reg, "#{TAG_BEG}\\1#{TAG_END}")
|
|
21
|
+
end
|
|
22
|
+
def replace_dirty(str)
|
|
23
|
+
str.gsub(/</, "<").gsub(/>/, ">")
|
|
24
|
+
end
|
|
25
|
+
def revert_tag(str)
|
|
26
|
+
str.gsub(/\[rs:beg\]/, "<").gsub(/\[rs:end\]/, ">")
|
|
27
|
+
end
|
|
28
|
+
def instance_safe_reg
|
|
29
|
+
Regexp.compile("<(\/?(?:#{SAFE_TAGS.join('|')})(?:\\s+[a-z0-9\\s_=\\-\\'"+'\"'+"\\s;\\:#]+)?)>")
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
class String
|
|
36
|
+
def xss_safe
|
|
37
|
+
RailsSecurity::Xss.html_safe(self)
|
|
38
|
+
end
|
|
39
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails-security
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -11,14 +11,16 @@ bindir: bin
|
|
|
11
11
|
cert_chain: []
|
|
12
12
|
date: 2012-12-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
|
-
description:
|
|
14
|
+
description: make your rails app more safe
|
|
15
15
|
email: xinshuaifeng@126.com
|
|
16
16
|
executables: []
|
|
17
17
|
extensions: []
|
|
18
18
|
extra_rdoc_files: []
|
|
19
19
|
files:
|
|
20
|
+
- README.md
|
|
21
|
+
- lib/rails-security/xss.rb
|
|
20
22
|
- lib/rails-security.rb
|
|
21
|
-
homepage:
|
|
23
|
+
homepage: http://hi.baidu.com/htcoolwind
|
|
22
24
|
licenses: []
|
|
23
25
|
post_install_message:
|
|
24
26
|
rdoc_options: []
|
|
@@ -41,5 +43,5 @@ rubyforge_project:
|
|
|
41
43
|
rubygems_version: 1.8.24
|
|
42
44
|
signing_key:
|
|
43
45
|
specification_version: 3
|
|
44
|
-
summary:
|
|
46
|
+
summary: rails security utils
|
|
45
47
|
test_files: []
|