rails_autolink 1.1.5 → 1.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +3 -1
- data/CHANGELOG.rdoc +8 -0
- data/Gemfile +9 -2
- data/README.rdoc +1 -1
- data/Rakefile +2 -0
- data/lib/rails_autolink/helpers.rb +2 -2
- data/lib/rails_autolink/version.rb +1 -1
- data/test/test_rails_autolink.rb +30 -11
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91c4563b853f02631b7bf2d4b4cc26fed12c6e02
|
|
4
|
+
data.tar.gz: 6e4207505ba1093565b223b36fe7ca1c35020acc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: be27ad19fd951b6631eba721eb250ce6cd32dde1c819ff4834c2ccb9bd676c708d099e6ca9fe5dbf878bf4b70095713a0fa3577c6a8f82d8f0ef8cdddce8fea7
|
|
7
|
+
data.tar.gz: fa33c890166fc907cbc4d54ec6aeda58c60b7850dcb80c8684b79c77e72042e2ea685338ef6882dea0c4b801dde29bec1559880e4f34f86c1b02059fc5d3fab2
|
data/.gitignore
CHANGED
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
=== 1.1.6 / 2014-06-08
|
|
2
|
+
|
|
3
|
+
* Fixed a potential XSS vulnerability #47
|
|
4
|
+
* Hold onto trailing = and & characters as part of urls #45
|
|
5
|
+
* Ensure test compatibility with Rails 3.2.x/4.0.x/4.1.x #44
|
|
6
|
+
* Readme typo #41
|
|
7
|
+
* require timeout in tests #40
|
|
8
|
+
|
|
1
9
|
=== 1.1.5 / 2013-10-23
|
|
2
10
|
|
|
3
11
|
* Improved performance of email regex
|
data/Gemfile
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
source 'https://rubygems.org'
|
|
2
2
|
|
|
3
|
+
# To test on latest Rails release, use the following:
|
|
3
4
|
gem 'rails'
|
|
4
|
-
gem 'arel'
|
|
5
|
-
gem 'rack'
|
|
6
5
|
gem 'minitest'
|
|
6
|
+
|
|
7
|
+
# To test on Rails 4.0.x release, use the following e.g. for 4.0.1:
|
|
8
|
+
# gem 'rails', '= 4.0.1'
|
|
9
|
+
# gem 'minitest'
|
|
10
|
+
|
|
11
|
+
# To test on Rails 3.2.x, use the following e.g. for 3.2.17:
|
|
12
|
+
# gem 'rails', '= 3.2.17'
|
|
13
|
+
# gem 'minitest', '= 4.2'
|
data/README.rdoc
CHANGED
|
@@ -11,7 +11,7 @@ bridge the gap for people migrating.
|
|
|
11
11
|
== FEATURES:
|
|
12
12
|
|
|
13
13
|
By default auto_link returns sanitized html_safe strings.
|
|
14
|
-
This behaviour can be
|
|
14
|
+
This behaviour can be overridden by setting the <tt>:sanitize</tt> option to false
|
|
15
15
|
(thus making it insecure if you don't have the content under control).
|
|
16
16
|
|
|
17
17
|
== SYNOPSIS:
|
data/Rakefile
CHANGED
|
@@ -72,7 +72,7 @@ module RailsAutolink
|
|
|
72
72
|
|
|
73
73
|
AUTO_LINK_RE = %r{
|
|
74
74
|
(?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\. )
|
|
75
|
-
[^\s<\u00A0]+
|
|
75
|
+
[^\s<\u00A0"]+
|
|
76
76
|
}ix
|
|
77
77
|
|
|
78
78
|
# regexps for determining context, used high-volume
|
|
@@ -98,7 +98,7 @@ module RailsAutolink
|
|
|
98
98
|
href
|
|
99
99
|
else
|
|
100
100
|
# don't include trailing punctuation character as part of the URL
|
|
101
|
-
while href.sub!(/[^#{WORD_PATTERN}
|
|
101
|
+
while href.sub!(/[^#{WORD_PATTERN}\/-=&]$/, '')
|
|
102
102
|
punctuation.push $&
|
|
103
103
|
if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size
|
|
104
104
|
href << punctuation.pop
|
data/test/test_rails_autolink.rb
CHANGED
|
@@ -2,20 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
require "minitest/autorun"
|
|
4
4
|
require "rails"
|
|
5
|
-
require "rails_autolink/helpers"
|
|
6
5
|
require 'erb'
|
|
7
6
|
require 'cgi'
|
|
8
|
-
require 'active_support
|
|
7
|
+
require 'active_support'
|
|
8
|
+
require 'active_support/core_ext'
|
|
9
9
|
require 'action_pack'
|
|
10
|
-
require 'action_view
|
|
11
|
-
require 'action_view/helpers
|
|
12
|
-
require 'action_view/helpers/url_helper'
|
|
13
|
-
require 'action_view/helpers/tag_helper'
|
|
14
|
-
require 'active_support/core_ext/module/attribute_accessors'
|
|
15
|
-
require 'active_support/core_ext/string/encoding'
|
|
10
|
+
require 'action_view'
|
|
11
|
+
require 'action_view/helpers'
|
|
16
12
|
require 'action_dispatch/testing/assertions'
|
|
17
|
-
require '
|
|
18
|
-
require
|
|
13
|
+
require 'timeout'
|
|
14
|
+
require "rails_autolink/helpers"
|
|
19
15
|
|
|
20
16
|
class TestRailsAutolink < MiniTest::Unit::TestCase
|
|
21
17
|
include ActionView::Helpers::CaptureHelper
|
|
@@ -138,6 +134,14 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
|
|
|
138
134
|
assert_equal linked_email, auto_link(linked_email)
|
|
139
135
|
end
|
|
140
136
|
|
|
137
|
+
def test_auto_link_with_malicious_attr
|
|
138
|
+
url1 = "http://api.rubyonrails.com/Foo.html"
|
|
139
|
+
malicious = "\"onmousemove=\"prompt()"
|
|
140
|
+
combination = "#{url1}#{malicious}"
|
|
141
|
+
|
|
142
|
+
assert_equal %(<p><a href="#{url1}">#{url1}</a>#{malicious}</p>), auto_link("<p>#{combination}</p>")
|
|
143
|
+
end
|
|
144
|
+
|
|
141
145
|
def test_auto_link_at_eol
|
|
142
146
|
url1 = "http://api.rubyonrails.com/Foo.html"
|
|
143
147
|
url2 = "http://www.ruby-doc.org/core/Bar.html"
|
|
@@ -174,7 +178,12 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
|
|
|
174
178
|
|
|
175
179
|
def test_auto_link_email_addres_with_especial_chars
|
|
176
180
|
email_raw = "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
|
|
177
|
-
email_sanitized =
|
|
181
|
+
email_sanitized = if Rails.version =~ /^3/
|
|
182
|
+
# mail_to changed the number base it rendered HTML encoded characters at some point
|
|
183
|
+
"and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
|
|
184
|
+
else
|
|
185
|
+
"and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
|
|
186
|
+
end
|
|
178
187
|
email_result = %{<a href="mailto:#{email_raw}">#{email_sanitized}</a>}
|
|
179
188
|
assert_equal email_result, auto_link(email_raw)
|
|
180
189
|
assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
|
|
@@ -311,6 +320,16 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
|
|
|
311
320
|
end
|
|
312
321
|
end
|
|
313
322
|
|
|
323
|
+
def test_autolink_with_trailing_equals_on_link
|
|
324
|
+
url = "http://www.rubyonrails.com/foo.cgi?trailing_equals="
|
|
325
|
+
assert_equal generate_result(url), auto_link(url)
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
def test_autolink_with_trailing_amp_on_link
|
|
329
|
+
url = "http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value&"
|
|
330
|
+
assert_equal generate_result(url), auto_link(url)
|
|
331
|
+
end
|
|
332
|
+
|
|
314
333
|
def test_auto_link_does_not_timeout_when_parsing_odd_email_input
|
|
315
334
|
inputs = %w(
|
|
316
335
|
foo@...................................
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails_autolink
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Patterson
|
|
@@ -10,20 +10,20 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2014-06-08 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rails
|
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
|
18
18
|
requirements:
|
|
19
|
-
- -
|
|
19
|
+
- - ">"
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: '3.1'
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
25
|
requirements:
|
|
26
|
-
- -
|
|
26
|
+
- - ">"
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
28
|
version: '3.1'
|
|
29
29
|
description: This is an extraction of the `auto_link` method from rails. The `auto_link`
|
|
@@ -34,15 +34,15 @@ executables: []
|
|
|
34
34
|
extensions: []
|
|
35
35
|
extra_rdoc_files: []
|
|
36
36
|
files:
|
|
37
|
-
-
|
|
38
|
-
-
|
|
39
|
-
- lib/rails_autolink.rb
|
|
40
|
-
- .autotest
|
|
41
|
-
- .gitignore
|
|
37
|
+
- ".autotest"
|
|
38
|
+
- ".gitignore"
|
|
42
39
|
- CHANGELOG.rdoc
|
|
43
40
|
- Gemfile
|
|
44
41
|
- README.rdoc
|
|
45
42
|
- Rakefile
|
|
43
|
+
- lib/rails_autolink.rb
|
|
44
|
+
- lib/rails_autolink/helpers.rb
|
|
45
|
+
- lib/rails_autolink/version.rb
|
|
46
46
|
- rails_autolink.gemspec
|
|
47
47
|
- test/test_rails_autolink.rb
|
|
48
48
|
homepage: https://github.com/tenderlove/rails_autolink
|
|
@@ -55,17 +55,17 @@ require_paths:
|
|
|
55
55
|
- lib
|
|
56
56
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
|
-
- -
|
|
58
|
+
- - ">="
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: 1.9.3
|
|
61
61
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
62
62
|
requirements:
|
|
63
|
-
- -
|
|
63
|
+
- - ">="
|
|
64
64
|
- !ruby/object:Gem::Version
|
|
65
65
|
version: '0'
|
|
66
66
|
requirements: []
|
|
67
67
|
rubyforge_project:
|
|
68
|
-
rubygems_version: 2.
|
|
68
|
+
rubygems_version: 2.2.2
|
|
69
69
|
signing_key:
|
|
70
70
|
specification_version: 4
|
|
71
71
|
summary: Automatic generation of html links in texts
|