RubyGems - rails_autolink - Versions diffs - 1.1.5 → 1.1.7 - Mend

rails_autolink 1.1.5 → 1.1.7

Files changed (10) hide show

checksums.yaml +5 -5
data/.gitignore +3 -1
data/CHANGELOG.rdoc +16 -0
data/Gemfile +9 -2
data/README.rdoc +1 -1
data/Rakefile +2 -0
data/lib/rails_autolink/helpers.rb +4 -4
data/lib/rails_autolink/version.rb +2 -2
data/test/test_rails_autolink.rb +76 -29
metadata +15 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a9a91def4e38bcb28f15482c69da7024e299a19c
-  data.tar.gz: e987cc56142e5e1a882dfac7dd2aec775f3c68b4
+SHA256:
+  metadata.gz: 8151243f8627232813288a4ec8e6e7c9ff2df1b9bab1d8d093534fc09359a866
+  data.tar.gz: 6ee3e115c0e7400fc0f1aebd68ef5e727db8b0d08b46c3daff87788d5ff7f52a
 SHA512:
-  metadata.gz: ec0d9d57552ac9d0198c4593265c6f8f68d5acc3398c136b1dc3c35228da77cb46c4025444d31a786159b5025514266ef220a98691a01a5e40c78fb19a959739
-  data.tar.gz: a5ece6112a62cf23086f764938ad2781a86ed25539fd0e2b7b8a978fd3b57d1b8d6c7214b2bceb2871574c722e33ce9005018af13235d23e2bce3d84ebcbbce8
+  metadata.gz: 98f03447600e361b2061cb12ccab3e215d56eff9e3ffacf9a70507873fea8e3a92882446959d307f787206aed77f8d5f28a248c3dbcea56e274335592ae04028
+  data.tar.gz: 10228d699f37f4a8d08e7d430e3eb9516387ced3b3dc964e95b1a4717deda33121a0670ee4b6cccb042f08ff0b53a7f783c50a63b73de0a0c592fe6f81144ab2

data/.gitignore CHANGED Viewed

@@ -10,4 +10,6 @@ pkg
 rdoc
 test/tmp
 test/version_tmp
-tmp
+tmp
+.rvmrc
+.ruby-*

data/CHANGELOG.rdoc CHANGED Viewed

@@ -1,3 +1,19 @@
+=== 1.1.7 / 2022-11-02
+* Require a word part after “www.” when auto linking #75
+* Include trailing hyphens in URL #74
+* Make test suite work under Rails 7 #72
+* Optimize email address parsing #63
+* Switch to MiniTest 5 #48
+=== 1.1.6 / 2014-06-08
+* Fixed a potential XSS vulnerability #47
+* Hold onto trailing = and & characters as part of urls #45
+* Ensure test compatibility with Rails 3.2.x/4.0.x/4.1.x #44
+* Readme typo #41
+* require timeout in tests #40
 === 1.1.5 / 2013-10-23
 * Improved performance of email regex

data/Gemfile CHANGED Viewed

@@ -1,6 +1,13 @@
 source 'https://rubygems.org'
+# To test on latest Rails release, use the following:
 gem 'rails'
-gem 'arel'
-gem 'rack'
 gem 'minitest'
+# To test on Rails 4.0.x release, use the following e.g. for 4.0.1:
+# gem 'rails', '= 4.0.1'
+# gem 'minitest'
+# To test on Rails 3.2.x, use the following e.g. for 3.2.17:
+# gem 'rails', '= 3.2.17'
+# gem 'minitest', '= 4.2'

data/README.rdoc CHANGED Viewed

@@ -11,7 +11,7 @@ bridge the gap for people migrating.
 == FEATURES:
 By default auto_link returns sanitized html_safe strings.
-This behaviour can be overriden setting the <tt>:sanitize</tt> option to false
+This behaviour can be overridden by setting the <tt>:sanitize</tt> option to false
 (thus making it insecure if you don't have the content under control).
 == SYNOPSIS:

data/Rakefile CHANGED Viewed

@@ -6,3 +6,5 @@ Rake::TestTask.new do |t|
   t.libs << 'test'
   t.pattern = 'test/test_*.rb'
 end
+task :default => :test

data/lib/rails_autolink/helpers.rb CHANGED Viewed

@@ -71,15 +71,15 @@ module RailsAutolink
         private
           AUTO_LINK_RE = %r{
-              (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\. )
-              [^\s<\u00A0]+
+              (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\.\w )
+              [^\s<\u00A0"]+
             }ix
           # regexps for determining context, used high-volume
           AUTO_LINK_CRE = [/<[^>]+$/, /^[^>]*>/, /<a\b.*?>/i, /<\/a>/i]
           AUTO_EMAIL_LOCAL_RE = /[\w.!#\$%&'*\/=?^`{|}~+-]/
-          AUTO_EMAIL_RE = /[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/
+          AUTO_EMAIL_RE = /(?<!#{AUTO_EMAIL_LOCAL_RE})[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/
           BRACKETS = { ']' => '[', ')' => '(', '}' => '{' }
@@ -98,7 +98,7 @@ module RailsAutolink
                 href
               else
                 # don't include trailing punctuation character as part of the URL
-                while href.sub!(/[^#{WORD_PATTERN}\/-]$/, '')
+                while href.sub!(/[^#{WORD_PATTERN}\/\-=;]$/, '')
                   punctuation.push $&
                   if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size
                     href << punctuation.pop

data/lib/rails_autolink/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RailsAutolink
-  VERSION = '1.1.5'
-end
+  VERSION = '1.1.7'
+end

data/test/test_rails_autolink.rb CHANGED Viewed

@@ -2,22 +2,18 @@
 require "minitest/autorun"
 require "rails"
-require "rails_autolink/helpers"
 require 'erb'
 require 'cgi'
-require 'active_support/core_ext/class/attribute_accessors'
+require 'active_support'
+require 'active_support/core_ext'
 require 'action_pack'
-require 'action_view/helpers/capture_helper'
-require 'action_view/helpers/sanitize_helper'
-require 'action_view/helpers/url_helper'
-require 'action_view/helpers/tag_helper'
-require 'active_support/core_ext/module/attribute_accessors'
-require 'active_support/core_ext/string/encoding'
+require 'action_view'
+require 'action_view/helpers'
 require 'action_dispatch/testing/assertions'
-require 'action_view/helpers/text_helper'
-require 'action_view/helpers/output_safety_helper'
+require 'timeout'
+require "rails_autolink/helpers"
-class TestRailsAutolink < MiniTest::Unit::TestCase
+class TestRailsAutolink < Minitest::Test
   include ActionView::Helpers::CaptureHelper
   include ActionView::Helpers::TextHelper
   include ActionView::Helpers::SanitizeHelper
@@ -28,7 +24,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
   def test_auto_link_within_tags
     link_raw    = 'http://www.rubyonrails.org/images/rails.png'
-    link_result = %Q(<img src="#{link_raw}" />)
+    link_result = %Q(<img src="#{link_raw}">)
     assert_equal link_result, auto_link(link_result)
   end
@@ -66,7 +62,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     url = "http://api.rubyonrails.com/Foo.html"
     email = "fantabulous@shiznadel.ic"
-    assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br /><a href="mailto:#{email}">#{email[0...7]}...</a><br /></p>), auto_link("<p>#{url}<br />#{email}<br /></p>") { |_url| truncate(_url, :length => 10) }
+    assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br><a href="mailto:#{email}">#{email[0...7]}...</a><br></p>), auto_link("<p>#{url}<br>#{email}<br></p>") { |_url| truncate(_url, :length => 10) }
   end
   def test_auto_link_with_block_with_html
@@ -85,7 +81,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
   def test_auto_link_should_sanitize_input_when_sanitize_option_is_not_false
     link_raw     = %{http://www.rubyonrails.com?id=1&num=2}
     malicious_script  = '<script>alert("malicious!")</script>'
-    assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link("#{link_raw}#{malicious_script}")
+    assert_equal %{<a href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")}, auto_link("#{link_raw}#{malicious_script}")
     assert auto_link("#{link_raw}#{malicious_script}").html_safe?
   end
@@ -94,7 +90,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     malicious_script  = '<script>alert("malicious!")</script>'
     text_with_attributes = %{<a href="http://ruby-lang-org" target="_blank" data-malicious="inject">Ruby</a>}
-    text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a><a href="http://ruby-lang-org" target="_blank">Ruby</a>}
+    text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")<a href="http://ruby-lang-org" target="_blank">Ruby</a>}
     assert_equal text_result, auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
                                         :sanitize_options => {:attributes => ["target", "href"]},
                                         :html => {:class => 'big'})
@@ -138,11 +134,19 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     assert_equal linked_email, auto_link(linked_email)
   end
+  def test_auto_link_with_malicious_attr
+    url1 = "http://api.rubyonrails.com/Foo.html"
+    malicious = "\"onmousemove=\"prompt()"
+    combination = "#{url1}#{malicious}"
+    assert_equal %(<p><a href="#{url1}">#{url1}</a>#{malicious}</p>), auto_link("<p>#{combination}</p>")
+  end
   def test_auto_link_at_eol
     url1 = "http://api.rubyonrails.com/Foo.html"
     url2 = "http://www.ruby-doc.org/core/Bar.html"
-    assert_equal %(<p><a href="#{url1}">#{url1}</a><br /><a href="#{url2}">#{url2}</a><br /></p>), auto_link("<p>#{url1}<br />#{url2}<br /></p>")
+    assert_equal %(<p><a href="#{url1}">#{url1}</a><br><a href="#{url2}">#{url2}</a><br></p>), auto_link("<p>#{url1}<br>#{url2}<br></p>")
   end
   def test_auto_link_should_be_html_safe
@@ -173,9 +177,16 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
   end
   def test_auto_link_email_addres_with_especial_chars
-    email_raw    = "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
-    email_sanitized = "and&amp;re$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
-    email_result = %{<a href="mailto:#{email_raw}">#{email_sanitized}</a>}
+    email_raw = "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
+    email_raw_encoded = ERB::Util.url_encode("andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com").gsub("%40", "@")
+    email_sanitized = if Rails.version =~ /^3/
+      # mail_to changed the number base it rendered HTML encoded characters at some point
+      "andre$la*+r-a.o&#x27;rea=l~ly@tenderlovemaking.com"
+    else
+      "andre$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
+    end
+    email_result = %{<a href="mailto:#{email_raw_encoded}">#{email_sanitized}</a>}
     assert_equal email_result, auto_link(email_raw)
     assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
   end
@@ -185,7 +196,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>}
     link_raw     = 'http://www.rubyonrails.com'
     link_result  = generate_result(link_raw)
-    link_result_with_options = %{<a href="#{link_raw}" target="_blank">#{link_raw}</a>}
+    link_result_with_options = %{<a target="_blank" href="#{link_raw}">#{link_raw}</a>}
     assert_equal '', auto_link(nil)
     assert_equal '', auto_link('')
@@ -203,7 +214,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     assert_equal %(#{link_result} #{link_result}), auto_link(%(#{link_result} #{link_raw}))
     email2_raw    = '+david@loudthinking.com'
-    email2_result = %{<a href="mailto:#{email2_raw}">#{email2_raw}</a>}
+    email2_result = %{<a href="mailto:%2Bdavid@loudthinking.com">#{email2_raw}</a>}
     assert_equal email2_result, auto_link(email2_raw)
     assert_equal email2_result, auto_link(email2_raw, :all)
     assert_equal email2_result, auto_link(email2_raw, :email_addresses)
@@ -304,6 +315,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
       http://of.openfoundry.org/projects/492/download#4th.Release.3
       http://maps.google.co.uk/maps?f=q&q=the+london+eye&ie=UTF8&ll=51.503373,-0.11939&spn=0.007052,0.012767&z=16&iwloc=A
       http://около.кола/колокола
+      https://123domain.com https://123.com https://123.domain.com https://www.123.domain.com
     )
     urls.each do |url|
@@ -311,11 +323,45 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     end
   end
+  def test_autolink_with_trailing_equals_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_equals="
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_amp_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value&"
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_colon_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value:"
+    expected_url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value"
+    assert_equal "#{generate_result(expected_url)}:", auto_link(url)
+  end
+  def test_autolink_with_trailing_hyphen_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_hyphen=value-"
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_forward_slash_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_forward_slash=value/"
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_number_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_number=value3"
+    assert_equal generate_result(url), auto_link(url)
+  end
   def test_auto_link_does_not_timeout_when_parsing_odd_email_input
-    inputs = %w(
+    inputs = %W(
       foo@...................................
       foo@........................................
       foo@.............................................
+      #{'foo' * 20000}@
     )
     inputs.each do |input|
@@ -325,14 +371,15 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     end
   end
+  def test_auto_link_with_www_in_non_url_string
+    assert_equal "awww.", auto_link("awww.")
+  end
   private
-  def generate_result(link_text, href = nil, escape = false)
-    href ||= link_text
-    if escape
-      %{<a href="#{CGI::escapeHTML href}">#{CGI::escapeHTML link_text}</a>}
-    else
-      %{<a href="#{href}">#{link_text}</a>}
-    end
+  def generate_result(link_text, href = nil)
+    text = sanitize(link_text)
+    href = sanitize(href) || text
+    %{<a href="#{href}">#{text}</a>}.gsub("&#39;", "'") # ActionView does not escape '
   end
   # from ruby core

metadata CHANGED Viewed

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rails_autolink
 version: !ruby/object:Gem::Version
-  version: 1.1.5
+  version: 1.1.7
 platform: ruby
 authors:
 - Aaron Patterson
 - Juanjo Bazan
 - Akira Matsuda
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-10-23 00:00:00.000000000 Z
+date: 2022-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '3.1'
 description: This is an extraction of the `auto_link` method from rails. The `auto_link`
@@ -34,39 +34,38 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/rails_autolink/helpers.rb
-- lib/rails_autolink/version.rb
-- lib/rails_autolink.rb
-- .autotest
-- .gitignore
+- ".autotest"
+- ".gitignore"
 - CHANGELOG.rdoc
 - Gemfile
 - README.rdoc
 - Rakefile
+- lib/rails_autolink.rb
+- lib/rails_autolink/helpers.rb
+- lib/rails_autolink/version.rb
 - rails_autolink.gemspec
 - test/test_rails_autolink.rb
 homepage: https://github.com/tenderlove/rails_autolink
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.1.5
-signing_key:
+rubygems_version: 3.2.33
+signing_key:
 specification_version: 4
 summary: Automatic generation of html links in texts
 test_files: []