RubyGems - rails_autolink - Versions diffs - 1.1.5 → 1.1.7 - Mend

rails_autolink 1.1.5 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +5 -5
data/.gitignore +3 -1
data/CHANGELOG.rdoc +16 -0
data/Gemfile +9 -2
data/README.rdoc +1 -1
data/Rakefile +2 -0
data/lib/rails_autolink/helpers.rb +4 -4
data/lib/rails_autolink/version.rb +2 -2
data/test/test_rails_autolink.rb +76 -29
metadata +15 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a9a91def4e38bcb28f15482c69da7024e299a19c
-  data.tar.gz: e987cc56142e5e1a882dfac7dd2aec775f3c68b4
+SHA256:
+  metadata.gz: 8151243f8627232813288a4ec8e6e7c9ff2df1b9bab1d8d093534fc09359a866
+  data.tar.gz: 6ee3e115c0e7400fc0f1aebd68ef5e727db8b0d08b46c3daff87788d5ff7f52a
 SHA512:
-  metadata.gz: ec0d9d57552ac9d0198c4593265c6f8f68d5acc3398c136b1dc3c35228da77cb46c4025444d31a786159b5025514266ef220a98691a01a5e40c78fb19a959739
-  data.tar.gz: a5ece6112a62cf23086f764938ad2781a86ed25539fd0e2b7b8a978fd3b57d1b8d6c7214b2bceb2871574c722e33ce9005018af13235d23e2bce3d84ebcbbce8
+  metadata.gz: 98f03447600e361b2061cb12ccab3e215d56eff9e3ffacf9a70507873fea8e3a92882446959d307f787206aed77f8d5f28a248c3dbcea56e274335592ae04028
+  data.tar.gz: 10228d699f37f4a8d08e7d430e3eb9516387ced3b3dc964e95b1a4717deda33121a0670ee4b6cccb042f08ff0b53a7f783c50a63b73de0a0c592fe6f81144ab2

data/.gitignore CHANGED Viewed

@@ -10,4 +10,6 @@ pkg
 rdoc
 test/tmp
 test/version_tmp
-tmp
+tmp
+.rvmrc
+.ruby-*

data/CHANGELOG.rdoc CHANGED Viewed

@@ -1,3 +1,19 @@
+=== 1.1.7 / 2022-11-02
+* Require a word part after “www.” when auto linking #75
+* Include trailing hyphens in URL #74
+* Make test suite work under Rails 7 #72
+* Optimize email address parsing #63
+* Switch to MiniTest 5 #48
+=== 1.1.6 / 2014-06-08
+* Fixed a potential XSS vulnerability #47
+* Hold onto trailing = and & characters as part of urls #45
+* Ensure test compatibility with Rails 3.2.x/4.0.x/4.1.x #44
+* Readme typo #41
+* require timeout in tests #40
 === 1.1.5 / 2013-10-23
 * Improved performance of email regex

data/Gemfile CHANGED Viewed

@@ -1,6 +1,13 @@
 source 'https://rubygems.org'
+# To test on latest Rails release, use the following:
 gem 'rails'
-gem 'arel'
-gem 'rack'
 gem 'minitest'
+# To test on Rails 4.0.x release, use the following e.g. for 4.0.1:
+# gem 'rails', '= 4.0.1'
+# gem 'minitest'
+# To test on Rails 3.2.x, use the following e.g. for 3.2.17:
+# gem 'rails', '= 3.2.17'
+# gem 'minitest', '= 4.2'

data/README.rdoc CHANGED Viewed

@@ -11,7 +11,7 @@ bridge the gap for people migrating.
 == FEATURES:
 By default auto_link returns sanitized html_safe strings.
-This behaviour can be overriden setting the <tt>:sanitize</tt> option to false
+This behaviour can be overridden by setting the <tt>:sanitize</tt> option to false
 (thus making it insecure if you don't have the content under control).
 == SYNOPSIS:

data/Rakefile CHANGED Viewed

@@ -6,3 +6,5 @@ Rake::TestTask.new do |t|
   t.libs << 'test'
   t.pattern = 'test/test_*.rb'
 end
+task :default => :test

data/lib/rails_autolink/helpers.rb CHANGED Viewed

@@ -71,15 +71,15 @@ module RailsAutolink
         private
           AUTO_LINK_RE = %r{
-              (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\. )
-              [^\s<\u00A0]+
+              (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\.\w )
+              [^\s<\u00A0"]+
             }ix
           # regexps for determining context, used high-volume
           AUTO_LINK_CRE = [/<[^>]+$/, /^[^>]*>/, /<a\b.*?>/i, /<\/a>/i]
           AUTO_EMAIL_LOCAL_RE = /[\w.!#\$%&'*\/=?^`{|}~+-]/
-          AUTO_EMAIL_RE = /[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/
+          AUTO_EMAIL_RE = /(?<!#{AUTO_EMAIL_LOCAL_RE})[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/
           BRACKETS = { ']' => '[', ')' => '(', '}' => '{' }
@@ -98,7 +98,7 @@ module RailsAutolink
                 href
               else
                 # don't include trailing punctuation character as part of the URL
-                while href.sub!(/[^#{WORD_PATTERN}\/-]$/, '')
+                while href.sub!(/[^#{WORD_PATTERN}\/\-=;]$/, '')
                   punctuation.push $&
                   if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size
                     href << punctuation.pop

data/lib/rails_autolink/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RailsAutolink
-  VERSION = '1.1.5'
-end
+  VERSION = '1.1.7'
+end

data/test/test_rails_autolink.rb CHANGED Viewed

@@ -2,22 +2,18 @@
 require "minitest/autorun"
 require "rails"
-require "rails_autolink/helpers"
 require 'erb'
 require 'cgi'
-require 'active_support/core_ext/class/attribute_accessors'
+require 'active_support'
+require 'active_support/core_ext'
 require 'action_pack'
-require 'action_view/helpers/capture_helper'
-require 'action_view/helpers/sanitize_helper'
-require 'action_view/helpers/url_helper'
-require 'action_view/helpers/tag_helper'
-require 'active_support/core_ext/module/attribute_accessors'
-require 'active_support/core_ext/string/encoding'
+require 'action_view'
+require 'action_view/helpers'
 require 'action_dispatch/testing/assertions'
-require 'action_view/helpers/text_helper'
-require 'action_view/helpers/output_safety_helper'
+require 'timeout'
+require "rails_autolink/helpers"
-class TestRailsAutolink < MiniTest::Unit::TestCase
+class TestRailsAutolink < Minitest::Test
   include ActionView::Helpers::CaptureHelper
   include ActionView::Helpers::TextHelper
   include ActionView::Helpers::SanitizeHelper
@@ -28,7 +24,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
   def test_auto_link_within_tags
     link_raw    = 'http://www.rubyonrails.org/images/rails.png'
-    link_result = %Q(<img src="#{link_raw}" />)
+    link_result = %Q(<img src="#{link_raw}">)
     assert_equal link_result, auto_link(link_result)
   end
@@ -66,7 +62,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     url = "http://api.rubyonrails.com/Foo.html"
     email = "fantabulous@shiznadel.ic"
-    assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br /><a href="mailto:#{email}">#{email[0...7]}...</a><br /></p>), auto_link("<p>#{url}<br />#{email}<br /></p>") { |_url| truncate(_url, :length => 10) }
+    assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br><a href="mailto:#{email}">#{email[0...7]}...</a><br></p>), auto_link("<p>#{url}<br>#{email}<br></p>") { |_url| truncate(_url, :length => 10) }
   end
   def test_auto_link_with_block_with_html
@@ -85,7 +81,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
   def test_auto_link_should_sanitize_input_when_sanitize_option_is_not_false
     link_raw     = %{http://www.rubyonrails.com?id=1&num=2}
     malicious_script  = '<script>alert("malicious!")</script>'
-    assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link("#{link_raw}#{malicious_script}")
+    assert_equal %{<a href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")}, auto_link("#{link_raw}#{malicious_script}")
     assert auto_link("#{link_raw}#{malicious_script}").html_safe?
   end
@@ -94,7 +90,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     malicious_script  = '<script>alert("malicious!")</script>'
     text_with_attributes = %{<a href="http://ruby-lang-org" target="_blank" data-malicious="inject">Ruby</a>}
-    text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a><a href="http://ruby-lang-org" target="_blank">Ruby</a>}
+    text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")<a href="http://ruby-lang-org" target="_blank">Ruby</a>}
     assert_equal text_result, auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
                                         :sanitize_options => {:attributes => ["target", "href"]},
                                         :html => {:class => 'big'})
@@ -138,11 +134,19 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     assert_equal linked_email, auto_link(linked_email)
   end
+  def test_auto_link_with_malicious_attr
+    url1 = "http://api.rubyonrails.com/Foo.html"
+    malicious = "\"onmousemove=\"prompt()"
+    combination = "#{url1}#{malicious}"
+    assert_equal %(<p><a href="#{url1}">#{url1}</a>#{malicious}</p>), auto_link("<p>#{combination}</p>")
+  end
   def test_auto_link_at_eol
     url1 = "http://api.rubyonrails.com/Foo.html"
     url2 = "http://www.ruby-doc.org/core/Bar.html"
-    assert_equal %(<p><a href="#{url1}">#{url1}</a><br /><a href="#{url2}">#{url2}</a><br /></p>), auto_link("<p>#{url1}<br />#{url2}<br /></p>")
+    assert_equal %(<p><a href="#{url1}">#{url1}</a><br><a href="#{url2}">#{url2}</a><br></p>), auto_link("<p>#{url1}<br>#{url2}<br></p>")
   end
   def test_auto_link_should_be_html_safe
@@ -173,9 +177,16 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
   end
   def test_auto_link_email_addres_with_especial_chars
-    email_raw    = "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
-    email_sanitized = "and&amp;re$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
-    email_result = %{<a href="mailto:#{email_raw}">#{email_sanitized}</a>}
+    email_raw = "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
+    email_raw_encoded = ERB::Util.url_encode("andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com").gsub("%40", "@")
+    email_sanitized = if Rails.version =~ /^3/
+      # mail_to changed the number base it rendered HTML encoded characters at some point
+      "andre$la*+r-a.o&#x27;rea=l~ly@tenderlovemaking.com"
+    else
+      "andre$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
+    end
+    email_result = %{<a href="mailto:#{email_raw_encoded}">#{email_sanitized}</a>}
     assert_equal email_result, auto_link(email_raw)
     assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
   end
@@ -185,7 +196,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>}
     link_raw     = 'http://www.rubyonrails.com'
     link_result  = generate_result(link_raw)
-    link_result_with_options = %{<a href="#{link_raw}" target="_blank">#{link_raw}</a>}
+    link_result_with_options = %{<a target="_blank" href="#{link_raw}">#{link_raw}</a>}
     assert_equal '', auto_link(nil)
     assert_equal '', auto_link('')
@@ -203,7 +214,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     assert_equal %(#{link_result} #{link_result}), auto_link(%(#{link_result} #{link_raw}))
     email2_raw    = '+david@loudthinking.com'
-    email2_result = %{<a href="mailto:#{email2_raw}">#{email2_raw}</a>}
+    email2_result = %{<a href="mailto:%2Bdavid@loudthinking.com">#{email2_raw}</a>}
     assert_equal email2_result, auto_link(email2_raw)
     assert_equal email2_result, auto_link(email2_raw, :all)
     assert_equal email2_result, auto_link(email2_raw, :email_addresses)
@@ -304,6 +315,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
       http://of.openfoundry.org/projects/492/download#4th.Release.3
       http://maps.google.co.uk/maps?f=q&q=the+london+eye&ie=UTF8&ll=51.503373,-0.11939&spn=0.007052,0.012767&z=16&iwloc=A
       http://около.кола/колокола
+      https://123domain.com https://123.com https://123.domain.com https://www.123.domain.com
     )
     urls.each do |url|
@@ -311,11 +323,45 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     end
   end
+  def test_autolink_with_trailing_equals_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_equals="
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_amp_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value&"
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_colon_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value:"
+    expected_url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value"
+    assert_equal "#{generate_result(expected_url)}:", auto_link(url)
+  end
+  def test_autolink_with_trailing_hyphen_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_hyphen=value-"
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_forward_slash_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_forward_slash=value/"
+    assert_equal generate_result(url), auto_link(url)
+  end
+  def test_autolink_with_trailing_number_on_link
+    url = "http://www.rubyonrails.com/foo.cgi?trailing_number=value3"
+    assert_equal generate_result(url), auto_link(url)
+  end
   def test_auto_link_does_not_timeout_when_parsing_odd_email_input
-    inputs = %w(
+    inputs = %W(
       foo@...................................
       foo@........................................
       foo@.............................................
+      #{'foo' * 20000}@
     )
     inputs.each do |input|
@@ -325,14 +371,15 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     end
   end
+  def test_auto_link_with_www_in_non_url_string
+    assert_equal "awww.", auto_link("awww.")
+  end
   private
-  def generate_result(link_text, href = nil, escape = false)
-    href ||= link_text
-    if escape
-      %{<a href="#{CGI::escapeHTML href}">#{CGI::escapeHTML link_text}</a>}
-    else
-      %{<a href="#{href}">#{link_text}</a>}
-    end
+  def generate_result(link_text, href = nil)
+    text = sanitize(link_text)
+    href = sanitize(href) || text
+    %{<a href="#{href}">#{text}</a>}.gsub("&#39;", "'") # ActionView does not escape '
   end
   # from ruby core

metadata CHANGED Viewed

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rails_autolink
 version: !ruby/object:Gem::Version
-  version: 1.1.5
+  version: 1.1.7
 platform: ruby
 authors:
 - Aaron Patterson
 - Juanjo Bazan
 - Akira Matsuda
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-10-23 00:00:00.000000000 Z
+date: 2022-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '3.1'
 description: This is an extraction of the `auto_link` method from rails. The `auto_link`
@@ -34,39 +34,38 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/rails_autolink/helpers.rb
-- lib/rails_autolink/version.rb
-- lib/rails_autolink.rb
-- .autotest
-- .gitignore
+- ".autotest"
+- ".gitignore"
 - CHANGELOG.rdoc
 - Gemfile
 - README.rdoc
 - Rakefile
+- lib/rails_autolink.rb
+- lib/rails_autolink/helpers.rb
+- lib/rails_autolink/version.rb
 - rails_autolink.gemspec
 - test/test_rails_autolink.rb
 homepage: https://github.com/tenderlove/rails_autolink
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.1.5
-signing_key:
+rubygems_version: 3.2.33
+signing_key:
 specification_version: 4
 summary: Automatic generation of html links in texts
 test_files: []