rails_autolink 1.1.5 → 1.1.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: a9a91def4e38bcb28f15482c69da7024e299a19c
4
- data.tar.gz: e987cc56142e5e1a882dfac7dd2aec775f3c68b4
2
+ SHA256:
3
+ metadata.gz: 8151243f8627232813288a4ec8e6e7c9ff2df1b9bab1d8d093534fc09359a866
4
+ data.tar.gz: 6ee3e115c0e7400fc0f1aebd68ef5e727db8b0d08b46c3daff87788d5ff7f52a
5
5
  SHA512:
6
- metadata.gz: ec0d9d57552ac9d0198c4593265c6f8f68d5acc3398c136b1dc3c35228da77cb46c4025444d31a786159b5025514266ef220a98691a01a5e40c78fb19a959739
7
- data.tar.gz: a5ece6112a62cf23086f764938ad2781a86ed25539fd0e2b7b8a978fd3b57d1b8d6c7214b2bceb2871574c722e33ce9005018af13235d23e2bce3d84ebcbbce8
6
+ metadata.gz: 98f03447600e361b2061cb12ccab3e215d56eff9e3ffacf9a70507873fea8e3a92882446959d307f787206aed77f8d5f28a248c3dbcea56e274335592ae04028
7
+ data.tar.gz: 10228d699f37f4a8d08e7d430e3eb9516387ced3b3dc964e95b1a4717deda33121a0670ee4b6cccb042f08ff0b53a7f783c50a63b73de0a0c592fe6f81144ab2
data/.gitignore CHANGED
@@ -10,4 +10,6 @@ pkg
10
10
  rdoc
11
11
  test/tmp
12
12
  test/version_tmp
13
- tmp
13
+ tmp
14
+ .rvmrc
15
+ .ruby-*
data/CHANGELOG.rdoc CHANGED
@@ -1,3 +1,19 @@
1
+ === 1.1.7 / 2022-11-02
2
+
3
+ * Require a word part after “www.” when auto linking #75
4
+ * Include trailing hyphens in URL #74
5
+ * Make test suite work under Rails 7 #72
6
+ * Optimize email address parsing #63
7
+ * Switch to MiniTest 5 #48
8
+
9
+ === 1.1.6 / 2014-06-08
10
+
11
+ * Fixed a potential XSS vulnerability #47
12
+ * Hold onto trailing = and & characters as part of urls #45
13
+ * Ensure test compatibility with Rails 3.2.x/4.0.x/4.1.x #44
14
+ * Readme typo #41
15
+ * require timeout in tests #40
16
+
1
17
  === 1.1.5 / 2013-10-23
2
18
 
3
19
  * Improved performance of email regex
data/Gemfile CHANGED
@@ -1,6 +1,13 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
+ # To test on latest Rails release, use the following:
3
4
  gem 'rails'
4
- gem 'arel'
5
- gem 'rack'
6
5
  gem 'minitest'
6
+
7
+ # To test on Rails 4.0.x release, use the following e.g. for 4.0.1:
8
+ # gem 'rails', '= 4.0.1'
9
+ # gem 'minitest'
10
+
11
+ # To test on Rails 3.2.x, use the following e.g. for 3.2.17:
12
+ # gem 'rails', '= 3.2.17'
13
+ # gem 'minitest', '= 4.2'
data/README.rdoc CHANGED
@@ -11,7 +11,7 @@ bridge the gap for people migrating.
11
11
  == FEATURES:
12
12
 
13
13
  By default auto_link returns sanitized html_safe strings.
14
- This behaviour can be overriden setting the <tt>:sanitize</tt> option to false
14
+ This behaviour can be overridden by setting the <tt>:sanitize</tt> option to false
15
15
  (thus making it insecure if you don't have the content under control).
16
16
 
17
17
  == SYNOPSIS:
data/Rakefile CHANGED
@@ -6,3 +6,5 @@ Rake::TestTask.new do |t|
6
6
  t.libs << 'test'
7
7
  t.pattern = 'test/test_*.rb'
8
8
  end
9
+
10
+ task :default => :test
@@ -71,15 +71,15 @@ module RailsAutolink
71
71
  private
72
72
 
73
73
  AUTO_LINK_RE = %r{
74
- (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\. )
75
- [^\s<\u00A0]+
74
+ (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\.\w )
75
+ [^\s<\u00A0"]+
76
76
  }ix
77
77
 
78
78
  # regexps for determining context, used high-volume
79
79
  AUTO_LINK_CRE = [/<[^>]+$/, /^[^>]*>/, /<a\b.*?>/i, /<\/a>/i]
80
80
 
81
81
  AUTO_EMAIL_LOCAL_RE = /[\w.!#\$%&'*\/=?^`{|}~+-]/
82
- AUTO_EMAIL_RE = /[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/
82
+ AUTO_EMAIL_RE = /(?<!#{AUTO_EMAIL_LOCAL_RE})[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/
83
83
 
84
84
  BRACKETS = { ']' => '[', ')' => '(', '}' => '{' }
85
85
 
@@ -98,7 +98,7 @@ module RailsAutolink
98
98
  href
99
99
  else
100
100
  # don't include trailing punctuation character as part of the URL
101
- while href.sub!(/[^#{WORD_PATTERN}\/-]$/, '')
101
+ while href.sub!(/[^#{WORD_PATTERN}\/\-=;]$/, '')
102
102
  punctuation.push $&
103
103
  if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size
104
104
  href << punctuation.pop
@@ -1,3 +1,3 @@
1
1
  module RailsAutolink
2
- VERSION = '1.1.5'
3
- end
2
+ VERSION = '1.1.7'
3
+ end
@@ -2,22 +2,18 @@
2
2
 
3
3
  require "minitest/autorun"
4
4
  require "rails"
5
- require "rails_autolink/helpers"
6
5
  require 'erb'
7
6
  require 'cgi'
8
- require 'active_support/core_ext/class/attribute_accessors'
7
+ require 'active_support'
8
+ require 'active_support/core_ext'
9
9
  require 'action_pack'
10
- require 'action_view/helpers/capture_helper'
11
- require 'action_view/helpers/sanitize_helper'
12
- require 'action_view/helpers/url_helper'
13
- require 'action_view/helpers/tag_helper'
14
- require 'active_support/core_ext/module/attribute_accessors'
15
- require 'active_support/core_ext/string/encoding'
10
+ require 'action_view'
11
+ require 'action_view/helpers'
16
12
  require 'action_dispatch/testing/assertions'
17
- require 'action_view/helpers/text_helper'
18
- require 'action_view/helpers/output_safety_helper'
13
+ require 'timeout'
14
+ require "rails_autolink/helpers"
19
15
 
20
- class TestRailsAutolink < MiniTest::Unit::TestCase
16
+ class TestRailsAutolink < Minitest::Test
21
17
  include ActionView::Helpers::CaptureHelper
22
18
  include ActionView::Helpers::TextHelper
23
19
  include ActionView::Helpers::SanitizeHelper
@@ -28,7 +24,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
28
24
 
29
25
  def test_auto_link_within_tags
30
26
  link_raw = 'http://www.rubyonrails.org/images/rails.png'
31
- link_result = %Q(<img src="#{link_raw}" />)
27
+ link_result = %Q(<img src="#{link_raw}">)
32
28
  assert_equal link_result, auto_link(link_result)
33
29
  end
34
30
 
@@ -66,7 +62,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
66
62
  url = "http://api.rubyonrails.com/Foo.html"
67
63
  email = "fantabulous@shiznadel.ic"
68
64
 
69
- assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br /><a href="mailto:#{email}">#{email[0...7]}...</a><br /></p>), auto_link("<p>#{url}<br />#{email}<br /></p>") { |_url| truncate(_url, :length => 10) }
65
+ assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br><a href="mailto:#{email}">#{email[0...7]}...</a><br></p>), auto_link("<p>#{url}<br>#{email}<br></p>") { |_url| truncate(_url, :length => 10) }
70
66
  end
71
67
 
72
68
  def test_auto_link_with_block_with_html
@@ -85,7 +81,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
85
81
  def test_auto_link_should_sanitize_input_when_sanitize_option_is_not_false
86
82
  link_raw = %{http://www.rubyonrails.com?id=1&num=2}
87
83
  malicious_script = '<script>alert("malicious!")</script>'
88
- assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link("#{link_raw}#{malicious_script}")
84
+ assert_equal %{<a href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")}, auto_link("#{link_raw}#{malicious_script}")
89
85
  assert auto_link("#{link_raw}#{malicious_script}").html_safe?
90
86
  end
91
87
 
@@ -94,7 +90,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
94
90
  malicious_script = '<script>alert("malicious!")</script>'
95
91
  text_with_attributes = %{<a href="http://ruby-lang-org" target="_blank" data-malicious="inject">Ruby</a>}
96
92
 
97
- text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a><a href="http://ruby-lang-org" target="_blank">Ruby</a>}
93
+ text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")<a href="http://ruby-lang-org" target="_blank">Ruby</a>}
98
94
  assert_equal text_result, auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
99
95
  :sanitize_options => {:attributes => ["target", "href"]},
100
96
  :html => {:class => 'big'})
@@ -138,11 +134,19 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
138
134
  assert_equal linked_email, auto_link(linked_email)
139
135
  end
140
136
 
137
+ def test_auto_link_with_malicious_attr
138
+ url1 = "http://api.rubyonrails.com/Foo.html"
139
+ malicious = "\"onmousemove=\"prompt()"
140
+ combination = "#{url1}#{malicious}"
141
+
142
+ assert_equal %(<p><a href="#{url1}">#{url1}</a>#{malicious}</p>), auto_link("<p>#{combination}</p>")
143
+ end
144
+
141
145
  def test_auto_link_at_eol
142
146
  url1 = "http://api.rubyonrails.com/Foo.html"
143
147
  url2 = "http://www.ruby-doc.org/core/Bar.html"
144
148
 
145
- assert_equal %(<p><a href="#{url1}">#{url1}</a><br /><a href="#{url2}">#{url2}</a><br /></p>), auto_link("<p>#{url1}<br />#{url2}<br /></p>")
149
+ assert_equal %(<p><a href="#{url1}">#{url1}</a><br><a href="#{url2}">#{url2}</a><br></p>), auto_link("<p>#{url1}<br>#{url2}<br></p>")
146
150
  end
147
151
 
148
152
  def test_auto_link_should_be_html_safe
@@ -173,9 +177,16 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
173
177
  end
174
178
 
175
179
  def test_auto_link_email_addres_with_especial_chars
176
- email_raw = "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
177
- email_sanitized = "and&amp;re$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
178
- email_result = %{<a href="mailto:#{email_raw}">#{email_sanitized}</a>}
180
+ email_raw = "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
181
+ email_raw_encoded = ERB::Util.url_encode("andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com").gsub("%40", "@")
182
+ email_sanitized = if Rails.version =~ /^3/
183
+ # mail_to changed the number base it rendered HTML encoded characters at some point
184
+ "andre$la*+r-a.o&#x27;rea=l~ly@tenderlovemaking.com"
185
+ else
186
+ "andre$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
187
+ end
188
+ email_result = %{<a href="mailto:#{email_raw_encoded}">#{email_sanitized}</a>}
189
+
179
190
  assert_equal email_result, auto_link(email_raw)
180
191
  assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
181
192
  end
@@ -185,7 +196,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
185
196
  email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>}
186
197
  link_raw = 'http://www.rubyonrails.com'
187
198
  link_result = generate_result(link_raw)
188
- link_result_with_options = %{<a href="#{link_raw}" target="_blank">#{link_raw}</a>}
199
+ link_result_with_options = %{<a target="_blank" href="#{link_raw}">#{link_raw}</a>}
189
200
 
190
201
  assert_equal '', auto_link(nil)
191
202
  assert_equal '', auto_link('')
@@ -203,7 +214,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
203
214
  assert_equal %(#{link_result} #{link_result}), auto_link(%(#{link_result} #{link_raw}))
204
215
 
205
216
  email2_raw = '+david@loudthinking.com'
206
- email2_result = %{<a href="mailto:#{email2_raw}">#{email2_raw}</a>}
217
+ email2_result = %{<a href="mailto:%2Bdavid@loudthinking.com">#{email2_raw}</a>}
207
218
  assert_equal email2_result, auto_link(email2_raw)
208
219
  assert_equal email2_result, auto_link(email2_raw, :all)
209
220
  assert_equal email2_result, auto_link(email2_raw, :email_addresses)
@@ -304,6 +315,7 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
304
315
  http://of.openfoundry.org/projects/492/download#4th.Release.3
305
316
  http://maps.google.co.uk/maps?f=q&q=the+london+eye&ie=UTF8&ll=51.503373,-0.11939&spn=0.007052,0.012767&z=16&iwloc=A
306
317
  http://около.кола/колокола
318
+ https://123domain.com https://123.com https://123.domain.com https://www.123.domain.com
307
319
  )
308
320
 
309
321
  urls.each do |url|
@@ -311,11 +323,45 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
311
323
  end
312
324
  end
313
325
 
326
+ def test_autolink_with_trailing_equals_on_link
327
+ url = "http://www.rubyonrails.com/foo.cgi?trailing_equals="
328
+ assert_equal generate_result(url), auto_link(url)
329
+ end
330
+
331
+ def test_autolink_with_trailing_amp_on_link
332
+ url = "http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value&"
333
+ assert_equal generate_result(url), auto_link(url)
334
+ end
335
+
336
+ def test_autolink_with_trailing_colon_on_link
337
+ url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value:"
338
+ expected_url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value"
339
+
340
+ assert_equal "#{generate_result(expected_url)}:", auto_link(url)
341
+ end
342
+
343
+ def test_autolink_with_trailing_hyphen_on_link
344
+ url = "http://www.rubyonrails.com/foo.cgi?trailing_hyphen=value-"
345
+ assert_equal generate_result(url), auto_link(url)
346
+ end
347
+
348
+ def test_autolink_with_trailing_forward_slash_on_link
349
+ url = "http://www.rubyonrails.com/foo.cgi?trailing_forward_slash=value/"
350
+ assert_equal generate_result(url), auto_link(url)
351
+ end
352
+
353
+ def test_autolink_with_trailing_number_on_link
354
+ url = "http://www.rubyonrails.com/foo.cgi?trailing_number=value3"
355
+ assert_equal generate_result(url), auto_link(url)
356
+ end
357
+
314
358
  def test_auto_link_does_not_timeout_when_parsing_odd_email_input
315
- inputs = %w(
359
+ inputs = %W(
316
360
  foo@...................................
317
361
  foo@........................................
318
362
  foo@.............................................
363
+
364
+ #{'foo' * 20000}@
319
365
  )
320
366
 
321
367
  inputs.each do |input|
@@ -325,14 +371,15 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
325
371
  end
326
372
  end
327
373
 
374
+ def test_auto_link_with_www_in_non_url_string
375
+ assert_equal "awww.", auto_link("awww.")
376
+ end
377
+
328
378
  private
329
- def generate_result(link_text, href = nil, escape = false)
330
- href ||= link_text
331
- if escape
332
- %{<a href="#{CGI::escapeHTML href}">#{CGI::escapeHTML link_text}</a>}
333
- else
334
- %{<a href="#{href}">#{link_text}</a>}
335
- end
379
+ def generate_result(link_text, href = nil)
380
+ text = sanitize(link_text)
381
+ href = sanitize(href) || text
382
+ %{<a href="#{href}">#{text}</a>}.gsub("&#39;", "'") # ActionView does not escape '
336
383
  end
337
384
 
338
385
  # from ruby core
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_autolink
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.5
4
+ version: 1.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Patterson
8
8
  - Juanjo Bazan
9
9
  - Akira Matsuda
10
- autorequire:
10
+ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-10-23 00:00:00.000000000 Z
13
+ date: 2022-11-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - '>'
19
+ - - ">"
20
20
  - !ruby/object:Gem::Version
21
21
  version: '3.1'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
- - - '>'
26
+ - - ">"
27
27
  - !ruby/object:Gem::Version
28
28
  version: '3.1'
29
29
  description: This is an extraction of the `auto_link` method from rails. The `auto_link`
@@ -34,39 +34,38 @@ executables: []
34
34
  extensions: []
35
35
  extra_rdoc_files: []
36
36
  files:
37
- - lib/rails_autolink/helpers.rb
38
- - lib/rails_autolink/version.rb
39
- - lib/rails_autolink.rb
40
- - .autotest
41
- - .gitignore
37
+ - ".autotest"
38
+ - ".gitignore"
42
39
  - CHANGELOG.rdoc
43
40
  - Gemfile
44
41
  - README.rdoc
45
42
  - Rakefile
43
+ - lib/rails_autolink.rb
44
+ - lib/rails_autolink/helpers.rb
45
+ - lib/rails_autolink/version.rb
46
46
  - rails_autolink.gemspec
47
47
  - test/test_rails_autolink.rb
48
48
  homepage: https://github.com/tenderlove/rails_autolink
49
49
  licenses:
50
50
  - MIT
51
51
  metadata: {}
52
- post_install_message:
52
+ post_install_message:
53
53
  rdoc_options: []
54
54
  require_paths:
55
55
  - lib
56
56
  required_ruby_version: !ruby/object:Gem::Requirement
57
57
  requirements:
58
- - - '>='
58
+ - - ">="
59
59
  - !ruby/object:Gem::Version
60
60
  version: 1.9.3
61
61
  required_rubygems_version: !ruby/object:Gem::Requirement
62
62
  requirements:
63
- - - '>='
63
+ - - ">="
64
64
  - !ruby/object:Gem::Version
65
65
  version: '0'
66
66
  requirements: []
67
- rubyforge_project:
68
- rubygems_version: 2.1.5
69
- signing_key:
67
+ rubygems_version: 3.2.33
68
+ signing_key:
70
69
  specification_version: 4
71
70
  summary: Automatic generation of html links in texts
72
71
  test_files: []