rails_xss 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.gitignore +21 -0
- data/LICENSE +20 -0
- data/README.rdoc +17 -0
- data/Rakefile +53 -0
- data/VERSION +1 -0
- data/lib/rails_xss.rb +3 -0
- data/test/active_record_helper_test.rb +74 -0
- data/test/asset_tag_helper_test.rb +49 -0
- data/test/caching_test.rb +43 -0
- data/test/date_helper_test.rb +29 -0
- data/test/deprecated_output_safety_test.rb +112 -0
- data/test/erb_util_test.rb +36 -0
- data/test/form_helper_test.rb +1447 -0
- data/test/form_tag_helper_test.rb +354 -0
- data/test/helper.rb +10 -0
- data/test/output_safety_test.rb +115 -0
- data/test/rails_xss_test.rb +23 -0
- data/test/test_helper.rb +5 -0
- data/test/test_rails_xss.rb +7 -0
- data/test/text_helper_test.rb +17 -0
- metadata +97 -0
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class RailsXssTest < ActiveSupport::TestCase
|
4
|
+
test "ERB::Util.h should mark its return value as safe and escape it" do
|
5
|
+
escaped = ERB::Util.h("<p>")
|
6
|
+
assert_equal "<p>", escaped
|
7
|
+
assert escaped.html_safe?
|
8
|
+
end
|
9
|
+
|
10
|
+
test "ERB::Util.h should leave previously safe strings alone " do
|
11
|
+
# TODO this seems easier to compose and reason about, but
|
12
|
+
# this should be verified
|
13
|
+
escaped = ERB::Util.h("<p>".html_safe)
|
14
|
+
assert_equal "<p>", escaped
|
15
|
+
assert escaped.html_safe?
|
16
|
+
end
|
17
|
+
|
18
|
+
test "ERB::Util.h should not implode when passed a non-string" do
|
19
|
+
assert_nothing_raised do
|
20
|
+
assert_equal "1", ERB::Util.h(1)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class TextHelperTest < ActionView::TestCase
|
4
|
+
|
5
|
+
def setup
|
6
|
+
@controller = Class.new do
|
7
|
+
attr_accessor :request
|
8
|
+
def url_for(*args) "http://www.example.com" end
|
9
|
+
end.new
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_simple_format_with_escaping_html_options
|
13
|
+
assert_dom_equal(%(<p class="intro">It's nice to have options.</p>),
|
14
|
+
simple_format("It's nice to have options.", :class=>"intro"))
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
metadata
ADDED
@@ -0,0 +1,97 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rails_xss
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 1
|
8
|
+
- 0
|
9
|
+
version: 0.1.0
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- joloudov
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2010-07-01 00:00:00 +04:00
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: erubis
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 2
|
29
|
+
- 6
|
30
|
+
- 5
|
31
|
+
version: 2.6.5
|
32
|
+
type: :development
|
33
|
+
version_requirements: *id001
|
34
|
+
description: This plugin replaces the default ERB template handlers with erubis, and switches the behaviour to escape by default rather than requiring you to escape. This is consistent with the behaviour in Rails 3.0.
|
35
|
+
email: joloudov@gmail.com
|
36
|
+
executables: []
|
37
|
+
|
38
|
+
extensions: []
|
39
|
+
|
40
|
+
extra_rdoc_files:
|
41
|
+
- LICENSE
|
42
|
+
- README.rdoc
|
43
|
+
files:
|
44
|
+
- .document
|
45
|
+
- .gitignore
|
46
|
+
- LICENSE
|
47
|
+
- README.rdoc
|
48
|
+
- Rakefile
|
49
|
+
- VERSION
|
50
|
+
- lib/rails_xss.rb
|
51
|
+
- test/helper.rb
|
52
|
+
- test/test_rails_xss.rb
|
53
|
+
has_rdoc: true
|
54
|
+
homepage: http://github.com/joloudov/rails_xss
|
55
|
+
licenses: []
|
56
|
+
|
57
|
+
post_install_message:
|
58
|
+
rdoc_options:
|
59
|
+
- --charset=UTF-8
|
60
|
+
require_paths:
|
61
|
+
- lib
|
62
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
segments:
|
67
|
+
- 0
|
68
|
+
version: "0"
|
69
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
70
|
+
requirements:
|
71
|
+
- - ">="
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
segments:
|
74
|
+
- 0
|
75
|
+
version: "0"
|
76
|
+
requirements: []
|
77
|
+
|
78
|
+
rubyforge_project:
|
79
|
+
rubygems_version: 1.3.7
|
80
|
+
signing_key:
|
81
|
+
specification_version: 3
|
82
|
+
summary: A plugin for rails 2.3 apps which switches the default to escape by default
|
83
|
+
test_files:
|
84
|
+
- test/deprecated_output_safety_test.rb
|
85
|
+
- test/output_safety_test.rb
|
86
|
+
- test/form_tag_helper_test.rb
|
87
|
+
- test/form_helper_test.rb
|
88
|
+
- test/test_helper.rb
|
89
|
+
- test/erb_util_test.rb
|
90
|
+
- test/date_helper_test.rb
|
91
|
+
- test/active_record_helper_test.rb
|
92
|
+
- test/caching_test.rb
|
93
|
+
- test/test_rails_xss.rb
|
94
|
+
- test/text_helper_test.rb
|
95
|
+
- test/asset_tag_helper_test.rb
|
96
|
+
- test/rails_xss_test.rb
|
97
|
+
- test/helper.rb
|