rails_xss 0.1.3 → 0.3.0

data/Rakefile

@@ -48,7 +48,7 @@ task :test => :check_dependencies
 
 task :default => :test
 
-require 'rake/rdoctask'
+require 'rdoc/task'
 Rake::RDocTask.new do |rdoc|
   version = File.exist?('VERSION') ? File.read('VERSION') : ""
 

data/VERSION

@@ -1 +1 @@
-0.1.3
+0.3.0

data/lib/rails_xss/erubis.rb

@@ -1,4 +1,10 @@
-require 'erubis/helpers/rails_helper'
+# stop erubis from printing it's version number all the time
+old_stdout = $stdout
+File.open("/dev/null", "w") do |f|
+  $stdout = f
+  require 'erubis/helpers/rails_helper'
+  $stdout = old_stdout
+end
 
 module RailsXss
   class Erubis < ::Erubis::Eruby

metadata

@@ -1,45 +1,41 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rails_xss
-version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 0
-  - 1
-  - 3
-  version: 0.1.3
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - joloudov
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2010-07-14 00:00:00 +04:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-08-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: erubis
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 2
-        - 6
-        - 5
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 2.6.5
   type: :development
-  version_requirements: *id001
-description: This plugin replaces the default ERB template handlers with erubis, and switches the behaviour to escape by default rather than requiring you to escape. This is consistent with the behaviour in Rails 3.0.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.6.5
+description: This plugin replaces the default ERB template handlers with erubis, and
+  switches the behaviour to escape by default rather than requiring you to escape.
+  This is consistent with the behaviour in Rails 3.0.
 email: joloudov@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.markdown
-files: 
+files:
 - MIT-LICENSE
 - README.markdown
 - Rakefile
@@ -50,46 +46,28 @@ files:
 - lib/rails_xss/erubis.rb
 - lib/rails_xss/string_ext.rb
 - lib/tasks/rails_xss_tasks.rake
-has_rdoc: true
 homepage: http://github.com/joloudov/rails_xss
 licenses: []
-
 post_install_message: 
-rdoc_options: 
-- --charset=UTF-8
-require_paths: 
+rdoc_options: []
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: A plugin for rails 2.3 apps which switches the default to escape by default
-test_files: 
-- test/deprecated_output_safety_test.rb
-- test/output_safety_test.rb
-- test/form_tag_helper_test.rb
-- test/form_helper_test.rb
-- test/test_helper.rb
-- test/erb_util_test.rb
-- test/date_helper_test.rb
-- test/active_record_helper_test.rb
-- test/caching_test.rb
-- test/text_helper_test.rb
-- test/asset_tag_helper_test.rb
-- test/rails_xss_test.rb
+test_files: []

data/test/active_record_helper_test.rb

@@ -1,74 +0,0 @@
-require 'test_helper'
-
-class ActiveRecordHelperTest < ActionView::TestCase
-  silence_warnings do
-    Post = Struct.new("Post", :title, :author_name, :body, :secret, :written_on)
-    Post.class_eval do
-      alias_method :title_before_type_cast, :title unless respond_to?(:title_before_type_cast)
-      alias_method :body_before_type_cast, :body unless respond_to?(:body_before_type_cast)
-      alias_method :author_name_before_type_cast, :author_name unless respond_to?(:author_name_before_type_cast)
-    end
-  end
-
-  def setup_post
-    @post = Post.new
-    def @post.errors
-      Class.new {
-        def on(field)
-          case field.to_s
-          when "author_name"
-            "can't be empty"
-          when "body"
-            true
-          else
-            false
-          end
-        end
-        def empty?() false end
-        def count() 1 end
-        def full_messages() [ "Author name can't be empty" ] end
-      }.new
-    end
-
-    def @post.new_record?() true end
-    def @post.to_param() nil end
-
-    def @post.column_for_attribute(attr_name)
-      Post.content_columns.select { |column| column.name == attr_name }.first
-    end
-
-    silence_warnings do
-      def Post.content_columns() [ Column.new(:string, "title", "Title"), Column.new(:text, "body", "Body") ] end
-    end
-
-    @post.title       = "Hello World"
-    @post.author_name = ""
-    @post.body        = "Back to the hill and over it again!"
-    @post.secret = 1
-    @post.written_on  = Date.new(2004, 6, 15)
-  end
-
-  def setup
-    setup_post
-
-    @response = ActionController::TestResponse.new
-
-    @controller = Object.new
-    def @controller.url_for(options)
-      options = options.symbolize_keys
-
-      [options[:action], options[:id].to_param].compact.join('/')
-    end
-  end
-
-  def test_text_field_with_errors_is_safe
-    assert text_field("post", "author_name").html_safe?
-  end
-
-  def test_text_field_with_errors
-    assert_dom_equal(
-      %(<div class="fieldWithErrors"><input id="post_author_name" name="post[author_name]" size="30" type="text" value="" /></div>),
-      text_field("post", "author_name")
-    )
-  end
-end

data/test/asset_tag_helper_test.rb

@@ -1,49 +0,0 @@
-require 'test_helper'
-
-class AssetTagHelperTest < ActionView::TestCase
-  def setup
-    @controller = Class.new do
-      attr_accessor :request
-      def url_for(*args) "http://www.example.com" end
-    end.new
-  end
-
-  def test_auto_discovery_link_tag
-    assert_dom_equal(%(<link href="http://www.example.com" rel="Not so alternate" title="ATOM" type="application/atom+xml" />),
-                     auto_discovery_link_tag(:atom, {}, {:rel => "Not so alternate"}))
-  end
-
-  def test_javascript_include_tag_with_blank_asset_id
-    ENV["RAILS_ASSET_ID"] = ""
-    assert_dom_equal(%(<script src="/javascripts/test.js" type="text/javascript"></script>\n<script src="/javascripts/prototype.js" type="text/javascript"></script>\n<script src="/javascripts/effects.js" type="text/javascript"></script>\n<script src="/javascripts/dragdrop.js" type="text/javascript"></script>\n<script src="/javascripts/controls.js" type="text/javascript"></script>\n<script src="/javascripts/application.js" type="text/javascript"></script>),
-                     javascript_include_tag("test", :defaults))
-  end
-
-  def test_javascript_include_tag_with_given_asset_id
-    ENV["RAILS_ASSET_ID"] = "1"
-    assert_dom_equal(%(<script src="/javascripts/prototype.js?1" type="text/javascript"></script>\n<script src="/javascripts/effects.js?1" type="text/javascript"></script>\n<script src="/javascripts/dragdrop.js?1" type="text/javascript"></script>\n<script src="/javascripts/controls.js?1" type="text/javascript"></script>\n<script src="/javascripts/application.js?1" type="text/javascript"></script>),
-                     javascript_include_tag(:defaults))
-    ENV["RAILS_ASSET_ID"] = ""
-  end
-
-  def test_javascript_include_tag_is_html_safe
-    assert javascript_include_tag(:defaults).html_safe?
-    assert javascript_include_tag("prototype").html_safe?
-  end
-
-  def test_stylesheet_link_tag
-    assert_dom_equal(%(<link href="http://www.example.com/styles/style.css" media="screen" rel="stylesheet" type="text/css" />),
-                     stylesheet_link_tag("http://www.example.com/styles/style"))
-  end
-
-  def test_stylesheet_link_tag_is_html_safe
-    assert stylesheet_link_tag('dir/file').html_safe?
-    assert stylesheet_link_tag('dir/other/file', 'dir/file2').html_safe?
-    assert stylesheet_tag('dir/file', {}).html_safe?
-  end
-
-  def test_image_tag
-    assert_dom_equal(%(<img alt="Mouse" onmouseover="this.src='/images/mouse_over.png'" onmouseout="this.src='/images/mouse.png'" src="/images/mouse.png" />),
-                     image_tag("mouse.png", :mouseover => image_path("mouse_over.png")))
-  end
-end

data/test/caching_test.rb

@@ -1,43 +0,0 @@
-require 'test_helper'
-
-CACHE_DIR = 'test_cache'
-# Don't change '/../temp/' cavalierly or you might hose something you don't want hosed
-FILE_STORE_PATH = File.join(File.dirname(__FILE__), '/../temp/', CACHE_DIR)
-ActionController::Base.page_cache_directory = FILE_STORE_PATH
-ActionController::Base.cache_store = :file_store, FILE_STORE_PATH
-
-class FragmentCachingTestController < ActionController::Base
-  def some_action; end;
-end
-
-class FragmentCachingTest < ActionController::TestCase
-  def setup
-    ActionController::Base.perform_caching = true
-    @store = ActiveSupport::Cache::MemoryStore.new
-    ActionController::Base.cache_store = @store
-    @controller = FragmentCachingTestController.new
-    @params = {:controller => 'posts', :action => 'index'}
-    @request = ActionController::TestRequest.new
-    @response = ActionController::TestResponse.new
-    @controller.params = @params
-    @controller.request = @request
-    @controller.response = @response
-    @controller.send(:initialize_current_url)
-    @controller.send(:initialize_template_class, @response)
-    @controller.send(:assign_shortcuts, @request, @response)
-  end
-
-  def test_html_safety
-    assert_nil @store.read('views/name')
-    content = 'value'.html_safe
-    assert_equal content, @controller.write_fragment('name', content)
-
-    cached = @store.read('views/name')
-    assert_equal content, cached
-    assert_equal String, cached.class
-
-    html_safe = @controller.read_fragment('name')
-    assert_equal content, html_safe
-    assert html_safe.html_safe?
-  end
-end

data/test/date_helper_test.rb

@@ -1,29 +0,0 @@
-require 'test_helper'
-
-class DateHelperTest < ActionView::TestCase
-  silence_warnings do
-    Post = Struct.new("Post", :id, :written_on, :updated_at)
-  end
-
-  def test_select_html_safety
-    assert select_day(16).html_safe?
-    assert select_month(8).html_safe?
-    assert select_year(Time.mktime(2003, 8, 16, 8, 4, 18)).html_safe?
-    assert select_minute(Time.mktime(2003, 8, 16, 8, 4, 18)).html_safe?
-    assert select_second(Time.mktime(2003, 8, 16, 8, 4, 18)).html_safe?
-
-    assert select_minute(8, :use_hidden => true).html_safe?
-    assert select_month(8, :prompt => 'Choose month').html_safe?
-
-    assert select_time(Time.mktime(2003, 8, 16, 8, 4, 18), {}, :class => 'selector').html_safe?
-    assert select_date(Time.mktime(2003, 8, 16), :date_separator => " / ", :start_year => 2003, :end_year => 2005, :prefix => "date[first]").html_safe?
-  end
-  
-  def test_object_select_html_safety
-    @post = Post.new
-    @post.written_on = Date.new(2004, 6, 15)
-
-    assert date_select("post", "written_on", :default => Time.local(2006, 9, 19, 15, 16, 35), :include_blank => true).html_safe?    
-    assert time_select("post", "written_on", :ignore_date => true).html_safe?    
-  end
-end

data/test/deprecated_output_safety_test.rb

@@ -1,112 +0,0 @@
-require 'test_helper'
-
-class DeprecatedOutputSafetyTest < ActiveSupport::TestCase
-  def setup
-    @string = "hello"
-  end
-
-  test "A string can be marked safe using html_safe!" do
-    assert_deprecated do
-      @string.html_safe!
-      assert @string.html_safe?
-    end
-  end
-
-  test "Marking a string safe returns the string using html_safe!" do
-    assert_deprecated do
-      assert_equal @string, @string.html_safe!
-    end
-  end
-
-  test "Adding a safe string to another safe string returns a safe string using html_safe!" do
-    assert_deprecated do
-      @other_string = "other".html_safe!
-      @string.html_safe!
-      @combination = @other_string + @string
-
-      assert_equal "otherhello", @combination
-      assert @combination.html_safe?
-    end
-  end
-
-  test "Adding an unsafe string to a safe string returns an unsafe string using html_safe!" do
-    assert_deprecated do
-      @other_string = "other".html_safe!
-      @combination = @other_string + "<foo>"
-      @other_combination = @string + "<foo>"
-
-      assert_equal "other<foo>", @combination
-      assert_equal "hello<foo>", @other_combination
-
-      assert !@combination.html_safe?
-      assert !@other_combination.html_safe?
-    end
-  end
-
-  test "Concatting safe onto unsafe yields unsafe using html_safe!" do
-    assert_deprecated do
-      @other_string = "other"
-      @string.html_safe!
-
-      @other_string.concat(@string)
-      assert !@other_string.html_safe?
-    end
-  end
-
-  test "Concatting unsafe onto safe yields unsafe using html_safe!" do
-    assert_deprecated do
-      @other_string = "other".html_safe!
-      string = @other_string.concat("<foo>")
-      assert_equal "other<foo>", string
-      assert !string.html_safe?
-    end
-  end
-
-  test "Concatting safe onto safe yields safe using html_safe!" do
-    assert_deprecated do
-      @other_string = "other".html_safe!
-      @string.html_safe!
-
-      @other_string.concat(@string)
-      assert @other_string.html_safe?
-    end
-  end
-
-  test "Concatting safe onto unsafe with << yields unsafe using html_safe!" do
-    assert_deprecated do
-      @other_string = "other"
-      @string.html_safe!
-
-      @other_string << @string
-      assert !@other_string.html_safe?
-    end
-  end
-
-  test "Concatting unsafe onto safe with << yields unsafe using html_safe!" do
-    assert_deprecated do
-      @other_string = "other".html_safe!
-      string = @other_string << "<foo>"
-      assert_equal "other<foo>", string
-      assert !string.html_safe?
-    end
-  end
-
-  test "Concatting safe onto safe with << yields safe using html_safe!" do
-    assert_deprecated do
-      @other_string = "other".html_safe!
-      @string.html_safe!
-
-      @other_string << @string
-      assert @other_string.html_safe?
-    end
-  end
-
-  test "Concatting a fixnum to safe always yields safe using html_safe!" do
-    assert_deprecated do
-      @string.html_safe!
-      @string.concat(13)
-      assert_equal "hello".concat(13), @string
-      assert @string.html_safe?
-    end
-  end
-end

data/test/erb_util_test.rb

@@ -1,36 +0,0 @@
-require 'test_helper'
-
-class ErbUtilTest < Test::Unit::TestCase
-  include ERB::Util
-
-  ERB::Util::HTML_ESCAPE.each do |given, expected|
-    define_method "test_html_escape_#{expected.gsub(/\W/, '')}" do
-      assert_equal expected, html_escape(given)
-    end
-
-    unless given == '"'
-      define_method "test_json_escape_#{expected.gsub(/\W/, '')}" do
-        assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given)
-      end
-    end
-  end
-  
-  def test_html_escape_is_html_safe
-    escaped = h("<p>")
-    assert_equal "&lt;p&gt;", escaped
-    assert escaped.html_safe?
-  end
-
-  def test_html_escape_passes_html_escpe_unmodified
-    escaped = h("<p>".html_safe)
-    assert_equal "<p>", escaped
-    assert escaped.html_safe?
-  end
-
-  def test_rest_in_ascii
-    (0..127).to_a.map {|int| int.chr }.each do |chr|
-      next if %w(& " < >).include?(chr)
-      assert_equal chr, html_escape(chr)
-    end
-  end
-end