safe_anchor 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 36ca537119640b1f0e8e41328215d3c6272bcd63f33197618e55e15e18c61f39
4
- data.tar.gz: ccee450b96517a33b837ecc894ed41452341d4a9b472ce6f0e19f5fbdb4abc24
3
+ metadata.gz: 6abab9c16c62163459b03bc2666641b5b96d8279b4bebcb0f4eb6de806cc6075
4
+ data.tar.gz: ed5aee9747035a3a7f17eab0ff4744eb99b63d979d6d0a1d9a2a8232cd442e2f
5
5
  SHA512:
6
- metadata.gz: 21858cd8ced53233a7e7a4f7351c1e34a2c5bc374bcbb672302ceceec07219cd3b05f1651dcbea0aac8b5f1f5dc0f0917e8192456f6d7a4324be94288dd72a9a
7
- data.tar.gz: 1f79e1c78d436ddad60888e8e0d3ef673e7443e8886932680852ba63b592c3ce0165c9469887133c91e60fcda1f01bdae011b84fe961115da89b44158481605a
6
+ metadata.gz: '08c6bcc92a1d352ce3269e2ecfff4cb2428817de44f41d3f1830f24172c2399a148585c1ac16601b94cb4ed60d11b78984cdd7204ba923fb15314757fac89476'
7
+ data.tar.gz: dcb9f2d0c1a3c0b27e8561dd28daf69eabea223fb4ebc1592f01ec937947c1681d1f6f446ce6176cc64ba9b9ad17117ca3469b591d2a7014fd641d4f57e78302
data/README.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # SafeAnchor
2
2
 
3
+ ## This is experimental, try at your own risk.
4
+
5
+
3
6
  SafeAnchor wraps around Rails's default link_to helper and sanitize method to output always output a sanitized anchor tag.
4
7
 
5
8
  This follows a secure-by-default principle and can be turned off by passing an optional argument `keep_dirty: true` when using the `link_to` helper.
@@ -23,13 +26,13 @@ Or install it yourself as:
23
26
  ## Usage
24
27
 
25
28
  SafeAnchor is secure-by-default.
26
- ```
29
+ ```ruby
27
30
  <%= link_to "Dangerous Anchor", "javascript: alert('Boo!')" %>
28
31
  # <a>Dangerous Anchor</a>
29
32
  ```
30
33
 
31
34
  Turning off sanitization.
32
- ```
35
+ ```ruby
33
36
  <%= link_to "Dangerous Anchor", "javascript: alert('Boo!')", keep_dirty: true %>
34
37
  # <a keep_dirty="true" href="javascript: alert('Boo!')">Dangerous Anchor</a>
35
38
  ```
@@ -3,4 +3,5 @@
3
3
  require 'safe_anchor/version'
4
4
 
5
5
  module SafeAnchor
6
+ require 'safe_anchor/railtie' if defined?(Rails)
6
7
  end
@@ -0,0 +1,11 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'safe_anchor/safe_anchor_url_helper'
4
+
5
+ module SafeAnchor
6
+ class Railtie < Rails::Railtie
7
+ initializer 'safe_anchor_url.helper' do |_app|
8
+ ActionView::Base.include SafeAnchorUrlHelper
9
+ end
10
+ end
11
+ end
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module SafeAnchorHelper
3
+ module SafeAnchorUrlHelper
4
4
  include ActionView::Helpers::UrlHelper
5
5
  alias rails_default_link_to link_to
6
6
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SafeAnchor
4
- VERSION = '0.1.1'
4
+ VERSION = '0.1.2'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_anchor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeffrey Soong
@@ -27,10 +27,11 @@ files:
27
27
  - LICENSE.txt
28
28
  - README.md
29
29
  - Rakefile
30
- - app/helpers/safe_anchor_helper.rb
31
30
  - bin/console
32
31
  - bin/setup
33
32
  - lib/safe_anchor.rb
33
+ - lib/safe_anchor/railtie.rb
34
+ - lib/safe_anchor/safe_anchor_url_helper.rb
34
35
  - lib/safe_anchor/version.rb
35
36
  - safe_anchor.gemspec
36
37
  homepage: https://github.com/WoodyDark/SafeAnchor