safe_anchor 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +12 -0
- data/.rspec +3 -0
- data/.travis.yml +6 -0
- data/CHANGELOG.md +0 -0
- data/Gemfile +7 -0
- data/LICENSE.txt +21 -0
- data/README.md +45 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/safe_anchor.rb +7 -0
- data/lib/safe_anchor/url_helper.rb +13 -0
- data/lib/safe_anchor/version.rb +3 -0
- data/safe_anchor.gemspec +25 -0
- metadata +59 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: abbd0519adeac00ed37f941f780aa8fab35027c3877bdbfe052f367c4497f18e
|
4
|
+
data.tar.gz: cfe6b68db3a6ae0a9588c74343baa75af2896523858551e913d89b9cc2f9ab4e
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 2118060daf8f1b1b6686f878130163ca87e046c6e28ff41c78b2aa2cbf26423520f14a24f9bad7a8c83850a58f9588c8f46a3e47e9370d990ad525bf61d91c64
|
7
|
+
data.tar.gz: 54c197d5c7a07282963bd04b947617b462d31f46d3bb16170790ae5bc880b10722f61c1512f6afab778b85660da173bedc21a031152c15bd6c4ba662a94dcfc0
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/CHANGELOG.md
ADDED
File without changes
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2020 woodydark
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
# SafeAnchor
|
2
|
+
|
3
|
+
SafeAnchor wraps around Rails's default link_to helper and sanitize method to output always output a sanitized anchor tag.
|
4
|
+
|
5
|
+
This follows a secure-by-default principle and can be turned off by passing an optional argument `keep_dirty: true` when using the `link_to` helper.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'safe_anchor'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle install
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install safe_anchor
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
SafeAnchor is secure-by-default.
|
26
|
+
```
|
27
|
+
<%= link_to "Dangerous Anchor", "javascript: alert('Boo!')" %>
|
28
|
+
# <a>Dangerous Anchor</a>
|
29
|
+
```
|
30
|
+
|
31
|
+
Turning off sanitization.
|
32
|
+
```
|
33
|
+
<%= link_to "Dangerous Anchor", "javascript: alert('Boo!')", keep_dirty: true %>
|
34
|
+
# <a keep_dirty="true" href="javascript: alert('Boo!')">Dangerous Anchor</a>
|
35
|
+
```
|
36
|
+
|
37
|
+
|
38
|
+
## Contributing
|
39
|
+
|
40
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/woodydark/safe_anchor.
|
41
|
+
|
42
|
+
|
43
|
+
## License
|
44
|
+
|
45
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "safe_anchor"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/lib/safe_anchor.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module UrlHelper
|
4
|
+
include ActionView::Helpers::UrlHelper
|
5
|
+
alias rails_default_link_to link_to
|
6
|
+
|
7
|
+
def link_to(*args, **kwargs)
|
8
|
+
anchor_tag = rails_default_link_to(*args, **kwargs)
|
9
|
+
return anchor_tag if kwargs[:keep_dirty]
|
10
|
+
|
11
|
+
sanitize anchor_tag
|
12
|
+
end
|
13
|
+
end
|
data/safe_anchor.gemspec
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'lib/safe_anchor/version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = 'safe_anchor'
|
7
|
+
spec.version = SafeAnchor::VERSION
|
8
|
+
spec.authors = ['Jeffrey Soong']
|
9
|
+
spec.email = ['darkwoodpresents@gmail.com']
|
10
|
+
|
11
|
+
spec.summary = 'SafeAnchor ensures all link_to helper in Rails are sanitized by default'
|
12
|
+
spec.description = 'SafeAnchor follows a secure-by-default principle and sanitizes all link_to helper output by default. This gem wraps around the default link_to and sanitize method provided by Rails.'
|
13
|
+
spec.homepage = 'https://github.com/WoodyDark/SafeAnchor'
|
14
|
+
spec.license = 'MIT'
|
15
|
+
spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
|
16
|
+
|
17
|
+
# Specify which files should be added to the gem when it is released.
|
18
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
19
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
20
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
21
|
+
end
|
22
|
+
spec.bindir = 'exe'
|
23
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
|
+
spec.require_paths = ['lib']
|
25
|
+
end
|
metadata
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: safe_anchor
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Jeffrey Soong
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-06-18 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: SafeAnchor follows a secure-by-default principle and sanitizes all link_to
|
14
|
+
helper output by default. This gem wraps around the default link_to and sanitize
|
15
|
+
method provided by Rails.
|
16
|
+
email:
|
17
|
+
- darkwoodpresents@gmail.com
|
18
|
+
executables: []
|
19
|
+
extensions: []
|
20
|
+
extra_rdoc_files: []
|
21
|
+
files:
|
22
|
+
- ".gitignore"
|
23
|
+
- ".rspec"
|
24
|
+
- ".travis.yml"
|
25
|
+
- CHANGELOG.md
|
26
|
+
- Gemfile
|
27
|
+
- LICENSE.txt
|
28
|
+
- README.md
|
29
|
+
- Rakefile
|
30
|
+
- bin/console
|
31
|
+
- bin/setup
|
32
|
+
- lib/safe_anchor.rb
|
33
|
+
- lib/safe_anchor/url_helper.rb
|
34
|
+
- lib/safe_anchor/version.rb
|
35
|
+
- safe_anchor.gemspec
|
36
|
+
homepage: https://github.com/WoodyDark/SafeAnchor
|
37
|
+
licenses:
|
38
|
+
- MIT
|
39
|
+
metadata: {}
|
40
|
+
post_install_message:
|
41
|
+
rdoc_options: []
|
42
|
+
require_paths:
|
43
|
+
- lib
|
44
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - ">="
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: 2.3.0
|
49
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - ">="
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
requirements: []
|
55
|
+
rubygems_version: 3.0.1
|
56
|
+
signing_key:
|
57
|
+
specification_version: 4
|
58
|
+
summary: SafeAnchor ensures all link_to helper in Rails are sanitized by default
|
59
|
+
test_files: []
|