safe_anchor 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: abbd0519adeac00ed37f941f780aa8fab35027c3877bdbfe052f367c4497f18e
4
+ data.tar.gz: cfe6b68db3a6ae0a9588c74343baa75af2896523858551e913d89b9cc2f9ab4e
5
+ SHA512:
6
+ metadata.gz: 2118060daf8f1b1b6686f878130163ca87e046c6e28ff41c78b2aa2cbf26423520f14a24f9bad7a8c83850a58f9588c8f46a3e47e9370d990ad525bf61d91c64
7
+ data.tar.gz: 54c197d5c7a07282963bd04b947617b462d31f46d3bb16170790ae5bc880b10722f61c1512f6afab778b85660da173bedc21a031152c15bd6c4ba662a94dcfc0
@@ -0,0 +1,12 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
12
+ *.gem
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
@@ -0,0 +1,6 @@
1
+ ---
2
+ language: ruby
3
+ cache: bundler
4
+ rvm:
5
+ - 2.6.1
6
+ before_install: gem install bundler -v 2.1.2
File without changes
data/Gemfile ADDED
@@ -0,0 +1,7 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in safe_anchor.gemspec
4
+ gemspec
5
+
6
+ gem "rake", "~> 12.0"
7
+ gem "rspec", "~> 3.0"
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2020 woodydark
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,45 @@
1
+ # SafeAnchor
2
+
3
+ SafeAnchor wraps around Rails's default link_to helper and sanitize method to output always output a sanitized anchor tag.
4
+
5
+ This follows a secure-by-default principle and can be turned off by passing an optional argument `keep_dirty: true` when using the `link_to` helper.
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'safe_anchor'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle install
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install safe_anchor
22
+
23
+ ## Usage
24
+
25
+ SafeAnchor is secure-by-default.
26
+ ```
27
+ <%= link_to "Dangerous Anchor", "javascript: alert('Boo!')" %>
28
+ # <a>Dangerous Anchor</a>
29
+ ```
30
+
31
+ Turning off sanitization.
32
+ ```
33
+ <%= link_to "Dangerous Anchor", "javascript: alert('Boo!')", keep_dirty: true %>
34
+ # <a keep_dirty="true" href="javascript: alert('Boo!')">Dangerous Anchor</a>
35
+ ```
36
+
37
+
38
+ ## Contributing
39
+
40
+ Bug reports and pull requests are welcome on GitHub at https://github.com/woodydark/safe_anchor.
41
+
42
+
43
+ ## License
44
+
45
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "safe_anchor"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'safe_anchor/version'
4
+ require 'safe_anchor/url_helper'
5
+
6
+ module SafeAnchor
7
+ end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ module UrlHelper
4
+ include ActionView::Helpers::UrlHelper
5
+ alias rails_default_link_to link_to
6
+
7
+ def link_to(*args, **kwargs)
8
+ anchor_tag = rails_default_link_to(*args, **kwargs)
9
+ return anchor_tag if kwargs[:keep_dirty]
10
+
11
+ sanitize anchor_tag
12
+ end
13
+ end
@@ -0,0 +1,3 @@
1
+ module SafeAnchor
2
+ VERSION = "0.1.0"
3
+ end
@@ -0,0 +1,25 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'lib/safe_anchor/version'
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = 'safe_anchor'
7
+ spec.version = SafeAnchor::VERSION
8
+ spec.authors = ['Jeffrey Soong']
9
+ spec.email = ['darkwoodpresents@gmail.com']
10
+
11
+ spec.summary = 'SafeAnchor ensures all link_to helper in Rails are sanitized by default'
12
+ spec.description = 'SafeAnchor follows a secure-by-default principle and sanitizes all link_to helper output by default. This gem wraps around the default link_to and sanitize method provided by Rails.'
13
+ spec.homepage = 'https://github.com/WoodyDark/SafeAnchor'
14
+ spec.license = 'MIT'
15
+ spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
16
+
17
+ # Specify which files should be added to the gem when it is released.
18
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
19
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
20
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
21
+ end
22
+ spec.bindir = 'exe'
23
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
24
+ spec.require_paths = ['lib']
25
+ end
metadata ADDED
@@ -0,0 +1,59 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: safe_anchor
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Jeffrey Soong
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2020-06-18 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: SafeAnchor follows a secure-by-default principle and sanitizes all link_to
14
+ helper output by default. This gem wraps around the default link_to and sanitize
15
+ method provided by Rails.
16
+ email:
17
+ - darkwoodpresents@gmail.com
18
+ executables: []
19
+ extensions: []
20
+ extra_rdoc_files: []
21
+ files:
22
+ - ".gitignore"
23
+ - ".rspec"
24
+ - ".travis.yml"
25
+ - CHANGELOG.md
26
+ - Gemfile
27
+ - LICENSE.txt
28
+ - README.md
29
+ - Rakefile
30
+ - bin/console
31
+ - bin/setup
32
+ - lib/safe_anchor.rb
33
+ - lib/safe_anchor/url_helper.rb
34
+ - lib/safe_anchor/version.rb
35
+ - safe_anchor.gemspec
36
+ homepage: https://github.com/WoodyDark/SafeAnchor
37
+ licenses:
38
+ - MIT
39
+ metadata: {}
40
+ post_install_message:
41
+ rdoc_options: []
42
+ require_paths:
43
+ - lib
44
+ required_ruby_version: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - ">="
47
+ - !ruby/object:Gem::Version
48
+ version: 2.3.0
49
+ required_rubygems_version: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ requirements: []
55
+ rubygems_version: 3.0.1
56
+ signing_key:
57
+ specification_version: 4
58
+ summary: SafeAnchor ensures all link_to helper in Rails are sanitized by default
59
+ test_files: []