safe_anchor 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 36ca537119640b1f0e8e41328215d3c6272bcd63f33197618e55e15e18c61f39
4
- data.tar.gz: ccee450b96517a33b837ecc894ed41452341d4a9b472ce6f0e19f5fbdb4abc24
3
+ metadata.gz: 6abab9c16c62163459b03bc2666641b5b96d8279b4bebcb0f4eb6de806cc6075
4
+ data.tar.gz: ed5aee9747035a3a7f17eab0ff4744eb99b63d979d6d0a1d9a2a8232cd442e2f
5
5
  SHA512:
6
- metadata.gz: 21858cd8ced53233a7e7a4f7351c1e34a2c5bc374bcbb672302ceceec07219cd3b05f1651dcbea0aac8b5f1f5dc0f0917e8192456f6d7a4324be94288dd72a9a
7
- data.tar.gz: 1f79e1c78d436ddad60888e8e0d3ef673e7443e8886932680852ba63b592c3ce0165c9469887133c91e60fcda1f01bdae011b84fe961115da89b44158481605a
6
+ metadata.gz: '08c6bcc92a1d352ce3269e2ecfff4cb2428817de44f41d3f1830f24172c2399a148585c1ac16601b94cb4ed60d11b78984cdd7204ba923fb15314757fac89476'
7
+ data.tar.gz: dcb9f2d0c1a3c0b27e8561dd28daf69eabea223fb4ebc1592f01ec937947c1681d1f6f446ce6176cc64ba9b9ad17117ca3469b591d2a7014fd641d4f57e78302
data/README.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # SafeAnchor
2
2
 
3
+ ## This is experimental, try at your own risk.
4
+
5
+
3
6
  SafeAnchor wraps around Rails's default link_to helper and sanitize method to output always output a sanitized anchor tag.
4
7
 
5
8
  This follows a secure-by-default principle and can be turned off by passing an optional argument `keep_dirty: true` when using the `link_to` helper.
@@ -23,13 +26,13 @@ Or install it yourself as:
23
26
  ## Usage
24
27
 
25
28
  SafeAnchor is secure-by-default.
26
- ```
29
+ ```ruby
27
30
  <%= link_to "Dangerous Anchor", "javascript: alert('Boo!')" %>
28
31
  # <a>Dangerous Anchor</a>
29
32
  ```
30
33
 
31
34
  Turning off sanitization.
32
- ```
35
+ ```ruby
33
36
  <%= link_to "Dangerous Anchor", "javascript: alert('Boo!')", keep_dirty: true %>
34
37
  # <a keep_dirty="true" href="javascript: alert('Boo!')">Dangerous Anchor</a>
35
38
  ```
@@ -3,4 +3,5 @@
3
3
  require 'safe_anchor/version'
4
4
 
5
5
  module SafeAnchor
6
+ require 'safe_anchor/railtie' if defined?(Rails)
6
7
  end
@@ -0,0 +1,11 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'safe_anchor/safe_anchor_url_helper'
4
+
5
+ module SafeAnchor
6
+ class Railtie < Rails::Railtie
7
+ initializer 'safe_anchor_url.helper' do |_app|
8
+ ActionView::Base.include SafeAnchorUrlHelper
9
+ end
10
+ end
11
+ end
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module SafeAnchorHelper
3
+ module SafeAnchorUrlHelper
4
4
  include ActionView::Helpers::UrlHelper
5
5
  alias rails_default_link_to link_to
6
6
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SafeAnchor
4
- VERSION = '0.1.1'
4
+ VERSION = '0.1.2'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_anchor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeffrey Soong
@@ -27,10 +27,11 @@ files:
27
27
  - LICENSE.txt
28
28
  - README.md
29
29
  - Rakefile
30
- - app/helpers/safe_anchor_helper.rb
31
30
  - bin/console
32
31
  - bin/setup
33
32
  - lib/safe_anchor.rb
33
+ - lib/safe_anchor/railtie.rb
34
+ - lib/safe_anchor/safe_anchor_url_helper.rb
34
35
  - lib/safe_anchor/version.rb
35
36
  - safe_anchor.gemspec
36
37
  homepage: https://github.com/WoodyDark/SafeAnchor