safe_redirect 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: def94975a8c7c916dbf8d0a1f515d6c326648e11
4
- data.tar.gz: d3dba9b3db5f6976130deb2c84fcdb985382bc0f
3
+ metadata.gz: 43ed422140bec3e839934d1ee42c78a5880d3330
4
+ data.tar.gz: 281fee30b7c0561af01dab24e6648acace4cac40
5
5
  SHA512:
6
- metadata.gz: af3862f529a3febcabe1e5e39452dc082c9ee4c82b34c25d08109fdfa3d7ea4e8f994169357a1edd666e1d0ac2aec3eec1264d72fcb08bff8d923992ac9f0d2f
7
- data.tar.gz: af9e318bcfe8b2ee50678546b209fa68295f937a4359bd0acece8297a6ae674811e4b6b386ad19a977f8dff6c3270659e56c48ee3c2c43fd523aa57f79b5d63c
6
+ metadata.gz: 359447032c5989940323a03c422b21d72eac5d4ca48b49c2d70ac22f90a5b2c5463417c12c21f1890dd0895f3178cfb3e6ffe04b5a3d4bb42ea931df05e13673
7
+ data.tar.gz: 0c4d28bd7613577ae102cf20e77852bf6888471416b4ef635bb05084a17d81ddfd15f7dc0b9093f5fe57c813c981bc60e62def8947fd25927ea1363fd9a83430
@@ -28,8 +28,8 @@ module SafeRedirect
28
28
  stripped_path = path.strip
29
29
  unless safe_domain?(stripped_path)
30
30
  stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
31
- stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
31
+ stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+[a-z0-9\-\.:@]*/i, '')
32
32
  end
33
- stripped_path
33
+ stripped_path.empty? ? '/' : stripped_path
34
34
  end
35
35
  end
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.3'
2
+ VERSION = '0.1.4'
3
3
  end
@@ -39,7 +39,7 @@ module SafeRedirect
39
39
  end
40
40
 
41
41
  it "considers // an unsafe path" do
42
- expect(Controller.safe_path('//')).to eq('')
42
+ expect(Controller.safe_path('//')).to eq('/')
43
43
  end
44
44
 
45
45
  it "considers http://www.twitter.com a safe path" do
@@ -51,7 +51,12 @@ module SafeRedirect
51
51
  end
52
52
 
53
53
  it "considers https://www.bukalapak.com@google.com an unsafe path" do
54
- expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
54
+ expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('/')
55
+ end
56
+
57
+ it "considers .@@@google.com an unsafe path" do
58
+ expect(Controller.safe_path('.@@@google.com')).to eq('/')
59
+ expect(Controller.safe_path('.@@@google.com/search')).to eq('/search')
55
60
  end
56
61
 
57
62
  it "can use redirect_to method with only the target path" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-04 00:00:00.000000000 Z
11
+ date: 2016-05-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec