safe_redirect 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43ed422140bec3e839934d1ee42c78a5880d3330
|
4
|
+
data.tar.gz: 281fee30b7c0561af01dab24e6648acace4cac40
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 359447032c5989940323a03c422b21d72eac5d4ca48b49c2d70ac22f90a5b2c5463417c12c21f1890dd0895f3178cfb3e6ffe04b5a3d4bb42ea931df05e13673
|
7
|
+
data.tar.gz: 0c4d28bd7613577ae102cf20e77852bf6888471416b4ef635bb05084a17d81ddfd15f7dc0b9093f5fe57c813c981bc60e62def8947fd25927ea1363fd9a83430
|
@@ -28,8 +28,8 @@ module SafeRedirect
|
|
28
28
|
stripped_path = path.strip
|
29
29
|
unless safe_domain?(stripped_path)
|
30
30
|
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
|
31
|
-
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)
|
31
|
+
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+[a-z0-9\-\.:@]*/i, '')
|
32
32
|
end
|
33
|
-
stripped_path
|
33
|
+
stripped_path.empty? ? '/' : stripped_path
|
34
34
|
end
|
35
35
|
end
|
@@ -39,7 +39,7 @@ module SafeRedirect
|
|
39
39
|
end
|
40
40
|
|
41
41
|
it "considers // an unsafe path" do
|
42
|
-
expect(Controller.safe_path('//')).to eq('')
|
42
|
+
expect(Controller.safe_path('//')).to eq('/')
|
43
43
|
end
|
44
44
|
|
45
45
|
it "considers http://www.twitter.com a safe path" do
|
@@ -51,7 +51,12 @@ module SafeRedirect
|
|
51
51
|
end
|
52
52
|
|
53
53
|
it "considers https://www.bukalapak.com@google.com an unsafe path" do
|
54
|
-
expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
|
54
|
+
expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('/')
|
55
|
+
end
|
56
|
+
|
57
|
+
it "considers .@@@google.com an unsafe path" do
|
58
|
+
expect(Controller.safe_path('.@@@google.com')).to eq('/')
|
59
|
+
expect(Controller.safe_path('.@@@google.com/search')).to eq('/search')
|
55
60
|
end
|
56
61
|
|
57
62
|
it "can use redirect_to method with only the target path" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_redirect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edwin Tunggawan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|