safe_redirect 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +1 -1
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/spec/lib/safe_redirect/safe_redirect_spec.rb +4 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5a6d01c7330bafc677a98f499e04b7db0a6c27cf
4
- data.tar.gz: 1672f119857023640eda0223d20e72a214de0129
3
+ metadata.gz: 83594e7e226d3e60888b702e5b78913e5608f048
4
+ data.tar.gz: b28b74779ef487115be6eeb9b64f4aae8e1855cf
5
5
  SHA512:
6
- metadata.gz: 8b9cb5dc6823258bbe67023e1788fe357328e51bd9511345edea8048505ea269641dca477cc9df62fadd038d03065e5676d2d2b1e2365689451b2eaa718b761f
7
- data.tar.gz: df89615fd2dbef7f302024a2ae396e70a6329378e6d38e8242c62d18cc9aa2824f768c740fcaec5f7c79f31fcc4e02b99b347f8c72d575a89895f6e06321fb46
6
+ metadata.gz: ffe4d06d9859fccd5cfd52e84e04bbb03351b50f77a202293c187601395c58b37e5cd360be776bc7ff360562051eabf6930f0440729a91e0a348c1b441b4ba0d
7
+ data.tar.gz: 375f867f4049e2ae31777a318e58d70da3d5a17a25129dc9821a073d6cfc9c30570572acab67bc5e1fbe80761b2569ae1f17af0a1db02458ed0e7916055c433a
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -29,7 +29,7 @@ module SafeRedirect
29
29
  stripped_path = path.strip
30
30
  unless safe_domain?(stripped_path)
31
31
  stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
32
- stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+[a-z0-9\-\.:@]*/i, '')
32
+ stripped_path.gsub!(/^((https?:|data:|javascript:|\.|\/\/|@)+[a-z0-9\-\.:@]*)+/i, '')
33
33
  end
34
34
  stripped_path.empty? ? '/' : stripped_path
35
35
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.5'
2
+ VERSION = '0.1.6'
3
3
  end
data/spec/lib/safe_redirect/safe_redirect_spec.rb CHANGED
@@ -63,6 +63,10 @@ module SafeRedirect
63
63
  expect(Controller.safe_path('.@@@google.com/search')).to eq('/search')
64
64
  end
65
65
 
66
+ it "considers http://////@@@@@@attacker.com//evil.com an unsafe path" do
67
+ expect(Controller.safe_path('http://////@@@@@@attacker.com//evil.com')).to eq('/')
68
+ end
69
+
66
70
  it "can use redirect_to method with only the target path" do
67
71
  Controller.redirect_to '/'
68
72
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-20 00:00:00.000000000 Z
11
+ date: 2016-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec