RubyGems - sanitize-rails - Versions diffs - 0.7.2 → 0.8.0 - Mend

sanitize-rails 0.7.2 → 0.8.0

Files changed (12) hide show

checksums.yaml +7 -0
data/.gitignore +3 -2
data/.travis.yml +5 -0
data/README.md +1 -1
data/Rakefile +9 -5
data/lib/sanitize/rails.rb +19 -5
data/lib/sanitize/rails/version.rb +1 -1
data/sanitize-rails.gemspec +3 -3
data/test/sanitize_rails_engine_test.rb +53 -0
data/test/sanitize_rails_string_extension_test.rb +38 -0
data/test/test_helper.rb +2 -0
metadata +15 -21

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e0853ed8dac0969d869f6bc326b4c39c6a13f8ba
+  data.tar.gz: 0987e863569b876662c020c747414f57544ac6ac
+SHA512:
+  metadata.gz: c802cc9613d49098c9d870e7cc7f02bda1daa1ebb62a70392aba026090a8fd0783c0b2bf95787933434814f92329a9448e11fe8a5728bf0102b4b24c63f94fe6
+  data.tar.gz: 4aad63b7ac6c064abae2beaf3302699acad762b2c35fb489ea249602313791c3598fb8fb43e212e9681a36189f80c735da116126f32d7acb7ca684b6a62d2aee

data/.gitignore CHANGED Viewed

@@ -1,5 +1,6 @@
-html
-pkg
 .*.sw?
 .DS_Store
+*.sublime-*
 Gemfile.lock
+html
+pkg

data/.travis.yml ADDED Viewed

@@ -0,0 +1,5 @@
+language: ruby
+cache: bundler
+rvm:
+- 2.0.0
+- 1.9.3

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-Sanitize-Rails - sanitize .. on Rails.
+Sanitize-Rails - sanitize .. on Rails. [![Build Status](https://travis-ci.org/vjt/sanitize-rails.png)](https://travis-ci.org/vjt/sanitize-rails)
 ======================================
 Installation

data/Rakefile CHANGED Viewed

@@ -17,9 +17,13 @@ end
 Bundler::GemHelper.install_tasks
-desc 'Will someone help write tests?'
-task :default do
-  puts
-  puts 'Can you help in writing tests? Please do :-)'
-  puts
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs.push 'test'
+  t.test_files = FileList['test/*_test.rb']
+  t.warning = true
+  t.verbose = true
 end
+task default: :test

data/lib/sanitize/rails.rb CHANGED Viewed

@@ -28,19 +28,33 @@ module Sanitize::Rails
     # Returns a memoized instance of the Engine with the
     # configuration passed to the +configure+ method or with
-    # the Gem default configuration.
+    # the ActionView's default config
     #
     def cleaner
-      @sanitizer ||= ::Sanitize.new(@@config || {})
+      @@config ||= begin
+        {
+          :elements   => ::ActionView::Base.sanitized_allowed_tags.to_a,
+          :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a},
+          :protocols  => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }
+        }
+      rescue
+        warn "ActionView not available, falling back to Sanitize's BASIC config"
+        ::Sanitize::Config::BASIC
+      end
+      @sanitizer ||= ::Sanitize.new(@@config)
     end
-    # Returns a copy of the given `string` after sanitizing it
+    # Returns a copy of the given `string` after sanitizing it and marking it
+    # as `html_safe`
     #
+    # Ensuring this methods return instances of ActiveSupport::SafeBuffer
+    # means that text passed through `Sanitize::Rails::Engine.clean`
+    # will not be escaped by ActionView's XSS filtering utilities.
     def clean(string)
-      string.dup.tap {|s| clean!(s)}
+      ::ActiveSupport::SafeBuffer.new string.dup.tap { |s| clean!(s) }
     end
-    # Sanitizes the given `string` in place
+    # Sanitizes the given `string` in place and does NOT mark it as `html_safe`
     #
     def clean!(string)
       cleaner.clean!(string)

data/lib/sanitize/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 class Sanitize
   module Rails
-    VERSION = '0.7.2'
+    VERSION = '0.8.0'
   end
 end

data/sanitize-rails.gemspec CHANGED Viewed

@@ -7,9 +7,9 @@ require 'sanitize/rails/version'
 Gem::Specification.new do |s|
   s.name          = "sanitize-rails"
   s.version       = Sanitize::Rails::VERSION
-  s.date          = "2013-10-20"
-  s.authors       = ["Marcello Barnaba"]
-  s.email         = ["vjt@openssl.it"]
+  s.date          = "2014-03-14"
+  s.authors       = ["Marcello Barnaba", "Damien Wilson"]
+  s.email         = ["vjt@openssl.it", "damien@mindglob.com"]
   s.homepage      = "http://github.com/vjt/sanitize-rails"
   s.summary       = "A sanitizer bridge for Rails applications"
   s.license       = "MIT"

data/test/sanitize_rails_engine_test.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require 'test_helper'
+require 'action_view'
+require 'sanitize'
+require 'sanitize/rails'
+# Test suite for Sanitize::Rails::Engine
+class SanitizeRailsEngineTest < MiniTest::Unit::TestCase
+  def setup
+    @engine = Sanitize::Rails::Engine
+  end
+  def test_respond_to_configure
+    assert_respond_to @engine, :configure
+  end
+  def test_respond_to_cleaner
+    assert_respond_to @engine, :cleaner
+  end
+  def test_cleaner_returns_instance_of_sanitize
+    assert_kind_of Sanitize, @engine.cleaner
+  end
+  def test_respond_to_clean_bang
+    assert_respond_to @engine, :clean!
+  end
+  def test_clean_bang_modifies_string_in_place
+    string = %Q|<script>alert("hello world")</script>|
+    @engine.clean! string
+    assert_equal string, %q|alert("hello world")|
+  end
+  def test_respond_to_clean
+    assert_respond_to @engine, :clean
+  end
+  def test_clean_does_not_modify_string_in_place
+    string = %Q|<script>alert("hello world")</script>|
+    new_string = @engine.clean string
+    assert_equal string, %Q|<script>alert("hello world")</script>|
+    assert_equal new_string, 'alert("hello world")'
+  end
+  def test_clean_returns_safe_buffers
+    string = %Q|<script>alert("hello world")</script>|
+    assert_instance_of String, string
+    new_string = @engine.clean string
+    assert_instance_of ::ActiveSupport::SafeBuffer, new_string
+  end
+end

data/test/sanitize_rails_string_extension_test.rb ADDED Viewed

@@ -0,0 +1,38 @@
+require 'test_helper'
+require 'action_view'
+require 'sanitize'
+require 'sanitize/rails'
+# Test suite for Sanitize::Rails::Engine
+class SanitizeRailsStringExtensionTest < MiniTest::Unit::TestCase
+  SanitizableString = Class.new(String) { include Sanitize::Rails::String }
+  def setup
+    @string = SanitizableString.new %Q|<script>alert("hello world")</script>|
+  end
+  def test_respond_to_sanitize_as_html_bang
+    assert_respond_to @string, :sanitize_as_html!
+  end
+  def test_sanitize_as_html_bang_does_not_return_safe_buffers
+    sanitizable_string = @string.dup
+    assert_instance_of SanitizableString, sanitizable_string
+    new_string = sanitizable_string.sanitize_as_html!
+    assert_instance_of String, new_string
+  end
+  def test_respond_to_sanitize_as_html
+    assert_respond_to @string, :sanitize_as_html
+  end
+  def test_sanitize_as_html_returns_safe_buffers
+    sanitizable_string = @string.dup
+    assert_instance_of SanitizableString, sanitizable_string
+    new_string = sanitizable_string.sanitize_as_html
+    assert_instance_of ::ActiveSupport::SafeBuffer, new_string
+  end
+end

data/test/test_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'minitest/unit'
2	+ require 'minitest/autorun'

metadata CHANGED Viewed

@@ -1,36 +1,33 @@
 --- !ruby/object:Gem::Specification
 name: sanitize-rails
 version: !ruby/object:Gem::Version
-  version: 0.7.2
-  prerelease:
+  version: 0.8.0
 platform: ruby
 authors:
 - Marcello Barnaba
+- Damien Wilson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-10-20 00:00:00.000000000 Z
+date: 2014-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: sanitize
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -38,7 +35,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -46,11 +42,13 @@ dependencies:
 description:
 email:
 - vjt@openssl.it
+- damien@mindglob.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .travis.yml
 - Gemfile
 - README.md
 - Rakefile
@@ -59,35 +57,31 @@ files:
 - lib/sanitize/rails/version.rb
 - lib/sanitize/railtie.rb
 - sanitize-rails.gemspec
+- test/sanitize_rails_engine_test.rb
+- test/sanitize_rails_string_extension_test.rb
+- test/test_helper.rb
 homepage: http://github.com/vjt/sanitize-rails
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1813674456041994322
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1813674456041994322
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.23
+rubygems_version: 2.0.3
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: A sanitizer bridge for Rails applications
 test_files: []