RubyGems - sanitize-rails - Versions diffs - 0.7.2 → 0.8.0 - Mend

sanitize-rails 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +7 -0
data/.gitignore +3 -2
data/.travis.yml +5 -0
data/README.md +1 -1
data/Rakefile +9 -5
data/lib/sanitize/rails.rb +19 -5
data/lib/sanitize/rails/version.rb +1 -1
data/sanitize-rails.gemspec +3 -3
data/test/sanitize_rails_engine_test.rb +53 -0
data/test/sanitize_rails_string_extension_test.rb +38 -0
data/test/test_helper.rb +2 -0
metadata +15 -21

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e0853ed8dac0969d869f6bc326b4c39c6a13f8ba
+  data.tar.gz: 0987e863569b876662c020c747414f57544ac6ac
+SHA512:
+  metadata.gz: c802cc9613d49098c9d870e7cc7f02bda1daa1ebb62a70392aba026090a8fd0783c0b2bf95787933434814f92329a9448e11fe8a5728bf0102b4b24c63f94fe6
+  data.tar.gz: 4aad63b7ac6c064abae2beaf3302699acad762b2c35fb489ea249602313791c3598fb8fb43e212e9681a36189f80c735da116126f32d7acb7ca684b6a62d2aee

data/.gitignore CHANGED Viewed

@@ -1,5 +1,6 @@
-html
-pkg
 .*.sw?
 .DS_Store
+*.sublime-*
 Gemfile.lock
+html
+pkg

data/.travis.yml ADDED Viewed

@@ -0,0 +1,5 @@
+language: ruby
+cache: bundler
+rvm:
+- 2.0.0
+- 1.9.3

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-Sanitize-Rails - sanitize .. on Rails.
+Sanitize-Rails - sanitize .. on Rails. [![Build Status](https://travis-ci.org/vjt/sanitize-rails.png)](https://travis-ci.org/vjt/sanitize-rails)
 ======================================
 Installation

data/Rakefile CHANGED Viewed

@@ -17,9 +17,13 @@ end
 Bundler::GemHelper.install_tasks
-desc 'Will someone help write tests?'
-task :default do
-  puts
-  puts 'Can you help in writing tests? Please do :-)'
-  puts
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs.push 'test'
+  t.test_files = FileList['test/*_test.rb']
+  t.warning = true
+  t.verbose = true
 end
+task default: :test

data/lib/sanitize/rails.rb CHANGED Viewed

@@ -28,19 +28,33 @@ module Sanitize::Rails
     # Returns a memoized instance of the Engine with the
     # configuration passed to the +configure+ method or with
-    # the Gem default configuration.
+    # the ActionView's default config
     #
     def cleaner
-      @sanitizer ||= ::Sanitize.new(@@config || {})
+      @@config ||= begin
+        {
+          :elements   => ::ActionView::Base.sanitized_allowed_tags.to_a,
+          :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a},
+          :protocols  => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }
+        }
+      rescue
+        warn "ActionView not available, falling back to Sanitize's BASIC config"
+        ::Sanitize::Config::BASIC
+      end
+      @sanitizer ||= ::Sanitize.new(@@config)
     end
-    # Returns a copy of the given `string` after sanitizing it
+    # Returns a copy of the given `string` after sanitizing it and marking it
+    # as `html_safe`
     #
+    # Ensuring this methods return instances of ActiveSupport::SafeBuffer
+    # means that text passed through `Sanitize::Rails::Engine.clean`
+    # will not be escaped by ActionView's XSS filtering utilities.
     def clean(string)
-      string.dup.tap {|s| clean!(s)}
+      ::ActiveSupport::SafeBuffer.new string.dup.tap { |s| clean!(s) }
     end
-    # Sanitizes the given `string` in place
+    # Sanitizes the given `string` in place and does NOT mark it as `html_safe`
     #
     def clean!(string)
       cleaner.clean!(string)

data/lib/sanitize/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 class Sanitize
   module Rails
-    VERSION = '0.7.2'
+    VERSION = '0.8.0'
   end
 end

data/sanitize-rails.gemspec CHANGED Viewed

@@ -7,9 +7,9 @@ require 'sanitize/rails/version'
 Gem::Specification.new do |s|
   s.name          = "sanitize-rails"
   s.version       = Sanitize::Rails::VERSION
-  s.date          = "2013-10-20"
-  s.authors       = ["Marcello Barnaba"]
-  s.email         = ["vjt@openssl.it"]
+  s.date          = "2014-03-14"
+  s.authors       = ["Marcello Barnaba", "Damien Wilson"]
+  s.email         = ["vjt@openssl.it", "damien@mindglob.com"]
   s.homepage      = "http://github.com/vjt/sanitize-rails"
   s.summary       = "A sanitizer bridge for Rails applications"
   s.license       = "MIT"

data/test/sanitize_rails_engine_test.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require 'test_helper'
+require 'action_view'
+require 'sanitize'
+require 'sanitize/rails'
+# Test suite for Sanitize::Rails::Engine
+class SanitizeRailsEngineTest < MiniTest::Unit::TestCase
+  def setup
+    @engine = Sanitize::Rails::Engine
+  end
+  def test_respond_to_configure
+    assert_respond_to @engine, :configure
+  end
+  def test_respond_to_cleaner
+    assert_respond_to @engine, :cleaner
+  end
+  def test_cleaner_returns_instance_of_sanitize
+    assert_kind_of Sanitize, @engine.cleaner
+  end
+  def test_respond_to_clean_bang
+    assert_respond_to @engine, :clean!
+  end
+  def test_clean_bang_modifies_string_in_place
+    string = %Q|<script>alert("hello world")</script>|
+    @engine.clean! string
+    assert_equal string, %q|alert("hello world")|
+  end
+  def test_respond_to_clean
+    assert_respond_to @engine, :clean
+  end
+  def test_clean_does_not_modify_string_in_place
+    string = %Q|<script>alert("hello world")</script>|
+    new_string = @engine.clean string
+    assert_equal string, %Q|<script>alert("hello world")</script>|
+    assert_equal new_string, 'alert("hello world")'
+  end
+  def test_clean_returns_safe_buffers
+    string = %Q|<script>alert("hello world")</script>|
+    assert_instance_of String, string
+    new_string = @engine.clean string
+    assert_instance_of ::ActiveSupport::SafeBuffer, new_string
+  end
+end

data/test/sanitize_rails_string_extension_test.rb ADDED Viewed

@@ -0,0 +1,38 @@
+require 'test_helper'
+require 'action_view'
+require 'sanitize'
+require 'sanitize/rails'
+# Test suite for Sanitize::Rails::Engine
+class SanitizeRailsStringExtensionTest < MiniTest::Unit::TestCase
+  SanitizableString = Class.new(String) { include Sanitize::Rails::String }
+  def setup
+    @string = SanitizableString.new %Q|<script>alert("hello world")</script>|
+  end
+  def test_respond_to_sanitize_as_html_bang
+    assert_respond_to @string, :sanitize_as_html!
+  end
+  def test_sanitize_as_html_bang_does_not_return_safe_buffers
+    sanitizable_string = @string.dup
+    assert_instance_of SanitizableString, sanitizable_string
+    new_string = sanitizable_string.sanitize_as_html!
+    assert_instance_of String, new_string
+  end
+  def test_respond_to_sanitize_as_html
+    assert_respond_to @string, :sanitize_as_html
+  end
+  def test_sanitize_as_html_returns_safe_buffers
+    sanitizable_string = @string.dup
+    assert_instance_of SanitizableString, sanitizable_string
+    new_string = sanitizable_string.sanitize_as_html
+    assert_instance_of ::ActiveSupport::SafeBuffer, new_string
+  end
+end

data/test/test_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'minitest/unit'
2	+ require 'minitest/autorun'

metadata CHANGED Viewed

@@ -1,36 +1,33 @@
 --- !ruby/object:Gem::Specification
 name: sanitize-rails
 version: !ruby/object:Gem::Version
-  version: 0.7.2
-  prerelease:
+  version: 0.8.0
 platform: ruby
 authors:
 - Marcello Barnaba
+- Damien Wilson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-10-20 00:00:00.000000000 Z
+date: 2014-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: sanitize
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -38,7 +35,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -46,11 +42,13 @@ dependencies:
 description:
 email:
 - vjt@openssl.it
+- damien@mindglob.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .travis.yml
 - Gemfile
 - README.md
 - Rakefile
@@ -59,35 +57,31 @@ files:
 - lib/sanitize/rails/version.rb
 - lib/sanitize/railtie.rb
 - sanitize-rails.gemspec
+- test/sanitize_rails_engine_test.rb
+- test/sanitize_rails_string_extension_test.rb
+- test/test_helper.rb
 homepage: http://github.com/vjt/sanitize-rails
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1813674456041994322
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1813674456041994322
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.23
+rubygems_version: 2.0.3
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: A sanitizer bridge for Rails applications
 test_files: []