sanitize-rails 1.1.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/.travis.yml +15 -4
- data/gemfiles/rails_4.2.gemfile +5 -0
- data/gemfiles/rails_5.0.gemfile +5 -0
- data/gemfiles/rails_5.1.gemfile +5 -0
- data/lib/sanitize/rails/engine.rb +28 -9
- data/lib/sanitize/rails/version.rb +1 -1
- data/sanitize-rails.gemspec +4 -2
- data/test/sanitize_rails_engine_test.rb +15 -7
- metadata +23 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 931e707da0e8ce7c06594fd0a71797d3e3634bd3
|
4
|
+
data.tar.gz: 5f5cda287d0f61a7cb07e86a612c051bac2e1c69
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: da89f8f4b4194f2a39473514ff2a357275c86707134108cd1bfcef75edb4e9a41f4ab7b9c0777a69c048e15512f87f6fe017fb410974a24e179d554505ed4ba4
|
7
|
+
data.tar.gz: 27ef2c8673c8ec58586417962dee3a86f76569cf53d1d92e999940499d974bc0d2de203486eef007fdea01647da59e0e6f8a3d6530552aa7997379a88e6977d9
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
@@ -1,6 +1,17 @@
|
|
1
|
+
rvm:
|
2
|
+
- 2.2
|
3
|
+
- 2.3
|
4
|
+
- 2.4
|
5
|
+
|
6
|
+
gemfile:
|
7
|
+
- gemfiles/rails_4.2.gemfile
|
8
|
+
- gemfiles/rails_5.0.gemfile
|
9
|
+
- gemfiles/rails_5.1.gemfile
|
10
|
+
|
11
|
+
matrix:
|
12
|
+
exclude:
|
13
|
+
- rvm: 2.4
|
14
|
+
gemfile: gemfiles/rails_4.2.gemfile
|
15
|
+
|
1
16
|
language: ruby
|
2
17
|
cache: bundler
|
3
|
-
rvm:
|
4
|
-
- 2.1.2
|
5
|
-
- 2.0.0
|
6
|
-
- 1.9.3
|
@@ -17,21 +17,26 @@ module Sanitize::Rails
|
|
17
17
|
# FIXME: Remove this, as it is meant only not to break assumptions on old
|
18
18
|
# applications.
|
19
19
|
#
|
20
|
-
|
20
|
+
require 'rails'
|
21
|
+
|
22
|
+
if defined?(::ActionView::Base) && Rails.version.to_i < 5 &&
|
21
23
|
::ActionView::Base.respond_to?(:sanitized_allowed_tags) &&
|
22
24
|
::ActionView::Base.sanitized_allowed_tags.respond_to?(:size) &&
|
23
25
|
::ActionView::Base.sanitized_allowed_tags.size > 0
|
24
26
|
|
25
27
|
def config
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
28
|
+
@_config ||= {
|
29
|
+
:elements => ::ActionView::Base.sanitized_allowed_tags.to_a,
|
30
|
+
:attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a },
|
31
|
+
:protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a },
|
32
|
+
:entities_whitelist => {}
|
33
|
+
}
|
34
|
+
end.freeze
|
32
35
|
else
|
33
36
|
def config
|
34
|
-
|
37
|
+
@_config ||= ::Sanitize::Config::BASIC.dup.tap do |config|
|
38
|
+
config[:entities_whitelist] ||= {}
|
39
|
+
end.freeze
|
35
40
|
end
|
36
41
|
end
|
37
42
|
|
@@ -76,8 +81,22 @@ module Sanitize::Rails
|
|
76
81
|
|
77
82
|
private
|
78
83
|
|
84
|
+
def decode_whitelisted_entities(string)
|
85
|
+
@_config[:entities_whitelist].each do |entity, decoded_value|
|
86
|
+
string.gsub!(entity.to_s, decoded_value.to_s)
|
87
|
+
end
|
88
|
+
|
89
|
+
string
|
90
|
+
end
|
91
|
+
|
79
92
|
def cleaned_fragment(string)
|
80
|
-
cleaner.fragment(string)
|
93
|
+
sanitized_string = cleaner.fragment(string)
|
94
|
+
|
95
|
+
if @_config[:entities_whitelist].present?
|
96
|
+
sanitized_string = decode_whitelisted_entities(sanitized_string)
|
97
|
+
end
|
98
|
+
|
99
|
+
return sanitized_string
|
81
100
|
end
|
82
101
|
end
|
83
102
|
end
|
data/sanitize-rails.gemspec
CHANGED
@@ -17,6 +17,8 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.require_paths = ["lib"]
|
18
18
|
s.files = `git ls-files`.split("\n")
|
19
19
|
|
20
|
-
s.add_dependency "rails"
|
21
|
-
s.add_dependency "sanitize"
|
20
|
+
s.add_dependency "rails"
|
21
|
+
s.add_dependency "sanitize"
|
22
|
+
|
23
|
+
s.add_development_dependency "byebug"
|
22
24
|
end
|
@@ -4,6 +4,7 @@ require 'test_helper'
|
|
4
4
|
class SanitizeRailsEngineTest < Minitest::Test
|
5
5
|
def setup
|
6
6
|
@engine = Sanitize::Rails::Engine
|
7
|
+
@engine.configure({})
|
7
8
|
end
|
8
9
|
|
9
10
|
def test_respond_to_configure
|
@@ -25,7 +26,7 @@ class SanitizeRailsEngineTest < Minitest::Test
|
|
25
26
|
def test_clean_bang_modifies_string_in_place
|
26
27
|
string = %Q|<script>alert("hello world")</script>|
|
27
28
|
@engine.clean! string
|
28
|
-
assert_equal
|
29
|
+
assert_equal %q|alert("hello world")|, string
|
29
30
|
end
|
30
31
|
|
31
32
|
def test_respond_to_clean
|
@@ -35,8 +36,8 @@ class SanitizeRailsEngineTest < Minitest::Test
|
|
35
36
|
def test_clean_does_not_modify_string_in_place
|
36
37
|
string = %Q|<script>alert("hello world")</script>|
|
37
38
|
new_string = @engine.clean string
|
38
|
-
assert_equal
|
39
|
-
assert_equal
|
39
|
+
assert_equal %Q|<script>alert("hello world")</script>|, string
|
40
|
+
assert_equal 'alert("hello world")', new_string
|
40
41
|
end
|
41
42
|
|
42
43
|
def test_clean_returns_safe_buffers
|
@@ -50,20 +51,27 @@ class SanitizeRailsEngineTest < Minitest::Test
|
|
50
51
|
def test_clean_not_producing_malicious_html_entities
|
51
52
|
string = %Q|<script>hello & world</script>|
|
52
53
|
@engine.clean! string
|
53
|
-
assert_equal
|
54
|
+
assert_equal "<script>hello & world</script>", string
|
55
|
+
end
|
56
|
+
|
57
|
+
def test_entities_whitelist
|
58
|
+
string = %Q|<script>hello & world</script>|
|
59
|
+
@engine.configure(entities_whitelist: { '&': '&' })
|
60
|
+
@engine.clean! string
|
61
|
+
assert_equal "hello & world", string
|
54
62
|
end
|
55
63
|
|
56
64
|
def test_clean_making_html_entities
|
57
65
|
string = %Q|<script>hello & world</script>|
|
58
66
|
@engine.clean! string
|
59
|
-
assert_equal
|
67
|
+
assert_equal "hello & world", string
|
60
68
|
end
|
61
69
|
|
62
70
|
def test_clean_returns_blank_string_for_nil_input
|
63
|
-
assert_equal
|
71
|
+
assert_equal @engine.clean(nil), ''
|
64
72
|
end
|
65
73
|
|
66
74
|
def test_clean_bang_returns_blank_string_for_nil_input
|
67
|
-
assert_equal
|
75
|
+
assert_equal @engine.clean!(nil), ''
|
68
76
|
end
|
69
77
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sanitize-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marcello Barnaba
|
@@ -18,28 +18,42 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - ">="
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: '
|
21
|
+
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
26
|
- - ">="
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
version: '
|
28
|
+
version: '0'
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
30
|
name: sanitize
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
32
32
|
requirements:
|
33
33
|
- - ">="
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: '
|
35
|
+
version: '0'
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - ">="
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: '
|
42
|
+
version: '0'
|
43
|
+
- !ruby/object:Gem::Dependency
|
44
|
+
name: byebug
|
45
|
+
requirement: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - ">="
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '0'
|
50
|
+
type: :development
|
51
|
+
prerelease: false
|
52
|
+
version_requirements: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '0'
|
43
57
|
description:
|
44
58
|
email:
|
45
59
|
- vjt@openssl.it
|
@@ -56,6 +70,9 @@ files:
|
|
56
70
|
- README.md
|
57
71
|
- Rakefile
|
58
72
|
- example/sanitizer.rb
|
73
|
+
- gemfiles/rails_4.2.gemfile
|
74
|
+
- gemfiles/rails_5.0.gemfile
|
75
|
+
- gemfiles/rails_5.1.gemfile
|
59
76
|
- lib/sanitize/rails.rb
|
60
77
|
- lib/sanitize/rails/action_view.rb
|
61
78
|
- lib/sanitize/rails/active_record.rb
|
@@ -89,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
89
106
|
version: '0'
|
90
107
|
requirements: []
|
91
108
|
rubyforge_project:
|
92
|
-
rubygems_version: 2.
|
109
|
+
rubygems_version: 2.5.2.1
|
93
110
|
signing_key:
|
94
111
|
specification_version: 4
|
95
112
|
summary: A sanitizer bridge for Rails applications
|