sanitize-rails 1.1.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.travis.yml +15 -4
  4. data/gemfiles/rails_4.2.gemfile +5 -0
  5. data/gemfiles/rails_5.0.gemfile +5 -0
  6. data/gemfiles/rails_5.1.gemfile +5 -0
  7. data/lib/sanitize/rails/engine.rb +28 -9
  8. data/lib/sanitize/rails/version.rb +1 -1
  9. data/sanitize-rails.gemspec +4 -2
  10. data/test/sanitize_rails_engine_test.rb +15 -7
  11. metadata +23 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ad93903cde4f5b45e19e7f622e012331d1e89d59
4
- data.tar.gz: bc9c5e4327b7cbc9b596e26666cbc6106d9cca4a
3
+ metadata.gz: 931e707da0e8ce7c06594fd0a71797d3e3634bd3
4
+ data.tar.gz: 5f5cda287d0f61a7cb07e86a612c051bac2e1c69
5
5
  SHA512:
6
- metadata.gz: 28d70faa43727594ef25e0b075ebdf347c7aa33878fc32a03e027811ba230b2d7c505851af1f5143174e3d5bad782229f0b5aca0945ee809b93badf770ebd9f3
7
- data.tar.gz: c2af1083786439e15a66fc7c75d5cd283cb68f001632e030543b796e1ade9eef8a8ac1a814df3b609e0fe130971b138441152d2f7480694ebe240cb8733f061e
6
+ metadata.gz: da89f8f4b4194f2a39473514ff2a357275c86707134108cd1bfcef75edb4e9a41f4ab7b9c0777a69c048e15512f87f6fe017fb410974a24e179d554505ed4ba4
7
+ data.tar.gz: 27ef2c8673c8ec58586417962dee3a86f76569cf53d1d92e999940499d974bc0d2de203486eef007fdea01647da59e0e6f8a3d6530552aa7997379a88e6977d9
data/.gitignore CHANGED
@@ -3,7 +3,9 @@
3
3
  *.sublime-*
4
4
  .ruby-version
5
5
  .bundle
6
+ .byebug_history
6
7
  Gemfile.lock
8
+ gemfiles/*.lock
7
9
  html
8
10
  pkg
9
11
  .idea
data/.travis.yml CHANGED
@@ -1,6 +1,17 @@
1
+ rvm:
2
+ - 2.2
3
+ - 2.3
4
+ - 2.4
5
+
6
+ gemfile:
7
+ - gemfiles/rails_4.2.gemfile
8
+ - gemfiles/rails_5.0.gemfile
9
+ - gemfiles/rails_5.1.gemfile
10
+
11
+ matrix:
12
+ exclude:
13
+ - rvm: 2.4
14
+ gemfile: gemfiles/rails_4.2.gemfile
15
+
1
16
  language: ruby
2
17
  cache: bundler
3
- rvm:
4
- - 2.1.2
5
- - 2.0.0
6
- - 1.9.3
data/gemfiles/rails_4.2.gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "rails", "~> 4.2.0"
4
+
5
+ gemspec :path => "../"
data/gemfiles/rails_5.0.gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "rails", "~> 5.0.0"
4
+
5
+ gemspec :path => "../"
data/gemfiles/rails_5.1.gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "rails", "~> 5.1.0"
4
+
5
+ gemspec :path => "../"
data/lib/sanitize/rails/engine.rb CHANGED
@@ -17,21 +17,26 @@ module Sanitize::Rails
17
17
  # FIXME: Remove this, as it is meant only not to break assumptions on old
18
18
  # applications.
19
19
  #
20
- if defined?(::ActionView::Base) &&
20
+ require 'rails'
21
+
22
+ if defined?(::ActionView::Base) && Rails.version.to_i < 5 &&
21
23
  ::ActionView::Base.respond_to?(:sanitized_allowed_tags) &&
22
24
  ::ActionView::Base.sanitized_allowed_tags.respond_to?(:size) &&
23
25
  ::ActionView::Base.sanitized_allowed_tags.size > 0
24
26
 
25
27
  def config
26
- @_config ||= {
27
- :elements => ::ActionView::Base.sanitized_allowed_tags.to_a,
28
- :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a },
29
- :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }
30
- }
31
- end
28
+ @_config ||= {
29
+ :elements => ::ActionView::Base.sanitized_allowed_tags.to_a,
30
+ :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a },
31
+ :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a },
32
+ :entities_whitelist => {}
33
+ }
34
+ end.freeze
32
35
  else
33
36
  def config
34
- @_config ||= ::Sanitize::Config::BASIC
37
+ @_config ||= ::Sanitize::Config::BASIC.dup.tap do |config|
38
+ config[:entities_whitelist] ||= {}
39
+ end.freeze
35
40
  end
36
41
  end
37
42
 
@@ -76,8 +81,22 @@ module Sanitize::Rails
76
81
 
77
82
  private
78
83
 
84
+ def decode_whitelisted_entities(string)
85
+ @_config[:entities_whitelist].each do |entity, decoded_value|
86
+ string.gsub!(entity.to_s, decoded_value.to_s)
87
+ end
88
+
89
+ string
90
+ end
91
+
79
92
  def cleaned_fragment(string)
80
- cleaner.fragment(string)
93
+ sanitized_string = cleaner.fragment(string)
94
+
95
+ if @_config[:entities_whitelist].present?
96
+ sanitized_string = decode_whitelisted_entities(sanitized_string)
97
+ end
98
+
99
+ return sanitized_string
81
100
  end
82
101
  end
83
102
  end
data/lib/sanitize/rails/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  class Sanitize
2
2
  module Rails
3
- VERSION = '1.1.1'
3
+ VERSION = '1.2.0'
4
4
  end
5
5
  end
data/sanitize-rails.gemspec CHANGED
@@ -17,6 +17,8 @@ Gem::Specification.new do |s|
17
17
  s.require_paths = ["lib"]
18
18
  s.files = `git ls-files`.split("\n")
19
19
 
20
- s.add_dependency "rails", ">= 3.0"
21
- s.add_dependency "sanitize", ">= 3.0"
20
+ s.add_dependency "rails"
21
+ s.add_dependency "sanitize"
22
+
23
+ s.add_development_dependency "byebug"
22
24
  end
data/test/sanitize_rails_engine_test.rb CHANGED
@@ -4,6 +4,7 @@ require 'test_helper'
4
4
  class SanitizeRailsEngineTest < Minitest::Test
5
5
  def setup
6
6
  @engine = Sanitize::Rails::Engine
7
+ @engine.configure({})
7
8
  end
8
9
 
9
10
  def test_respond_to_configure
@@ -25,7 +26,7 @@ class SanitizeRailsEngineTest < Minitest::Test
25
26
  def test_clean_bang_modifies_string_in_place
26
27
  string = %Q|<script>alert("hello world")</script>|
27
28
  @engine.clean! string
28
- assert_equal string, %q|alert("hello world")|
29
+ assert_equal %q|alert("hello world")|, string
29
30
  end
30
31
 
31
32
  def test_respond_to_clean
@@ -35,8 +36,8 @@ class SanitizeRailsEngineTest < Minitest::Test
35
36
  def test_clean_does_not_modify_string_in_place
36
37
  string = %Q|<script>alert("hello world")</script>|
37
38
  new_string = @engine.clean string
38
- assert_equal string, %Q|<script>alert("hello world")</script>|
39
- assert_equal new_string, 'alert("hello world")'
39
+ assert_equal %Q|<script>alert("hello world")</script>|, string
40
+ assert_equal 'alert("hello world")', new_string
40
41
  end
41
42
 
42
43
  def test_clean_returns_safe_buffers
@@ -50,20 +51,27 @@ class SanitizeRailsEngineTest < Minitest::Test
50
51
  def test_clean_not_producing_malicious_html_entities
51
52
  string = %Q|&lt;script&gt;hello & world&lt;/script&gt;|
52
53
  @engine.clean! string
53
- assert_equal string, "&lt;script&gt;hello &amp; world&lt;/script&gt;"
54
+ assert_equal "&lt;script&gt;hello &amp; world&lt;/script&gt;", string
55
+ end
56
+
57
+ def test_entities_whitelist
58
+ string = %Q|<script>hello & world</script>|
59
+ @engine.configure(entities_whitelist: { '&amp;': '&' })
60
+ @engine.clean! string
61
+ assert_equal "hello & world", string
54
62
  end
55
63
 
56
64
  def test_clean_making_html_entities
57
65
  string = %Q|<script>hello & world</script>|
58
66
  @engine.clean! string
59
- assert_equal string, "hello &amp; world"
67
+ assert_equal "hello &amp; world", string
60
68
  end
61
69
 
62
70
  def test_clean_returns_blank_string_for_nil_input
63
- assert_equal '', @engine.clean(nil)
71
+ assert_equal @engine.clean(nil), ''
64
72
  end
65
73
 
66
74
  def test_clean_bang_returns_blank_string_for_nil_input
67
- assert_equal '', @engine.clean!(nil)
75
+ assert_equal @engine.clean!(nil), ''
68
76
  end
69
77
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanitize-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marcello Barnaba
@@ -18,28 +18,42 @@ dependencies:
18
18
  requirements:
19
19
  - - ">="
20
20
  - !ruby/object:Gem::Version
21
- version: '3.0'
21
+ version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
26
  - - ">="
27
27
  - !ruby/object:Gem::Version
28
- version: '3.0'
28
+ version: '0'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: sanitize
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
33
  - - ">="
34
34
  - !ruby/object:Gem::Version
35
- version: '3.0'
35
+ version: '0'
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
40
  - - ">="
41
41
  - !ruby/object:Gem::Version
42
- version: '3.0'
42
+ version: '0'
43
+ - !ruby/object:Gem::Dependency
44
+ name: byebug
45
+ requirement: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ">="
48
+ - !ruby/object:Gem::Version
49
+ version: '0'
50
+ type: :development
51
+ prerelease: false
52
+ version_requirements: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - ">="
55
+ - !ruby/object:Gem::Version
56
+ version: '0'
43
57
  description:
44
58
  email:
45
59
  - vjt@openssl.it
@@ -56,6 +70,9 @@ files:
56
70
  - README.md
57
71
  - Rakefile
58
72
  - example/sanitizer.rb
73
+ - gemfiles/rails_4.2.gemfile
74
+ - gemfiles/rails_5.0.gemfile
75
+ - gemfiles/rails_5.1.gemfile
59
76
  - lib/sanitize/rails.rb
60
77
  - lib/sanitize/rails/action_view.rb
61
78
  - lib/sanitize/rails/active_record.rb
@@ -89,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
89
106
  version: '0'
90
107
  requirements: []
91
108
  rubyforge_project:
92
- rubygems_version: 2.4.5
109
+ rubygems_version: 2.5.2.1
93
110
  signing_key:
94
111
  specification_version: 4
95
112
  summary: A sanitizer bridge for Rails applications