sanitize-rails 1.1.1 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.travis.yml +15 -4
  4. data/gemfiles/rails_4.2.gemfile +5 -0
  5. data/gemfiles/rails_5.0.gemfile +5 -0
  6. data/gemfiles/rails_5.1.gemfile +5 -0
  7. data/lib/sanitize/rails/engine.rb +28 -9
  8. data/lib/sanitize/rails/version.rb +1 -1
  9. data/sanitize-rails.gemspec +4 -2
  10. data/test/sanitize_rails_engine_test.rb +15 -7
  11. metadata +23 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ad93903cde4f5b45e19e7f622e012331d1e89d59
4
- data.tar.gz: bc9c5e4327b7cbc9b596e26666cbc6106d9cca4a
3
+ metadata.gz: 931e707da0e8ce7c06594fd0a71797d3e3634bd3
4
+ data.tar.gz: 5f5cda287d0f61a7cb07e86a612c051bac2e1c69
5
5
  SHA512:
6
- metadata.gz: 28d70faa43727594ef25e0b075ebdf347c7aa33878fc32a03e027811ba230b2d7c505851af1f5143174e3d5bad782229f0b5aca0945ee809b93badf770ebd9f3
7
- data.tar.gz: c2af1083786439e15a66fc7c75d5cd283cb68f001632e030543b796e1ade9eef8a8ac1a814df3b609e0fe130971b138441152d2f7480694ebe240cb8733f061e
6
+ metadata.gz: da89f8f4b4194f2a39473514ff2a357275c86707134108cd1bfcef75edb4e9a41f4ab7b9c0777a69c048e15512f87f6fe017fb410974a24e179d554505ed4ba4
7
+ data.tar.gz: 27ef2c8673c8ec58586417962dee3a86f76569cf53d1d92e999940499d974bc0d2de203486eef007fdea01647da59e0e6f8a3d6530552aa7997379a88e6977d9
data/.gitignore CHANGED
@@ -3,7 +3,9 @@
3
3
  *.sublime-*
4
4
  .ruby-version
5
5
  .bundle
6
+ .byebug_history
6
7
  Gemfile.lock
8
+ gemfiles/*.lock
7
9
  html
8
10
  pkg
9
11
  .idea
data/.travis.yml CHANGED
@@ -1,6 +1,17 @@
1
+ rvm:
2
+ - 2.2
3
+ - 2.3
4
+ - 2.4
5
+
6
+ gemfile:
7
+ - gemfiles/rails_4.2.gemfile
8
+ - gemfiles/rails_5.0.gemfile
9
+ - gemfiles/rails_5.1.gemfile
10
+
11
+ matrix:
12
+ exclude:
13
+ - rvm: 2.4
14
+ gemfile: gemfiles/rails_4.2.gemfile
15
+
1
16
  language: ruby
2
17
  cache: bundler
3
- rvm:
4
- - 2.1.2
5
- - 2.0.0
6
- - 1.9.3
data/gemfiles/rails_4.2.gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "rails", "~> 4.2.0"
4
+
5
+ gemspec :path => "../"
data/gemfiles/rails_5.0.gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "rails", "~> 5.0.0"
4
+
5
+ gemspec :path => "../"
data/gemfiles/rails_5.1.gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "https://rubygems.org"
2
+
3
+ gem "rails", "~> 5.1.0"
4
+
5
+ gemspec :path => "../"
data/lib/sanitize/rails/engine.rb CHANGED
@@ -17,21 +17,26 @@ module Sanitize::Rails
17
17
  # FIXME: Remove this, as it is meant only not to break assumptions on old
18
18
  # applications.
19
19
  #
20
- if defined?(::ActionView::Base) &&
20
+ require 'rails'
21
+
22
+ if defined?(::ActionView::Base) && Rails.version.to_i < 5 &&
21
23
  ::ActionView::Base.respond_to?(:sanitized_allowed_tags) &&
22
24
  ::ActionView::Base.sanitized_allowed_tags.respond_to?(:size) &&
23
25
  ::ActionView::Base.sanitized_allowed_tags.size > 0
24
26
 
25
27
  def config
26
- @_config ||= {
27
- :elements => ::ActionView::Base.sanitized_allowed_tags.to_a,
28
- :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a },
29
- :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }
30
- }
31
- end
28
+ @_config ||= {
29
+ :elements => ::ActionView::Base.sanitized_allowed_tags.to_a,
30
+ :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a },
31
+ :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a },
32
+ :entities_whitelist => {}
33
+ }
34
+ end.freeze
32
35
  else
33
36
  def config
34
- @_config ||= ::Sanitize::Config::BASIC
37
+ @_config ||= ::Sanitize::Config::BASIC.dup.tap do |config|
38
+ config[:entities_whitelist] ||= {}
39
+ end.freeze
35
40
  end
36
41
  end
37
42
 
@@ -76,8 +81,22 @@ module Sanitize::Rails
76
81
 
77
82
  private
78
83
 
84
+ def decode_whitelisted_entities(string)
85
+ @_config[:entities_whitelist].each do |entity, decoded_value|
86
+ string.gsub!(entity.to_s, decoded_value.to_s)
87
+ end
88
+
89
+ string
90
+ end
91
+
79
92
  def cleaned_fragment(string)
80
- cleaner.fragment(string)
93
+ sanitized_string = cleaner.fragment(string)
94
+
95
+ if @_config[:entities_whitelist].present?
96
+ sanitized_string = decode_whitelisted_entities(sanitized_string)
97
+ end
98
+
99
+ return sanitized_string
81
100
  end
82
101
  end
83
102
  end
data/lib/sanitize/rails/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  class Sanitize
2
2
  module Rails
3
- VERSION = '1.1.1'
3
+ VERSION = '1.2.0'
4
4
  end
5
5
  end
data/sanitize-rails.gemspec CHANGED
@@ -17,6 +17,8 @@ Gem::Specification.new do |s|
17
17
  s.require_paths = ["lib"]
18
18
  s.files = `git ls-files`.split("\n")
19
19
 
20
- s.add_dependency "rails", ">= 3.0"
21
- s.add_dependency "sanitize", ">= 3.0"
20
+ s.add_dependency "rails"
21
+ s.add_dependency "sanitize"
22
+
23
+ s.add_development_dependency "byebug"
22
24
  end
data/test/sanitize_rails_engine_test.rb CHANGED
@@ -4,6 +4,7 @@ require 'test_helper'
4
4
  class SanitizeRailsEngineTest < Minitest::Test
5
5
  def setup
6
6
  @engine = Sanitize::Rails::Engine
7
+ @engine.configure({})
7
8
  end
8
9
 
9
10
  def test_respond_to_configure
@@ -25,7 +26,7 @@ class SanitizeRailsEngineTest < Minitest::Test
25
26
  def test_clean_bang_modifies_string_in_place
26
27
  string = %Q|<script>alert("hello world")</script>|
27
28
  @engine.clean! string
28
- assert_equal string, %q|alert("hello world")|
29
+ assert_equal %q|alert("hello world")|, string
29
30
  end
30
31
 
31
32
  def test_respond_to_clean
@@ -35,8 +36,8 @@ class SanitizeRailsEngineTest < Minitest::Test
35
36
  def test_clean_does_not_modify_string_in_place
36
37
  string = %Q|<script>alert("hello world")</script>|
37
38
  new_string = @engine.clean string
38
- assert_equal string, %Q|<script>alert("hello world")</script>|
39
- assert_equal new_string, 'alert("hello world")'
39
+ assert_equal %Q|<script>alert("hello world")</script>|, string
40
+ assert_equal 'alert("hello world")', new_string
40
41
  end
41
42
 
42
43
  def test_clean_returns_safe_buffers
@@ -50,20 +51,27 @@ class SanitizeRailsEngineTest < Minitest::Test
50
51
  def test_clean_not_producing_malicious_html_entities
51
52
  string = %Q|&lt;script&gt;hello & world&lt;/script&gt;|
52
53
  @engine.clean! string
53
- assert_equal string, "&lt;script&gt;hello &amp; world&lt;/script&gt;"
54
+ assert_equal "&lt;script&gt;hello &amp; world&lt;/script&gt;", string
55
+ end
56
+
57
+ def test_entities_whitelist
58
+ string = %Q|<script>hello & world</script>|
59
+ @engine.configure(entities_whitelist: { '&amp;': '&' })
60
+ @engine.clean! string
61
+ assert_equal "hello & world", string
54
62
  end
55
63
 
56
64
  def test_clean_making_html_entities
57
65
  string = %Q|<script>hello & world</script>|
58
66
  @engine.clean! string
59
- assert_equal string, "hello &amp; world"
67
+ assert_equal "hello &amp; world", string
60
68
  end
61
69
 
62
70
  def test_clean_returns_blank_string_for_nil_input
63
- assert_equal '', @engine.clean(nil)
71
+ assert_equal @engine.clean(nil), ''
64
72
  end
65
73
 
66
74
  def test_clean_bang_returns_blank_string_for_nil_input
67
- assert_equal '', @engine.clean!(nil)
75
+ assert_equal @engine.clean!(nil), ''
68
76
  end
69
77
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanitize-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marcello Barnaba
@@ -18,28 +18,42 @@ dependencies:
18
18
  requirements:
19
19
  - - ">="
20
20
  - !ruby/object:Gem::Version
21
- version: '3.0'
21
+ version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
26
  - - ">="
27
27
  - !ruby/object:Gem::Version
28
- version: '3.0'
28
+ version: '0'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: sanitize
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
33
  - - ">="
34
34
  - !ruby/object:Gem::Version
35
- version: '3.0'
35
+ version: '0'
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
40
  - - ">="
41
41
  - !ruby/object:Gem::Version
42
- version: '3.0'
42
+ version: '0'
43
+ - !ruby/object:Gem::Dependency
44
+ name: byebug
45
+ requirement: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ">="
48
+ - !ruby/object:Gem::Version
49
+ version: '0'
50
+ type: :development
51
+ prerelease: false
52
+ version_requirements: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - ">="
55
+ - !ruby/object:Gem::Version
56
+ version: '0'
43
57
  description:
44
58
  email:
45
59
  - vjt@openssl.it
@@ -56,6 +70,9 @@ files:
56
70
  - README.md
57
71
  - Rakefile
58
72
  - example/sanitizer.rb
73
+ - gemfiles/rails_4.2.gemfile
74
+ - gemfiles/rails_5.0.gemfile
75
+ - gemfiles/rails_5.1.gemfile
59
76
  - lib/sanitize/rails.rb
60
77
  - lib/sanitize/rails/action_view.rb
61
78
  - lib/sanitize/rails/active_record.rb
@@ -89,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
89
106
  version: '0'
90
107
  requirements: []
91
108
  rubyforge_project:
92
- rubygems_version: 2.4.5
109
+ rubygems_version: 2.5.2.1
93
110
  signing_key:
94
111
  specification_version: 4
95
112
  summary: A sanitizer bridge for Rails applications