sb 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +22 -0
  3. data/README.md +50 -0
  4. data/lib/sb.rb +39 -0
  5. data/lib/sb/version.rb +3 -0
  6. metadata +76 -0
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 82ec6806adac93292f95b58cd76cea3014872c23
4
+ data.tar.gz: e0c1f85d7f29b65bf4336fdcf0021f48b9510eae
5
+ SHA512:
6
+ metadata.gz: aee7e9b957b8ad11c32f6a7a7361ab65bb3d5bb273f540a41ad34c44d3334ead02f206e115f877dd16b930c164944e244f40dcfbe2a4560a31b4c216104f9435
7
+ data.tar.gz: f04b77bfd5602e219b784a9f4576b4a7d0403a36657c30b8a63aef3d5f0ec36029d01cac640f0083dfe552229990c5b97e025ec1bda1b6c60524f6e50a313852
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 Nicolas Sanguinetti <hi@nicolassanguinetti.info>
2
+
3
+ Permission is hereby granted, free of charge, to any person
4
+ obtaining a copy of this software and associated documentation
5
+ files (the "Software"), to deal in the Software without
6
+ restriction, including without limitation the rights to use,
7
+ copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ copies of the Software, and to permit persons to whom the
9
+ Software is furnished to do so, subject to the following
10
+ conditions:
11
+
12
+ The above copyright notice and this permission notice shall be
13
+ included in all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
17
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
19
+ HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20
+ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22
+ OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,50 @@
1
+ # SB: Safe buffers for Mote
2
+
3
+ Trivial implementation of the concept of a "safe buffer" for [Mote][] templates.
4
+ This is, a String that auto-escapes input from untrusted sources, such that it
5
+ helps avoid [XSS][] attacks.
6
+
7
+ ## Usage
8
+
9
+ ``` ruby
10
+ buffer = SB.new
11
+ buffer << "<blink>Uh-oh</blink>\n"
12
+ p buffer #=> "&lt;blink&gt;Uh-oh&lt;&#x2F;blink&gt;\n"
13
+
14
+ # Mark a string as "safe" by wrapping it in an SB
15
+ buffer = SB.new
16
+ buffer << SB("<blink>safe!</blink>\n")
17
+ p buffer #=> "<blink>safe!</blink>\n"
18
+ ```
19
+
20
+ For a Mote template, you'd use:
21
+
22
+ ``` ruby
23
+ include Mote::Helpers
24
+
25
+ def mote(file, params = {}, context = self, buffer = SB.new)
26
+ mote_cache[file] ||= Mote.parse(File.read(file), context, params.keys)
27
+ mote_cache[file][params, buffer]
28
+ end
29
+ ```
30
+
31
+ Then the template will automatically escape any input in between `{{` and `}}`
32
+ that hasn't been flagged as safe.
33
+
34
+ ## Install
35
+
36
+ gem install sb
37
+
38
+ ## See also
39
+
40
+ You should take a look at [HMote][], for a fork of Mote that solves this same
41
+ problem by changing how Mote works.
42
+
43
+ ## License
44
+
45
+ Licensed under the MIT license. See the attached [LICENSE](./LICENSE) file for
46
+ details.
47
+
48
+ [Mote]: https://github.com/soveran/mote
49
+ [XSS]: http://en.wikipedia.org/wiki/Cross-Site_Scripting
50
+ [HMote]: https://github.com/harmoni/hmote
@@ -0,0 +1,39 @@
1
+ require "hache"
2
+ require "sb/version"
3
+
4
+ class SB < String
5
+ # Public: Append a string, making sure that it's escaped if it's not a "safe"
6
+ # string (i.e. not an instance of SB).
7
+ #
8
+ # str - A String.
9
+ #
10
+ # Returns self.
11
+ def <<(str)
12
+ super(SB === str ? str : SB(Hache.h(str)))
13
+ end
14
+
15
+ # Public: Make sure converting this into a string doesn't mark it as unsafe.
16
+ def to_s
17
+ self
18
+ end
19
+ end
20
+
21
+ # Public: Mark a string as safe by wrapping it in the SB class.
22
+ #
23
+ # Returns a SB instance.
24
+ def SB(str)
25
+ SB.new(str)
26
+ end
27
+
28
+ # Monkeypatch String#dump so that Mote treats "regular" template text (i.e. not
29
+ # user provided interpolated content) as safe.
30
+ #
31
+ # FIXME: It'd be nice if Mote had some sort of hook method for this so that we
32
+ # didn't need to monkeypatch anything.
33
+ class String
34
+ @@dump = instance_method(:dump)
35
+
36
+ def dump
37
+ "SB(#{@@dump.bind(self).call})"
38
+ end
39
+ end
@@ -0,0 +1,3 @@
1
+ class SB < String
2
+ VERSION = "0.1.0"
3
+ end
metadata ADDED
@@ -0,0 +1,76 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sb
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Nicolas Sanguinetti
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-05-17 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: hache
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: cutest
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.2'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.2'
41
+ description: Safe buffers for Mote
42
+ email:
43
+ - contacto@nicolassanguinetti.info
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files: []
47
+ files:
48
+ - LICENSE
49
+ - README.md
50
+ - lib/sb.rb
51
+ - lib/sb/version.rb
52
+ homepage: http://github.com/foca/sb
53
+ licenses:
54
+ - MIT
55
+ metadata: {}
56
+ post_install_message:
57
+ rdoc_options: []
58
+ require_paths:
59
+ - lib
60
+ required_ruby_version: !ruby/object:Gem::Requirement
61
+ requirements:
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: '0'
65
+ required_rubygems_version: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ requirements: []
71
+ rubyforge_project:
72
+ rubygems_version: 2.2.2
73
+ signing_key:
74
+ specification_version: 4
75
+ summary: Safe buffers for Mote
76
+ test_files: []