sb 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 82ec6806adac93292f95b58cd76cea3014872c23
+  data.tar.gz: e0c1f85d7f29b65bf4336fdcf0021f48b9510eae
+SHA512:
+  metadata.gz: aee7e9b957b8ad11c32f6a7a7361ab65bb3d5bb273f540a41ad34c44d3334ead02f206e115f877dd16b930c164944e244f40dcfbe2a4560a31b4c216104f9435
+  data.tar.gz: f04b77bfd5602e219b784a9f4576b4a7d0403a36657c30b8a63aef3d5f0ec36029d01cac640f0083dfe552229990c5b97e025ec1bda1b6c60524f6e50a313852

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Nicolas Sanguinetti <hi@nicolassanguinetti.info>
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,50 @@
+# SB: Safe buffers for Mote
+
+Trivial implementation of the concept of a "safe buffer" for [Mote][] templates.
+This is, a String that auto-escapes input from untrusted sources, such that it
+helps avoid [XSS][] attacks.
+
+## Usage
+
+``` ruby
+buffer = SB.new
+buffer << "<blink>Uh-oh</blink>\n"
+p buffer #=> "&lt;blink&gt;Uh-oh&lt;&#x2F;blink&gt;\n"
+
+# Mark a string as "safe" by wrapping it in an SB
+buffer = SB.new
+buffer << SB("<blink>safe!</blink>\n")
+p buffer #=> "<blink>safe!</blink>\n"
+```
+
+For a Mote template, you'd use:
+
+``` ruby
+include Mote::Helpers
+
+def mote(file, params = {}, context = self, buffer = SB.new)
+  mote_cache[file] ||= Mote.parse(File.read(file), context, params.keys)
+  mote_cache[file][params, buffer]
+end
+```
+
+Then the template will automatically escape any input in between `{{` and `}}`
+that hasn't been flagged as safe.
+
+## Install
+
+   gem install sb
+
+## See also
+
+You should take a look at [HMote][], for a fork of Mote that solves this same
+problem by changing how Mote works.
+
+## License
+
+Licensed under the MIT license. See the attached [LICENSE](./LICENSE) file for
+details.
+
+[Mote]: https://github.com/soveran/mote
+[XSS]: http://en.wikipedia.org/wiki/Cross-Site_Scripting
+[HMote]: https://github.com/harmoni/hmote

data/lib/sb.rb

@@ -0,0 +1,39 @@
+require "hache"
+require "sb/version"
+
+class SB < String
+  # Public: Append a string, making sure that it's escaped if it's not a "safe"
+  # string (i.e. not an instance of SB).
+  #
+  # str - A String.
+  #
+  # Returns self.
+  def <<(str)
+    super(SB === str ? str : SB(Hache.h(str)))
+  end
+
+  # Public: Make sure converting this into a string doesn't mark it as unsafe.
+  def to_s
+    self
+  end
+end
+
+# Public: Mark a string as safe by wrapping it in the SB class.
+#
+# Returns a SB instance.
+def SB(str)
+  SB.new(str)
+end
+
+# Monkeypatch String#dump so that Mote treats "regular" template text (i.e. not
+# user provided interpolated content) as safe.
+#
+# FIXME: It'd be nice if Mote had some sort of hook method for this so that we
+# didn't need to monkeypatch anything.
+class String
+  @@dump = instance_method(:dump)
+
+  def dump
+    "SB(#{@@dump.bind(self).call})"
+  end
+end

data/lib/sb/version.rb

@@ -0,0 +1,3 @@
+class SB < String
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,76 @@
+--- !ruby/object:Gem::Specification
+name: sb
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nicolas Sanguinetti
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-05-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hache
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: cutest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+description: Safe buffers for Mote
+email:
+- contacto@nicolassanguinetti.info
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/sb.rb
+- lib/sb/version.rb
+homepage: http://github.com/foca/sb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Safe buffers for Mote
+test_files: []