RubyGems - scrub_params - Versions diffs - 0.0.2 → 0.0.3 - Mend

scrub_params 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +6 -6
data/lib/scrub_params/parameters.rb +1 -1
data/lib/scrub_params/version.rb +1 -1
data/lib/scrub_params.rb +0 -1
data/scrub_params.gemspec +0 -1
data/test/scrub_params_test.rb +12 -0
metadata +1 -15

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 59ce5d172db14eff6568862d843b8999c06743da
-  data.tar.gz: 0a0a73b82ae709556ff900d00e056e553332e534
+  metadata.gz: 76694d3fbb9dd7c5926a6207d1b161ecc58295cc
+  data.tar.gz: 8f1b4cab34cf541882230aefea4d46da76e287bb
 SHA512:
-  metadata.gz: 4b3825d8c6d0fe626436ee433778b0bc515e5507f8c3999ae766cccf8ec737774e3f2d7b30b0f84e35dc623d044603218b39f92c4452a1cd8eeeab720f65babb
-  data.tar.gz: 1bf0a240ed5e94eba192996b7d083731fec08ae8188945c9036be369240c45a3ff7adaf39901104638320fb9967153505cb7a0bc20cacc3cb446eacbfca11c74
+  metadata.gz: 2211116329c2250c48e041903224595a0176ad5976b89a308ec97f64194988c33286acf2f5154d5eeebcc09a58c8ee4397a4c27368fc802eb642956ed9a84186
+  data.tar.gz: a4e35111b2f3991a0bce2fe54d338940198d222f86874189b8718a1342b7b439fa8653404a58fb10378a8f0abacdda5fe3fef62fae4e6c3f6867dbc4e07b2f66

data/README.md CHANGED Viewed

@@ -1,12 +1,12 @@
 # Scrub Params
-:lock: Secure Rails parameters by default
+:lock: Safer Rails parameters by default
-HTML has no business in most parameters. Take the **whitelist approach** and remove it by default.
+JavaScript and HTML have no business in most parameters. Take the **whitelist approach** and remove them by default.
-**Note:** Rails has done amazing work to prevent XSS, but storing `<script>badThings()</script>` in your database makes it much easier to make mistakes.
+**Note:** Rails does amazing work to prevent [cross-site scripting (XSS)](http://en.wikipedia.org/wiki/Cross-site_scripting), but storing `<script>badThings()</script>` in your database makes it much easier to make mistakes.
-Works with Rails 3.2 and above.
+Works with Rails 3.2 and above
 ## Get Started
@@ -16,7 +16,7 @@ Add this line to your application’s Gemfile:
 gem 'scrub_params'
 ```
-You now have another line of defense against [cross-site scripting (XSS)](http://en.wikipedia.org/wiki/Cross-site_scripting).
+You now have another line of defense against XSS.
 ### Test It
@@ -40,7 +40,7 @@ Scrubbed parameters: name
 ### Whitelist Actions
-To prevent certain actions from being scrubbed, use:
+To skip scrubbing for certain actions, use:
 ```ruby
 skip_before_filter :scrub_params, only: [:create, :update]

data/lib/scrub_params/parameters.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module ScrubParams
       when Array
         value.map{|v| scrub_value(key, v) }
       when String
-        scrubbed_value = Sanitize.clean(value)
+        scrubbed_value = ActionController::Base.helpers.strip_tags(value)
         if scrubbed_value != value
           self.scrubbed_keys << key unless scrubbed_keys.include?(key)
         end

data/lib/scrub_params/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ScrubParams
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/lib/scrub_params.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 require "scrub_params/version"
 require "active_support/hash_with_indifferent_access"
 require "action_controller"
-require "sanitize"
 require "scrub_params/parameters"
 require "scrub_params/controller"
 require "scrub_params/log_subscriber"

data/scrub_params.gemspec CHANGED Viewed

@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "activesupport"
   spec.add_dependency "actionpack"
-  spec.add_dependency "sanitize"
   spec.add_development_dependency "bundler", "~> 1.6"
   spec.add_development_dependency "rake"

data/test/scrub_params_test.rb CHANGED Viewed

@@ -22,4 +22,16 @@ class TestScrubParams < Minitest::Test
     assert_equal expected, params
   end
+  def test_ampersand
+    params = ActionController::Parameters.new({"name" => "Ben & Jerry’s"})
+    params.scrub!
+    assert_equal "Ben & Jerry’s", params["name"]
+  end
+  def test_arrows
+    params = ActionController::Parameters.new({"name" => "2 > 1 and 1 < 2"})
+    params.scrub!
+    assert_equal "2 > 1 and 1 < 2", params["name"]
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: scrub_params
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Andrew Kane
@@ -38,20 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: sanitize
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement