scrub_params 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +6 -6
  3. data/lib/scrub_params/parameters.rb +1 -1
  4. data/lib/scrub_params/version.rb +1 -1
  5. data/lib/scrub_params.rb +0 -1
  6. data/scrub_params.gemspec +0 -1
  7. data/test/scrub_params_test.rb +12 -0
  8. metadata +1 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 59ce5d172db14eff6568862d843b8999c06743da
4
- data.tar.gz: 0a0a73b82ae709556ff900d00e056e553332e534
3
+ metadata.gz: 76694d3fbb9dd7c5926a6207d1b161ecc58295cc
4
+ data.tar.gz: 8f1b4cab34cf541882230aefea4d46da76e287bb
5
5
  SHA512:
6
- metadata.gz: 4b3825d8c6d0fe626436ee433778b0bc515e5507f8c3999ae766cccf8ec737774e3f2d7b30b0f84e35dc623d044603218b39f92c4452a1cd8eeeab720f65babb
7
- data.tar.gz: 1bf0a240ed5e94eba192996b7d083731fec08ae8188945c9036be369240c45a3ff7adaf39901104638320fb9967153505cb7a0bc20cacc3cb446eacbfca11c74
6
+ metadata.gz: 2211116329c2250c48e041903224595a0176ad5976b89a308ec97f64194988c33286acf2f5154d5eeebcc09a58c8ee4397a4c27368fc802eb642956ed9a84186
7
+ data.tar.gz: a4e35111b2f3991a0bce2fe54d338940198d222f86874189b8718a1342b7b439fa8653404a58fb10378a8f0abacdda5fe3fef62fae4e6c3f6867dbc4e07b2f66
data/README.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # Scrub Params
2
2
 
3
- :lock: Secure Rails parameters by default
3
+ :lock: Safer Rails parameters by default
4
4
 
5
- HTML has no business in most parameters. Take the **whitelist approach** and remove it by default.
5
+ JavaScript and HTML have no business in most parameters. Take the **whitelist approach** and remove them by default.
6
6
 
7
- **Note:** Rails has done amazing work to prevent XSS, but storing `<script>badThings()</script>` in your database makes it much easier to make mistakes.
7
+ **Note:** Rails does amazing work to prevent [cross-site scripting (XSS)](http://en.wikipedia.org/wiki/Cross-site_scripting), but storing `<script>badThings()</script>` in your database makes it much easier to make mistakes.
8
8
 
9
- Works with Rails 3.2 and above.
9
+ Works with Rails 3.2 and above
10
10
 
11
11
  ## Get Started
12
12
 
@@ -16,7 +16,7 @@ Add this line to your application’s Gemfile:
16
16
  gem 'scrub_params'
17
17
  ```
18
18
 
19
- You now have another line of defense against [cross-site scripting (XSS)](http://en.wikipedia.org/wiki/Cross-site_scripting).
19
+ You now have another line of defense against XSS.
20
20
 
21
21
  ### Test It
22
22
 
@@ -40,7 +40,7 @@ Scrubbed parameters: name
40
40
 
41
41
  ### Whitelist Actions
42
42
 
43
- To prevent certain actions from being scrubbed, use:
43
+ To skip scrubbing for certain actions, use:
44
44
 
45
45
  ```ruby
46
46
  skip_before_filter :scrub_params, only: [:create, :update]
data/lib/scrub_params/parameters.rb CHANGED
@@ -30,7 +30,7 @@ module ScrubParams
30
30
  when Array
31
31
  value.map{|v| scrub_value(key, v) }
32
32
  when String
33
- scrubbed_value = Sanitize.clean(value)
33
+ scrubbed_value = ActionController::Base.helpers.strip_tags(value)
34
34
  if scrubbed_value != value
35
35
  self.scrubbed_keys << key unless scrubbed_keys.include?(key)
36
36
  end
data/lib/scrub_params/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ScrubParams
2
- VERSION = "0.0.2"
2
+ VERSION = "0.0.3"
3
3
  end
data/lib/scrub_params.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  require "scrub_params/version"
2
2
  require "active_support/hash_with_indifferent_access"
3
3
  require "action_controller"
4
- require "sanitize"
5
4
  require "scrub_params/parameters"
6
5
  require "scrub_params/controller"
7
6
  require "scrub_params/log_subscriber"
data/scrub_params.gemspec CHANGED
@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_dependency "activesupport"
22
22
  spec.add_dependency "actionpack"
23
- spec.add_dependency "sanitize"
24
23
 
25
24
  spec.add_development_dependency "bundler", "~> 1.6"
26
25
  spec.add_development_dependency "rake"
data/test/scrub_params_test.rb CHANGED
@@ -22,4 +22,16 @@ class TestScrubParams < Minitest::Test
22
22
  assert_equal expected, params
23
23
  end
24
24
 
25
+ def test_ampersand
26
+ params = ActionController::Parameters.new({"name" => "Ben & Jerry’s"})
27
+ params.scrub!
28
+ assert_equal "Ben & Jerry’s", params["name"]
29
+ end
30
+
31
+ def test_arrows
32
+ params = ActionController::Parameters.new({"name" => "2 > 1 and 1 < 2"})
33
+ params.scrub!
34
+ assert_equal "2 > 1 and 1 < 2", params["name"]
35
+ end
36
+
25
37
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scrub_params
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: sanitize
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: bundler
57
43
  requirement: !ruby/object:Gem::Requirement