RubyGems - scrub_params - Versions diffs - 0.0.3 → 0.0.4 - Mend

scrub_params 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +8 -0
data/Rakefile +22 -0
data/lib/scrub_params/controller.rb +3 -1
data/lib/scrub_params/parameters.rb +14 -13
data/lib/scrub_params/version.rb +1 -1
data/test/scrub_params_test.rb +3 -6
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 76694d3fbb9dd7c5926a6207d1b161ecc58295cc
-  data.tar.gz: 8f1b4cab34cf541882230aefea4d46da76e287bb
+  metadata.gz: b75ad0d37dc5c37873483051587afc33f78d8a71
+  data.tar.gz: f192137c900b951e4de89950887744d67dc43555
 SHA512:
-  metadata.gz: 2211116329c2250c48e041903224595a0176ad5976b89a308ec97f64194988c33286acf2f5154d5eeebcc09a58c8ee4397a4c27368fc802eb642956ed9a84186
-  data.tar.gz: a4e35111b2f3991a0bce2fe54d338940198d222f86874189b8718a1342b7b439fa8653404a58fb10378a8f0abacdda5fe3fef62fae4e6c3f6867dbc4e07b2f66
+  metadata.gz: d9c2141b6cd4a3ec3e398044b039d4488754c42e9eec15f4215b22ef8b9d2fe008ed2f34e9ed34e58651ae8de0ddab7625ffb5d41827981ab3659417e4819e75
+  data.tar.gz: ec1469577e86bd34db3b1e7db91d7efb36864965038601d4196755e9919f5cc7c578becc6eadb80bb3a7554d45fb2e15e74890b4cc714ddd9eca8774d1713240

data/README.md CHANGED

@@ -38,6 +38,14 @@ And you should see this in your logs:
 Scrubbed parameters: name
 ```
+### Original Parameters
+Access the original parameters with:
+```ruby
+unscrubbed_params
+```
 ### Whitelist Actions
 To skip scrubbing for certain actions, use:

data/Rakefile CHANGED

@@ -6,3 +6,25 @@ Rake::TestTask.new do |t|
   t.libs << "test"
   t.pattern = "test/**/*_test.rb"
 end
+task :benchmark do
+  require "bundler/setup"
+  Bundler.require(:default)
+  list = []
+  1000.times do
+    params = ActionController::Parameters.new
+    100.times do |i|
+      params[i] = "Hello <script>alert('World')</script>"
+    end
+    list << params
+  end
+  Benchmark.bm do |bm|
+    bm.report do
+      list.each do |params|
+        params.scrub
+      end
+    end
+  end
+end

data/lib/scrub_params/controller.rb CHANGED

@@ -3,11 +3,13 @@ module ScrubParams
     extend ActiveSupport::Concern
     included do
+      attr_accessor :unscrubbed_params
       before_filter :scrub_params
     end
     def scrub_params
-      params.scrub!
+      self.unscrubbed_params = params
+      self.params = params.scrub
     end
   end

data/lib/scrub_params/parameters.rb CHANGED

@@ -6,35 +6,36 @@ module ScrubParams
       attr_accessor :scrubbed_keys
     end
-    def scrub!
+    def scrub
       self.scrubbed_keys = []
+      hash = {}
       each_pair do |k, v|
-        self[k] = scrub_value(k, v)
+        hash[k] = scrub_value(k, v)
       end
       if scrubbed_keys.any?
-        ActiveSupport::Notifications.instrument("scrubbed_parameters.action_controller", keys: scrubbed_keys)
+        ActiveSupport::Notifications.instrument("scrubbed_parameters.action_controller", keys: scrubbed_keys.uniq)
       end
-      self
+      hash
     end
     protected
     def scrub_value(key, value)
       case value
-      when Hash
-        h = {}
-        value.each do |k, v|
-          h[k] = scrub_value(k, v)
-        end
-        h
-      when Array
-        value.map{|v| scrub_value(key, v) }
       when String
         scrubbed_value = ActionController::Base.helpers.strip_tags(value)
         if scrubbed_value != value
-          self.scrubbed_keys << key unless scrubbed_keys.include?(key)
+          self.scrubbed_keys << key
         end
         scrubbed_value
+      when Hash
+        hash = {}
+        value.each do |k, v|
+          hash[k] = scrub_value(k, v)
+        end
+        hash
+      when Array
+        value.map{|v| scrub_value(key, v) }
       else
         value
       end

data/lib/scrub_params/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ScrubParams
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/test/scrub_params_test.rb CHANGED

@@ -11,7 +11,6 @@ class TestScrubParams < Minitest::Test
           "make" => "<blink>Tesla</blink>"
         }
       })
-    params.scrub!
     expected = {
       "name" => "Hello alert('World')",
       "tags" => ["awesome", "hack"],
@@ -19,19 +18,17 @@ class TestScrubParams < Minitest::Test
         "make" => "Tesla"
       }
     }
-    assert_equal expected, params
+    assert_equal expected, params.scrub
   end
   def test_ampersand
     params = ActionController::Parameters.new({"name" => "Ben & Jerry’s"})
-    params.scrub!
-    assert_equal "Ben & Jerry’s", params["name"]
+    assert_equal "Ben & Jerry’s", params.scrub["name"]
   end
   def test_arrows
     params = ActionController::Parameters.new({"name" => "2 > 1 and 1 < 2"})
-    params.scrub!
-    assert_equal "2 > 1 and 1 < 2", params["name"]
+    assert_equal "2 > 1 and 1 < 2", params.scrub["name"]
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: scrub_params
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-04-14 00:00:00.000000000 Z
+date: 2014-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport