slicker 0.3.1 → 0.3.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/{README.rdoc → README.md} +32 -10
  2. data/VERSION +1 -1
  3. data/slicker.gemspec +4 -4
  4. metadata +17 -17
data/{README.rdoc → README.md} RENAMED
@@ -1,4 +1,5 @@
1
- = slicker
1
+ slicker
2
+ -------
2
3
 
3
4
  It's raining XSS out there. Time for a slicker!
4
5
 
@@ -6,22 +7,43 @@ Simple XSS protection was a feature of some early Rails plugins, notably WhiteLi
6
7
 
7
8
  This is a port of the basic sanitize_params strategy into gem format, and with no dependency on Rails - it will also work in Sinatra, Padrino, or a straight Ruby application.
8
9
 
9
- == Usage
10
+ Usage
11
+ =====
10
12
 
11
13
  Using it is pretty simple. In its most basic form:
12
14
 
13
- Slicker.protect(params)
15
+ ```ruby
16
+ # Rails
17
+ before_filter :protect_from_xss
14
18
 
15
- Drop that in your ApplicationController (for Rails) or your app.rb file (Sinatra or Padrino), and you're done: all HTML will be stripped from all params hitting your application.
16
19
 
17
- Slicker depends on sanitize, so you can also pass a Sanitize config through, and strip only some tags:
20
+ # Padrino
21
+ before do
22
+ protect_from_xss
23
+ end
24
+
25
+
26
+ # Either framework
27
+ def protect_from_xss
28
+ Slicker.protect(params)
29
+ end
30
+ ```
31
+
32
+ Drop that in your ApplicationController (for Rails) or your app.rb file (Sinatra or Padrino), and you're done: all HTML will be stripped from all params hitting your application. Of course, the disadvantage of this is that all HTML will be stripped from all params hitting your application.
33
+
34
+ You can loosen this up in several different ways.
35
+
36
+ Slicker depends on sanitize, so you can also pass a Sanitize config through, and strip only certain tags:
18
37
 
19
38
  Slicker.protect(params, Sanitize::Config::BASIC)
20
39
 
21
40
  See the Sanitize[https://github.com/rgrove/sanitize] documentation for more information on what you can pass.
22
41
 
23
- == Contributing to slicker
24
-
42
+ Another way to loosen things up is to be a bit more selective in your filters, perhaps by using `skip_before_filter` or by not putting the filter in the superclass of the entire application.
43
+
44
+ Contributing to slicker
45
+ =======================
46
+
25
47
  * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
26
48
  * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
27
49
  * Fork the project
@@ -30,8 +52,8 @@ See the Sanitize[https://github.com/rgrove/sanitize] documentation for more info
30
52
  * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
31
53
  * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
32
54
 
33
- == Copyright
55
+ Copyright
56
+ =========
34
57
 
35
- Copyright (c) 2012 Dave Hrycyszyn. See LICENSE.txt for
36
- further details.
58
+ Copyright (c) 2012 [Dave Hrycyszyn](http://www.headlondon.com/who-we-are#david-hrycyszyn), [headlondon.com](http://www.headlondon.com). See LICENSE.txt for further details.
37
59
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.1
1
+ 0.3.2
data/slicker.gemspec CHANGED
@@ -5,23 +5,23 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "slicker"
8
- s.version = "0.3.1"
8
+ s.version = "0.3.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Dave Hrycyszyn"]
12
- s.date = "2012-06-01"
12
+ s.date = "2012-06-07"
13
13
  s.description = "It's raining XSS out there. Protect yourself with Slicker!"
14
14
  s.email = "dave.hrycyszyn@headlondon.com"
15
15
  s.extra_rdoc_files = [
16
16
  "LICENSE.txt",
17
- "README.rdoc"
17
+ "README.md"
18
18
  ]
19
19
  s.files = [
20
20
  ".document",
21
21
  "Gemfile",
22
22
  "Gemfile.lock",
23
23
  "LICENSE.txt",
24
- "README.rdoc",
24
+ "README.md",
25
25
  "Rakefile",
26
26
  "VERSION",
27
27
  "lib/slicker.rb",
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: slicker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.3.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-06-01 00:00:00.000000000Z
12
+ date: 2012-06-07 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: sanitize
16
- requirement: &2165846820 !ruby/object:Gem::Requirement
16
+ requirement: &2173973220 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *2165846820
24
+ version_requirements: *2173973220
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: minitest
27
- requirement: &2165845380 !ruby/object:Gem::Requirement
27
+ requirement: &2173972420 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: '0'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *2165845380
35
+ version_requirements: *2173972420
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: yard
38
- requirement: &2165842880 !ruby/object:Gem::Requirement
38
+ requirement: &2173971640 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: 0.6.0
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *2165842880
46
+ version_requirements: *2173971640
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: bundler
49
- requirement: &2165840660 !ruby/object:Gem::Requirement
49
+ requirement: &2173970840 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ~>
@@ -54,10 +54,10 @@ dependencies:
54
54
  version: 1.0.0
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *2165840660
57
+ version_requirements: *2173970840
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: jeweler
60
- requirement: &2165834660 !ruby/object:Gem::Requirement
60
+ requirement: &2173970080 !ruby/object:Gem::Requirement
61
61
  none: false
62
62
  requirements:
63
63
  - - ~>
@@ -65,10 +65,10 @@ dependencies:
65
65
  version: 1.6.4
66
66
  type: :development
67
67
  prerelease: false
68
- version_requirements: *2165834660
68
+ version_requirements: *2173970080
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: simplecov
71
- requirement: &2165833580 !ruby/object:Gem::Requirement
71
+ requirement: &2173969460 !ruby/object:Gem::Requirement
72
72
  none: false
73
73
  requirements:
74
74
  - - ! '>='
@@ -76,20 +76,20 @@ dependencies:
76
76
  version: '0'
77
77
  type: :development
78
78
  prerelease: false
79
- version_requirements: *2165833580
79
+ version_requirements: *2173969460
80
80
  description: It's raining XSS out there. Protect yourself with Slicker!
81
81
  email: dave.hrycyszyn@headlondon.com
82
82
  executables: []
83
83
  extensions: []
84
84
  extra_rdoc_files:
85
85
  - LICENSE.txt
86
- - README.rdoc
86
+ - README.md
87
87
  files:
88
88
  - .document
89
89
  - Gemfile
90
90
  - Gemfile.lock
91
91
  - LICENSE.txt
92
- - README.rdoc
92
+ - README.md
93
93
  - Rakefile
94
94
  - VERSION
95
95
  - lib/slicker.rb
@@ -112,7 +112,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
112
112
  version: '0'
113
113
  segments:
114
114
  - 0
115
- hash: 2286563819459080529
115
+ hash: -175340966913150793
116
116
  required_rubygems_version: !ruby/object:Gem::Requirement
117
117
  none: false
118
118
  requirements: