RubyGems - string_master - Versions diffs - 0.3.18 → 0.3.19 - Mend

string_master 0.3.18 → 0.3.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/lib/string_master/string_master.rb +4 -2
data/spec/lib/string_master/string_master_spec.rb +16 -1
data/string_master.gemspec +2 -2
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a0eaec051d2dbc06d799a8ed6867a941bbfa5849
-  data.tar.gz: 32dc7c3c8c233262e550a031b192b3f0e96d0cb3
+  metadata.gz: d5a075abc613363e9a4ff6a34fb2e090f904ad2e
+  data.tar.gz: cf180f4ff24e411cb4dc101be650c85de93fa3f1
 SHA512:
-  metadata.gz: c769043d0766719506d6d23cf78e231b75165ed9504ac192876e7b8bc41cc753da88fe9a01f18aef35abc010297979828793876be1d28f867181807b9f61aa45
-  data.tar.gz: 27d378deb27618fdbe39bd26dec66c19cba0dbb92ce9c6a8ac2bfca6b2bea8d1f4c3323c05fb3fb7e2609da2ff8214c1e1406f215b89a81fcac75cde3eaa5dd0
+  metadata.gz: 5f94f5a00b02b0a9f2e5652816f69406ab1fc61c27f8ffc769299cc12827e6a30993f2c5fb9b88d3b991c8e4df9ef1c08b0c0ca788b51edbcde0f1763a56f4fe
+  data.tar.gz: ca02e659e224132ba171ac05fee58d0f4f97276e5236c03c1abf0062ee1a05dd33d9fce2567471724173e8af6fce210682c1e19227ec81f3f47c45e196b876ad

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.3.18
1	+ 0.3.19

data/lib/string_master/string_master.rb CHANGED

@@ -33,7 +33,7 @@ class StringMaster
   def html_escape(options={})
     except = options[:except] || %w()
     close_tags
-    @modified_string.gsub!(/<\/?([^<]*?)(\s[^>]*?)?\/?>/) do |tag|
+    @modified_string.gsub!(/<\/?(.*?)(\s.*?)?\/?>/) do |tag|
       if except.include?($1)
         # sanitize attributes
         tag.gsub(/\s(.+?)=('|").*?\2(?=.*?>)/) do |a|
@@ -44,7 +44,9 @@ class StringMaster
       end
     end
     # Convert all unclosed left tag brackets (<) into &lt;
-    @modified_string.gsub!(/(<)([^>]*\Z)/, '&lt;\2')
+    @modified_string.gsub!(/<+([^>]*)\Z/, '&lt;\1')
+    # Convert all unopened right tag brackets (<) into &lt;
+    @modified_string.gsub!(/\A([^<]*)>+/, '\1&gt;')
     self
   end

data/spec/lib/string_master/string_master_spec.rb CHANGED

@@ -27,7 +27,22 @@ describe StringMaster do
     parser.html_escape.to_s.should == 'xsstest&lt;input/onfocus=prompt(document.cookie)autofocus&gt;'
     parser = StringMaster.new('xsstest"><input/onfocus=prompt() autofocus /=')
-    parser.html_escape.to_s.should == 'xsstest">&lt;input/onfocus=prompt() autofocus /='
+    parser.html_escape.to_s.should == 'xsstest"&gt;&lt;input/onfocus=prompt() autofocus /='
+    parser = StringMaster.new('xsstest"><input/onfocus=prompt() autofocus /= <img>')
+    parser.html_escape.to_s.should == 'xsstest"&gt;&lt;input/onfocus=prompt() autofocus /= &lt;img&gt;'
+    parser = StringMaster.new('xsstest"><input/onfocus=prompt() autofocus /= <img>')
+    parser.html_escape(except: %w(img)).to_s.should == 'xsstest"&gt;&lt;input/onfocus=prompt() autofocus /= &lt;img&gt;'
+    parser = StringMaster.new('aaaa"<input/autofocus/onfocus=prompt(\'textxss\')//<>>')
+    parser.html_escape(except: %w(img)).to_s.should == 'aaaa"&lt;input/autofocus/onfocus=prompt(&#39;textxss&#39;)//&lt;&gt;&gt;'
+    parser = StringMaster.new('aaaa"<<<<<input/autofocus/onfocus=prompt(\'textxss\')//<<<<>>>>>')
+    parser.html_escape(except: %w(img)).to_s.should == 'aaaa"&lt;&lt;&lt;&lt;&lt;input/autofocus/onfocus=prompt(&#39;textxss&#39;)//&lt;&lt;&lt;&lt;&gt;>>>&gt;'
+    parser = StringMaster.new('aaaa"<input<<<<input/autofocus/onfocus=prompt(\'textxss\')//<<<<hello>>>>>')
+    parser.html_escape(except: %w(img)).to_s.should == 'aaaa"&lt;input&lt;&lt;&lt;&lt;input/autofocus/onfocus=prompt(&#39;textxss&#39;)//&lt;&lt;&lt;&lt;hello&gt;>>>&gt;&lt;/hello&gt;'
     parser = StringMaster.new('<img onload="do_something()">')
     parser.html_escape(except: %w(img)).to_s.should == '<img>'

data/string_master.gemspec CHANGED

@@ -2,11 +2,11 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: string_master 0.3.18 ruby lib
+# stub: string_master 0.3.19 ruby lib
 Gem::Specification.new do |s|
   s.name = "string_master"
-  s.version = "0.3.18"
+  s.version = "0.3.19"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: string_master
 version: !ruby/object:Gem::Version
-  version: 0.3.18
+  version: 0.3.19
 platform: ruby
 authors:
 - Roman Snitko