string_master 0.3.18 → 0.3.19

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/string_master/string_master.rb +4 -2
  4. data/spec/lib/string_master/string_master_spec.rb +16 -1
  5. data/string_master.gemspec +2 -2
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a0eaec051d2dbc06d799a8ed6867a941bbfa5849
4
- data.tar.gz: 32dc7c3c8c233262e550a031b192b3f0e96d0cb3
3
+ metadata.gz: d5a075abc613363e9a4ff6a34fb2e090f904ad2e
4
+ data.tar.gz: cf180f4ff24e411cb4dc101be650c85de93fa3f1
5
5
  SHA512:
6
- metadata.gz: c769043d0766719506d6d23cf78e231b75165ed9504ac192876e7b8bc41cc753da88fe9a01f18aef35abc010297979828793876be1d28f867181807b9f61aa45
7
- data.tar.gz: 27d378deb27618fdbe39bd26dec66c19cba0dbb92ce9c6a8ac2bfca6b2bea8d1f4c3323c05fb3fb7e2609da2ff8214c1e1406f215b89a81fcac75cde3eaa5dd0
6
+ metadata.gz: 5f94f5a00b02b0a9f2e5652816f69406ab1fc61c27f8ffc769299cc12827e6a30993f2c5fb9b88d3b991c8e4df9ef1c08b0c0ca788b51edbcde0f1763a56f4fe
7
+ data.tar.gz: ca02e659e224132ba171ac05fee58d0f4f97276e5236c03c1abf0062ee1a05dd33d9fce2567471724173e8af6fce210682c1e19227ec81f3f47c45e196b876ad
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.18
1
+ 0.3.19
data/lib/string_master/string_master.rb CHANGED
@@ -33,7 +33,7 @@ class StringMaster
33
33
  def html_escape(options={})
34
34
  except = options[:except] || %w()
35
35
  close_tags
36
- @modified_string.gsub!(/<\/?([^<]*?)(\s[^>]*?)?\/?>/) do |tag|
36
+ @modified_string.gsub!(/<\/?(.*?)(\s.*?)?\/?>/) do |tag|
37
37
  if except.include?($1)
38
38
  # sanitize attributes
39
39
  tag.gsub(/\s(.+?)=('|").*?\2(?=.*?>)/) do |a|
@@ -44,7 +44,9 @@ class StringMaster
44
44
  end
45
45
  end
46
46
  # Convert all unclosed left tag brackets (<) into &lt;
47
- @modified_string.gsub!(/(<)([^>]*\Z)/, '&lt;\2')
47
+ @modified_string.gsub!(/<+([^>]*)\Z/, '&lt;\1')
48
+ # Convert all unopened right tag brackets (<) into &lt;
49
+ @modified_string.gsub!(/\A([^<]*)>+/, '\1&gt;')
48
50
  self
49
51
  end
50
52
 
data/spec/lib/string_master/string_master_spec.rb CHANGED
@@ -27,7 +27,22 @@ describe StringMaster do
27
27
  parser.html_escape.to_s.should == 'xsstest&lt;input/onfocus=prompt(document.cookie)autofocus&gt;'
28
28
 
29
29
  parser = StringMaster.new('xsstest"><input/onfocus=prompt() autofocus /=')
30
- parser.html_escape.to_s.should == 'xsstest">&lt;input/onfocus=prompt() autofocus /='
30
+ parser.html_escape.to_s.should == 'xsstest"&gt;&lt;input/onfocus=prompt() autofocus /='
31
+
32
+ parser = StringMaster.new('xsstest"><input/onfocus=prompt() autofocus /= <img>')
33
+ parser.html_escape.to_s.should == 'xsstest"&gt;&lt;input/onfocus=prompt() autofocus /= &lt;img&gt;'
34
+
35
+ parser = StringMaster.new('xsstest"><input/onfocus=prompt() autofocus /= <img>')
36
+ parser.html_escape(except: %w(img)).to_s.should == 'xsstest"&gt;&lt;input/onfocus=prompt() autofocus /= &lt;img&gt;'
37
+
38
+ parser = StringMaster.new('aaaa"<input/autofocus/onfocus=prompt(\'textxss\')//<>>')
39
+ parser.html_escape(except: %w(img)).to_s.should == 'aaaa"&lt;input/autofocus/onfocus=prompt(&#39;textxss&#39;)//&lt;&gt;&gt;'
40
+
41
+ parser = StringMaster.new('aaaa"<<<<<input/autofocus/onfocus=prompt(\'textxss\')//<<<<>>>>>')
42
+ parser.html_escape(except: %w(img)).to_s.should == 'aaaa"&lt;&lt;&lt;&lt;&lt;input/autofocus/onfocus=prompt(&#39;textxss&#39;)//&lt;&lt;&lt;&lt;&gt;>>>&gt;'
43
+
44
+ parser = StringMaster.new('aaaa"<input<<<<input/autofocus/onfocus=prompt(\'textxss\')//<<<<hello>>>>>')
45
+ parser.html_escape(except: %w(img)).to_s.should == 'aaaa"&lt;input&lt;&lt;&lt;&lt;input/autofocus/onfocus=prompt(&#39;textxss&#39;)//&lt;&lt;&lt;&lt;hello&gt;>>>&gt;&lt;/hello&gt;'
31
46
 
32
47
  parser = StringMaster.new('<img onload="do_something()">')
33
48
  parser.html_escape(except: %w(img)).to_s.should == '<img>'
data/string_master.gemspec CHANGED
@@ -2,11 +2,11 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: string_master 0.3.18 ruby lib
5
+ # stub: string_master 0.3.19 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "string_master"
9
- s.version = "0.3.18"
9
+ s.version = "0.3.19"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: string_master
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.18
4
+ version: 0.3.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Roman Snitko