trust_html 0.1.1 → 0.1.2

data/VERSION

@@ -1 +1 @@
-0.1.1
+0.1.2

data/lib/trust_html/sanitizer.rb

@@ -10,7 +10,8 @@ module TrustHtml
   #   Example of forcing HTTPS
   #   "if((new RegExp(\"^(https)?:\/\/\", \"ig\")).test(url)) { return url; }" + 
   #   'url' is local to the method
-  URL_SANITIZER_METHOD_BODY = "return url;"
+  # Make sure the URL is at minimum a URL (and not JS)...
+  URL_SANITIZER_METHOD_BODY = "if((new RegExp(\"^(https|http)?:\/\/\", \"ig\")).test(url)) { return url; }"
 
   # Test every ID to make sure it does not conflict (or just remove them all) etc.
   #   'id' is local to the method

data/trust_html.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{trust_html}
-  s.version = "0.1.1"
+  s.version = "0.1.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = [%q{Cary Dunn}]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: trust_html
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2011-07-15 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: better
-  requirement: &2152272220 !ruby/object:Gem::Requirement
+  requirement: &2152326840 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2152272220
+  version_requirements: *2152326840
 - !ruby/object:Gem::Dependency
   name: therubyracer
-  requirement: &2152257680 !ruby/object:Gem::Requirement
+  requirement: &2152312240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2152257680
+  version_requirements: *2152312240
 - !ruby/object:Gem::Dependency
   name: shoulda
-  requirement: &2152249880 !ruby/object:Gem::Requirement
+  requirement: &2152310460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152249880
+  version_requirements: *2152310460
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &2152247140 !ruby/object:Gem::Requirement
+  requirement: &2152309720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +54,10 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *2152247140
+  version_requirements: *2152309720
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &2152244460 !ruby/object:Gem::Requirement
+  requirement: &2152308100 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -65,10 +65,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *2152244460
+  version_requirements: *2152308100
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &2152218160 !ruby/object:Gem::Requirement
+  requirement: &2152306820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,7 +76,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152218160
+  version_requirements: *2152306820
 description: Make HTML trustworthy for rendering within your web app via Google HTML
   sanitizers. This is _not_ about stripping HTML but rather about cleaning it of javascript
   (onclicks, etc.) as well as CSS.
@@ -117,7 +117,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3766334305255440814
+      hash: -3197474995446490302
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: