vidibus-xss 0.1.14 → 0.1.15

data/VERSION

@@ -1 +1 @@
-0.1.14
+0.1.15

data/lib/vidibus/xss/extensions/controller.rb

@@ -8,7 +8,7 @@ module Vidibus
         extend ActiveSupport::Concern
 
         included do
-          helper_method :url_for, :xss_request?, :fullpath_url
+          helper_method :url_for, :xss_request?, :fullpath_url, :render_xss_string, :extract_xss
           respond_to :html, :xss
           rescue_from ActionController::RoutingError, :with => :rescue_404
         end
@@ -140,13 +140,13 @@ module Vidibus
           resources
         end
 
-        # Renders given content string to XSS hash of resources and content.
+        # Extracts XSS hash of resources and content from given content string.
         # If html content is given, the method tries to extract title,
         # stylesheets and javascripts from head and content from body.
         # TODO: Allow script blocks! Add them to body?
         # TODO: Allow style blocks?
         # TODO: Check for html content
-        def render_to_xss(content)
+        def extract_xss(content)
           dom = Nokogiri::HTML(content)
           {
             :resources => extract_xss_javascripts(dom) + extract_xss_stylesheets(dom),
@@ -183,9 +183,18 @@ module Vidibus
           render_xss(:callback => data)
         end
 
+        # Controller method for rendering xss content.
+        def render_xss(options = {})
+          xss = render_xss_string(options)
+          xss_access_control_headers
+          self.content_type = Mime::XSS
+          self.status = 200 # force success status
+          self.response_body = xss
+        end
+
         # Main method for rendering XSS.
         # Renders given XSS resources and content to string and sets it as response_body.
-        def render_xss(options = {})
+        def render_xss_string(options = {})
           resources = options.delete(:resources)
           content = options.delete(:content)
           path = options.delete(:get)
@@ -210,7 +219,7 @@ module Vidibus
 
           # render load invocations of XSS resources
           if resources and resources.any?
-            xss << %(vidibus.loader.load(#{resources.to_json},'#{params[:scope]}');)
+            xss << %(xssLoader.load(#{resources.to_json},'#{params[:scope]}');)
             defer = true
           end
 
@@ -232,13 +241,9 @@ module Vidibus
           # wait until resources have been loaded, before rendering XSS content
           if defer
             function_name = "rx#{xss_random_string}"
-            xss_content = %(var #{function_name}=function(){if(vidibus.loader.complete){#{xss_content}}else{window.setTimeout('#{function_name}()',100);}};#{function_name}();)
+            xss_content = %(var #{function_name}=function(){if(xssLoader.complete){#{xss_content}}else{window.setTimeout('#{function_name}()',100);}};#{function_name}();)
           end
           xss << xss_content
-          xss_access_control_headers
-          self.content_type = Mime::XSS
-          self.status = 200 # force success status
-          self.response_body = xss
         end
 
         # Generates random string for current cycle.
@@ -305,15 +310,21 @@ module Vidibus
 
             # embed xss.get
             if path = options[:path]
-              content = render_to_string(:template => "layouts/#{get_layout(:xss)}")
-              xss = render_to_xss(content)
+              template = options[:template]
+              if template === false
+                xss = {}
+              else
+                template ||= "layouts/#{get_layout(:xss)}"
+                content = render_to_string(:template => template)
+                xss = extract_xss(content)
+              end
               xss[:get] = "/#{path}"
               xss.delete(:content) # Ensure that not content will be embedded!
 
             # embed xss content
             else
               content = render_to_string(*args, &block)
-              xss = render_to_xss(content)
+              xss = extract_xss(content)
             end
 
             render_xss(xss)

data/public/javascripts/vidibus.js

@@ -29,3 +29,54 @@ jQuery(function ($) {
     vidibus.csrf.data[vidibus.csrf.param] = encodeURIComponent(vidibus.csrf.token);
   }
 });
+
+
+/**
+ * Implement ajax handler.
+ * This is the default handler provided in rails.js with some extensions.
+ */
+$(function($) {
+  $.fn.extend({
+
+    /**
+     * Handles execution of remote calls firing overridable events along the way.
+     */
+    callAjax: function(url, method, data) {
+      var el = this,
+        method = method || el.attr('method') || el.attr('data-method') || 'GET',
+        dataType = el.attr('data-type')  || 'script';
+      if (!url) url = el.attr('action') || el.attr('href') || el.attr('data-url');
+      if (url === undefined) {
+        throw "No URL specified for remote call (action or href must be present).";
+      } else {
+        if (el.triggerAndReturn('ajax:before')) {
+          data = data || el.is('form') ? el.serializeArray() : {};
+          if (method == 'delete') {
+            data['_method'] = method;
+            method = 'POST';
+          }
+          $.extend(data, vidibus.csrf.data());
+          $.ajax({
+            url: url,
+            data: data,
+            dataType: dataType,
+            type: method.toUpperCase(),
+            beforeSend: function(xhr) {
+              el.trigger('ajax:loading', xhr);
+            },
+            success: function(data, status, xhr) {
+              el.trigger('ajax:success', [data, status, xhr]);
+            },
+            complete: function(xhr) {
+              el.trigger('ajax:complete', xhr);
+            },
+            error: function(xhr, status, error) {
+              el.trigger('ajax:failure', [xhr, status, error]);
+            }
+          });
+        }
+        el.trigger('ajax:after');
+      }
+    }
+  });
+});

data/public/javascripts/vidibus.loader.js

@@ -1,13 +1,13 @@
 // Basic loader for stylesheets and javascripts.
-vidibus.loader = {
-  
+var xssLoader = {
+
   complete: true,       // indicates that loading has been finished
   queue: [],            // holds resources that are queued to load
   loading: undefined,   // holds resource that is currently being loaded
   preloaded: undefined, // holds resources that are included in consumer base file
   loaded: {},           // holds resources that are currently loaded
   unused: {},           // holds resources that are loaded, but not required anymore
-  
+
   /**
    * Load resources.
    */
@@ -19,98 +19,98 @@ vidibus.loader = {
     $(resources).each(function() {
       var resource = this,
           src = resource.src,
-          name = vidibus.loader.resourceName(src);
-      
+          name = xssLoader.resourceName(src);
+
       resource.name = name;
-      resource.scopes = {}
+      resource.scopes = {};
       resource.scopes[scope] = true;
-      
+
       // remove current file, because it is used
-      delete vidibus.loader.unused[name];
+      delete xssLoader.unused[name];
 
       // skip files that have already been loaded
-      if (vidibus.loader.loaded[name]) {
-        vidibus.loader.loaded[name].scopes[scope] = true; // add current scope
+      if (xssLoader.loaded[name]) {
+        xssLoader.loaded[name].scopes[scope] = true; // add current scope
         return; // continue
-      } else if (vidibus.loader.preloaded[name]) {
+      } else if (xssLoader.preloaded[name]) {
         return; // continue
       }
-      
-      vidibus.loader.loaded[name] = resource;
+
+      xssLoader.loaded[name] = resource;
       switch (resource.type) {
-        
+
         // load css file directly
         case 'text/css':
-          var element = document.createElement("link"); 
-          element.rel = 'stylesheet'; 
-          element.href = src; 
+          var element = document.createElement("link");
+          element.rel = 'stylesheet';
+          element.href = src;
           element.media = resource.media || 'all';
           element.type = 'text/css';
-          vidibus.loader.appendToHead(element);
+          xssLoader.appendToHead(element);
           break;
-          
+
         // push script file to loading queue
         case 'text/javascript':
-          vidibus.loader.queue.push(resource);
+          xssLoader.queue.push(resource);
           break;
-          
-        default: console.log('vidibus.loader.load: unsupported resource type: '+resource.type);
+
+        default: console.log('xssLoader.load: unsupported resource type: '+resource.type);
       }
     });
-    
+
     this.loadQueue(true);
     this.unloadUnused(scope);
   },
-  
+
   /**
    * Returns file name of resource.
    */
   resourceName: function(url) {
     return url.match(/\/([^\/\?]+)(\?.*)*$/)[1];
   },
-  
+
   /**
    * Returns list of static resources.
    */
   initStaticResources: function() {
-    if (vidibus.loader.preloaded == undefined) {
-      vidibus.loader.preloaded = {};
+    if (xssLoader.preloaded === undefined) {
+      xssLoader.preloaded = {};
       var $resource, src, name;
       $('script[src],link[href]',$('head')).each(function() {
         $resource = $(this);
         src = $resource.attr('src') || $resource.attr('href');
-        name = vidibus.loader.resourceName(src);
-        vidibus.loader.preloaded[name] = src;
+        name = xssLoader.resourceName(src);
+        xssLoader.preloaded[name] = src;
       });
     }
   },
-  
+
   /**
    * Loads resources in queue.
    */
   loadQueue: function(start) {
-    
+
     // Reduce queue if this method is called as callback.
-    if(start != true) {
-      vidibus.loader.queue.shift();
+    if(start !== true) {
+      xssLoader.queue.shift();
     }
-    
-    var resource = vidibus.loader.queue[0];
-    
+
+    var resource = xssLoader.queue[0];
+
     // return if file is currently loading
     if (resource) {
-      if (resource == vidibus.loader.loading) {
+      if (resource === xssLoader.loading) {
         // console.log('CURRENTLY LOADING: '+resource.src);
         return;
       }
-      vidibus.loader.loading = resource;
-      vidibus.loader.loadScript(resource.src, vidibus.loader.loadQueue);
+      xssLoader.loading = resource;
+      xssLoader.loadScript(resource.src, xssLoader.loadQueue);
     } else {
-      vidibus.loader.loading = undefined;
-      vidibus.loader.complete = true;
+      xssLoader.loading = undefined;
+      xssLoader.complete = true;
     }
   },
-  
+
   /**
    * Loads script src.
    */
@@ -121,66 +121,71 @@ vidibus.loader = {
     } else {
       // IE
       element.onreadystatechange = function() {
-        if (this.readyState == 'loaded') callback.call(this);
-      }
+        if (this.readyState === 'loaded') {
+          callback.call(this);
+        }
+      };
     }
     element.type = 'text/javascript';
     element.src = src;
-    vidibus.loader.appendToHead(element);
+    xssLoader.appendToHead(element);
     element = null;
   },
-  
+
   /**
    * Detects unused resources and removes them.
    */
   unloadUnused: function(scope) {
     var name, resources = [];
-    for(name in vidibus.loader.unused) {
+    for(name in xssLoader.unused) {
+      if (xssLoader.unused.hasOwnProperty(name)) {
+        // Remove dependency for given scope.
+        if (xssLoader.unused[name].scopes[scope]) {
+          delete xssLoader.unused[name].scopes[scope];
+        }
 
-      // Remove dependency for given scope.
-      if (vidibus.loader.unused[name].scopes[scope]) {
-        delete vidibus.loader.unused[name].scopes[scope];
-      }
-      
-      // Unload resource if it has no dependencies left.
-      if ($.isEmptyObject(vidibus.loader.unused[name].scopes)) {
-        resources.push(vidibus.loader.unused[name]);
+        // Unload resource if it has no dependencies left.
+        if ($.isEmptyObject(xssLoader.unused[name].scopes)) {
+          resources.push(xssLoader.unused[name]);
+        }
       }
     }
-    vidibus.loader.unload(resources);
-    vidibus.loader.unused = {}
+    xssLoader.unload(resources);
+    xssLoader.unused = {};
   },
-  
+
   /**
    * Removes resources given in list.
    */
   unload: function(resources) {
-    var src, data, resource;
+    var src, resource;
     $(resources).each(function() {
       resource = this;
       src = resource.src;
-
-      // console.log('REMOVE UNUSED RESOURCE: '+src);
-      
       switch (resource.type) {
-        case "text/css": 
+        case "text/css":
           $('link[href="'+src+'"]').remove();
           break;
-          
-        case "text/javascript": 
+
+        case "text/javascript":
           $('script[src="'+src+'"]').remove();
           break;
-          
-        default: console.log('vidibus.loader.unload: unsupported resource type: '+resource.type);
+
+        default: console.log('xssLoader.unload: unsupported resource type: '+resource.type);
       }
-      delete vidibus.loader.loaded[resource.name];
+      delete xssLoader.loaded[resource.name];
     });
   },
-  
+
   /**
    * Appends given element to document head.
    */
   appendToHead: function(element) {
-    document.getElementsByTagName("head")[0].appendChild(element);
+    $("head")[0].appendChild(element);
   }
 };
+
+// Maintain compatibility
+if (typeof vidibus !== "undefined") {
+  vidibus.loader = xssLoader;
+}

data/public/javascripts/vidibus.xss.js

@@ -18,9 +18,14 @@ vidibus.xss = {
   initialized: {},      // holds true for every scope that has been initialized
   fileExtension: 'xss', // use 'xss' as file extension
   loadedUrls: {},       // store urls currently loaded in each scope
+  pathPrefix: '',       // set a fixed prefix for all paths
+
+  ready: function() {
+    // TODO: implement real event handler
+  },
 
   /**
-   * Detects scope of script block to be executed. 
+   * Detects scope of script block to be executed.
    * Must be called from embedding page.
    */
   detectScope: function() {
@@ -30,50 +35,60 @@ vidibus.xss = {
     $detector.remove();
     return $scope;
   },
-  
+
   /**
    * Usage:
-   *   vidibus.xss.embed('<div>Some HTML</div>', $('#scope'), 'http://host.url/');
+   *   vidibus.xss.embed('<div>Some HTML</div>', $('#scope') [, ".some element"]);
    */
-  embed: function(html, $scope, host) {
+  embed: function(html, $scope, selector) {
     html = this.transformPaths(html, $scope); // Transform local paths before embedding html into page!
-    $scope.html(html);
+    if (selector) {
+      $(selector, $scope).html(html);
+    } else {
+      $scope.html(html);
+    }
     this.setUrls($scope);
     this.setActions($scope);
+    this.ready();
   },
-  
+
   /**
    * Calls given path for given scope. If a third parameter is set to true,
    * the location will be loaded, even if it is currently loaded.
-   * 
+   *
    * Usage:
    *   vidibus.xss.get('path', $('#scope') [, true]);
-   * 
+   *
    * If no host is provided, host of scope will be used.
    */
   get: function(path, $scope, reload) {
-    // Escape query parts
+    // escape query parts
     path = path.replace("?", "%3F").replace("&", "%26").replace("=", "%3D");
 
+    // remove path prefix
+    if (typeof xssPathPrefix !== "undefined" && xssPathPrefix) {
+      path = path.replace(xssPathPrefix,'');
+    }
+
     var scopeId = $scope[0].id,
         params = scopeId+'='+this.getPath(path),
         keepCurrentLocation = this.initialized[scopeId] ? 0 : 1,
         location = $.param.fragment(String(document.location), params, keepCurrentLocation),
         reloadScope = {};
-    
+
     this.initialized[scopeId] = true;
     window.location.href = location; // write history
     reloadScope[scopeId] = reload;
     this.loadUrl(location, reloadScope);
   },
-  
+
   /**
    * Redirect to given path while forcing reloading.
    */
   redirect: function(path, $scope) {
-    this.get(path, $scope, true)
+    this.get(path, $scope, true);
   },
-  
+
   /**
    * Handles callback action.
    *
@@ -83,41 +98,41 @@ vidibus.xss = {
    * Accepts actions depending on status:
    *   (redirect) to: Performs redirect to location.
    */
-  callback: function(data, $scope) {    
-    if (data.status == 'redirect') {
+  callback: function(data, $scope) {
+    if (data.status === "redirect") {
       this.redirect(data.to, $scope);
     }
   },
-  
+
   /**
    * Sets host for given scope.
    */
   setHost: function(host, $scope) {
     $scope.attr('data-host', host);
   },
-  
+
   /**
    * Returns host for given scope.
    */
   getHost: function($scope) {
     return $scope.attr('data-host');
   },
-  
+
   /**
    * Turns given path into an absolute url.
    */
   getUrl: function(path, host) {
-    if (path.match(/https?:\/\//)) { return path }
+    if (path.match(/https?:\/\//)) { return path; }
     return host + path;
   },
-  
+
   /**
    * Returns relative path from url.
    */
   getPath: function(url) {
-    return url.replace(/https?:\/\/[^\/]+/,'')
+    return url.replace(/https?:\/\/[^\/]+/,'');
   },
-  
+
   /**
    * Rewrites links to absolute urls.
    */
@@ -129,20 +144,20 @@ vidibus.xss = {
       var href = $(this).attr('href');
       $(this).attr('href', vidibus.xss.getUrl(href, host));
     });
-    
+
     // Rewrite forms
     $('form[action]', $scope).each(function(e) {
       var action = $(this).attr('action');
       $(this).attr('href', vidibus.xss.getUrl(action, host));
     });
   },
-  
+
   /**
    * Set xss actions for interactive elements.
    */
   setActions: function($scope) {
     var host = this.getHost($scope);
-     
+
     // Set action for GET links
     // TODO: Allow links to be flagged as "external"
     $('a[href^='+host+']:not([data-method],[data-remote])', $scope).bind('click.xss', function(e) {
@@ -150,7 +165,7 @@ vidibus.xss = {
       vidibus.xss.get(href, $scope);
       e.preventDefault();
     });
-    
+
     // Set action non-GET links
     // TODO: Remove bindings from links that match current host only: a[data-method][href^='+host+']:not([data-remote])
     $('a[data-method]:not([data-remote])').die('click').unbind('click'); // remove bindings
@@ -161,9 +176,9 @@ vidibus.xss = {
       $(this).callAjax(url);
       e.preventDefault();
     });
-    
+
     // Set form action
-    $('form[action]').die('submit').unbind('submit') // remove bindings
+    $('form[action]').die('submit').unbind('submit'); // remove bindings
     $('form[action][href^='+host+']', $scope).submit(function(e) {
       var $form = $(this),
           path = $form.attr('action');
@@ -172,7 +187,7 @@ vidibus.xss = {
       return false;
     });
   },
-  
+
   /**
    * Modifies paths within given html string.
    * This method must be called before embedding html snippet into the page
@@ -180,13 +195,17 @@ vidibus.xss = {
    */
   transformPaths: function(html, $scope) {
     var match, url;
-    while (match = html.match(/src="((?!http)[^"]+)"/)) {
+    while (true) {
+      match = html.match(/src="((?!http)[^"]+)"/);
+      if (!match) {
+        break;
+      }
       url = vidibus.xss.buildUrl(match[1], $scope);
-      html = html.replace(match[0], 'src="'+url+'"')
+      html = html.replace(match[0], 'src="'+url+'"');
     }
     return html;
   },
-  
+
   /**
    * Load XSS sources from given url.
    * If url is empty, the current location will be used.
@@ -194,24 +213,26 @@ vidibus.xss = {
   loadUrl: function(url, reload) {
     var scope, $scope, path, loaded, params = $.deparam.fragment();
     for(scope in params) {
-      path = params[scope];
+      if (params.hasOwnProperty(scope)) {
+        path = params[scope];
 
-      // don't reload locations that have already been loaded
-      loaded = this.loadedUrls[scope];
-      if((!reload || !reload[scope]) && loaded && loaded == path) {
-        continue;
-      }
+        // don't reload locations that have already been loaded
+        loaded = this.loadedUrls[scope];
+        if((!reload || !reload[scope]) && loaded && loaded === path) {
+          continue;
+        }
 
-      $scope = $('#'+scope);
-      if($scope[0] == undefined) {
-        console.log('Scope not found: '+scope);
-      } else {
-        this.loadedUrls[scope] = path;
-        this.loadData(path, $scope);
+        $scope = $('#'+scope);
+        if($scope[0] === undefined) {
+          console.log('Scope not found: '+scope);
+        } else {
+          this.loadedUrls[scope] = path;
+          this.loadData(path, $scope);
+        }
       }
     }
   },
-  
+
   /**
    * Load relative path into given scope.
    * Transforms scope host and path into a XSS location.
@@ -225,7 +246,7 @@ vidibus.xss = {
       type: 'GET'
     });
   },
-  
+
   /**
    * Tranforms local paths to absolute ones.
    */
@@ -236,27 +257,32 @@ vidibus.xss = {
     if(params) {
       params = params.split("&");
     } else {
-      params = []
+      params = [];
+    }
+
+    // prepend path prefix
+    if (typeof xssPathPrefix !== "undefined" && xssPathPrefix && !path.match(xssPathPrefix)) {
+      path = xssPathPrefix + path;
     }
 
     var host = this.getHost($scope),
       scope = $scope.attr('id'),
-      url = this.getUrl(path, host)
+      url = this.getUrl(path, host);
 
-    if (!url.match(/\.[a-z]+((\?|\#).*)?$/)) url += '.xss';
-    if (url.indexOf('.xss') > -1 && params.toString().indexOf('scope='+scope) == -1) {
+    if (!url.match(/\.[a-z]+((\?|\#).*)?$/)) { url += '.xss'; }
+    if (url.indexOf('.xss') > -1 && params.toString().indexOf('scope='+scope) === -1) {
       params.push('scope='+scope);
     }
-    
+
     // add cache buster
     if (uncached) {
       var d = new Date();
       params.push(d.getTime());
     }
-    
+
     // append params
     if (params.length) {
-      if (url.indexOf('?') == -1) url += '?'
+      if (url.indexOf('?') === -1) { url += '?'; }
       url += params.join('&');
     }
 
@@ -266,13 +292,13 @@ vidibus.xss = {
 
 /**
  * Detect changes to document's location.
- * 
+ *
  */
 $(function($){
-  
+
   // Detect changes of document.location and trigger loading.
   $(window).bind('hashchange', function(e) {
-    if (vidibus.loader.complete) {
+    if (xssLoader.complete) {
       vidibus.xss.loadUrl();
     }
     return false;
@@ -285,54 +311,10 @@ $(function($){
 });
 
 /**
- * Implement ajax handler. 
- * This is the default handler provided in rails.js extended to accept delete method.
+ * Extend XHR
  */
 $(function($) {
-  $.fn.extend({
-    
-    /**
-     * Handles execution of remote calls firing overridable events along the way.
-     */
-    callAjax: function(url) {
-      var el = this,
-        method = el.attr('method') || el.attr('data-method') || 'GET',
-        dataType = el.attr('data-type')  || 'script';
-      if (!url) url = el.attr('action') || el.attr('href');
-      if (url === undefined) {
-        throw "No URL specified for remote call (action or href must be present).";
-      } else {
-        if (el.triggerAndReturn('ajax:before')) {
-          var data = el.is('form') ? el.serializeArray() : {};
-          if (method == 'delete') {
-            data['_method'] = method;
-            method = 'POST';
-          }
-          $.extend(data, vidibus.csrf.data());
-          $.ajax({
-            url: url,
-            data: data,
-            dataType: dataType,
-            type: method.toUpperCase(),
-            beforeSend: function(xhr) {
-              el.trigger('ajax:loading', xhr);
-            },
-            success: function(data, status, xhr) {
-              el.trigger('ajax:success', [data, status, xhr]);
-            },
-            complete: function(xhr) {
-              el.trigger('ajax:complete', xhr);
-            },
-            error: function(xhr, status, error) {
-              el.trigger('ajax:failure', [xhr, status, error]);
-            }
-          });
-        }
-        el.trigger('ajax:after');
-      }
-    }
-  });
-  
+
   /**
    * Extend xhr object to send credentials and force XMLHttpRequest.
    */
@@ -341,17 +323,17 @@ $(function($) {
     try {
       xhr.withCredentials = "true";
     } catch(e) {
-      alert('Cannot set xhr with credentials:\n'+e)
+      alert('Cannot set xhr with credentials:\n'+e);
     }
   };
-  
+
   /**
    * Extends xhr on beforeSend by binding to Rails' ajax:loading event.
    */
   $("body").bind('ajax:loading', function(e, xhr) {
     extendXhr(xhr);
   });
-  
+
   /**
    * Try to send xhr request withCredentials.
    * Unfortunately, this has to be set after the connection has been opened.

data/vidibus-xss.gemspec

@@ -1,15 +1,15 @@
 # Generated by jeweler
 # DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{vidibus-xss}
-  s.version = "0.1.14"
+  s.version = "0.1.15"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andre Pankratz"]
-  s.date = %q{2010-10-05}
+  s.date = %q{2011-01-11}
   s.description = %q{Drop-in XSS support for remote applications.}
   s.email = %q{andre@vidibus.com}
   s.extra_rdoc_files = [
@@ -17,32 +17,30 @@ Gem::Specification.new do |s|
   ]
   s.files = [
     ".bundle/config",
-     ".gitignore",
-     ".rspec",
-     "Gemfile",
-     "Gemfile.lock",
-     "MIT-LICENSE",
-     "README.rdoc",
-     "Rakefile",
-     "VERSION",
-     "app/controllers/xss_controller.rb",
-     "config/routes.rb",
-     "lib/vidibus-xss.rb",
-     "lib/vidibus/xss.rb",
-     "lib/vidibus/xss/extensions.rb",
-     "lib/vidibus/xss/extensions/controller.rb",
-     "lib/vidibus/xss/extensions/string.rb",
-     "lib/vidibus/xss/extensions/view.rb",
-     "lib/vidibus/xss/mime_type.rb",
-     "public/javascripts/jquery.ba-bbq.js",
-     "public/javascripts/vidibus.js",
-     "public/javascripts/vidibus.loader.js",
-     "public/javascripts/vidibus.xss.js",
-     "spec/spec_helper.rb",
-     "vidibus-xss.gemspec"
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "MIT-LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "app/controllers/xss_controller.rb",
+    "config/routes.rb",
+    "lib/vidibus-xss.rb",
+    "lib/vidibus/xss.rb",
+    "lib/vidibus/xss/extensions.rb",
+    "lib/vidibus/xss/extensions/controller.rb",
+    "lib/vidibus/xss/extensions/string.rb",
+    "lib/vidibus/xss/extensions/view.rb",
+    "lib/vidibus/xss/mime_type.rb",
+    "public/javascripts/jquery.ba-bbq.js",
+    "public/javascripts/vidibus.js",
+    "public/javascripts/vidibus.loader.js",
+    "public/javascripts/vidibus.xss.js",
+    "spec/spec_helper.rb",
+    "vidibus-xss.gemspec"
   ]
   s.homepage = %q{http://github.com/vidibus/vidibus-xss}
-  s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.3.7}
   s.summary = %q{Drop-in XSS support for remote applications.}
@@ -58,15 +56,42 @@ Gem::Specification.new do |s|
       s.add_runtime_dependency(%q<rails>, ["~> 3.0.0"])
       s.add_runtime_dependency(%q<nokogiri>, [">= 0"])
       s.add_runtime_dependency(%q<vidibus-routing_error>, [">= 0"])
+      s.add_runtime_dependency(%q<vidibus-uuid>, [">= 0"])
+      s.add_runtime_dependency(%q<jeweler>, [">= 0"])
+      s.add_runtime_dependency(%q<rake>, [">= 0"])
+      s.add_runtime_dependency(%q<rspec>, ["~> 2.0.0.beta.20"])
+      s.add_runtime_dependency(%q<rr>, [">= 0"])
+      s.add_runtime_dependency(%q<relevance-rcov>, [">= 0"])
+      s.add_runtime_dependency(%q<rails>, ["~> 3.0.0"])
+      s.add_runtime_dependency(%q<nokogiri>, [">= 0"])
+      s.add_runtime_dependency(%q<vidibus-routing_error>, [">= 0"])
     else
       s.add_dependency(%q<rails>, ["~> 3.0.0"])
       s.add_dependency(%q<nokogiri>, [">= 0"])
       s.add_dependency(%q<vidibus-routing_error>, [">= 0"])
+      s.add_dependency(%q<vidibus-uuid>, [">= 0"])
+      s.add_dependency(%q<jeweler>, [">= 0"])
+      s.add_dependency(%q<rake>, [">= 0"])
+      s.add_dependency(%q<rspec>, ["~> 2.0.0.beta.20"])
+      s.add_dependency(%q<rr>, [">= 0"])
+      s.add_dependency(%q<relevance-rcov>, [">= 0"])
+      s.add_dependency(%q<rails>, ["~> 3.0.0"])
+      s.add_dependency(%q<nokogiri>, [">= 0"])
+      s.add_dependency(%q<vidibus-routing_error>, [">= 0"])
     end
   else
     s.add_dependency(%q<rails>, ["~> 3.0.0"])
     s.add_dependency(%q<nokogiri>, [">= 0"])
     s.add_dependency(%q<vidibus-routing_error>, [">= 0"])
+    s.add_dependency(%q<vidibus-uuid>, [">= 0"])
+    s.add_dependency(%q<jeweler>, [">= 0"])
+    s.add_dependency(%q<rake>, [">= 0"])
+    s.add_dependency(%q<rspec>, ["~> 2.0.0.beta.20"])
+    s.add_dependency(%q<rr>, [">= 0"])
+    s.add_dependency(%q<relevance-rcov>, [">= 0"])
+    s.add_dependency(%q<rails>, ["~> 3.0.0"])
+    s.add_dependency(%q<nokogiri>, [">= 0"])
+    s.add_dependency(%q<vidibus-routing_error>, [">= 0"])
   end
 end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: vidibus-xss
 version: !ruby/object:Gem::Version 
-  hash: 7
+  hash: 5
   prerelease: false
   segments: 
   - 0
   - 1
-  - 14
-  version: 0.1.14
+  - 15
+  version: 0.1.15
 platform: ruby
 authors: 
 - Andre Pankratz
@@ -15,13 +15,14 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-05 00:00:00 +02:00
+date: 2011-01-11 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rails
+  type: :runtime
   prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  name: rails
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -32,12 +33,26 @@ dependencies:
         - 0
         - 0
         version: 3.0.0
-  type: :runtime
-  version_requirements: *id001
+  requirement: *id001
 - !ruby/object:Gem::Dependency 
+  type: :runtime
+  prerelease: false
   name: nokogiri
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id002
+- !ruby/object:Gem::Dependency 
+  type: :runtime
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  name: vidibus-routing_error
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -46,12 +61,86 @@ dependencies:
         segments: 
         - 0
         version: "0"
+  requirement: *id003
+- !ruby/object:Gem::Dependency 
   type: :runtime
-  version_requirements: *id002
+  prerelease: false
+  name: vidibus-uuid
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id004
 - !ruby/object:Gem::Dependency 
-  name: vidibus-routing_error
+  type: :runtime
+  prerelease: false
+  name: jeweler
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id005
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  prerelease: false
+  name: rake
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id006
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  prerelease: false
+  name: rspec
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 62196427
+        segments: 
+        - 2
+        - 0
+        - 0
+        - beta
+        - 20
+        version: 2.0.0.beta.20
+  requirement: *id007
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  prerelease: false
+  name: rr
+  version_requirements: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id008
+- !ruby/object:Gem::Dependency 
+  type: :runtime
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  name: relevance-rcov
+  version_requirements: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -60,8 +149,51 @@ dependencies:
         segments: 
         - 0
         version: "0"
+  requirement: *id009
+- !ruby/object:Gem::Dependency 
   type: :runtime
-  version_requirements: *id003
+  prerelease: false
+  name: rails
+  version_requirements: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  requirement: *id010
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  prerelease: false
+  name: nokogiri
+  version_requirements: &id011 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id011
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  prerelease: false
+  name: vidibus-routing_error
+  version_requirements: &id012 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id012
 description: Drop-in XSS support for remote applications.
 email: andre@vidibus.com
 executables: []
@@ -72,7 +204,6 @@ extra_rdoc_files:
 - README.rdoc
 files: 
 - .bundle/config
-- .gitignore
 - .rspec
 - Gemfile
 - Gemfile.lock
@@ -100,8 +231,8 @@ homepage: http://github.com/vidibus/vidibus-xss
 licenses: []
 
 post_install_message: 
-rdoc_options: 
-- --charset=UTF-8
+rdoc_options: []
+
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 

data/.gitignore

@@ -1,21 +0,0 @@
-## MAC OS
-.DS_Store
-
-## TEXTMATE
-*.tmproj
-tmtags
-
-## EMACS
-*~
-\#*
-.\#*
-
-## VIM
-*.swp
-
-## PROJECT::GENERAL
-coverage
-rdoc
-pkg
-
-## PROJECT::SPECIFIC