yajl-ruby 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of yajl-ruby might be problematic. Click here for more details.
- data/CHANGELOG.md +3 -0
- data/README.rdoc +10 -0
- data/lib/yajl/http_stream.rb +4 -3
- data/lib/yajl/version.rb +1 -1
- metadata +4 -4
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.8.1 (February 11th, 2011)
|
|
4
|
+
* fixed a retart bug where Yajl::VERSION wasn't defined when explicitly requiring yajl/http_stream
|
|
5
|
+
|
|
3
6
|
## 0.8.0 (February 2nd, 2011)
|
|
4
7
|
* added a new html_safe option to Yajl::Encoder to escape '/' characters for use in the DOM
|
|
5
8
|
* moved away from Jeweler to a Bundler/manual gemfile management setup
|
data/README.rdoc
CHANGED
|
@@ -197,6 +197,16 @@ a string when it's finished. In that case, just don't provide and IO or block (o
|
|
|
197
197
|
|
|
198
198
|
You can also use Yajl::Bzip2::StreamWriter and Yajl::Deflate::StreamWriter. So you can pick whichever fits your CPU/bandwidth sweet-spot.
|
|
199
199
|
|
|
200
|
+
=== HTML Safety
|
|
201
|
+
|
|
202
|
+
If you plan on embedding the output from the encoder in the DOM, you'll want to make sure you use the html_safe option on the encoder. This will escape all '/' characters to ensure no closing tags can be injected, preventing XSS.
|
|
203
|
+
|
|
204
|
+
Meaning the following should be perfectly safe:
|
|
205
|
+
|
|
206
|
+
<script type="text/javascript">
|
|
207
|
+
escaped_str = <%= Yajl::Encoder.encode("</script><script>alert('hi!');</script>", :html_safe => true) %>;
|
|
208
|
+
</script>
|
|
209
|
+
|
|
200
210
|
== JSON gem Compatibility API
|
|
201
211
|
|
|
202
212
|
The JSON gem compatibility API isn't enabled by default. You have to explicitly require it like so:
|
data/lib/yajl/http_stream.rb
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# encoding: UTF-8
|
|
2
|
-
require 'socket'
|
|
3
|
-
require 'yajl'
|
|
4
|
-
require '
|
|
2
|
+
require 'socket'
|
|
3
|
+
require 'yajl'
|
|
4
|
+
require 'yajl/version' unless defined? Yajl::VERSION
|
|
5
|
+
require 'uri'
|
|
5
6
|
|
|
6
7
|
module Yajl
|
|
7
8
|
# This module is for making HTTP requests to which the response bodies (and possibly requests in the near future)
|
data/lib/yajl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yajl-ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 61
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 8
|
|
9
|
-
-
|
|
10
|
-
version: 0.8.
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.8.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Brian Lopez
|
|
@@ -16,7 +16,7 @@ autorequire:
|
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
18
|
|
|
19
|
-
date: 2011-02-
|
|
19
|
+
date: 2011-02-11 00:00:00 -08:00
|
|
20
20
|
default_executable:
|
|
21
21
|
dependencies:
|
|
22
22
|
- !ruby/object:Gem::Dependency
|