yajl-ruby 0.8.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of yajl-ruby might be problematic. Click here for more details.
- data/CHANGELOG.md +3 -0
- data/README.rdoc +10 -0
- data/lib/yajl/http_stream.rb +4 -3
- data/lib/yajl/version.rb +1 -1
- metadata +4 -4
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.8.1 (February 11th, 2011)
|
|
4
|
+
* fixed a retart bug where Yajl::VERSION wasn't defined when explicitly requiring yajl/http_stream
|
|
5
|
+
|
|
3
6
|
## 0.8.0 (February 2nd, 2011)
|
|
4
7
|
* added a new html_safe option to Yajl::Encoder to escape '/' characters for use in the DOM
|
|
5
8
|
* moved away from Jeweler to a Bundler/manual gemfile management setup
|
data/README.rdoc
CHANGED
|
@@ -197,6 +197,16 @@ a string when it's finished. In that case, just don't provide and IO or block (o
|
|
|
197
197
|
|
|
198
198
|
You can also use Yajl::Bzip2::StreamWriter and Yajl::Deflate::StreamWriter. So you can pick whichever fits your CPU/bandwidth sweet-spot.
|
|
199
199
|
|
|
200
|
+
=== HTML Safety
|
|
201
|
+
|
|
202
|
+
If you plan on embedding the output from the encoder in the DOM, you'll want to make sure you use the html_safe option on the encoder. This will escape all '/' characters to ensure no closing tags can be injected, preventing XSS.
|
|
203
|
+
|
|
204
|
+
Meaning the following should be perfectly safe:
|
|
205
|
+
|
|
206
|
+
<script type="text/javascript">
|
|
207
|
+
escaped_str = <%= Yajl::Encoder.encode("</script><script>alert('hi!');</script>", :html_safe => true) %>;
|
|
208
|
+
</script>
|
|
209
|
+
|
|
200
210
|
== JSON gem Compatibility API
|
|
201
211
|
|
|
202
212
|
The JSON gem compatibility API isn't enabled by default. You have to explicitly require it like so:
|
data/lib/yajl/http_stream.rb
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# encoding: UTF-8
|
|
2
|
-
require 'socket'
|
|
3
|
-
require 'yajl'
|
|
4
|
-
require '
|
|
2
|
+
require 'socket'
|
|
3
|
+
require 'yajl'
|
|
4
|
+
require 'yajl/version' unless defined? Yajl::VERSION
|
|
5
|
+
require 'uri'
|
|
5
6
|
|
|
6
7
|
module Yajl
|
|
7
8
|
# This module is for making HTTP requests to which the response bodies (and possibly requests in the near future)
|
data/lib/yajl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yajl-ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 61
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 8
|
|
9
|
-
-
|
|
10
|
-
version: 0.8.
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.8.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Brian Lopez
|
|
@@ -16,7 +16,7 @@ autorequire:
|
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
18
|
|
|
19
|
-
date: 2011-02-
|
|
19
|
+
date: 2011-02-11 00:00:00 -08:00
|
|
20
20
|
default_executable:
|
|
21
21
|
dependencies:
|
|
22
22
|
- !ruby/object:Gem::Dependency
|