diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a8c5dd7..8eba21c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,6 +1,7 @@ --- name: Tests -'on': +on: + workflow_dispatch: push: branches: - master @@ -14,34 +15,14 @@ jobs: fail-fast: false matrix: include: - - ruby: 2.5.9 - gemfile: Gemfile.rails-3.2 - - ruby: 2.5.9 - gemfile: Gemfile.rails-4.2.haml-4 - - ruby: 2.5.9 - gemfile: Gemfile.rails-4.2.haml-5 - - ruby: 2.5.9 - gemfile: Gemfile.rails-5.1.haml-4 - - ruby: 2.5.9 - gemfile: Gemfile.rails-5.1.haml-5 - + - ruby: 2.6.6 + gemfile: Gemfile.rails-4.2 - ruby: 2.7.2 - gemfile: Gemfile.rails-5.1.haml-4 + gemfile: Gemfile.rails-5.2 - ruby: 2.7.2 - gemfile: Gemfile.rails-5.1.haml-5 - - ruby: 2.7.2 - gemfile: Gemfile.rails-6.1.haml-5 - - ruby: 2.7.2 - gemfile: Gemfile.rails-7.0.haml-5 - - - ruby: 3.0.1 - gemfile: Gemfile.rails-5.1.haml-4 - - ruby: 3.0.1 - gemfile: Gemfile.rails-5.1.haml-5 - - ruby: 3.0.1 - gemfile: Gemfile.rails-6.1.haml-5 + gemfile: Gemfile.rails-6.1 - ruby: 3.0.1 - gemfile: Gemfile.rails-7.0.haml-5 + gemfile: Gemfile.rails-7.0 env: BUNDLE_GEMFILE: "${{ matrix.gemfile }}" steps: diff --git a/Gemfile b/Gemfile index 244de20..8a7b3a3 120000 --- a/Gemfile +++ b/Gemfile @@ -1 +1 @@ -Gemfile.rails-5.1.haml-5 \ No newline at end of file +Gemfile.rails-6.1 \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index f471917..8db1e82 120000 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1 +1 @@ -Gemfile.rails-5.1.haml-5.lock \ No newline at end of file +Gemfile.rails-6.1.lock \ No newline at end of file diff --git a/Gemfile.rails-3.2 b/Gemfile.rails-3.2 deleted file mode 100644 index 2bb0caa..0000000 --- a/Gemfile.rails-3.2 +++ /dev/null @@ -1,9 +0,0 @@ -source 'http://rubygems.org' - -gem 'railties', '~>3.2' -gem 'actionpack', '~>3.2' -gem 'rspec' -gem 'haml', '=4.0.2' -gem 'angular_xss', :path => '.' -gem 'gemika' -gem 'rake' diff --git a/Gemfile.rails-3.2.lock b/Gemfile.rails-3.2.lock deleted file mode 100644 index d00d557..0000000 --- a/Gemfile.rails-3.2.lock +++ /dev/null @@ -1,91 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (3.2.22.5) - activemodel (= 3.2.22.5) - activesupport (= 3.2.22.5) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.22.5) - activesupport (= 3.2.22.5) - builder (~> 3.0.0) - activesupport (3.2.22.5) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - builder (3.0.4) - concurrent-ruby (1.0.5) - diff-lcs (1.3) - erubis (2.7.0) - gemika (0.6.1) - haml (4.0.2) - tilt - hike (1.2.3) - i18n (0.9.1) - concurrent-ruby (~> 1.0) - journey (1.0.4) - json (1.8.6) - multi_json (1.12.2) - rack (1.4.7) - rack-cache (1.7.1) - rack (>= 0.4) - rack-ssl (1.3.4) - rack - rack-test (0.6.3) - rack (>= 1.0) - railties (3.2.22.5) - actionpack (= 3.2.22.5) - activesupport (= 3.2.22.5) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (12.3.0) - rdoc (3.12.2) - json (~> 1.4) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.0) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.0) - sprockets (2.2.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - thor (0.20.0) - tilt (1.4.1) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack (~> 3.2) - angular_xss! - gemika - haml (= 4.0.2) - railties (~> 3.2) - rake - rspec - -BUNDLED WITH - 1.17.3 diff --git a/Gemfile.rails-4.2.haml-4 b/Gemfile.rails-4.2 similarity index 69% rename from Gemfile.rails-4.2.haml-4 rename to Gemfile.rails-4.2 index f434d98..334c178 100644 --- a/Gemfile.rails-4.2.haml-4 +++ b/Gemfile.rails-4.2 @@ -1,8 +1,9 @@ +ruby '~> 2.6' + source 'http://rubygems.org' -gem 'actionpack', '~>4.2' +gem 'actionpack', '~> 4.2' gem 'rspec' -gem 'haml', '<5' gem 'angular_xss', :path => '.' gem 'gemika' gem 'rake' diff --git a/Gemfile.rails-4.2.haml-4.lock b/Gemfile.rails-4.2.haml-4.lock deleted file mode 100644 index 9620378..0000000 --- a/Gemfile.rails-4.2.haml-4.lock +++ /dev/null @@ -1,88 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (4.2.10) - actionview (= 4.2.10) - activesupport (= 4.2.10) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.10) - activesupport (= 4.2.10) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activesupport (4.2.10) - i18n (~> 0.7) - minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) - tzinfo (~> 1.1) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.3) - diff-lcs (1.3) - erubis (2.7.0) - gemika (0.6.1) - haml (4.0.7) - tilt - i18n (0.9.1) - concurrent-ruby (~> 1.0) - loofah (2.1.1) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mini_portile2 (2.3.0) - minitest (5.10.3) - nokogiri (1.8.1) - mini_portile2 (~> 2.3.0) - rack (1.6.8) - rack-test (0.6.3) - rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.8) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - rake (12.3.0) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.0) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.0) - thread_safe (0.3.6) - tilt (2.0.8) - tzinfo (1.2.4) - thread_safe (~> 0.1) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack (~> 4.2) - angular_xss! - gemika - haml (< 5) - rake - rspec - -BUNDLED WITH - 1.17.3 diff --git a/Gemfile.rails-4.2.haml-5.lock b/Gemfile.rails-4.2.haml-5.lock deleted file mode 100644 index 131028c..0000000 --- a/Gemfile.rails-4.2.haml-5.lock +++ /dev/null @@ -1,90 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (4.2.10) - actionview (= 4.2.10) - activesupport (= 4.2.10) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.10) - activesupport (= 4.2.10) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activesupport (4.2.10) - i18n (~> 0.7) - minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) - tzinfo (~> 1.1) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.3) - diff-lcs (1.3) - erubis (2.7.0) - gemika (0.6.1) - haml (5.0.4) - temple (>= 0.8.0) - tilt - i18n (0.9.1) - concurrent-ruby (~> 1.0) - loofah (2.1.1) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mini_portile2 (2.3.0) - minitest (5.10.3) - nokogiri (1.8.1) - mini_portile2 (~> 2.3.0) - rack (1.6.8) - rack-test (0.6.3) - rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.8) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - rake (12.3.0) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.0) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.0) - temple (0.8.0) - thread_safe (0.3.6) - tilt (2.0.8) - tzinfo (1.2.4) - thread_safe (~> 0.1) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack (~> 4.2) - angular_xss! - gemika - haml (~> 5) - rake - rspec - -BUNDLED WITH - 1.17.3 diff --git a/Gemfile.rails-4.2.lock b/Gemfile.rails-4.2.lock new file mode 100644 index 0000000..2d30121 --- /dev/null +++ b/Gemfile.rails-4.2.lock @@ -0,0 +1,85 @@ +PATH + remote: . + specs: + angular_xss (0.4.1) + activesupport + +GEM + remote: http://rubygems.org/ + specs: + actionpack (4.2.11.3) + actionview (= 4.2.11.3) + activesupport (= 4.2.11.3) + rack (~> 1.6) + rack-test (~> 0.6.2) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.11.3) + activesupport (= 4.2.11.3) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activesupport (4.2.11.3) + i18n (~> 0.7) + minitest (~> 5.1) + thread_safe (~> 0.3, >= 0.3.4) + tzinfo (~> 1.1) + builder (3.2.4) + concurrent-ruby (1.2.2) + crass (1.0.6) + diff-lcs (1.5.0) + erubis (2.7.0) + gemika (0.8.2) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + loofah (2.21.3) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mini_portile2 (2.8.4) + minitest (5.20.0) + nokogiri (1.13.10) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + racc (1.7.1) + rack (1.6.13) + rack-test (0.6.3) + rack (>= 1.0) + rails-deprecated_sanitizer (1.0.4) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + rake (13.0.6) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-support (3.12.1) + thread_safe (0.3.6) + tzinfo (1.2.11) + thread_safe (~> 0.1) + +PLATFORMS + ruby + +DEPENDENCIES + actionpack (~> 4.2) + angular_xss! + gemika + rake + rspec + +BUNDLED WITH + 2.1.4 diff --git a/Gemfile.rails-5.1.haml-4.lock b/Gemfile.rails-5.1.haml-4.lock deleted file mode 100644 index 5194b50..0000000 --- a/Gemfile.rails-5.1.haml-4.lock +++ /dev/null @@ -1,85 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (5.1.4) - actionview (= 5.1.4) - activesupport (= 5.1.4) - rack (~> 2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.4) - activesupport (= 5.1.4) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activesupport (5.1.4) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.3) - diff-lcs (1.3) - erubi (1.7.0) - gemika (0.6.1) - haml (4.0.7) - tilt - i18n (0.9.1) - concurrent-ruby (~> 1.0) - loofah (2.1.1) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mini_portile2 (2.3.0) - minitest (5.10.3) - nokogiri (1.8.1) - mini_portile2 (~> 2.3.0) - rack (2.0.3) - rack-test (0.8.2) - rack (>= 1.0, < 3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - rake (12.3.0) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-support (3.10.2) - thread_safe (0.3.6) - tilt (2.0.8) - tzinfo (1.2.4) - thread_safe (~> 0.1) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack (~> 5.1) - angular_xss! - gemika - haml (< 5) - rake - rspec - -BUNDLED WITH - 2.2.20 diff --git a/Gemfile.rails-5.1.haml-5.lock b/Gemfile.rails-5.1.haml-5.lock deleted file mode 100644 index 8b95c29..0000000 --- a/Gemfile.rails-5.1.haml-5.lock +++ /dev/null @@ -1,87 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (5.1.4) - actionview (= 5.1.4) - activesupport (= 5.1.4) - rack (~> 2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.4) - activesupport (= 5.1.4) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activesupport (5.1.4) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.3) - diff-lcs (1.3) - erubi (1.7.0) - gemika (0.6.1) - haml (5.0.4) - temple (>= 0.8.0) - tilt - i18n (0.9.1) - concurrent-ruby (~> 1.0) - loofah (2.1.1) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mini_portile2 (2.3.0) - minitest (5.10.3) - nokogiri (1.8.1) - mini_portile2 (~> 2.3.0) - rack (2.0.3) - rack-test (0.8.2) - rack (>= 1.0, < 3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - rake (12.3.0) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-support (3.10.2) - temple (0.8.0) - thread_safe (0.3.6) - tilt (2.0.8) - tzinfo (1.2.4) - thread_safe (~> 0.1) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack (~> 5.1) - angular_xss! - gemika - haml (~> 5) - rake - rspec - -BUNDLED WITH - 2.2.20 diff --git a/Gemfile.rails-5.1.haml-4 b/Gemfile.rails-5.2 similarity index 69% rename from Gemfile.rails-5.1.haml-4 rename to Gemfile.rails-5.2 index f5fc255..5e655b9 100644 --- a/Gemfile.rails-5.1.haml-4 +++ b/Gemfile.rails-5.2 @@ -1,8 +1,9 @@ +ruby '~> 2.7' + source 'http://rubygems.org' -gem 'actionpack', '~>5.1' +gem 'actionpack', '~> 5.2' gem 'rspec' -gem 'haml', '< 5' gem 'angular_xss', :path => '.' gem 'gemika' gem 'rake' diff --git a/Gemfile.rails-5.2.lock b/Gemfile.rails-5.2.lock new file mode 100644 index 0000000..ee2ae11 --- /dev/null +++ b/Gemfile.rails-5.2.lock @@ -0,0 +1,87 @@ +PATH + remote: . + specs: + angular_xss (0.4.1) + activesupport + +GEM + remote: http://rubygems.org/ + specs: + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activesupport (5.2.8.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + builder (3.2.4) + concurrent-ruby (1.2.2) + crass (1.0.6) + diff-lcs (1.5.0) + erubi (1.12.0) + gemika (0.8.2) + i18n (1.14.1) + concurrent-ruby (~> 1.0) + loofah (2.21.3) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mini_portile2 (2.8.4) + minitest (5.20.0) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + racc (1.7.1) + rack (2.2.8) + rack-test (2.1.0) + rack (>= 1.3) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + rake (13.0.6) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-support (3.12.1) + thread_safe (0.3.6) + tzinfo (1.2.11) + thread_safe (~> 0.1) + +PLATFORMS + ruby + +DEPENDENCIES + actionpack (~> 5.2) + angular_xss! + gemika + rake + rspec + +RUBY VERSION + ruby 2.7.2p137 + +BUNDLED WITH + 2.1.4 diff --git a/Gemfile.rails-5.1.haml-5 b/Gemfile.rails-6.1 similarity index 68% rename from Gemfile.rails-5.1.haml-5 rename to Gemfile.rails-6.1 index 97c83e7..401b161 100644 --- a/Gemfile.rails-5.1.haml-5 +++ b/Gemfile.rails-6.1 @@ -1,8 +1,9 @@ +ruby '~> 2.7' + source 'http://rubygems.org' -gem 'actionpack', '~>5.1' +gem 'actionpack', '~> 6.1' gem 'rspec' -gem 'haml', '~> 5' gem 'angular_xss', :path => '.' gem 'gemika' gem 'rake' diff --git a/Gemfile.rails-6.1.haml-5 b/Gemfile.rails-6.1.haml-5 deleted file mode 100644 index fdb5b45..0000000 --- a/Gemfile.rails-6.1.haml-5 +++ /dev/null @@ -1,8 +0,0 @@ -source 'http://rubygems.org' - -gem 'actionpack', '~>6.1' -gem 'rspec' -gem 'haml', '~> 5' -gem 'angular_xss', :path => '.' -gem 'gemika' -gem 'rake' diff --git a/Gemfile.rails-6.1.haml-5.lock b/Gemfile.rails-6.1.haml-5.lock deleted file mode 100644 index 85ac7f6..0000000 --- a/Gemfile.rails-6.1.haml-5.lock +++ /dev/null @@ -1,90 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (6.1.3.2) - actionview (= 6.1.3.2) - activesupport (= 6.1.3.2) - rack (~> 2.0, >= 2.0.9) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (6.1.3.2) - activesupport (= 6.1.3.2) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activesupport (6.1.3.2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) - builder (3.2.4) - concurrent-ruby (1.1.9) - crass (1.0.6) - diff-lcs (1.4.4) - erubi (1.10.0) - gemika (0.6.0) - haml (5.2.1) - temple (>= 0.8.0) - tilt - i18n (1.8.10) - concurrent-ruby (~> 1.0) - loofah (2.10.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mini_portile2 (2.5.3) - minitest (5.14.4) - nokogiri (1.11.7) - mini_portile2 (~> 2.5.0) - racc (~> 1.4) - racc (1.5.2) - rack (2.2.3) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - rake (13.0.3) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-support (3.10.2) - temple (0.8.2) - tilt (2.0.10) - tzinfo (2.0.4) - concurrent-ruby (~> 1.0) - zeitwerk (2.4.2) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack (~> 6.1) - angular_xss! - gemika - haml (~> 5) - rake - rspec - -BUNDLED WITH - 2.2.20 diff --git a/Gemfile.rails-6.1.lock b/Gemfile.rails-6.1.lock new file mode 100644 index 0000000..3f4fc50 --- /dev/null +++ b/Gemfile.rails-6.1.lock @@ -0,0 +1,85 @@ +PATH + remote: . + specs: + angular_xss (0.4.1) + activesupport + +GEM + remote: http://rubygems.org/ + specs: + actionpack (6.1.7.6) + actionview (= 6.1.7.6) + activesupport (= 6.1.7.6) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actionview (6.1.7.6) + activesupport (= 6.1.7.6) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activesupport (6.1.7.6) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + builder (3.2.4) + concurrent-ruby (1.2.2) + crass (1.0.6) + diff-lcs (1.5.0) + erubi (1.12.0) + gemika (0.8.2) + i18n (1.14.1) + concurrent-ruby (~> 1.0) + loofah (2.21.3) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mini_portile2 (2.8.4) + minitest (5.20.0) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + racc (1.7.1) + rack (2.2.8) + rack-test (2.1.0) + rack (>= 1.3) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + rake (13.0.6) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-support (3.12.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + zeitwerk (2.6.12) + +PLATFORMS + ruby + +DEPENDENCIES + actionpack (~> 6.1) + angular_xss! + gemika + rake + rspec + +BUNDLED WITH + 2.1.4 diff --git a/Gemfile.rails-4.2.haml-5 b/Gemfile.rails-7.0 similarity index 68% rename from Gemfile.rails-4.2.haml-5 rename to Gemfile.rails-7.0 index 6c36d62..92c9bab 100644 --- a/Gemfile.rails-4.2.haml-5 +++ b/Gemfile.rails-7.0 @@ -1,8 +1,9 @@ +ruby '~> 3.0' + source 'http://rubygems.org' -gem 'actionpack', '~>4.2' +gem 'actionpack', '~> 7.0' gem 'rspec' -gem 'haml', '~> 5' gem 'angular_xss', :path => '.' gem 'gemika' gem 'rake' diff --git a/Gemfile.rails-7.0.haml-5 b/Gemfile.rails-7.0.haml-5 deleted file mode 100644 index 630d4af..0000000 --- a/Gemfile.rails-7.0.haml-5 +++ /dev/null @@ -1,8 +0,0 @@ -source 'http://rubygems.org' - -gem 'actionpack', '~>7.0' -gem 'rspec' -gem 'haml', '~> 5' -gem 'angular_xss', :path => '.' -gem 'gemika' -gem 'rake' diff --git a/Gemfile.rails-7.0.haml-5.lock b/Gemfile.rails-7.0.haml-5.lock deleted file mode 100644 index 9c78277..0000000 --- a/Gemfile.rails-7.0.haml-5.lock +++ /dev/null @@ -1,86 +0,0 @@ -PATH - remote: . - specs: - angular_xss (0.4.1) - activesupport - haml (>= 3.1.5) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (7.0.0) - actionview (= 7.0.0) - activesupport (= 7.0.0) - rack (~> 2.0, >= 2.2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.0) - activesupport (= 7.0.0) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activesupport (7.0.0) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - builder (3.2.4) - concurrent-ruby (1.1.9) - crass (1.0.6) - diff-lcs (1.4.4) - erubi (1.10.0) - gemika (0.6.1) - haml (5.2.2) - temple (>= 0.8.0) - tilt - i18n (1.8.11) - concurrent-ruby (~> 1.0) - loofah (2.13.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - minitest (5.15.0) - nokogiri (1.12.5-x86_64-linux) - racc (~> 1.4) - racc (1.6.0) - rack (2.2.3) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) - loofah (~> 2.3) - rake (13.0.6) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-support (3.10.3) - temple (0.8.2) - tilt (2.0.10) - tzinfo (2.0.4) - concurrent-ruby (~> 1.0) - -PLATFORMS - x86_64-linux - -DEPENDENCIES - actionpack (~> 7.0) - angular_xss! - gemika - haml (~> 5) - rake - rspec - -BUNDLED WITH - 2.2.26 diff --git a/Gemfile.rails-7.0.lock b/Gemfile.rails-7.0.lock new file mode 100644 index 0000000..b6b12f0 --- /dev/null +++ b/Gemfile.rails-7.0.lock @@ -0,0 +1,102 @@ +PATH + remote: . + specs: + angular_xss (0.4.1) + activesupport + +GEM + remote: http://rubygems.org/ + specs: + actionpack (7.1.0) + actionview (= 7.1.0) + activesupport (= 7.1.0) + nokogiri (>= 1.8.5) + rack (>= 2.2.4) + rack-session (>= 1.0.1) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actionview (7.1.0) + activesupport (= 7.1.0) + builder (~> 3.1) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activesupport (7.1.0) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + base64 (0.1.1) + bigdecimal (3.1.4) + builder (3.2.4) + concurrent-ruby (1.2.2) + connection_pool (2.4.1) + crass (1.0.6) + diff-lcs (1.5.0) + drb (2.1.1) + ruby2_keywords + erubi (1.12.0) + gemika (0.8.2) + i18n (1.14.1) + concurrent-ruby (~> 1.0) + loofah (2.21.3) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mini_portile2 (2.8.4) + minitest (5.20.0) + mutex_m (0.1.2) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + racc (1.7.1) + rack (3.0.8) + rack-session (2.0.0) + rack (>= 3.0.0) + rack-test (2.1.0) + rack (>= 1.3) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + rake (13.0.6) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.12.0) + rspec-support (3.12.1) + ruby2_keywords (0.0.5) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + +PLATFORMS + ruby + +DEPENDENCIES + actionpack (~> 7.0) + angular_xss! + gemika + rake + rspec + +RUBY VERSION + ruby 3.0.0p0 + +BUNDLED WITH + 2.2.3 diff --git a/README.md b/README.md index 8f3f76e..242b166 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ angular_xss [![Build Status](https://github.com/makandra/angular_xss/workflows/Tests/badge.svg)](https://github.com/makandra/angular_xss/actions) =========== -When rendering AngularJS templates with a server-side templating engine like ERB or Haml it is easy to introduce XSS vulnerabilities. These vulnerabilities are enabled by AngularJS evaluating user-provided strings containing interpolation symbols (default symbols are `{{` and `}}`). +When rendering AngularJS templates with a server-side templating engine like ERB it is easy to introduce XSS vulnerabilities. These vulnerabilities are enabled by AngularJS evaluating user-provided strings containing interpolation symbols (default symbols are `{{` and `}}`). -This gem patches ERB/rails_xss and Haml so Angular interpolation symbols are auto-escaped in unsafe strings. And by auto-escaped we mean replacing `{{` with `{{ $root.DOUBLE_LEFT_CURLY_BRACE }}`. To leave AngularJS interpolation marks unescaped, mark the string as `html_safe`. +This gem patches ERB/rails_xss so Angular interpolation symbols are auto-escaped in unsafe strings. And by auto-escaped we mean replacing `{{` with `{{ $root.DOUBLE_LEFT_CURLY_BRACE }}`. To leave AngularJS interpolation marks unescaped, mark the string as `html_safe`. **This is an unsatisfactory hack.** A better solution is very much desired, but is not possible without some changes in AngularJS. See the [related AngularJS issue](https://github.com/angular/angular.js/issues/5601). @@ -26,9 +26,9 @@ Installation 0. Read the code so you know what you're getting into. -1. Put this into your Gemfile **after other templating engines** like Haml or Erubis: +1. Put this into your Gemfile **after other templating engines**: - gem 'angular_xss' # put me after Haml, Erubis and other templating engines + gem 'angular_xss' 2. Run `bundle install`. @@ -45,19 +45,12 @@ Installation 5. Mark any string that is allowed to contain Angular expressions as `#html_safe`. -Known limitations ------------------ -- Requires Haml. It could be refactored to only patch ERB/rails_xss. -- When using Haml with angular_xss, you can no longer use interpolation symbols in `class` or `id` attributes, - even if the value is marked as `html_safe`. This is a limitation of Haml. Try using `ng-class` instead. - - Development ----------- - Fork the repository. -- Push your changes with specs. There is a Rails 3 test application in `spec/app_root` if you need to test integration with a live Rails app. -- You may run single tests with a specified Rails version via `BUNDLE_GEMFILE=Gemfile.rails-7.0.haml-5 bundle exec rspec ./spec/angular_xss` +- Push your changes with specs. +- You may run single tests with a specified Rails version via `BUNDLE_GEMFILE=Gemfile.rails-5.2 bundle exec rspec ./spec/angular_xss` - Send a pull request. diff --git a/angular_xss.gemspec b/angular_xss.gemspec index b103f01..1789aaf 100644 --- a/angular_xss.gemspec +++ b/angular_xss.gemspec @@ -7,7 +7,7 @@ Gem::Specification.new do |s| s.authors = ["Henning Koch"] s.email = 'henning.koch@makandra.de' s.homepage = 'https://github.com/makandra/angular_xss' - s.summary = 'Patches rails_xss and Haml so AngularJS interpolations are auto-escaped in unsafe strings.' + s.summary = 'Patches rails_xss so AngularJS interpolations are auto-escaped in unsafe strings.' s.description = s.summary s.license = 'MIT' s.metadata = { 'rubygems_mfa_required' => 'true' } @@ -17,5 +17,4 @@ Gem::Specification.new do |s| s.require_paths = ["lib"] s.add_dependency('activesupport') - s.add_dependency('haml', '>=3.1.5') # Haml below 3.1.5 does not escape HTML attributes by default. Do not use it! end diff --git a/lib/angular_xss.rb b/lib/angular_xss.rb index fe76527..4ad165c 100644 --- a/lib/angular_xss.rb +++ b/lib/angular_xss.rb @@ -3,5 +3,4 @@ require 'angular_xss/escaper' require 'angular_xss/safe_buffer' require 'angular_xss/erb' -require 'angular_xss/haml' require 'angular_xss/action_view' diff --git a/lib/angular_xss/haml.rb b/lib/angular_xss/haml.rb deleted file mode 100644 index 5904bd5..0000000 --- a/lib/angular_xss/haml.rb +++ /dev/null @@ -1,32 +0,0 @@ -# Haml 5.0 and 5.1 fall back to erb -if Haml::VERSION < '5' - # Use module_eval so we crash when Haml::Helpers has not yet been loaded. - Haml::Helpers.module_eval do - - def html_escape_with_escaping_angular_expressions(s) - s = s.to_s - if s.html_safe? - s - else - html_escape_without_escaping_angular_expressions(AngularXss::Escaper.escape(s)) - end - end - - alias_method :html_escape_without_escaping_angular_expressions, :html_escape - alias_method :html_escape, :html_escape_with_escaping_angular_expressions - end - -elsif Haml::VERSION >= '5.2' - Haml::Helpers.module_eval do - - def html_escape_without_haml_xss_with_escaping_angular_expressions(s) - s = s.to_s - return s if s.html_safe? - - html_escape_without_haml_xss_without_escaping_angular_expressions(AngularXss::Escaper.escape(s)) - end - - alias_method :html_escape_without_haml_xss_without_escaping_angular_expressions, :html_escape_without_haml_xss - alias_method :html_escape_without_haml_xss, :html_escape_without_haml_xss_with_escaping_angular_expressions - end -end diff --git a/spec/angular_xss/haml_spec.rb b/spec/angular_xss/haml_spec.rb deleted file mode 100644 index 844419f..0000000 --- a/spec/angular_xss/haml_spec.rb +++ /dev/null @@ -1,7 +0,0 @@ -require 'spec_helper' - -describe 'Angular XSS prevention in Haml', :type => :view do - - it_should_behave_like 'engine preventing Angular XSS', :partial => 'test_haml' - -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f891d5a..4bfac30 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -16,9 +16,6 @@ def self.env end end -require 'haml' -require 'haml/template' - require 'angular_xss' diff --git a/spec/templates/_test_haml.haml b/spec/templates/_test_haml.haml deleted file mode 100644 index c6ad216..0000000 --- a/spec/templates/_test_haml.haml +++ /dev/null @@ -1,37 +0,0 @@ -= "{{unsafe}}" -#{'{{unsafe}}'} -= "{{safe}}".html_safe - -{{safe}} - -= content_tag(:span, '{{unsafe}}') -= content_tag(:span, '{{safe}}'.html_safe) - -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' -= '{{unsafe}}' - --# HTML attributes in Haml work in different ways: --# 1. Under certain conditions, attributes are precompiled. --# We never have to escape those because they can not contain user input. --# 2. Whenever there is a Ruby call on attributes, Haml will have to evaluate --# them at runtime. Since they can contain user input, XSS logic applies. - --# Precompiled: -%div(foo='{{safe}}') -%div{:class => '{{safe}}', :id => '{{safe}}'} - --# Compiled at runtime: -- unsafe = '{{unsafe}}' -- safe = '{{safe}}'.html_safe -%div{:class => unsafe, :id => unsafe} -%div(bar="#{unsafe}") - %div{:foo => safe, :bar => unsafe} - {{safe}}