Module: Air18n::XssDetector
- Defined in:
- lib/air18n/xss_detector.rb
Class Method Summary collapse
- .extract_tags(text) ⇒ Object
- .has_dubious_escape_characters?(text) ⇒ Boolean
- .normalize_tags(tags) ⇒ Object
- .safe?(text_a, text_b, locale_a, locale_b) ⇒ Boolean
Class Method Details
.extract_tags(text) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/air18n/xss_detector.rb', line 27 def (text) i = 0 = [] opened = 0 next_bracket = 0 while open_index = text.index('<', i) opened += 1 next_bracket = open_index while opened > 0 && next_bracket && next_bracket = text.index(/>|</, next_bracket + 1) opened += text[next_bracket] == '<' ? 1 : -1 end if next_bracket.nil? # There is an open bracket with no close bracket. << text[open_index..-1] break end if next_bracket > 0 << text[open_index..next_bracket] i = next_bracket end end end |
.has_dubious_escape_characters?(text) ⇒ Boolean
23 24 25 |
# File 'lib/air18n/xss_detector.rb', line 23 def has_dubious_escape_characters?(text) text.include?('\\') end |
.normalize_tags(tags) ⇒ Object
51 52 53 54 55 56 57 |
# File 'lib/air18n/xss_detector.rb', line 51 def () .map do |tag| # Normalize double-quotes to single-quotes to allow differences in type # of quotation mark. tag.gsub('"', "'") end end |
.safe?(text_a, text_b, locale_a, locale_b) ⇒ Boolean
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/air18n/xss_detector.rb', line 5 def safe?(text_a, text_b, locale_a, locale_b) text_a = text_a.to_s text_b = text_b.to_s = ((text_a)) = ((text_b)) if SmartCount::applies?(text_a) || SmartCount::applies?(text_b) = SmartCount::(locale_a, ) = SmartCount::(locale_b, ) end if has_dubious_escape_characters?(text_a) || has_dubious_escape_characters?(text_b) { :safe => false, :reason => 'Backslashes are not allowed' } elsif .group_by{|t| t} != .group_by{|t| t} { :safe => false, :reason => "HTML tags don't match: #{.inspect} vs. #{.inspect}" } else { :safe => true } end end |