Class: Rack::Taint
- Inherits:
-
Object
- Object
- Rack::Taint
- Defined in:
- lib/rack/taint.rb,
lib/rack/taint/railtie.rb,
lib/rack/taint/readable.rb
Defined Under Namespace
Modules: Readable Classes: Railtie
Instance Method Summary collapse
- #_call(env) ⇒ Object
- #call(env) ⇒ Object
-
#initialize(app) ⇒ Taint
constructor
A new instance of Taint.
Constructor Details
#initialize(app) ⇒ Taint
Returns a new instance of Taint.
4 5 6 |
# File 'lib/rack/taint.rb', line 4 def initialize(app) @app = app end |
Instance Method Details
#_call(env) ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/rack/taint.rb', line 12 def _call(env) env.each do |k, v| v.taint unless k.include?('.') end input = env['rack.input'].taint if input.respond_to?(:string) require 'rack/taint/readable' input.extend(Readable).string.taint end # Some middleware (e.g., Rack::MethodOverride) may cause parameter # parsing before we taint. env.delete('rack.request.form_input') env.delete('rack.request.query_string') @app.call(env) end |
#call(env) ⇒ Object
8 9 10 |
# File 'lib/rack/taint.rb', line 8 def call(env) dup._call(env) end |