mirror of
https://github.com/sinatra/sinatra
synced 2023-03-27 23:18:01 -04:00
make dependency on escape_utils optional
This commit is contained in:
Konstantin Haase
parent
2e6467c823
commit
be74517b9d
3 changed files with 41 additions and 8 deletions
|
|
@ -92,3 +92,11 @@ First stable release.
|
||||||
Changes:
|
Changes:
|
||||||
|
|
||||||
* Fix bug in JsonCsrf
|
* Fix bug in JsonCsrf
|
||||||
|
|
||||||
|
## v1.1.0 (not yet release)
|
||||||
|
|
||||||
|
Second public release.
|
||||||
|
|
||||||
|
Changes:
|
||||||
|
|
||||||
|
* Dependency on `escape_utils` is now optional
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,10 @@
|
||||||
require 'rack/protection'
|
require 'rack/protection'
|
||||||
require 'escape_utils'
|
require 'rack/utils'
|
||||||
|
|
||||||
|
begin
|
||||||
|
require 'escape_utils'
|
||||||
|
rescue LoadError
|
||||||
|
end
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
|
@ -16,14 +21,28 @@ module Rack
|
||||||
# escape:: What escaping modes to use, should be Symbol or Array of Symbols.
|
# escape:: What escaping modes to use, should be Symbol or Array of Symbols.
|
||||||
# Available: :html (default), :javascript, :url
|
# Available: :html (default), :javascript, :url
|
||||||
class EscapedParams < Base
|
class EscapedParams < Base
|
||||||
default_options :escape => :html
|
extend Rack::Utils
|
||||||
|
|
||||||
|
class << self
|
||||||
|
alias escape_url escape
|
||||||
|
public :escape_html
|
||||||
|
end
|
||||||
|
|
||||||
|
default_options :escape => :html,
|
||||||
|
:escaper => defined?(EscapeUtils) ? EscapeUtils : self
|
||||||
|
|
||||||
def initialize(*)
|
def initialize(*)
|
||||||
super
|
super
|
||||||
modes = Array options[:escape]
|
|
||||||
code = "def self.escape_string(str) %s end"
|
modes = Array options[:escape]
|
||||||
modes.each { |m| code %= "EscapeUtils.escape_#{m}(%s)"}
|
@escaper = options[:escaper]
|
||||||
eval code % 'str'
|
@html = modes.include? :html
|
||||||
|
@javascript = modes.include? :javascript
|
||||||
|
@url = modes.include? :url
|
||||||
|
|
||||||
|
if @javascript and not @escaper.respond_to? :escape_javascript
|
||||||
|
fail("Use EscapeUtils for JavaScript escaping.")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def call(env)
|
def call(env)
|
||||||
|
|
@ -32,7 +51,7 @@ module Rack
|
||||||
post_was = handle(request.POST) rescue nil
|
post_was = handle(request.POST) rescue nil
|
||||||
app.call env
|
app.call env
|
||||||
ensure
|
ensure
|
||||||
request.GET.replace get_was
|
request.GET.replace get_was if get_was
|
||||||
request.POST.replace post_was if post_was
|
request.POST.replace post_was if post_was
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -56,6 +75,13 @@ module Rack
|
||||||
hash.each { |k,v| hash[k] = escape(v) }
|
hash.each { |k,v| hash[k] = escape(v) }
|
||||||
hash
|
hash
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def escape_string(str)
|
||||||
|
str = @escaper.escape_url(str) if @url
|
||||||
|
str = @escaper.escape_html(str) if @html
|
||||||
|
str = @escaper.escape_javascript(str) if @javascript
|
||||||
|
str
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,6 @@ Gem::Specification.new do |s|
|
||||||
|
|
||||||
# dependencies
|
# dependencies
|
||||||
s.add_dependency "rack"
|
s.add_dependency "rack"
|
||||||
s.add_dependency "escape_utils"
|
|
||||||
s.add_development_dependency "rack-test"
|
s.add_development_dependency "rack-test"
|
||||||
s.add_development_dependency "rspec", "~> 2.0"
|
s.add_development_dependency "rspec", "~> 2.0"
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue