Ticket #3: aas-rails-2.patch
| File aas-rails-2.patch, 2.0 kB (added by lu..@slantwisedesign.com, 1 year ago) |
|---|
-
a/vendor/plugins/actsassanitized/lib/acts_as_sanitized.rb
old new 3 3 module Sanitized 4 4 def self.included(base) 5 5 base.extend(ClassMethods) 6 base.send(:include, ActionView::Helpers::SanitizeHelper) 6 7 end 7 8 8 9 module ClassMethods … … 32 33 end 33 34 34 35 module InstanceMethods 35 include ActionView::Helpers::TextHelper36 36 37 37 def sanitize_fields 38 38 if acts_as_sanitized_options[:strip_tags] == true -
a/vendor/plugins/actsassanitized/test/acts_as_sanitized_test.rb
old new 32 32 e.save 33 33 34 34 assert_not_equal "<script>alert('xss in title')</script>", e.title 35 assert_equal " <script>alert('xss in title')</script>", e.title35 assert_equal "", e.title 36 36 37 37 assert_not_equal "<script>alert('xss in body')</script>", e.body 38 assert_equal " <script>alert('xss in body')</script>", e.body38 assert_equal "", e.body 39 39 40 40 assert_equal "<script>alert('xss in extended')</script>", e.extended 41 41 end … … 47 47 c.save 48 48 49 49 assert_not_equal "<script>alert('xss in title')</script>", c.title 50 assert_equal " <script>alert('xss in title')</script>", c.title50 assert_equal "", c.title 51 51 52 52 assert_not_equal "<script>alert('xss in body')</script>", c.body 53 assert_equal " <script>alert('xss in body')</script>", c.body53 assert_equal "", c.body 54 54 end 55 55 56 56 def test_html_stripping_on_discovered_fields
