Sha256: b104e645397da45a524719cd9c73c5b863369aa5115e085c44164675a53123e4

Contents?: true

Size: 1.19 KB

Versions: 20

Compression:

Stored size: 1.19 KB

Contents

module Unpoly
  module Rails
    class Util
      class << self

        def guard_json_decode(raw, &default)
          if raw.present?
            begin
              ActiveSupport::JSON.decode(raw)
            rescue ActiveSupport::JSON.parse_error
              # We would love to crash here, as it might indicate a bug in the frontend code.
              # Unfortunately security scanners may be spamming malformed JSON in X-Up headers,
              # DOSing us with error notifications.
              ::Rails.logger.error('unpoly-rails: Ignoring malformed JSON in X-Up header')
              default&.call
            end
          else
            default&.call
          end
        end

        # We build a lot of JSON that goes into HTTP header.
        # High-ascii characters are not safe to transport over HTTP, but we
        # can use JSON escape sequences (\u0012) to make them low-ascii.
        def safe_json_encode(value)
          json = ActiveSupport::JSON.encode(value)
          escape_non_ascii(json)
        end

        def escape_non_ascii(unicode_string)
          unicode_string.gsub(/[[:^ascii:]]/) { |char| "\\u" + char.ord.to_s(16).rjust(4, "0") }
        end

      end
    end
  end
end

Version data entries

20 entries across 20 versions & 1 rubygems

Version Path
unpoly-rails-3.9.2 lib/unpoly/rails/util.rb
unpoly-rails-3.9.1 lib/unpoly/rails/util.rb
unpoly-rails-3.9.0 lib/unpoly/rails/util.rb
unpoly-rails-3.8.0.1 lib/unpoly/rails/util.rb
unpoly-rails-3.8.0 lib/unpoly/rails/util.rb
unpoly-rails-3.8.0.rc1 lib/unpoly/rails/util.rb
unpoly-rails-3.7.3.2 lib/unpoly/rails/util.rb
unpoly-rails-3.7.3.1 lib/unpoly/rails/util.rb
unpoly-rails-3.7.3 lib/unpoly/rails/util.rb
unpoly-rails-3.7.2 lib/unpoly/rails/util.rb
unpoly-rails-3.7.1 lib/unpoly/rails/util.rb
unpoly-rails-3.7.0.1 lib/unpoly/rails/util.rb
unpoly-rails-3.7.0 lib/unpoly/rails/util.rb
unpoly-rails-3.6.1.1 lib/unpoly/rails/util.rb
unpoly-rails-3.6.1 lib/unpoly/rails/util.rb
unpoly-rails-3.6.0 lib/unpoly/rails/util.rb
unpoly-rails-3.5.2 lib/unpoly/rails/util.rb
unpoly-rails-3.5.1 lib/unpoly/rails/util.rb
unpoly-rails-3.5.0 lib/unpoly/rails/util.rb
unpoly-rails-3.3.0.1 lib/unpoly/rails/util.rb