Sha256: e36826eaee475a20e96bc201941b07996508181b2ee90b7412b2e93f9a41cea7

Contents?: true

Size: 475 Bytes

Versions: 18

Compression:

Stored size: 475 Bytes

Contents

module Zafu
  module Security
    SECURE_REGEXP = %r{<%|%>|<\Z}
    SAFE_CODE     = {'<%' => '&lt;%', '%>' => '%&gt;', '<' => '&lt;'}
    # Make sure translations and other literal values cannot be used to build erb.
    def erb_escape(text)
      # Do not only replace '<%' ! or <r:t>min</r:t>% ==> <% ...
      text.gsub(SECURE_REGEXP) {|code| SAFE_CODE[code]}
    end

    def form_quote(text)
      erb_escape(text).gsub("'", "&apos;")
    end
  end # Security
end # Zafu

Version data entries

18 entries across 18 versions & 2 rubygems

Version Path
zena-1.2.8 lib/zafu/security.rb
zena-1.2.7 lib/zafu/security.rb
zena-1.2.6 lib/zafu/security.rb
zena-1.2.5 lib/zafu/security.rb
zena-1.2.4 lib/zafu/security.rb
zena-1.2.3 lib/zafu/security.rb
zena-1.2.2 lib/zafu/security.rb
zafu-0.8.6 lib/zafu/security.rb
zafu-0.8.5 lib/zafu/security.rb
zafu-0.8.4 lib/zafu/security.rb
zafu-0.8.3 lib/zafu/security.rb
zafu-0.8.2 lib/zafu/security.rb
zafu-0.8.0 lib/zafu/security.rb
zafu-0.7.9 lib/zafu/security.rb
zafu-0.7.8 lib/zafu/security.rb
zafu-0.7.7 lib/zafu/security.rb
zafu-0.7.6 lib/zafu/security.rb
zafu-0.7.5 lib/zafu/security.rb