Angular Rails XSS

Angular Rails XSS protects from injection via {{}}. It patches CGI.escapeHTML to handle escaping.

Installation

Add this line to your application's Gemfile:

gem 'angular_rails_xss'

Then execute:

$ bundle

Lastly ensure that DOUBLE_L_CURLY_BRACE and DOUBLE_R_CURLY_BRACE are defined on root scope:

import angular from 'angular';

angular.module('app', []).run(['$rootScope', ($rootScope) => {
  Object.assign($rootScope, {
    DOUBLE_L_CURLY_BRACE: '{{',
    DOUBLE_R_CURLY_BRACE: '}}',
  });
}]);

Usage

Once the gem is required running CGI.escapeHTML is safe. For example:

CGI.escapeHTML('{{2+3}}') # {{ $root.DOUBLE_L_CURLY_BRACE }}2+3{{ $root.DOUBLE_R_CURLY_BRACE }}

CGI.escapeHTML('<script>2+3</script>') # &lt;script&gt;2+3&lt;/script&gt;

Dependencies

Angular Rails XSS is tested with Rails 5.1.6 and Ruby 2.5.1.

License

The gem is available as open source under the terms of the MIT License.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.circleci		.circleci
lib		lib
spec		spec
.gitignore		.gitignore
.rspec		.rspec
.rubocop.yml		.rubocop.yml
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
MIT-LICENSE		MIT-LICENSE
README.md		README.md
Rakefile		Rakefile
angular_rails_xss.gemspec		angular_rails_xss.gemspec

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Angular Rails XSS

Installation

Usage

Dependencies

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

License

clutter/angular_rails_xss

Folders and files

Latest commit

History

Repository files navigation

Angular Rails XSS

Installation

Usage

Dependencies

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages