3
97%
master: 97%

Ran 26 May 2018 01:09AM UTC

Files 147

Run time 4min

Badge

Embed ▾

Committed 26 May 2018 01:07AM UTC coverage: 98.9% (-0.03%) from 98.933%

Job # 2.4.2, gemfiles/rack_edge.gemfile

Build Type

push

travis-ci

Committed by

dblock

Commit Message

When returning an HTML error, make sure it's safe (#1763)

* When calling into an API specifying a crafted format that is HTML,
the returned error renders the HTML back to the user, causing a potential XSS
issue.  For example:

http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Renders as html:

The requested format '<script>alert(document.cookie)</script>' is not supported.

When an error generates html back to the user, make sure it's properly escaped.

Fixes issue #1762

* Add changelog entry

* Use a method that also works in rails3

* Add spec formatting for older rails/activesupport version

Run Details

11693 of 11823 relevant lines covered (98.9%)

28.79 hits per line

ruby-grape / grape / 3220 / 3
97%
master: 97%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 3220.3 (2.4.2, gemfiles/rack_edge.gemfile)

ruby-grape / grape / 3220 / 3 97% master: 97%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 3220.3 (2.4.2, gemfiles/rack_edge.gemfile)

ruby-grape / grape / 3220 / 3
97%
master: 97%

README BADGES
x