8
97%
master: 97%

Ran 26 May 2018 01:10AM UTC

Files 1

Run time 3min

Badge

Embed ▾

Committed 26 May 2018 01:07AM UTC coverage: 60.0%. Remained the same

Job # 2.4.2, gemfiles/multi_xml.gemfile

Build Type

push

travis-ci

Committed by

dblock

Commit Message

When returning an HTML error, make sure it's safe (#1763)

* When calling into an API specifying a crafted format that is HTML,
the returned error renders the HTML back to the user, causing a potential XSS
issue.  For example:

http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Renders as html:

The requested format '<script>alert(document.cookie)</script>' is not supported.

When an error generates html back to the user, make sure it's properly escaped.

Fixes issue #1762

* Add changelog entry

* Use a method that also works in rails3

* Add spec formatting for older rails/activesupport version

Run Details

3 of 5 relevant lines covered (60.0%)

0.6 hits per line

ruby-grape / grape / 3220 / 8
97%
master: 97%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 3220.8 (2.4.2, gemfiles/multi_xml.gemfile)

ruby-grape / grape / 3220 / 8 97% master: 97%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 3220.8 (2.4.2, gemfiles/multi_xml.gemfile)

ruby-grape / grape / 3220 / 8
97%
master: 97%

README BADGES
x