Skip to content

Commit

Permalink
Merge pull request #58 from peterberkenbosch/rename-whitelist
Browse files Browse the repository at this point in the history
Use allowed instead of whitelist.
  • Loading branch information
jumph4x authored Aug 20, 2020
2 parents d9071f3 + a62b674 commit 16eae2d
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 25 deletions.
12 changes: 6 additions & 6 deletions app/helpers/canonical_rails/tag_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,11 @@ def canonical_port
def canonical_href(host = canonical_host, port = canonical_port, force_trailing_slash = nil)
default_ports = { 'https://' => 443, 'http://' => 80 }
port = port.present? && port.to_i != default_ports[canonical_protocol] ? ":#{port}" : ''
raw "#{canonical_protocol}#{host}#{port}#{path_without_html_extension}#{trailing_slash_config(force_trailing_slash)}#{whitelisted_query_string}"
raw "#{canonical_protocol}#{host}#{port}#{path_without_html_extension}#{trailing_slash_config(force_trailing_slash)}#{allowed_query_string}"
end

def canonical_path(force_trailing_slash = nil)
raw "#{path_without_html_extension}#{trailing_slash_config(force_trailing_slash)}#{whitelisted_query_string}"
raw "#{path_without_html_extension}#{trailing_slash_config(force_trailing_slash)}#{allowed_query_string}"
end

def canonical_tag(host = canonical_host, port = canonical_port, force_trailing_slash = nil)
Expand All @@ -55,15 +55,15 @@ def canonical_tag(host = canonical_host, port = canonical_port, force_trailing_s
end
end

def whitelisted_params
def allowed_params
selected_params = params.select do |key, value|
value.present? && CanonicalRails.sym_whitelisted_parameters.include?(key.to_sym)
value.present? && CanonicalRails.sym_allowed_parameters.include?(key.to_sym)
end

selected_params.respond_to?(:to_unsafe_h) ? selected_params.to_unsafe_h : selected_params.to_h
end

def whitelisted_query_string
def allowed_query_string
# Rack 1.4.5 fails to handle params that are not strings
# So if
# my_hash = { "a" => 1, "b" => 2}
Expand All @@ -74,7 +74,7 @@ def whitelisted_query_string
# Rack 1.6.0 has it
# https://github.com/rack/rack/blob/65a7104b6b3e9ecd8f33c63a478ab9a33a103507/test/spec_utils.rb#L251

wl_params = whitelisted_params
wl_params = allowed_params

"?" + Rack::Utils.build_nested_query(convert_numeric_params(wl_params)) if wl_params.present?
end
Expand Down
8 changes: 4 additions & 4 deletions lib/canonical-rails.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ def self.setup
mattr_accessor :collection_actions
@@collection_actions = [:index]

mattr_accessor :whitelisted_parameters
@@whitelisted_parameters = []
mattr_accessor :allowed_parameters
@@allowed_parameters = []

mattr_accessor :opengraph_url
@@opengraph_url = false
Expand All @@ -33,7 +33,7 @@ def self.sym_collection_actions
@@sym_collection_actions ||= self.collection_actions.map(&:to_sym)
end

def self.sym_whitelisted_parameters
@@sym_whitelisted_parameters ||= self.whitelisted_parameters.map(&:to_sym)
def self.sym_allowed_parameters
@@sym_allowed_parameters ||= self.allowed_parameters.map(&:to_sym)
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@
config.collection_actions# = [:index]

# Parameter spamming can cause index dilution by creating seemingly different URLs with identical or near-identical content.
# Unless whitelisted, these parameters will be omitted
# Unless allowed, these parameters will be omitted

config.whitelisted_parameters# = []
config.allowed_parameters# = []

# Output a matching OpenGraph URL meta tag (og:url) with the canonical URL, as recommended by Facebook et al
config.opengraph_url#= true
Expand Down
26 changes: 13 additions & 13 deletions spec/helpers/canonical_rails/tag_helper_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

after(:each) do
CanonicalRails.class_variable_set(:@@sym_collection_actions, nil)
CanonicalRails.class_variable_set(:@@sym_whitelisted_parameters, nil)
CanonicalRails.class_variable_set(:@@sym_allowed_parameters, nil)
end

# Default behavior
Expand All @@ -22,12 +22,12 @@
expect(helper.canonical_port).to eq 3000
end

it 'should return no whitelisted params' do
expect(helper.whitelisted_params).to eq({})
it 'should return no allowed params' do
expect(helper.allowed_params).to eq({})
end

it 'should return a nil whitelisted query string' do
expect(helper.whitelisted_query_string).to be_nil
it 'should return a nil allowed query string' do
expect(helper.allowed_query_string).to be_nil
end

it 'should infer the protocol by looking at the request' do
Expand Down Expand Up @@ -169,25 +169,25 @@
end

before(:each) do
CanonicalRails.whitelisted_parameters = ['page', 'keywords', 'search']
CanonicalRails.allowed_parameters = ['page', 'keywords', 'search']
allow_any_instance_of(controller.class).to receive(:params).and_return(params)
controller.request.path_parameters = { controller: 'our_resources', action: 'index' }
end

it 'should not include random params' do
expect(helper.whitelisted_params['i-will']).to be_nil
expect(helper.allowed_params['i-will']).to be_nil
end

it 'should include whitelisted params' do
expect(helper.whitelisted_params['page']).to eq '5'
expect(helper.whitelisted_params['keywords']).to eq '"here be dragons"'
it 'should include allowed params' do
expect(helper.allowed_params['page']).to eq '5'
expect(helper.allowed_params['keywords']).to eq '"here be dragons"'
end

it 'should escape whitelisted params properly' do
expect(helper.whitelisted_query_string).to eq '?page=5&keywords=%22here+be+dragons%22&search[super]=special'
it 'should escape allowed params properly' do
expect(helper.allowed_query_string).to eq '?page=5&keywords=%22here+be+dragons%22&search[super]=special'
end

it 'should output whitelisted params using proper syntax (?key=value&key=value)' do
it 'should output allowed params using proper syntax (?key=value&key=value)' do
expect(helper.canonical_tag).to eq '<link href="http://www.mywebstore.com/our_resources/?page=5&keywords=%22here+be+dragons%22&search[super]=special" rel="canonical" />'
end

Expand Down

0 comments on commit 16eae2d

Please sign in to comment.