p71924506
/
wblog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix xss

This commit is contained in:
yafeilee 2018-03-23 14:18:45 +08:00
parent fabb1d642b
commit 7e0aba298d
2 changed files with 90 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
Gemfile.lock
View File

@ -1,6 +1,6 @@
GIT GIT
remote: git://github.com/amatsuda/kaminari.git remote: git://github.com/amatsuda/kaminari.git
revision: 8e3b9db8e8d64f76c3be7b0872ad27ae495a8e3a revision: 62ec743dcee69e02186e5f1a309b08e59d83f647
specs: specs:
kaminari (1.1.1) kaminari (1.1.1)
activesupport (>= 4.1.0) activesupport (>= 4.1.0)
@ -27,39 +27,39 @@ GIT
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
actioncable (5.1.4) actioncable (5.1.5)
actionpack (= 5.1.4) actionpack (= 5.1.5)
nio4r (~> 2.0) nio4r (~> 2.0)
websocket-driver (~> 0.6.1) websocket-driver (~> 0.6.1)
actionmailer (5.1.4) actionmailer (5.1.5)
actionpack (= 5.1.4) actionpack (= 5.1.5)
actionview (= 5.1.4) actionview (= 5.1.5)
activejob (= 5.1.4) activejob (= 5.1.5)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
actionpack (5.1.4) actionpack (5.1.5)
actionview (= 5.1.4) actionview (= 5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
rack (~> 2.0) rack (~> 2.0)
rack-test (>= 0.6.3) rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.1.4) actionview (5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
builder (~> 3.1) builder (~> 3.1)
erubi (~> 1.4) erubi (~> 1.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3) rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.1.4) activejob (5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
globalid (>= 0.3.6) globalid (>= 0.3.6)
activemodel (5.1.4) activemodel (5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
activerecord (5.1.4) activerecord (5.1.5)
activemodel (= 5.1.4) activemodel (= 5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
arel (~> 8.0) arel (~> 8.0)
activesupport (5.1.4) activesupport (5.1.5)
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (~> 0.7) i18n (~> 0.7)
minitest (~> 5.1) minitest (~> 5.1)
@ -71,14 +71,14 @@ GEM
babel-transpiler (0.7.0) babel-transpiler (0.7.0)
babel-source (>= 4.0, < 6) babel-source (>= 4.0, < 6)
execjs (~> 2.0) execjs (~> 2.0)
browser (2.5.2) browser (2.5.3)
browser_warrior (0.7.0) browser_warrior (0.7.0)
browser browser
rails (~> 5.0) rails (~> 5.0)
sass-rails (~> 5.0) sass-rails (~> 5.0)
builder (3.2.3) builder (3.2.3)
byebug (9.1.0) byebug (10.0.1)
capybara (2.17.0) capybara (2.18.0)
addressable addressable
mini_mime (>= 0.1.3) mini_mime (>= 0.1.3)
nokogiri (>= 1.3.3) nokogiri (>= 1.3.3)
@ -107,17 +107,17 @@ GEM
docile (1.1.5) docile (1.1.5)
domain_name (0.5.20170404) domain_name (0.5.20170404)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
erubi (1.7.0) erubi (1.7.1)
execjs (2.7.0) execjs (2.7.0)
factory_girl (4.9.0) factory_girl (4.9.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
factory_girl_rails (4.9.0) factory_girl_rails (4.9.0)
factory_girl (~> 4.9.0) factory_girl (~> 4.9.0)
railties (>= 3.0.0) railties (>= 3.0.0)
ffi (1.9.18) ffi (1.9.23)
figaro (1.1.1) figaro (1.1.1)
thor (~> 0.14) thor (~> 0.14)
font-awesome-sass (4.7.0) font-awesome-sass (5.0.6.2)
sass (>= 3.2) sass (>= 3.2)
formatador (0.2.5) formatador (0.2.5)
foundation-icons-sass-rails (3.0.0) foundation-icons-sass-rails (3.0.0)
@ -154,7 +154,7 @@ GEM
nokogiri (~> 1.5) nokogiri (~> 1.5)
http-cookie (1.0.3) http-cookie (1.0.3)
domain_name (~> 0.5) domain_name (~> 0.5)
i18n (0.9.1) i18n (0.9.5)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
jbuilder (2.7.0) jbuilder (2.7.0)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
@ -170,7 +170,7 @@ GEM
rb-fsevent (~> 0.9, >= 0.9.4) rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7) rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2) ruby_dep (~> 1.2)
loofah (2.1.1) loofah (2.2.2)
crass (~> 1.0.2) crass (~> 1.0.2)
nokogiri (>= 1.5.9) nokogiri (>= 1.5.9)
lumberjack (1.0.12) lumberjack (1.0.12)
@ -195,13 +195,13 @@ GEM
mini_magick (4.8.0) mini_magick (4.8.0)
mini_mime (1.0.0) mini_mime (1.0.0)
mini_portile2 (2.3.0) mini_portile2 (2.3.0)
minitest (5.11.1) minitest (5.11.3)
multi_json (1.13.1) multi_json (1.13.1)
nenv (0.3.0) nenv (0.3.0)
netrc (0.11.0) netrc (0.11.0)
newrelic_rpm (4.7.1.340) newrelic_rpm (4.8.0.341)
nio4r (2.2.0) nio4r (2.3.0)
nokogiri (1.8.1) nokogiri (1.8.2)
mini_portile2 (~> 2.3.0) mini_portile2 (~> 2.3.0)
notiffany (0.1.1) notiffany (0.1.1)
nenv (~> 0.1) nenv (~> 0.1)
@ -211,25 +211,25 @@ GEM
pry (0.11.3) pry (0.11.3)
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.9.0) method_source (~> 0.9.0)
public_suffix (3.0.1) public_suffix (3.0.2)
puma (3.11.2) puma (3.11.3)
rack (2.0.3) rack (2.0.4)
rack-cors (1.0.2) rack-cors (1.0.2)
rack-protection (2.0.0) rack-protection (2.0.1)
rack rack
rack-test (0.8.2) rack-test (0.8.3)
rack (>= 1.0, < 3) rack (>= 1.0, < 3)
rails (5.1.4) rails (5.1.5)
actioncable (= 5.1.4) actioncable (= 5.1.5)
actionmailer (= 5.1.4) actionmailer (= 5.1.5)
actionpack (= 5.1.4) actionpack (= 5.1.5)
actionview (= 5.1.4) actionview (= 5.1.5)
activejob (= 5.1.4) activejob (= 5.1.5)
activemodel (= 5.1.4) activemodel (= 5.1.5)
activerecord (= 5.1.4) activerecord (= 5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
bundler (>= 1.3.0) bundler (>= 1.3.0)
railties (= 5.1.4) railties (= 5.1.5)
sprockets-rails (>= 2.0.0) sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.2) rails-controller-testing (1.0.2)
actionpack (~> 5.x, >= 5.0.1) actionpack (~> 5.x, >= 5.0.1)
@ -238,19 +238,19 @@ GEM
rails-dom-testing (2.0.3) rails-dom-testing (2.0.3)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
nokogiri (>= 1.6) nokogiri (>= 1.6)
rails-html-sanitizer (1.0.3) rails-html-sanitizer (1.0.4)
loofah (~> 2.0) loofah (~> 2.2, >= 2.2.2)
rails-i18n (5.0.4) rails-i18n (5.0.4)
i18n (~> 0.7) i18n (~> 0.7)
railties (~> 5.0) railties (~> 5.0)
railties (5.1.4) railties (5.1.5)
actionpack (= 5.1.4) actionpack (= 5.1.5)
activesupport (= 5.1.4) activesupport (= 5.1.5)
method_source method_source
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
rake (12.3.0) rake (12.3.1)
rb-fsevent (0.10.2) rb-fsevent (0.10.3)
rb-inotify (0.9.10) rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2) ffi (>= 0.5.0, < 2)
redcarpet (3.4.0) redcarpet (3.4.0)
@ -261,7 +261,7 @@ GEM
http-cookie (>= 1.0.2, < 2.0) http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0) mime-types (>= 1.16, < 4.0)
netrc (~> 0.8) netrc (~> 0.8)
rouge (3.1.0) rouge (3.1.1)
rspec (3.7.0) rspec (3.7.0)
rspec-core (~> 3.7.0) rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0) rspec-expectations (~> 3.7.0)
@ -285,7 +285,7 @@ GEM
rspec-sidekiq (3.0.3) rspec-sidekiq (3.0.3)
rspec-core (~> 3.0, >= 3.0.0) rspec-core (~> 3.0, >= 3.0.0)
sidekiq (>= 2.4.0) sidekiq (>= 2.4.0)
rspec-support (3.7.0) rspec-support (3.7.1)
ruby_dep (1.5.0) ruby_dep (1.5.0)
sass (3.4.25) sass (3.4.25)
sass-rails (5.0.7) sass-rails (5.0.7)
@ -295,11 +295,11 @@ GEM
sprockets-rails (>= 2.0, < 4.0) sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3) tilt (>= 1.1, < 3)
shellany (0.0.1) shellany (0.0.1)
sidekiq (5.0.5) sidekiq (5.1.1)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
connection_pool (~> 2.2, >= 2.2.0) connection_pool (~> 2.2, >= 2.2.0)
rack-protection (>= 1.5.0) rack-protection (>= 1.5.0)
redis (>= 3.3.4, < 5) redis (>= 3.3.5, < 5)
simplecov (0.13.0) simplecov (0.13.0)
docile (~> 1.1.0) docile (~> 1.1.0)
json (>= 1.8, < 3) json (>= 1.8, < 3)
@ -335,13 +335,13 @@ GEM
turbolinks (5.1.0) turbolinks (5.1.0)
turbolinks-source (~> 5.1) turbolinks-source (~> 5.1)
turbolinks-source (5.1.0) turbolinks-source (5.1.0)
tzinfo (1.2.4) tzinfo (1.2.5)
thread_safe (~> 0.1) thread_safe (~> 0.1)
uglifier (4.1.3) uglifier (4.1.8)
execjs (>= 0.3.0, < 3) execjs (>= 0.3.0, < 3)
unf (0.1.4) unf (0.1.4)
unf_ext unf_ext
unf_ext (0.0.7.4) unf_ext (0.0.7.5)
websocket-driver (0.6.5) websocket-driver (0.6.5)
websocket-extensions (>= 0.1.0) websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.3) websocket-extensions (0.1.3)
@ -407,4 +407,4 @@ RUBY VERSION
ruby 2.3.1p112 ruby 2.3.1p112
BUNDLED WITH BUNDLED WITH
1.15.4 1.16.1

2
vendor/assets/javascripts/jquery.html5-fileupload.js vendored
View File

@ -64,7 +64,7 @@
(function($) { (function($) {
// Don't do logging if window.log function does not exist. // Don't do logging if window.log function does not exist.
var log = window.log || $.noop; var log = window.console.log || $.noop;
// jQuery.ajax config // jQuery.ajax config
var config = { var config = {