Class: SafeRedirection::Sanitizer

Inherits:
Object
  • Object
show all
Defined in:
lib/safe_redirection/sanitizer.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resolver, base_url, default_url) ⇒ Sanitizer

Returns a new instance of Sanitizer.



5
6
7
8
9
 
# File 'lib/safe_redirection/sanitizer.rb', line 5

def initialize(resolver, base_url, default_url)
  @resolver = resolver
  @base_url = base_url
  @default_url = default_url
end

Instance Attribute Details

#base_urlObject

Returns the value of attribute base_url.



3
4
5
 
# File 'lib/safe_redirection/sanitizer.rb', line 3

def base_url
  @base_url
end

#default_urlObject

Returns the value of attribute default_url.



3
4
5
 
# File 'lib/safe_redirection/sanitizer.rb', line 3

def default_url
  @default_url
end

#resolverObject

Returns the value of attribute resolver.



3
4
5
 
# File 'lib/safe_redirection/sanitizer.rb', line 3

def resolver
  @resolver
end

Instance Method Details

#base_pathObject 



26
27
28
29
 
# File 'lib/safe_redirection/sanitizer.rb', line 26

def base_path
  match_data = URI(base_url).path.match(/((.*)(\/)|(.+))$/)
  match_data[2] || match_data[4]
end

#relative_path(path) ⇒ Object 



31
32
33
 
# File 'lib/safe_redirection/sanitizer.rb', line 31

def relative_path(path)
  path.start_with?(base_path) ? path.sub(base_path, '') : path
end

#safe_url_for(redirect_url) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/safe_redirection/sanitizer.rb', line 11

def safe_url_for(redirect_url)
  uri = URI(redirect_url)
  path = relative_path(uri.path)

  if %w{http https}.include?(uri.scheme) || uri.scheme.nil?
    resolver.recognize_path(path, :method => :get)
  else
    default_url
  end
rescue SafeRedirection::SanitizationCancelled
  redirect_url
rescue
  default_url
end