Add a URI sanitizer to the rack stack avoid rack throwing
exceptions on the server side, and ignore errors decoding
components on the client side.
Fixes #1101
gem "rack-cors"
gem "actionpack-page_caching"
gem "rack-cors"
gem "actionpack-page_caching"
+# Sanitise URIs
+gem "rack-uri_sanitizer"
+
# Omniauth for authentication
gem "omniauth"
gem "omniauth-openid"
# Omniauth for authentication
gem "omniauth"
gem "omniauth-openid"
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
arel (6.0.3)
ast (2.1.0)
astrolabe (1.3.1)
parser (~> 2.2)
arel (6.0.3)
ast (2.1.0)
astrolabe (1.3.1)
parser (~> 2.2)
- autoprefixer-rails (6.1.0.1)
+ autoprefixer-rails (6.1.2)
execjs
json
bigdecimal (1.1.0)
execjs
json
bigdecimal (1.1.0)
colorize (0.7.7)
composite_primary_keys (8.1.1)
activerecord (~> 4.2.0)
colorize (0.7.7)
composite_primary_keys (8.1.1)
activerecord (~> 4.2.0)
+ concurrent-ruby (1.0.0)
+ coveralls (0.8.10)
json (~> 1.8)
rest-client (>= 1.6.8, < 2)
json (~> 1.8)
rest-client (>= 1.6.8, < 2)
term-ansicolor (~> 1.3)
thor (~> 0.19.1)
tins (~> 1.6.0)
term-ansicolor (~> 1.3)
thor (~> 0.19.1)
tins (~> 1.6.0)
mime-types (>= 1.16, < 3)
mime-types (2.99)
mimemagic (0.3.0)
mime-types (>= 1.16, < 3)
mime-types (2.99)
mimemagic (0.3.0)
minitest (5.8.3)
multi_json (1.11.2)
multi_xml (0.5.5)
multipart-post (2.0.0)
netrc (0.11.0)
minitest (5.8.3)
multi_json (1.11.2)
multi_xml (0.5.5)
multipart-post (2.0.0)
netrc (0.11.0)
- nokogiri (1.6.6.4)
- mini_portile (~> 0.6.0)
+ nokogiri (1.6.7)
+ mini_portile2 (~> 2.0.0.rc2)
nokogumbo (1.4.1)
nokogiri
oauth (0.4.7)
nokogumbo (1.4.1)
nokogiri
oauth (0.4.7)
parser (2.2.3.0)
ast (>= 1.1, < 3.0)
pg (0.18.4)
parser (2.2.3.0)
ast (>= 1.1, < 3.0)
pg (0.18.4)
capybara (~> 2.1)
cliver (~> 0.3.1)
multi_json (~> 1.0)
capybara (~> 2.1)
cliver (~> 0.3.1)
multi_json (~> 1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.3)
rack (>= 1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.3)
rack (>= 1.0)
+ rack-uri_sanitizer (0.0.2)
rails (4.2.5)
actionmailer (= 4.2.5)
actionpack (= 4.2.5)
rails (4.2.5)
actionmailer (= 4.2.5)
actionpack (= 4.2.5)
sprockets (>= 2.8, < 4.0)
sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3)
sprockets (>= 2.8, < 4.0)
sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3)
docile (~> 1.1.0)
json (~> 1.8)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.0)
soap4r-ruby1.9 (2.0.5)
docile (~> 1.1.0)
json (~> 1.8)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.0)
soap4r-ruby1.9 (2.0.5)
+ sprockets (3.5.1)
+ concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (2.3.3)
actionpack (>= 3.0)
rack (> 1, < 3)
sprockets-rails (2.3.3)
actionpack (>= 3.0)
rails (= 4.2.5)
rails-i18n (~> 4.0.0)
redcarpet
rails (= 4.2.5)
rails-i18n (~> 4.0.0)
redcarpet
j = pair.indexOf('='),
key = pair.slice(0, j),
val = pair.slice(++j);
j = pair.indexOf('='),
key = pair.slice(0, j),
val = pair.slice(++j);
- params[key] = decodeURIComponent(val);
+
+ try {
+ params[key] = decodeURIComponent(val);
+ } catch (e) {
+ // Ignore parse exceptions
+ }
--- /dev/null
+# Add URI sanitizer to rack middleware
+Rails.configuration.middleware.insert_before Rack::Runtime, Rack::URISanitizer