+Mon 20 Jan 2012 11:22:00 GMT - Release 0.96
+ Added fix for RT 63537 (from Gerv) and tests to check it.
+
Wed 04 Jan 2012 19:34:00 GMT - Release 0.95
Fix regex for JSONP parameter name to be able to include the . character
in Catalyst::Action::Serialize::JSONP. RT#73741
- Add optional location parameter to status_acceped handler. RT#73691 (ghenry)
+ Add optional location parameter to status_accepted handler. RT#73691 (ghenry)
Fri 09 Dec 2011 08:35:00 GMT - Release 0.94
Add 403 Forbidden and 302 Not Found status methods to
requires('Catalyst::Runtime' => '5.80030');
requires('Params::Validate' => '0.76');
requires('YAML::Syck' => '0.67');
+requires('HTML::Parser' => undef);
requires('Module::Pluggable::Object' => undef);
requires('LWP::UserAgent' => '2.033');
requires('Data::Serializer' => '0.36');
Gavin Henry <ghenry@surevoip.co.uk>
+ Gerv http://www.gerv.net/
+
+ Colin Newell <colin@opusvl.com>
+
COPYRIGHT
Copyright (c) 2006-2012 the above named AUTHOR and CONTRIBUTORS
use MRO::Compat;
use Moose::Util::TypeConstraints;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
has plugins => ( is => 'rw' );
extends 'Catalyst::Action';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
my $compartment = Safe->new;
$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
use JSON;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
use YAML::Syck;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action::Deserialize';
use HTTP::Body;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
our $NO_HTTP_BODY_TYPES_INITIALIZATION;
BEGIN { require 5.008001; }
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub BUILDARGS {
Gavin Henry E<lt>ghenry@surevoip.co.ukE<gt>
+Gerv http://www.gerv.net/
+
+Colin Newell <colin@opusvl.com>
+
=head1 COPYRIGHT
Copyright (c) 2006-2012 the above named AUTHOR and CONTRIBUTORS
use Moose;
use namespace::autoclean;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
extends 'Catalyst::Action::REST';
use Module::Pluggable::Object;
use MRO::Compat;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
has _encoders => (
extends 'Catalyst::Action';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
use Data::Serializer;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
use JSON ();
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
has encoder => (
extends 'Catalyst::Action::Serialize::JSON';
use JSON::XS ();
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub _build_encoder {
extends 'Catalyst::Action::Serialize::JSON';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
after 'execute' => sub {
extends 'Catalyst::Action';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
extends 'Catalyst::Action';
use YAML::Syck;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
use YAML::Syck;
use URI::Find;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
sub execute {
my $output = "<html>";
$output .= "<title>" . $app . "</title>";
$output .= "<body><pre>";
- my $text = Dump($c->stash->{$stash_key});
+ my $text = HTML::Entities::encode(Dump($c->stash->{$stash_key}));
# Straight from URI::Find
my $finder = URI::Find->new(
sub {
use Catalyst::Request::REST;
use Catalyst::Utils ();
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
after BUILDARGS => sub {
use Moose;
use namespace::autoclean;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
=head1 NAME
extends 'Catalyst::Request';
with 'Catalyst::TraitFor::Request::REST';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
# Please don't take this as a recommended way to do things.
use namespace::autoclean;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
extends 'Catalyst::Request::REST';
use HTTP::Headers::Util qw(split_header_words);
use namespace::autoclean;
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
has [qw/ data accept_only /] => ( is => 'rw' );
with 'Catalyst::TraitFor::Request::REST';
-our $VERSION = '0.95';
+our $VERSION = '0.96';
$VERSION = eval $VERSION;
has _determined_real_method => (
$c->stash->{'rest'} = { monkey => 'likes chicken!', };
}
+sub xss_get : Local : ActionClass('Serialize') {
+ my ( $self, $c ) = @_;
+ $c->stash->{'rest'} = { monkey => 'likes chicken > sushi!', };
+}
+
+
1;
request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
+ # xss test - RT 63537
+ my $xss_template =
+"<html><title>Test::Serialize</title><body><pre>--- \nmonkey: likes chicken > sushi!\n</pre></body></html>";
+ my $xres = request( $t->get( url => '/xss_get' ) );
+ ok( $xres->is_success, 'GET the xss succeeded' );
+ is( $xres->content, $xss_template, "GET returned the right data" );
+
+
}
1;