Merge remote branch 'shadowcat/master'

* shadowcat/master:
  Fix a typo in Changes

diff --git a/Changes b/Changes
index 83322b9..312e10e 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,8 +1,11 @@
+Mon  20 Jan 2012 11:22:00 GMT - Release 0.96
+  Added fix for RT 63537 (from Gerv) and tests to check it.
+
 Wed  04 Jan 2012 19:34:00 GMT - Release 0.95
   Fix regex for JSONP parameter name to be able to include the . character
   in Catalyst::Action::Serialize::JSONP. RT#73741
 
-  Add optional location parameter to status_acceped handler. RT#73691 (ghenry)
+  Add optional location parameter to status_accepted handler. RT#73691 (ghenry)
 
 Fri  09 Dec 2011 08:35:00 GMT - Release 0.94
   Add 403 Forbidden and 302 Not Found status methods to

diff --git a/Makefile.PL b/Makefile.PL
index 8b0ce01..317c0be 100644 (file)
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -14,6 +14,7 @@ requires 'namespace::autoclean';
 requires('Catalyst::Runtime'         => '5.80030');
 requires('Params::Validate'          => '0.76');
 requires('YAML::Syck'                => '0.67');
+requires('HTML::Parser'              => undef);
 requires('Module::Pluggable::Object' => undef);
 requires('LWP::UserAgent'            => '2.033');
 requires('Data::Serializer'          => '0.36');

diff --git a/README b/README
index f1259c4..ae77756 100644 (file)
--- a/README
+++ b/README
@@ -104,6 +104,10 @@ CONTRIBUTORS
 
     Gavin Henry <ghenry@surevoip.co.uk>
 
+    Gerv http://www.gerv.net/
+
+    Colin Newell <colin@opusvl.com>
+
 COPYRIGHT
     Copyright (c) 2006-2012 the above named AUTHOR and CONTRIBUTORS
 

diff --git a/lib/Catalyst/Action/Deserialize.pm b/lib/Catalyst/Action/Deserialize.pm
index d596a10..45b77b3 100644 (file)
--- a/lib/Catalyst/Action/Deserialize.pm
+++ b/lib/Catalyst/Action/Deserialize.pm
@@ -8,7 +8,7 @@ use Module::Pluggable::Object;
 use MRO::Compat;
 use Moose::Util::TypeConstraints;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has plugins => ( is => 'rw' );

diff --git a/lib/Catalyst/Action/Deserialize/Callback.pm b/lib/Catalyst/Action/Deserialize/Callback.pm
index d1b71f3..27e7d05 100644 (file)
--- a/lib/Catalyst/Action/Deserialize/Callback.pm
+++ b/lib/Catalyst/Action/Deserialize/Callback.pm
@@ -6,7 +6,7 @@ use Scalar::Util qw(openhandle);
 
 extends 'Catalyst::Action';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Deserialize/Data/Serializer.pm b/lib/Catalyst/Action/Deserialize/Data/Serializer.pm
index 7a52c95..b3cef43 100644 (file)
--- a/lib/Catalyst/Action/Deserialize/Data/Serializer.pm
+++ b/lib/Catalyst/Action/Deserialize/Data/Serializer.pm
@@ -10,7 +10,7 @@ use Scalar::Util qw(openhandle);
 my $compartment = Safe->new;
 $compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Deserialize/JSON.pm b/lib/Catalyst/Action/Deserialize/JSON.pm
index 63d412d..0925e8b 100644 (file)
--- a/lib/Catalyst/Action/Deserialize/JSON.pm
+++ b/lib/Catalyst/Action/Deserialize/JSON.pm
@@ -7,7 +7,7 @@ use Scalar::Util qw(openhandle);
 extends 'Catalyst::Action';
 use JSON;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Deserialize/View.pm b/lib/Catalyst/Action/Deserialize/View.pm
index bccd98c..1455ca0 100644 (file)
--- a/lib/Catalyst/Action/Deserialize/View.pm
+++ b/lib/Catalyst/Action/Deserialize/View.pm
@@ -5,7 +5,7 @@ use namespace::autoclean;
 
 extends 'Catalyst::Action';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Deserialize/XML/Simple.pm b/lib/Catalyst/Action/Deserialize/XML/Simple.pm
index c9fb157..4067555 100644 (file)
--- a/lib/Catalyst/Action/Deserialize/XML/Simple.pm
+++ b/lib/Catalyst/Action/Deserialize/XML/Simple.pm
@@ -6,7 +6,7 @@ use Scalar::Util qw(openhandle);
 
 extends 'Catalyst::Action';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Deserialize/YAML.pm b/lib/Catalyst/Action/Deserialize/YAML.pm
index cdce97b..7bb0b7a 100644 (file)
--- a/lib/Catalyst/Action/Deserialize/YAML.pm
+++ b/lib/Catalyst/Action/Deserialize/YAML.pm
@@ -7,7 +7,7 @@ use Scalar::Util qw(openhandle);
 extends 'Catalyst::Action';
 use YAML::Syck;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/DeserializeMultiPart.pm b/lib/Catalyst/Action/DeserializeMultiPart.pm
index f5c5cae..138095c 100644 (file)
--- a/lib/Catalyst/Action/DeserializeMultiPart.pm
+++ b/lib/Catalyst/Action/DeserializeMultiPart.pm
@@ -6,7 +6,7 @@ use namespace::autoclean;
 extends 'Catalyst::Action::Deserialize';
 use HTTP::Body;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 our $NO_HTTP_BODY_TYPES_INITIALIZATION;

diff --git a/lib/Catalyst/Action/REST.pm b/lib/Catalyst/Action/REST.pm
index 8568799..b6bf2af 100644 (file)
--- a/lib/Catalyst/Action/REST.pm
+++ b/lib/Catalyst/Action/REST.pm
@@ -10,7 +10,7 @@ use Catalyst::Controller::REST;
 
 BEGIN { require 5.008001; }
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub BUILDARGS {
@@ -226,6 +226,10 @@ J. Shirley E<lt>jshirley@gmail.comE<gt>
 
 Gavin Henry E<lt>ghenry@surevoip.co.ukE<gt>
 
+Gerv http://www.gerv.net/
+
+Colin Newell <colin@opusvl.com>
+
 =head1 COPYRIGHT
 
 Copyright (c) 2006-2012 the above named AUTHOR and CONTRIBUTORS

diff --git a/lib/Catalyst/Action/REST/ForBrowsers.pm b/lib/Catalyst/Action/REST/ForBrowsers.pm
index c17b162..b967167 100644 (file)
--- a/lib/Catalyst/Action/REST/ForBrowsers.pm
+++ b/lib/Catalyst/Action/REST/ForBrowsers.pm
@@ -3,7 +3,7 @@ package Catalyst::Action::REST::ForBrowsers;
 use Moose;
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 extends 'Catalyst::Action::REST';

diff --git a/lib/Catalyst/Action/Serialize.pm b/lib/Catalyst/Action/Serialize.pm
index fd90d7c..74700ea 100644 (file)
--- a/lib/Catalyst/Action/Serialize.pm
+++ b/lib/Catalyst/Action/Serialize.pm
@@ -7,7 +7,7 @@ extends 'Catalyst::Action::SerializeBase';
 use Module::Pluggable::Object;
 use MRO::Compat;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has _encoders => (

diff --git a/lib/Catalyst/Action/Serialize/Callback.pm b/lib/Catalyst/Action/Serialize/Callback.pm
index e85ce7c..6f96aa8 100644 (file)
--- a/lib/Catalyst/Action/Serialize/Callback.pm
+++ b/lib/Catalyst/Action/Serialize/Callback.pm
@@ -5,7 +5,7 @@ use namespace::autoclean;
 
 extends 'Catalyst::Action';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Serialize/Data/Serializer.pm b/lib/Catalyst/Action/Serialize/Data/Serializer.pm
index 49740a8..8e08aa3 100644 (file)
--- a/lib/Catalyst/Action/Serialize/Data/Serializer.pm
+++ b/lib/Catalyst/Action/Serialize/Data/Serializer.pm
@@ -6,7 +6,7 @@ use namespace::autoclean;
 extends 'Catalyst::Action';
 use Data::Serializer;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Serialize/JSON.pm b/lib/Catalyst/Action/Serialize/JSON.pm
index c55985f..9f4cf44 100644 (file)
--- a/lib/Catalyst/Action/Serialize/JSON.pm
+++ b/lib/Catalyst/Action/Serialize/JSON.pm
@@ -6,7 +6,7 @@ use namespace::autoclean;
 extends 'Catalyst::Action';
 use JSON ();
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has encoder => (

diff --git a/lib/Catalyst/Action/Serialize/JSON/XS.pm b/lib/Catalyst/Action/Serialize/JSON/XS.pm
index 5f57310..28866a7 100644 (file)
--- a/lib/Catalyst/Action/Serialize/JSON/XS.pm
+++ b/lib/Catalyst/Action/Serialize/JSON/XS.pm
@@ -6,7 +6,7 @@ use namespace::autoclean;
 extends 'Catalyst::Action::Serialize::JSON';
 use JSON::XS ();
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub _build_encoder {

diff --git a/lib/Catalyst/Action/Serialize/JSONP.pm b/lib/Catalyst/Action/Serialize/JSONP.pm
index 67ac584..4f1172c 100644 (file)
--- a/lib/Catalyst/Action/Serialize/JSONP.pm
+++ b/lib/Catalyst/Action/Serialize/JSONP.pm
@@ -4,7 +4,7 @@ use namespace::autoclean;
 
 extends 'Catalyst::Action::Serialize::JSON';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 after 'execute' => sub {

diff --git a/lib/Catalyst/Action/Serialize/View.pm b/lib/Catalyst/Action/Serialize/View.pm
index 1a25f58..6f90003 100644 (file)
--- a/lib/Catalyst/Action/Serialize/View.pm
+++ b/lib/Catalyst/Action/Serialize/View.pm
@@ -4,7 +4,7 @@ use namespace::autoclean;
 
 extends 'Catalyst::Action';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Serialize/XML/Simple.pm b/lib/Catalyst/Action/Serialize/XML/Simple.pm
index 0126bb0..72ce025 100644 (file)
--- a/lib/Catalyst/Action/Serialize/XML/Simple.pm
+++ b/lib/Catalyst/Action/Serialize/XML/Simple.pm
@@ -5,7 +5,7 @@ use namespace::autoclean;
 
 extends 'Catalyst::Action';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Serialize/YAML.pm b/lib/Catalyst/Action/Serialize/YAML.pm
index 531e178..54dd4e3 100644 (file)
--- a/lib/Catalyst/Action/Serialize/YAML.pm
+++ b/lib/Catalyst/Action/Serialize/YAML.pm
@@ -6,7 +6,7 @@ use namespace::autoclean;
 extends 'Catalyst::Action';
 use YAML::Syck;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {

diff --git a/lib/Catalyst/Action/Serialize/YAML/HTML.pm b/lib/Catalyst/Action/Serialize/YAML/HTML.pm
index 717108d..cf48b4b 100644 (file)
--- a/lib/Catalyst/Action/Serialize/YAML/HTML.pm
+++ b/lib/Catalyst/Action/Serialize/YAML/HTML.pm
@@ -7,7 +7,7 @@ extends 'Catalyst::Action';
 use YAML::Syck;
 use URI::Find;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 sub execute {
@@ -23,7 +23,7 @@ sub execute {
     my $output = "<html>";
     $output .= "<title>" . $app . "</title>";
     $output .= "<body><pre>";
-    my $text = Dump($c->stash->{$stash_key});
+    my $text = HTML::Entities::encode(Dump($c->stash->{$stash_key}));
     # Straight from URI::Find
     my $finder = URI::Find->new(
                               sub {

diff --git a/lib/Catalyst/Action/SerializeBase.pm b/lib/Catalyst/Action/SerializeBase.pm
index aeb186a..8ba1100 100644 (file)
--- a/lib/Catalyst/Action/SerializeBase.pm
+++ b/lib/Catalyst/Action/SerializeBase.pm
@@ -8,7 +8,7 @@ use Module::Pluggable::Object;
 use Catalyst::Request::REST;
 use Catalyst::Utils ();
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 after BUILDARGS => sub {

diff --git a/lib/Catalyst/Controller/REST.pm b/lib/Catalyst/Controller/REST.pm
index f10cf57..bc480f0 100644 (file)
--- a/lib/Catalyst/Controller/REST.pm
+++ b/lib/Catalyst/Controller/REST.pm
@@ -2,7 +2,7 @@ package Catalyst::Controller::REST;
 use Moose;
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 =head1 NAME

diff --git a/lib/Catalyst/Request/REST.pm b/lib/Catalyst/Request/REST.pm
index 26a8b4a..3860860 100644 (file)
--- a/lib/Catalyst/Request/REST.pm
+++ b/lib/Catalyst/Request/REST.pm
@@ -7,7 +7,7 @@ use namespace::autoclean;
 extends 'Catalyst::Request';
 with 'Catalyst::TraitFor::Request::REST';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 # Please don't take this as a recommended way to do things.

diff --git a/lib/Catalyst/Request/REST/ForBrowsers.pm b/lib/Catalyst/Request/REST/ForBrowsers.pm
index 5a08fd1..49d5904 100644 (file)
--- a/lib/Catalyst/Request/REST/ForBrowsers.pm
+++ b/lib/Catalyst/Request/REST/ForBrowsers.pm
@@ -3,7 +3,7 @@ use Moose;
 
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 extends 'Catalyst::Request::REST';

diff --git a/lib/Catalyst/TraitFor/Request/REST.pm b/lib/Catalyst/TraitFor/Request/REST.pm
index c4bcec0..43bb624 100644 (file)
--- a/lib/Catalyst/TraitFor/Request/REST.pm
+++ b/lib/Catalyst/TraitFor/Request/REST.pm
@@ -3,7 +3,7 @@ use Moose::Role;
 use HTTP::Headers::Util qw(split_header_words);
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has [qw/ data accept_only /] => ( is => 'rw' );

diff --git a/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm b/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm
index 0d5118c..da9238b 100644 (file)
--- a/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm
+++ b/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm
@@ -4,7 +4,7 @@ use namespace::autoclean;
 
 with 'Catalyst::TraitFor::Request::REST';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has _determined_real_method => (

diff --git a/t/lib/Test/Serialize/Controller/REST.pm b/t/lib/Test/Serialize/Controller/REST.pm
index fa1cac2..8c1d5f2 100644 (file)
--- a/t/lib/Test/Serialize/Controller/REST.pm
+++ b/t/lib/Test/Serialize/Controller/REST.pm
@@ -55,4 +55,10 @@ sub monkey_get : Local : ActionClass('Serialize') {
     $c->stash->{'rest'} = { monkey => 'likes chicken!', };
 }
 
+sub xss_get : Local : ActionClass('Serialize') {
+    my ( $self, $c ) = @_;
+    $c->stash->{'rest'} = { monkey => 'likes chicken > sushi!', };
+}
+
+
 1;

diff --git a/t/yaml-html.t b/t/yaml-html.t
index a77f085..bf9bf10 100644 (file)
--- a/t/yaml-html.t
+++ b/t/yaml-html.t
@@ -28,6 +28,14 @@ SKIP: {
       request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
     ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
 
+    # xss test - RT 63537
+    my $xss_template =
+"<html><title>Test::Serialize</title><body><pre>--- \nmonkey: likes chicken &gt; sushi!\n</pre></body></html>";
+    my $xres = request( $t->get( url => '/xss_get' ) );
+    ok( $xres->is_success, 'GET the xss succeeded' );
+    is( $xres->content, $xss_template, "GET returned the right data" );
+
+
 }
 1;