acfs 1.6.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (258) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +144 -115
  3. data/README.md +33 -41
  4. data/acfs.gemspec +9 -10
  5. data/lib/acfs/adapter/typhoeus.rb +6 -4
  6. data/lib/acfs/collections/paginatable.rb +11 -11
  7. data/lib/acfs/configuration.rb +13 -3
  8. data/lib/acfs/errors.rb +7 -7
  9. data/lib/acfs/global.rb +4 -4
  10. data/lib/acfs/location.rb +2 -2
  11. data/lib/acfs/operation.rb +1 -1
  12. data/lib/acfs/request/callbacks.rb +1 -1
  13. data/lib/acfs/request.rb +1 -1
  14. data/lib/acfs/resource/attributes/uuid.rb +2 -2
  15. data/lib/acfs/resource/attributes.rb +1 -1
  16. data/lib/acfs/resource/dirty.rb +1 -1
  17. data/lib/acfs/resource/locatable.rb +2 -2
  18. data/lib/acfs/resource/operational.rb +4 -4
  19. data/lib/acfs/resource/query_methods.rb +5 -5
  20. data/lib/acfs/response/status.rb +1 -1
  21. data/lib/acfs/runner.rb +15 -15
  22. data/lib/acfs/service/middleware.rb +2 -2
  23. data/lib/acfs/singleton_resource.rb +2 -2
  24. data/lib/acfs/stub.rb +35 -30
  25. data/lib/acfs/version.rb +3 -3
  26. data/lib/acfs/yard.rb +1 -0
  27. data/spec/acfs/adapter/typhoeus_spec.rb +4 -4
  28. data/spec/acfs/collection_spec.rb +66 -41
  29. data/spec/acfs/configuration_spec.rb +22 -12
  30. data/spec/acfs/global_spec.rb +14 -12
  31. data/spec/acfs/location_spec.rb +1 -1
  32. data/spec/acfs/middleware/json_spec.rb +9 -9
  33. data/spec/acfs/middleware/{msgpack_spec.rb → message_pack_spec.rb} +7 -7
  34. data/spec/acfs/operation_spec.rb +4 -3
  35. data/spec/acfs/request/callbacks_spec.rb +19 -10
  36. data/spec/acfs/request_spec.rb +15 -19
  37. data/spec/acfs/resource/attributes/boolean_spec.rb +32 -32
  38. data/spec/acfs/resource/attributes/date_time_spec.rb +17 -9
  39. data/spec/acfs/resource/attributes/dict_spec.rb +16 -10
  40. data/spec/acfs/resource/attributes/float_spec.rb +21 -11
  41. data/spec/acfs/resource/attributes/integer_spec.rb +11 -6
  42. data/spec/acfs/resource/attributes/list_spec.rb +13 -8
  43. data/spec/acfs/resource/attributes/uuid_spec.rb +14 -8
  44. data/spec/acfs/resource/attributes_spec.rb +33 -32
  45. data/spec/acfs/resource/dirty_spec.rb +7 -4
  46. data/spec/acfs/resource/initialization_spec.rb +4 -5
  47. data/spec/acfs/resource/loadable_spec.rb +3 -1
  48. data/spec/acfs/resource/locatable_spec.rb +24 -18
  49. data/spec/acfs/resource/{persistance_spec.rb → persistence_spec.rb} +119 -87
  50. data/spec/acfs/resource/query_methods_spec.rb +144 -111
  51. data/spec/acfs/resource/validation_spec.rb +34 -27
  52. data/spec/acfs/response/formats_spec.rb +8 -8
  53. data/spec/acfs/response/status_spec.rb +16 -9
  54. data/spec/acfs/runner_spec.rb +22 -20
  55. data/spec/acfs/service/middleware_spec.rb +3 -3
  56. data/spec/acfs/service_spec.rb +5 -4
  57. data/spec/acfs/singleton_resource_spec.rb +2 -1
  58. data/spec/acfs/stub_spec.rb +64 -65
  59. data/spec/acfs_spec.rb +112 -94
  60. data/spec/spec_helper.rb +10 -6
  61. data/spec/support/hash.rb +1 -1
  62. data/spec/support/response.rb +2 -2
  63. data/spec/support/service.rb +1 -1
  64. data/spec/support/shared/find_callbacks.rb +14 -10
  65. data/vendor/bundle/ruby/3.4.0/bundler/gems/rubocop-config-67802c9d1826/LICENSE +21 -0
  66. data/vendor/bundle/ruby/3.4.0/bundler/gems/rubocop-config-67802c9d1826/README.md +23 -0
  67. data/vendor/bundle/ruby/3.4.0/bundler/gems/rubocop-config-67802c9d1826/rubocop-config.gemspec +31 -0
  68. data/vendor/bundle/ruby/3.4.0/gems/actionpack-8.0.1/CHANGELOG.md +205 -0
  69. data/vendor/bundle/ruby/3.4.0/gems/actionpack-8.0.1/MIT-LICENSE +21 -0
  70. data/vendor/bundle/ruby/3.4.0/gems/actionpack-8.0.1/README.rdoc +57 -0
  71. data/vendor/bundle/ruby/3.4.0/gems/actionview-8.0.1/CHANGELOG.md +67 -0
  72. data/vendor/bundle/ruby/3.4.0/gems/actionview-8.0.1/MIT-LICENSE +21 -0
  73. data/vendor/bundle/ruby/3.4.0/gems/actionview-8.0.1/README.rdoc +40 -0
  74. data/vendor/bundle/ruby/3.4.0/gems/activemodel-8.0.1/CHANGELOG.md +110 -0
  75. data/vendor/bundle/ruby/3.4.0/gems/activemodel-8.0.1/MIT-LICENSE +21 -0
  76. data/vendor/bundle/ruby/3.4.0/gems/activemodel-8.0.1/README.rdoc +266 -0
  77. data/vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.1/CHANGELOG.md +157 -0
  78. data/vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.1/MIT-LICENSE +20 -0
  79. data/vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.1/README.rdoc +40 -0
  80. data/vendor/bundle/ruby/3.4.0/gems/addressable-2.8.7/CHANGELOG.md +301 -0
  81. data/vendor/bundle/ruby/3.4.0/gems/addressable-2.8.7/LICENSE.txt +202 -0
  82. data/vendor/bundle/ruby/3.4.0/gems/addressable-2.8.7/README.md +121 -0
  83. data/vendor/bundle/ruby/3.4.0/gems/addressable-2.8.7/addressable.gemspec +28 -0
  84. data/vendor/bundle/ruby/3.4.0/gems/appraisal-2.5.0/MIT-LICENSE +21 -0
  85. data/vendor/bundle/ruby/3.4.0/gems/appraisal-2.5.0/README.md +243 -0
  86. data/vendor/bundle/ruby/3.4.0/gems/appraisal-2.5.0/appraisal.gemspec +29 -0
  87. data/vendor/bundle/ruby/3.4.0/gems/base64-0.2.0/LICENSE.txt +22 -0
  88. data/vendor/bundle/ruby/3.4.0/gems/base64-0.2.0/README.md +48 -0
  89. data/vendor/bundle/ruby/3.4.0/gems/benchmark-0.4.0/README.md +138 -0
  90. data/vendor/bundle/ruby/3.4.0/gems/benchmark-0.4.0/benchmark.gemspec +32 -0
  91. data/vendor/bundle/ruby/3.4.0/gems/bigdecimal-3.1.9/LICENSE +56 -0
  92. data/vendor/bundle/ruby/3.4.0/gems/bigdecimal-3.1.9/bigdecimal.gemspec +57 -0
  93. data/vendor/bundle/ruby/3.4.0/gems/builder-3.3.0/MIT-LICENSE +20 -0
  94. data/vendor/bundle/ruby/3.4.0/gems/builder-3.3.0/README.md +258 -0
  95. data/vendor/bundle/ruby/3.4.0/gems/builder-3.3.0/builder.gemspec +49 -0
  96. data/vendor/bundle/ruby/3.4.0/gems/concurrent-ruby-1.3.5/CHANGELOG.md +603 -0
  97. data/vendor/bundle/ruby/3.4.0/gems/concurrent-ruby-1.3.5/LICENSE.txt +21 -0
  98. data/vendor/bundle/ruby/3.4.0/gems/concurrent-ruby-1.3.5/README.md +407 -0
  99. data/vendor/bundle/ruby/3.4.0/gems/connection_pool-2.5.0/LICENSE +20 -0
  100. data/vendor/bundle/ruby/3.4.0/gems/connection_pool-2.5.0/README.md +167 -0
  101. data/vendor/bundle/ruby/3.4.0/gems/connection_pool-2.5.0/connection_pool.gemspec +24 -0
  102. data/vendor/bundle/ruby/3.4.0/gems/crack-1.0.0/LICENSE +20 -0
  103. data/vendor/bundle/ruby/3.4.0/gems/crack-1.0.0/README.md +43 -0
  104. data/vendor/bundle/ruby/3.4.0/gems/crass-1.0.6/LICENSE +18 -0
  105. data/vendor/bundle/ruby/3.4.0/gems/crass-1.0.6/README.md +192 -0
  106. data/vendor/bundle/ruby/3.4.0/gems/crass-1.0.6/crass.gemspec +31 -0
  107. data/vendor/bundle/ruby/3.4.0/gems/diff-lcs-1.5.1/License.md +41 -0
  108. data/vendor/bundle/ruby/3.4.0/gems/diff-lcs-1.5.1/README.rdoc +84 -0
  109. data/vendor/bundle/ruby/3.4.0/gems/drb-2.2.1/LICENSE.txt +22 -0
  110. data/vendor/bundle/ruby/3.4.0/gems/drb-2.2.1/drb.gemspec +41 -0
  111. data/vendor/bundle/ruby/3.4.0/gems/erubi-1.13.1/CHANGELOG +111 -0
  112. data/vendor/bundle/ruby/3.4.0/gems/erubi-1.13.1/MIT-LICENSE +21 -0
  113. data/vendor/bundle/ruby/3.4.0/gems/erubi-1.13.1/README.rdoc +151 -0
  114. data/vendor/bundle/ruby/3.4.0/gems/ethon-0.16.0/CHANGELOG.md +375 -0
  115. data/vendor/bundle/ruby/3.4.0/gems/ethon-0.16.0/LICENSE +20 -0
  116. data/vendor/bundle/ruby/3.4.0/gems/ethon-0.16.0/README.md +118 -0
  117. data/vendor/bundle/ruby/3.4.0/gems/ethon-0.16.0/ethon.gemspec +26 -0
  118. data/vendor/bundle/ruby/3.4.0/gems/ffi-1.17.1-x86_64-linux-gnu/CHANGELOG.md +465 -0
  119. data/vendor/bundle/ruby/3.4.0/gems/ffi-1.17.1-x86_64-linux-gnu/LICENSE +24 -0
  120. data/vendor/bundle/ruby/3.4.0/gems/ffi-1.17.1-x86_64-linux-gnu/LICENSE.SPECS +22 -0
  121. data/vendor/bundle/ruby/3.4.0/gems/ffi-1.17.1-x86_64-linux-gnu/README.md +137 -0
  122. data/vendor/bundle/ruby/3.4.0/gems/ffi-1.17.1-x86_64-linux-gnu/ffi.gemspec +42 -0
  123. data/vendor/bundle/ruby/3.4.0/gems/hashdiff-1.1.2/LICENSE +19 -0
  124. data/vendor/bundle/ruby/3.4.0/gems/hashdiff-1.1.2/README.md +298 -0
  125. data/vendor/bundle/ruby/3.4.0/gems/hashdiff-1.1.2/changelog.md +119 -0
  126. data/vendor/bundle/ruby/3.4.0/gems/hashdiff-1.1.2/hashdiff.gemspec +39 -0
  127. data/vendor/bundle/ruby/3.4.0/gems/i18n-1.14.6/MIT-LICENSE +20 -0
  128. data/vendor/bundle/ruby/3.4.0/gems/i18n-1.14.6/README.md +127 -0
  129. data/vendor/bundle/ruby/3.4.0/gems/json-2.9.1/README.md +195 -0
  130. data/vendor/bundle/ruby/3.4.0/gems/json-2.9.1/json.gemspec +64 -0
  131. data/vendor/bundle/ruby/3.4.0/gems/logger-1.6.5/README.md +104 -0
  132. data/vendor/bundle/ruby/3.4.0/gems/logger-1.6.5/logger.gemspec +28 -0
  133. data/vendor/bundle/ruby/3.4.0/gems/loofah-2.24.0/CHANGELOG.md +591 -0
  134. data/vendor/bundle/ruby/3.4.0/gems/loofah-2.24.0/MIT-LICENSE.txt +23 -0
  135. data/vendor/bundle/ruby/3.4.0/gems/loofah-2.24.0/README.md +410 -0
  136. data/vendor/bundle/ruby/3.4.0/gems/minitest-5.25.4/README.rdoc +835 -0
  137. data/vendor/bundle/ruby/3.4.0/gems/multi_json-1.15.0/CHANGELOG.md +275 -0
  138. data/vendor/bundle/ruby/3.4.0/gems/multi_json-1.15.0/LICENSE.md +20 -0
  139. data/vendor/bundle/ruby/3.4.0/gems/multi_json-1.15.0/README.md +121 -0
  140. data/vendor/bundle/ruby/3.4.0/gems/nokogiri-1.18.1-x86_64-linux-gnu/LICENSE-DEPENDENCIES.md +2224 -0
  141. data/vendor/bundle/ruby/3.4.0/gems/nokogiri-1.18.1-x86_64-linux-gnu/LICENSE.md +9 -0
  142. data/vendor/bundle/ruby/3.4.0/gems/nokogiri-1.18.1-x86_64-linux-gnu/README.md +293 -0
  143. data/vendor/bundle/ruby/3.4.0/gems/public_suffix-6.0.1/CHANGELOG.md +491 -0
  144. data/vendor/bundle/ruby/3.4.0/gems/public_suffix-6.0.1/LICENSE.txt +22 -0
  145. data/vendor/bundle/ruby/3.4.0/gems/public_suffix-6.0.1/README.md +222 -0
  146. data/vendor/bundle/ruby/3.4.0/gems/racc-1.8.1/ChangeLog +846 -0
  147. data/vendor/bundle/ruby/3.4.0/gems/racc-1.8.1/README.ja.rdoc +58 -0
  148. data/vendor/bundle/ruby/3.4.0/gems/racc-1.8.1/README.rdoc +60 -0
  149. data/vendor/bundle/ruby/3.4.0/gems/rack-3.1.8/CHANGELOG.md +998 -0
  150. data/vendor/bundle/ruby/3.4.0/gems/rack-3.1.8/MIT-LICENSE +20 -0
  151. data/vendor/bundle/ruby/3.4.0/gems/rack-3.1.8/README.md +328 -0
  152. data/vendor/bundle/ruby/3.4.0/gems/rack-session-2.1.0/license.md +72 -0
  153. data/vendor/bundle/ruby/3.4.0/gems/rack-session-2.1.0/readme.md +47 -0
  154. data/vendor/bundle/ruby/3.4.0/gems/rack-test-2.2.0/MIT-LICENSE.txt +20 -0
  155. data/vendor/bundle/ruby/3.4.0/gems/rack-test-2.2.0/README.md +139 -0
  156. data/vendor/bundle/ruby/3.4.0/gems/rails-dom-testing-2.2.0/MIT-LICENSE +23 -0
  157. data/vendor/bundle/ruby/3.4.0/gems/rails-dom-testing-2.2.0/README.md +91 -0
  158. data/vendor/bundle/ruby/3.4.0/gems/rails-html-sanitizer-1.6.2/CHANGELOG.md +255 -0
  159. data/vendor/bundle/ruby/3.4.0/gems/rails-html-sanitizer-1.6.2/MIT-LICENSE +23 -0
  160. data/vendor/bundle/ruby/3.4.0/gems/rails-html-sanitizer-1.6.2/README.md +267 -0
  161. data/vendor/bundle/ruby/3.4.0/gems/rake-13.2.1/MIT-LICENSE +21 -0
  162. data/vendor/bundle/ruby/3.4.0/gems/rake-13.2.1/README.rdoc +155 -0
  163. data/vendor/bundle/ruby/3.4.0/gems/rake-13.2.1/rake.gemspec +101 -0
  164. data/vendor/bundle/ruby/3.4.0/gems/rake-release-1.3.0/LICENSE +21 -0
  165. data/vendor/bundle/ruby/3.4.0/gems/rake-release-1.3.0/README.md +107 -0
  166. data/vendor/bundle/ruby/3.4.0/gems/rake-release-1.3.0/rake-release.gemspec +23 -0
  167. data/vendor/bundle/ruby/3.4.0/gems/rexml-3.4.0/LICENSE.txt +22 -0
  168. data/vendor/bundle/ruby/3.4.0/gems/rexml-3.4.0/README.md +57 -0
  169. data/vendor/bundle/ruby/3.4.0/gems/rspec-3.13.0/LICENSE.md +27 -0
  170. data/vendor/bundle/ruby/3.4.0/gems/rspec-3.13.0/README.md +47 -0
  171. data/vendor/bundle/ruby/3.4.0/gems/rspec-collection_matchers-1.2.1/Changelog.md +68 -0
  172. data/vendor/bundle/ruby/3.4.0/gems/rspec-collection_matchers-1.2.1/LICENSE.txt +27 -0
  173. data/vendor/bundle/ruby/3.4.0/gems/rspec-collection_matchers-1.2.1/README.md +76 -0
  174. data/vendor/bundle/ruby/3.4.0/gems/rspec-collection_matchers-1.2.1/rspec-collection_matchers.gemspec +33 -0
  175. data/vendor/bundle/ruby/3.4.0/gems/rspec-core-3.13.2/Changelog.md +2415 -0
  176. data/vendor/bundle/ruby/3.4.0/gems/rspec-core-3.13.2/LICENSE.md +26 -0
  177. data/vendor/bundle/ruby/3.4.0/gems/rspec-core-3.13.2/README.md +389 -0
  178. data/vendor/bundle/ruby/3.4.0/gems/rspec-expectations-3.13.3/Changelog.md +1352 -0
  179. data/vendor/bundle/ruby/3.4.0/gems/rspec-expectations-3.13.3/LICENSE.md +25 -0
  180. data/vendor/bundle/ruby/3.4.0/gems/rspec-expectations-3.13.3/README.md +326 -0
  181. data/vendor/bundle/ruby/3.4.0/gems/rspec-its-2.0.0/Changelog.md +73 -0
  182. data/vendor/bundle/ruby/3.4.0/gems/rspec-its-2.0.0/LICENSE.txt +27 -0
  183. data/vendor/bundle/ruby/3.4.0/gems/rspec-its-2.0.0/README.md +104 -0
  184. data/vendor/bundle/ruby/3.4.0/gems/rspec-its-2.0.0/rspec-its.gemspec +31 -0
  185. data/vendor/bundle/ruby/3.4.0/gems/rspec-mocks-3.13.2/Changelog.md +1299 -0
  186. data/vendor/bundle/ruby/3.4.0/gems/rspec-mocks-3.13.2/LICENSE.md +25 -0
  187. data/vendor/bundle/ruby/3.4.0/gems/rspec-mocks-3.13.2/README.md +465 -0
  188. data/vendor/bundle/ruby/3.4.0/gems/rspec-support-3.13.2/Changelog.md +408 -0
  189. data/vendor/bundle/ruby/3.4.0/gems/rspec-support-3.13.2/LICENSE.md +23 -0
  190. data/vendor/bundle/ruby/3.4.0/gems/rspec-support-3.13.2/README.md +40 -0
  191. data/vendor/bundle/ruby/3.4.0/gems/securerandom-0.4.1/README.md +72 -0
  192. data/vendor/bundle/ruby/3.4.0/gems/thor-1.3.2/LICENSE.md +20 -0
  193. data/vendor/bundle/ruby/3.4.0/gems/thor-1.3.2/README.md +45 -0
  194. data/vendor/bundle/ruby/3.4.0/gems/thor-1.3.2/thor.gemspec +33 -0
  195. data/vendor/bundle/ruby/3.4.0/gems/typhoeus-1.4.1/CHANGELOG.md +410 -0
  196. data/vendor/bundle/ruby/3.4.0/gems/typhoeus-1.4.1/LICENSE +22 -0
  197. data/vendor/bundle/ruby/3.4.0/gems/typhoeus-1.4.1/README.md +588 -0
  198. data/vendor/bundle/ruby/3.4.0/gems/typhoeus-1.4.1/typhoeus.gemspec +25 -0
  199. data/vendor/bundle/ruby/3.4.0/gems/tzinfo-2.0.6/LICENSE +19 -0
  200. data/vendor/bundle/ruby/3.4.0/gems/tzinfo-2.0.6/README.md +406 -0
  201. data/vendor/bundle/ruby/3.4.0/gems/uri-1.0.2/README.md +55 -0
  202. data/vendor/bundle/ruby/3.4.0/gems/useragent-0.16.11/LICENSE +20 -0
  203. data/vendor/bundle/ruby/3.4.0/gems/useragent-0.16.11/README.md +42 -0
  204. data/vendor/bundle/ruby/3.4.0/gems/webmock-3.24.0/CHANGELOG.md +2104 -0
  205. data/vendor/bundle/ruby/3.4.0/gems/webmock-3.24.0/LICENSE +20 -0
  206. data/vendor/bundle/ruby/3.4.0/gems/webmock-3.24.0/README.md +1222 -0
  207. data/vendor/bundle/ruby/3.4.0/specifications/actionpack-8.0.1.gemspec +36 -0
  208. data/vendor/bundle/ruby/3.4.0/specifications/actionview-8.0.1.gemspec +33 -0
  209. data/vendor/bundle/ruby/3.4.0/specifications/activemodel-8.0.1.gemspec +26 -0
  210. data/vendor/bundle/ruby/3.4.0/specifications/activesupport-8.0.1.gemspec +38 -0
  211. data/vendor/bundle/ruby/3.4.0/specifications/addressable-2.8.7.gemspec +30 -0
  212. data/vendor/bundle/ruby/3.4.0/specifications/appraisal-2.5.0.gemspec +31 -0
  213. data/vendor/bundle/ruby/3.4.0/specifications/base64-0.2.0.gemspec +23 -0
  214. data/vendor/bundle/ruby/3.4.0/specifications/benchmark-0.4.0.gemspec +23 -0
  215. data/vendor/bundle/ruby/3.4.0/specifications/bigdecimal-3.1.9.gemspec +25 -0
  216. data/vendor/bundle/ruby/3.4.0/specifications/builder-3.3.0.gemspec +22 -0
  217. data/vendor/bundle/ruby/3.4.0/specifications/concurrent-ruby-1.3.5.gemspec +24 -0
  218. data/vendor/bundle/ruby/3.4.0/specifications/connection_pool-2.5.0.gemspec +28 -0
  219. data/vendor/bundle/ruby/3.4.0/specifications/crack-1.0.0.gemspec +27 -0
  220. data/vendor/bundle/ruby/3.4.0/specifications/crass-1.0.6.gemspec +27 -0
  221. data/vendor/bundle/ruby/3.4.0/specifications/diff-lcs-1.5.1.gemspec +37 -0
  222. data/vendor/bundle/ruby/3.4.0/specifications/drb-2.2.1.gemspec +22 -0
  223. data/vendor/bundle/ruby/3.4.0/specifications/erubi-1.13.1.gemspec +29 -0
  224. data/vendor/bundle/ruby/3.4.0/specifications/ethon-0.16.0.gemspec +24 -0
  225. data/vendor/bundle/ruby/3.4.0/specifications/ffi-1.17.1-x86_64-linux-gnu.gemspec +31 -0
  226. data/vendor/bundle/ruby/3.4.0/specifications/hashdiff-1.1.2.gemspec +30 -0
  227. data/vendor/bundle/ruby/3.4.0/specifications/i18n-1.14.6.gemspec +27 -0
  228. data/vendor/bundle/ruby/3.4.0/specifications/json-2.9.1.gemspec +0 -0
  229. data/vendor/bundle/ruby/3.4.0/specifications/logger-1.6.5.gemspec +22 -0
  230. data/vendor/bundle/ruby/3.4.0/specifications/loofah-2.24.0.gemspec +27 -0
  231. data/vendor/bundle/ruby/3.4.0/specifications/minitest-5.25.4.gemspec +31 -0
  232. data/vendor/bundle/ruby/3.4.0/specifications/multi_json-1.15.0.gemspec +26 -0
  233. data/vendor/bundle/ruby/3.4.0/specifications/nokogiri-1.18.1-x86_64-linux-gnu.gemspec +31 -0
  234. data/vendor/bundle/ruby/3.4.0/specifications/public_suffix-6.0.1.gemspec +24 -0
  235. data/vendor/bundle/ruby/3.4.0/specifications/racc-1.8.1.gemspec +28 -0
  236. data/vendor/bundle/ruby/3.4.0/specifications/rack-3.1.8.gemspec +31 -0
  237. data/vendor/bundle/ruby/3.4.0/specifications/rack-session-2.1.0.gemspec +30 -0
  238. data/vendor/bundle/ruby/3.4.0/specifications/rack-test-2.2.0.gemspec +29 -0
  239. data/vendor/bundle/ruby/3.4.0/specifications/rails-dom-testing-2.2.0.gemspec +28 -0
  240. data/vendor/bundle/ruby/3.4.0/specifications/rails-html-sanitizer-1.6.2.gemspec +27 -0
  241. data/vendor/bundle/ruby/3.4.0/specifications/rake-13.2.1.gemspec +26 -0
  242. data/vendor/bundle/ruby/3.4.0/specifications/rake-release-1.3.0.gemspec +26 -0
  243. data/vendor/bundle/ruby/3.4.0/specifications/rexml-3.4.0.gemspec +25 -0
  244. data/vendor/bundle/ruby/3.4.0/specifications/rspec-3.13.0.gemspec +31 -0
  245. data/vendor/bundle/ruby/3.4.0/specifications/rspec-collection_matchers-1.2.1.gemspec +27 -0
  246. data/vendor/bundle/ruby/3.4.0/specifications/rspec-core-3.13.2.gemspec +39 -0
  247. data/vendor/bundle/ruby/3.4.0/specifications/rspec-expectations-3.13.3.gemspec +33 -0
  248. data/vendor/bundle/ruby/3.4.0/specifications/rspec-its-2.0.0.gemspec +27 -0
  249. data/vendor/bundle/ruby/3.4.0/specifications/rspec-mocks-3.13.2.gemspec +33 -0
  250. data/vendor/bundle/ruby/3.4.0/specifications/rspec-support-3.13.2.gemspec +29 -0
  251. data/vendor/bundle/ruby/3.4.0/specifications/securerandom-0.4.1.gemspec +23 -0
  252. data/vendor/bundle/ruby/3.4.0/specifications/thor-1.3.2.gemspec +28 -0
  253. data/vendor/bundle/ruby/3.4.0/specifications/typhoeus-1.4.1.gemspec +24 -0
  254. data/vendor/bundle/ruby/3.4.0/specifications/tzinfo-2.0.6.gemspec +30 -0
  255. data/vendor/bundle/ruby/3.4.0/specifications/uri-1.0.2.gemspec +23 -0
  256. data/vendor/bundle/ruby/3.4.0/specifications/useragent-0.16.11.gemspec +25 -0
  257. data/vendor/bundle/ruby/3.4.0/specifications/webmock-3.24.0.gemspec +45 -0
  258. metadata +208 -70
@@ -0,0 +1,91 @@
1
+ # Rails::Dom::Testing
2
+
3
+ This gem is responsible for comparing HTML doms and asserting that DOM elements are present in Rails applications.
4
+ Doms are compared via `assert_dom_equal` and `assert_dom_not_equal`.
5
+ Elements are asserted via `assert_dom`, `assert_dom_encoded`, `assert_dom_email` and a subset of the dom can be selected with `css_select`.
6
+ The gem is developed for Rails 4.2 and above, and will not work on previous versions.
7
+
8
+ ## Usage
9
+
10
+ ### Dom Assertions
11
+
12
+ ```ruby
13
+ assert_dom_equal '<h1>Lingua França</h1>', '<h1>Lingua França</h1>'
14
+
15
+ assert_dom_not_equal '<h1>Portuguese</h1>', '<h1>Danish</h1>'
16
+ ```
17
+
18
+ ### Selector Assertions
19
+
20
+ ```ruby
21
+ # implicitly selects from the document_root_element
22
+ css_select '.hello' # => Nokogiri::XML::NodeSet of elements with hello class
23
+
24
+ # select from a supplied node. assert_dom asserts elements exist.
25
+ assert_dom document_root_element.at('.hello'), '.goodbye'
26
+
27
+ # elements in CDATA encoded sections can also be selected
28
+ assert_dom_encoded '#out-of-your-element'
29
+
30
+ # assert elements within an html email exists
31
+ assert_dom_email '#you-got-mail'
32
+ ```
33
+
34
+ The documentation in [selector_assertions.rb](https://github.com/rails/rails-dom-testing/blob/master/lib/rails/dom/testing/assertions/selector_assertions.rb) goes into a lot more detail of how selector assertions can be used.
35
+
36
+ ### HTML versions
37
+
38
+ By default, assertions will use Nokogiri's HTML4 parser.
39
+
40
+ If `Rails::Dom::Testing.default_html_version` is set to `:html5`, then the assertions will use
41
+ Nokogiri's HTML5 parser. (If the HTML5 parser is not available on your platform, then a
42
+ `NotImplementedError` will be raised.)
43
+
44
+ When testing in a Rails application, the parser default can also be set by setting
45
+ `Rails.application.config.dom_testing_default_html_version`.
46
+
47
+ Some assertions support an `html_version:` keyword argument which can override the default for that
48
+ assertion. For example:
49
+
50
+ ``` ruby
51
+ # compare DOMs built with the HTML5 parser
52
+ assert_dom_equal(expected, actual, html_version: :html5)
53
+
54
+ # compare DOMs built with the HTML4 parser
55
+ assert_dom_not_equal(expected, actual, html_version: :html4)
56
+ ```
57
+
58
+ Please see documentation for individual assertions for more details.
59
+
60
+ ## Installation
61
+
62
+ Add this line to your application's Gemfile:
63
+
64
+ gem 'rails-dom-testing'
65
+
66
+ And then execute:
67
+
68
+ $ bundle
69
+
70
+ Or install it yourself as:
71
+
72
+ $ gem install rails-dom-testing
73
+
74
+ ## Read more
75
+
76
+ Under the hood the doms are parsed with Nokogiri, and you'll generally be working with these two classes:
77
+ - [`Nokogiri::XML::Node`](http://www.rubydoc.info/github/sparklemotion/nokogiri/Nokogiri/XML/Node)
78
+ - [`Nokogiri::XML::NodeSet`](http://www.rubydoc.info/github/sparklemotion/nokogiri/Nokogiri/XML/NodeSet)
79
+
80
+ Read more about Nokogiri:
81
+ - [Nokogiri](http://nokogiri.org)
82
+
83
+ ## Contributing to Rails::Dom::Testing
84
+
85
+ Rails::Dom::Testing is work of many contributors. You're encouraged to submit pull requests, propose
86
+ features and discuss issues.
87
+
88
+ See [CONTRIBUTING](CONTRIBUTING.md).
89
+
90
+ ## License
91
+ Rails::Dom::Testing is released under the [MIT License](MIT-LICENSE).
@@ -0,0 +1,255 @@
1
+ ## v1.6.2 / 2024-12-12
2
+
3
+ * `PermitScrubber` fully supports frozen "allowed tags".
4
+
5
+ v1.6.1 introduced safety checks that may remove unsafe tags from the allowed list, which
6
+ introduced a regression for applications passing a frozen array of allowed tags. Tags and
7
+ attributes are now properly copied when they are passed to the scrubber.
8
+
9
+ Fixes #195.
10
+
11
+ *Mike Dalessio*
12
+
13
+
14
+ ## 1.6.1 / 2024-12-02
15
+
16
+ This is a performance and security release which addresses several possible XSS vulnerabilities.
17
+
18
+ * The dependency on Nokogiri is updated to v1.15.7 or >=1.16.8.
19
+
20
+ This change addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).
21
+
22
+ *Mike Dalessio*
23
+
24
+ * Disallowed tags will be pruned when they appear in foreign content (i.e. SVG or MathML content),
25
+ regardless of the `prune:` option value. Previously, disallowed tags were "stripped" unless the
26
+ gem was configured with the `prune: true` option.
27
+
28
+ The CVEs addressed by this change are:
29
+
30
+ - CVE-2024-53986 (GHSA-638j-pmjw-jq48)
31
+ - CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)
32
+
33
+ *Mike Dalessio*
34
+
35
+ * The tags "noscript", "mglyph", and "malignmark" will not be allowed, even if explicitly added to
36
+ the allowlist. If applications try to allow any of these tags, a warning is emitted and the tags
37
+ are removed from the allow-list.
38
+
39
+ The CVEs addressed by this change are:
40
+
41
+ - CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
42
+ - CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)
43
+
44
+ Please note that we _may_ restore support for allowing "noscript" in a future release. We do not
45
+ expect to ever allow "mglyph" or "malignmark", though, especially since browser support is minimal
46
+ for these tags.
47
+
48
+ *Mike Dalessio*
49
+
50
+ * Improve performance by eliminating needless operations on attributes that are being removed. #188
51
+
52
+ *Mike Dalessio*
53
+
54
+
55
+ ## 1.6.0 / 2023-05-26
56
+
57
+ * Dependencies have been updated:
58
+
59
+ - Loofah `~>2.21` and Nokogiri `~>1.14` for HTML5 parser support
60
+ - As a result, required Ruby version is now `>= 2.7.0`
61
+
62
+ Security updates will continue to be made on the `1.5.x` release branch as long as Rails 6.1
63
+ (which supports Ruby 2.5) is still in security support.
64
+
65
+ *Mike Dalessio*
66
+
67
+ * HTML5 standards-compliant sanitizers are now available on platforms supported by
68
+ Nokogiri::HTML5. These are available as:
69
+
70
+ - `Rails::HTML5::FullSanitizer`
71
+ - `Rails::HTML5::LinkSanitizer`
72
+ - `Rails::HTML5::SafeListSanitizer`
73
+
74
+ And a new "vendor" is provided at `Rails::HTML5::Sanitizer` that can be used in a future version
75
+ of Rails.
76
+
77
+ Note that for symmetry `Rails::HTML4::Sanitizer` is also added, though its behavior is identical
78
+ to the vendor class methods on `Rails::HTML::Sanitizer`.
79
+
80
+ Users may call `Rails::HTML::Sanitizer.best_supported_vendor` to get back the HTML5 vendor if it's
81
+ supported, else the legacy HTML4 vendor.
82
+
83
+ *Mike Dalessio*
84
+
85
+ * Module namespaces have changed, but backwards compatibility is provided by aliases.
86
+
87
+ The library defines three additional modules:
88
+
89
+ - `Rails::HTML` for general functionality (replacing `Rails::Html`)
90
+ - `Rails::HTML4` containing sanitizers that parse content as HTML4
91
+ - `Rails::HTML5` containing sanitizers that parse content as HTML5
92
+
93
+ The following aliases are maintained for backwards compatibility:
94
+
95
+ - `Rails::Html` points to `Rails::HTML`
96
+ - `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer`
97
+ - `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer`
98
+ - `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer`
99
+
100
+ *Mike Dalessio*
101
+
102
+ * `LinkSanitizer` always returns UTF-8 encoded strings. `SafeListSanitizer` and `FullSanitizer`
103
+ already ensured this encoding.
104
+
105
+ *Mike Dalessio*
106
+
107
+ * `SafeListSanitizer` allows `time` tag and `lang` attribute by default.
108
+
109
+ *Mike Dalessio*
110
+
111
+ * The constant `Rails::Html::XPATHS_TO_REMOVE` has been removed. It's not necessary with the
112
+ existing sanitizers, and should have been a private constant all along anyway.
113
+
114
+ *Mike Dalessio*
115
+
116
+
117
+ ## 1.5.0 / 2023-01-20
118
+
119
+ * `SafeListSanitizer`, `PermitScrubber`, and `TargetScrubber` now all support pruning of unsafe tags.
120
+
121
+ By default, unsafe tags are still stripped, but this behavior can be changed to prune the element
122
+ and its children from the document by passing `prune: true` to any of these classes' constructors.
123
+
124
+ *seyerian*
125
+
126
+
127
+ ## 1.4.4 / 2022-12-13
128
+
129
+ * Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer.
130
+
131
+ Fixes CVE-2022-23517. See
132
+ [GHSA-5x79-w82f-gw8w](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w)
133
+ for more information.
134
+
135
+ *Mike Dalessio*
136
+
137
+ * Address improper sanitization of data URIs.
138
+
139
+ Fixes CVE-2022-23518 and #135. See
140
+ [GHSA-mcvf-2q2m-x72m](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m)
141
+ for more information.
142
+
143
+ *Mike Dalessio*
144
+
145
+ * Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
146
+
147
+ Fixes CVE-2022-23520. See
148
+ [GHSA-rrfc-7g8p-99q8](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8)
149
+ for more information.
150
+
151
+ *Mike Dalessio*
152
+
153
+ * Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
154
+
155
+ Fixes CVE-2022-23519. See
156
+ [GHSA-9h9g-93gc-623h](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h)
157
+ for more information.
158
+
159
+ *Mike Dalessio*
160
+
161
+
162
+ ## 1.4.3 / 2022-06-09
163
+
164
+ * Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
165
+
166
+ Prevent the combination of `select` and `style` as allowed tags in SafeListSanitizer.
167
+
168
+ Fixes CVE-2022-32209
169
+
170
+ *Mike Dalessio*
171
+
172
+
173
+ ## 1.4.2 / 2021-08-23
174
+
175
+ * Slightly improve performance.
176
+
177
+ Assuming elements are more common than comments, make one less method call per node.
178
+
179
+ *Mike Dalessio*
180
+
181
+
182
+ ## 1.4.1 / 2021-08-18
183
+
184
+ * Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
185
+
186
+ Some scrubbers will want to override the default behavior and allow comments, but v1.4.0 only
187
+ passed through elements to the scrubber's `keep_node?` method.
188
+
189
+ This change once again allows the scrubber to make the decision on comment nodes, but still skips
190
+ other non-elements like processing instructions (see #115).
191
+
192
+ *Mike Dalessio*
193
+
194
+
195
+ ## 1.4.0 / 2021-08-18
196
+
197
+ * Processing Instructions are no longer allowed by Rails::Html::PermitScrubber
198
+
199
+ Previously, a PI with a name (or "target") matching an allowed tag name was not scrubbed. There
200
+ are no known security issues associated with these PIs, but similar to comments it's preferred to
201
+ omit these nodes when possible from sanitized output.
202
+
203
+ Fixes #115.
204
+
205
+ *Mike Dalessio*
206
+
207
+
208
+ ## 1.3.0
209
+
210
+ * Address deprecations in Loofah 2.3.0.
211
+
212
+ *Josh Goodall*
213
+
214
+
215
+ ## 1.2.0
216
+
217
+ * Remove needless `white_list_sanitizer` deprecation.
218
+
219
+ By deprecating this, we were forcing Rails 5.2 to be updated or spew
220
+ deprecations that users could do nothing about.
221
+
222
+ That's pointless and I'm sorry for adding that!
223
+
224
+ Now there's no deprecation warning and Rails 5.2 works out of the box, while
225
+ Rails 6 can use the updated naming.
226
+
227
+ *Kasper Timm Hansen*
228
+
229
+
230
+ ## 1.1.0
231
+
232
+ * Add `safe_list_sanitizer` and deprecate `white_list_sanitizer` to be removed
233
+ in 1.2.0. https://github.com/rails/rails-html-sanitizer/pull/87
234
+
235
+ *Juanito Fatas*
236
+
237
+ * Remove `href` from LinkScrubber's `tags` as it's not an element.
238
+ https://github.com/rails/rails-html-sanitizer/pull/92
239
+
240
+ *Juanito Fatas*
241
+
242
+ * Explain that we don't need to bump Loofah here if there's CVEs.
243
+ https://github.com/rails/rails-html-sanitizer/commit/d4d823c617fdd0064956047f7fbf23fff305a69b
244
+
245
+ *Kasper Timm Hansen*
246
+
247
+
248
+ ## 1.0.1
249
+
250
+ * Added support for Rails 4.2.0.beta2 and above
251
+
252
+
253
+ ## 1.0.0
254
+
255
+ * First release.
@@ -0,0 +1,23 @@
1
+ Copyright (c) 2013-2023 Rafael Mendonça França, Kasper Timm Hansen, Mike Dalessio
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23
+
@@ -0,0 +1,267 @@
1
+ # Rails HTML Sanitizers
2
+
3
+ This gem is responsible for sanitizing HTML fragments in Rails applications. Specifically, this is the set of sanitizers used to implement the Action View `SanitizerHelper` methods `sanitize`, `sanitize_css`, `strip_tags` and `strip_links`.
4
+
5
+ Rails HTML Sanitizer is only intended to be used with Rails applications. If you need similar functionality but aren't using Rails, consider using the underlying sanitization library [Loofah](https://github.com/flavorjones/loofah) directly.
6
+
7
+
8
+ ## Usage
9
+
10
+ ### Sanitizers
11
+
12
+ All sanitizers respond to `sanitize`, and are available in variants that use either HTML4 or HTML5 parsing, under the `Rails::HTML4` and `Rails::HTML5` namespaces, respectively.
13
+
14
+ NOTE: The HTML5 sanitizers are not supported on JRuby. Users may programmatically check for support by calling `Rails::HTML::Sanitizer.html5_support?`.
15
+
16
+
17
+ #### FullSanitizer
18
+
19
+ ```ruby
20
+ full_sanitizer = Rails::HTML5::FullSanitizer.new
21
+ full_sanitizer.sanitize("<b>Bold</b> no more! <a href='more.html'>See more here</a>...")
22
+ # => Bold no more! See more here...
23
+ ```
24
+
25
+ or, if you insist on parsing the content as HTML4:
26
+
27
+ ```ruby
28
+ full_sanitizer = Rails::HTML4::FullSanitizer.new
29
+ full_sanitizer.sanitize("<b>Bold</b> no more! <a href='more.html'>See more here</a>...")
30
+ # => Bold no more! See more here...
31
+ ```
32
+
33
+ #### LinkSanitizer
34
+
35
+ ```ruby
36
+ link_sanitizer = Rails::HTML5::LinkSanitizer.new
37
+ link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
38
+ # => Only the link text will be kept.
39
+ ```
40
+
41
+ or, if you insist on parsing the content as HTML4:
42
+
43
+ ```ruby
44
+ link_sanitizer = Rails::HTML4::LinkSanitizer.new
45
+ link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
46
+ # => Only the link text will be kept.
47
+ ```
48
+
49
+
50
+ #### SafeListSanitizer
51
+
52
+ This sanitizer is also available as an HTML4 variant, but for simplicity we'll document only the HTML5 variant below.
53
+
54
+ ```ruby
55
+ safe_list_sanitizer = Rails::HTML5::SafeListSanitizer.new
56
+
57
+ # sanitize via an extensive safe list of allowed elements
58
+ safe_list_sanitizer.sanitize(@article.body)
59
+
60
+ # sanitize only the supplied tags and attributes
61
+ safe_list_sanitizer.sanitize(@article.body, tags: %w(table tr td), attributes: %w(id class style))
62
+
63
+ # sanitize via a custom scrubber
64
+ safe_list_sanitizer.sanitize(@article.body, scrubber: ArticleScrubber.new)
65
+
66
+ # prune nodes from the tree instead of stripping tags and leaving inner content
67
+ safe_list_sanitizer = Rails::HTML5::SafeListSanitizer.new(prune: true)
68
+
69
+ # the sanitizer can also sanitize css
70
+ safe_list_sanitizer.sanitize_css('background-color: #000;')
71
+ ```
72
+
73
+ ### Scrubbers
74
+
75
+ Scrubbers are objects responsible for removing nodes or attributes you don't want in your HTML document.
76
+
77
+ This gem includes two scrubbers `Rails::HTML::PermitScrubber` and `Rails::HTML::TargetScrubber`.
78
+
79
+ #### `Rails::HTML::PermitScrubber`
80
+
81
+ This scrubber allows you to permit only the tags and attributes you want.
82
+
83
+ ```ruby
84
+ scrubber = Rails::HTML::PermitScrubber.new
85
+ scrubber.tags = ['a']
86
+
87
+ html_fragment = Loofah.fragment('<a><img/ ></a>')
88
+ html_fragment.scrub!(scrubber)
89
+ html_fragment.to_s # => "<a></a>"
90
+ ```
91
+
92
+ By default, inner content is left, but it can be removed as well.
93
+
94
+ ```ruby
95
+ scrubber = Rails::HTML::PermitScrubber.new
96
+ scrubber.tags = ['a']
97
+
98
+ html_fragment = Loofah.fragment('<a><span>text</span></a>')
99
+ html_fragment.scrub!(scrubber)
100
+ html_fragment.to_s # => "<a>text</a>"
101
+
102
+ scrubber = Rails::HTML::PermitScrubber.new(prune: true)
103
+ scrubber.tags = ['a']
104
+
105
+ html_fragment = Loofah.fragment('<a><span>text</span></a>')
106
+ html_fragment.scrub!(scrubber)
107
+ html_fragment.to_s # => "<a></a>"
108
+ ```
109
+
110
+ #### `Rails::HTML::TargetScrubber`
111
+
112
+ Where `PermitScrubber` picks out tags and attributes to permit in sanitization,
113
+ `Rails::HTML::TargetScrubber` targets them for removal. See https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/safelist.rb for the tag list.
114
+
115
+ **Note:** by default, it will scrub anything that is not part of the permitted tags from
116
+ loofah `HTML5::Scrub.allowed_element?`.
117
+
118
+ ```ruby
119
+ scrubber = Rails::HTML::TargetScrubber.new
120
+ scrubber.tags = ['img']
121
+
122
+ html_fragment = Loofah.fragment('<a><img/ ></a>')
123
+ html_fragment.scrub!(scrubber)
124
+ html_fragment.to_s # => "<a></a>"
125
+ ```
126
+
127
+ Similarly to `PermitScrubber`, nodes can be fully pruned.
128
+
129
+ ```ruby
130
+ scrubber = Rails::HTML::TargetScrubber.new
131
+ scrubber.tags = ['span']
132
+
133
+ html_fragment = Loofah.fragment('<a><span>text</span></a>')
134
+ html_fragment.scrub!(scrubber)
135
+ html_fragment.to_s # => "<a>text</a>"
136
+
137
+ scrubber = Rails::HTML::TargetScrubber.new(prune: true)
138
+ scrubber.tags = ['span']
139
+
140
+ html_fragment = Loofah.fragment('<a><span>text</span></a>')
141
+ html_fragment.scrub!(scrubber)
142
+ html_fragment.to_s # => "<a></a>"
143
+ ```
144
+
145
+ #### Custom Scrubbers
146
+
147
+ You can also create custom scrubbers in your application if you want to.
148
+
149
+ ```ruby
150
+ class CommentScrubber < Rails::HTML::PermitScrubber
151
+ def initialize
152
+ super
153
+ self.tags = %w( form script comment blockquote )
154
+ self.attributes = %w( style )
155
+ end
156
+
157
+ def skip_node?(node)
158
+ node.text?
159
+ end
160
+ end
161
+ ```
162
+
163
+ See `Rails::HTML::PermitScrubber` documentation to learn more about which methods can be overridden.
164
+
165
+ #### Custom Scrubber in a Rails app
166
+
167
+ Using the `CommentScrubber` from above, you can use this in a Rails view like so:
168
+
169
+ ```ruby
170
+ <%= sanitize @comment, scrubber: CommentScrubber.new %>
171
+ ```
172
+
173
+ ### A note on HTML entities
174
+
175
+ __Rails HTML sanitizers are intended to be used by the view layer, at page-render time. They are *not* intended to sanitize persisted strings that will be sanitized *again* at page-render time.__
176
+
177
+ Proper HTML sanitization will replace some characters with HTML entities. For example, text containing a `<` character will be updated to contain `&lt;` to ensure that the markup is well-formed.
178
+
179
+ This is important to keep in mind because __HTML entities will render improperly if they are sanitized twice.__
180
+
181
+
182
+ #### A concrete example showing the problem that can arise
183
+
184
+ Imagine the user is asked to enter their employer's name, which will appear on their public profile page. Then imagine they enter `JPMorgan Chase & Co.`.
185
+
186
+ If you sanitize this before persisting it in the database, the stored string will be `JPMorgan Chase &amp; Co.`
187
+
188
+ When the page is rendered, if this string is sanitized a second time by the view layer, the HTML will contain `JPMorgan Chase &amp;amp; Co.` which will render as "JPMorgan Chase &amp;amp; Co.".
189
+
190
+ Another problem that can arise is rendering the sanitized string in a non-HTML context (for example, if it ends up being part of an SMS message). In this case, it may contain inappropriate HTML entities.
191
+
192
+
193
+ #### Suggested alternatives
194
+
195
+ You might simply choose to persist the untrusted string as-is (the raw input), and then ensure that the string will be properly sanitized by the view layer.
196
+
197
+ That raw string, if rendered in an non-HTML context (like SMS), must also be sanitized by a method appropriate for that context. You may wish to look into using [Loofah](https://github.com/flavorjones/loofah) or [Sanitize](https://github.com/rgrove/sanitize) to customize how this sanitization works, including omitting HTML entities in the final string.
198
+
199
+ If you really want to sanitize the string that's stored in your database, you may wish to look into [Loofah::ActiveRecord](https://github.com/flavorjones/loofah-activerecord) rather than use the Rails HTML sanitizers.
200
+
201
+
202
+ ### A note on module names
203
+
204
+ In versions < 1.6, the only module defined by this library was `Rails::Html`. Starting in 1.6, we define three additional modules:
205
+
206
+ - `Rails::HTML` for general functionality (replacing `Rails::Html`)
207
+ - `Rails::HTML4` containing sanitizers that parse content as HTML4
208
+ - `Rails::HTML5` containing sanitizers that parse content as HTML5 (if supported)
209
+
210
+ The following aliases are maintained for backwards compatibility:
211
+
212
+ - `Rails::Html` points to `Rails::HTML`
213
+ - `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer`
214
+ - `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer`
215
+ - `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer`
216
+
217
+
218
+ ## Installation
219
+
220
+ Add this line to your application's Gemfile:
221
+
222
+ gem 'rails-html-sanitizer'
223
+
224
+ And then execute:
225
+
226
+ $ bundle
227
+
228
+ Or install it yourself as:
229
+
230
+ $ gem install rails-html-sanitizer
231
+
232
+
233
+ ## Support matrix
234
+
235
+ | branch | ruby support | actively maintained | security support |
236
+ |--------|--------------|---------------------|----------------------------------------|
237
+ | 1.6.x | >= 2.7 | yes | yes |
238
+ | 1.5.x | >= 2.5 | no | while Rails 6.1 is in security support |
239
+ | 1.4.x | >= 1.8.7 | no | no |
240
+
241
+
242
+ ## Read more
243
+
244
+ Loofah is what underlies the sanitizers and scrubbers of rails-html-sanitizer.
245
+
246
+ - [Loofah and Loofah Scrubbers](https://github.com/flavorjones/loofah)
247
+
248
+ The `node` argument passed to some methods in a custom scrubber is an instance of `Nokogiri::XML::Node`.
249
+
250
+ - [`Nokogiri::XML::Node`](https://nokogiri.org/rdoc/Nokogiri/XML/Node.html)
251
+ - [Nokogiri](http://nokogiri.org)
252
+
253
+
254
+ ## Contributing to Rails HTML Sanitizers
255
+
256
+ Rails HTML Sanitizers is work of many contributors. You're encouraged to submit pull requests, propose features and discuss issues.
257
+
258
+ See [CONTRIBUTING](CONTRIBUTING.md).
259
+
260
+ ### Security reports
261
+
262
+ Trying to report a possible security vulnerability in this project? Please check out the [Rails project's security policy](https://rubyonrails.org/security) for instructions.
263
+
264
+
265
+ ## License
266
+
267
+ Rails HTML Sanitizers is released under the [MIT License](MIT-LICENSE).
@@ -0,0 +1,21 @@
1
+ Copyright (c) Jim Weirich
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
+