acts_as_html_sanitized 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1382947b56257ef40f8dacdaac8cba08d0f5e9bc
+  data.tar.gz: e2724e49f8ebc1821c7c3100887ae8b51aea8835
+SHA512:
+  metadata.gz: b7ad77554243a7a944aa105ddb596df3e5b1163f8a22b8af3f61a32a8839880a9415482a905ec67447090b95ca46c73c70f29a51ee5ed6c1d53e8850101812ba
+  data.tar.gz: f1ffa1afcc86720fe213a18dec0d1510aa7937167b06ea41c50e66afbb27f80e8708b6f5717f73a140e71ce7a6b086fc7f432d1f232665fca231ab8cf4f28e0d

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2014 Sasha Gerrand
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,28 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ActsAsHtmlSanitizer'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/lib/acts_as_html_sanitized.rb

@@ -0,0 +1,8 @@
+require 'active_record'
+require 'acts_as_html_sanitized/model_extensions'
+
+module ActsAsHtmlSanitized
+  if defined?(ActiveRecord::Base)
+    ActiveRecord::Base.send(:include, ActsAsHtmlSanitized::ModelExtensions)
+  end
+end

data/lib/acts_as_html_sanitized/model_extensions.rb

@@ -0,0 +1,24 @@
+require 'active_record'
+require 'sanitize'
+
+module ActsAsHtmlSanitized
+  module ModelExtensions
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def acts_as_html_sanitized
+        before_validation do |record|
+          for column in record.class.content_columns
+            if column.type == :string || column.type == :text
+              unless record[column.name].nil?
+                record[column.name] = Sanitize.clean(record[column.name])
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/acts_as_html_sanitized/version.rb

@@ -0,0 +1,3 @@
+module ActsAsHtmlSanitized
+  VERSION = "0.0.1"
+end

data/test/acts_as_html_sanitized_test.rb

@@ -0,0 +1,80 @@
+require 'test_helper'
+
+ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
+ActiveRecord::Schema.verbose = false
+
+def rails_3?
+  defined?(ActiveRecord::VERSION) && ActiveRecord::VERSION::MAJOR >= 3 && ActiveRecord::VERSION::MAJOR < 4
+end
+
+def setup_db
+  # AR caches columns options like defaults etc. Clear them!
+  ActiveRecord::Base.connection.schema_cache.clear!
+  ActiveRecord::Schema.define(version: 1) do
+    create_table :tests do |t|
+      t.column :str, :string
+      t.column :txt, :text
+      t.column :created_at, :datetime
+      t.column :updated_at, :datetime
+    end
+  end
+end
+
+def teardown_db
+  ActiveRecord::Base.connection.tables.each do |table|
+    ActiveRecord::Base.connection.drop_table(table)
+  end
+end
+
+class Test < ActiveRecord::Base
+  self.table_name = 'tests'
+
+  acts_as_html_sanitized
+end
+
+class ActsAsHtmlSanitizedTest < MiniTest::Unit::TestCase
+  def setup
+    ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
+    setup_db
+  end
+
+  def teardown
+    teardown_db
+  end
+
+  def test_module_has_expected_name
+    assert_kind_of Module, ActsAsHtmlSanitized
+  end
+
+  def test_string_attrs_are_sanitized
+    input = '<em>I am emphasised</em>'
+    Test.create(str: input)
+    assert_match ' I am emphasised', Test.first.str
+  end
+
+  def test_string_attrs_do_not_contain_html
+    input = '<em>I am emphasised</em>'
+    Test.create(str: input)
+    refute_match input, Test.first.str
+  end
+
+  def test_string_attrs_are_sanitized
+    input =<<HTML
+<script type="text/javascript">
+alert('ACHIEVEMENT UNLOCKED: XSS attack'):
+</script>
+HTML
+    Test.create(txt: input)
+    assert_match "\nalert('ACHIEVEMENT UNLOCKED: XSS attack'):\n\n", Test.first.txt
+  end
+
+  def test_string_attrs_do_not_contain_html
+    input =<<HTML
+<script type="text/javascript">
+alert('ACHIEVEMENT UNLOCKED: XSS attack'):
+</script>
+HTML
+    Test.create(txt: input)
+    refute_match input, Test.first.txt
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,5 @@
+require 'active_record'
+require 'minitest/autorun'
+require 'minitest/pride'
+
+require 'acts_as_html_sanitized'

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: acts_as_html_sanitized
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Sasha Gerrand
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: sanitize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Sanitizes your ActiveRecord attributes.
+email:
+- github-acts_as_html_sanitized@sgerrand.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/acts_as_html_sanitized/model_extensions.rb
+- lib/acts_as_html_sanitized/version.rb
+- lib/acts_as_html_sanitized.rb
+- MIT-LICENSE
+- Rakefile
+- test/acts_as_html_sanitized_test.rb
+- test/test_helper.rb
+homepage: https://github.com/sgerrand/acts_as_html_sanitized
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: Sanitizes your ActiveRecord attributes.
+test_files:
+- test/acts_as_html_sanitized_test.rb
+- test/test_helper.rb