RubyGems - acts_as_sanitiled - Versions diffs - 1.1.2 → 1.1.3 - Mend

acts_as_sanitiled 1.1.2 → 1.1.3

Files changed (8) hide show

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,9 @@
+1.1.3 (2011-02-10)
+* Remove explicit Nokogiri dependency
+* Update requirement to allow Sanitize 2.0--the future is now
+* Update requirement to allow a wider range of RedCloth
+* Fix spec for Sanitize 2.0.0 / Nokogiri 1.4.4 which gives the output I want
 1.1.2 (2010-05-07)
 * Make reload method more compatible (eg. with globalize2)
@@ -9,4 +15,4 @@
 * Add default_sanitize_options and default_textile_options class variables.
 1.0.0 (2009-10-14)
-* Initial butchering of defunkt's work.
+* Initial butchering of defunkt's work.

data/README.rdoc CHANGED Viewed

@@ -2,37 +2,27 @@
 This plugin, based on Chris Wanstrath's venerable acts_as_textiled, extends the automatic textiling functionality to sanitization as well using as its basis Ryan Grove's powerful yet simple Sanitize gem.
-The reasoning behind this approach is simple.  Filtering input before it is saved to the database (as xss_terminate and many other popular plugins do) often fails to preserve user intent.  On the other hand, filtering output at the template level is error prone, and you are begging to get pwned.  Short of some sort of taint mode (which Rails 3 will have!), I believe the method employed by acts_as_textiled is the next best thing: you get safe output by default, but input is never corrupted.
+*Important Development Status Update* There used to be a paragraph here about why I liked this approach, but I've come to disagree with it over time.  First, generally because the Rails 3 / rails_xss approach of tainted strings is ultimately better than the bandaid that this provided.  But specifically because the cleverness of the solution outweighs its usefulness.  It's a lot of hacking around internals simply to avoid calling a helper in a view, which while easy to forget, does not usually appear in all that many places or change all that often.  Meanwhile, the internals of the model carry significantly more complexity, and suffer irredeemable breakages when you introduce something like I18n with Globalize2.  Aside from that, any gains that were made are erased the minute you need to emit something other than HTML.  With that in mind, I am still maintaining acts_as_sanitiled to the extent I need it, but I am no longer sanctioning the approach, and I would recommend deprecating your usage of the plugin.
 == Requirements
+The officially sanctioned requirements are:
 * Sanitize >1.1.0 (prior versions had a whitespace issue)
-* Nokogiri >1.3.3
-* RedCloth (for Textile support)
-* ActiveRecord (tested on 2.3.4)
+* RedCloth >4.1.0
+* ActiveRecord (tested on 2.3.10)
-== Installation
+However there are a lot of little aberrations in output when you start mixing and matching versions of the various moving parts.  Most recently I am working with REE 1.8.7, Sanitize 2.0.0, RedCloth 4.2.5, and Nokogiri 1.4.4, and I make sure specs pass with that mix.  With other versions things should still work but the output might be slightly different (see known issues)
-acts_as_sanitiled is distributed via Gemcutter.  If you are enlightened you can simply do:
+== Installation
   gem install acts_as_sanitiled
-If you haven't checkout out Gemcutter yet:
-  gem install --source http://gemcutter.org acts_as_sanitiled
-Then in your Rails environment.rb:
-  config.gem 'acts_as_sanitiled'
 == Known Issues
-The tests are passing for me with Sanitize 1.1.0 and Nokogiri 1.4.0 under my native ruby install of 1.8.6.  However under 1.8.7 (using rvm) I get a whitespace error in the sanitized html, which results in paragraphs and line breaks not having line breaks, and thus screws up the output of attribute(:plain).  I haven't been able to figure out what the problem is yet, but if you see a test failure on:
-   ./spec/sanitiled_spec.rb:49: A standard textiled object - should properly textilize and strip html
-Let me know if you are able to help debug.
+Line breaks sometime disappear from output which breaks the :plain output.  This issue was not present under 1.8.6, Sanitize 1.1.0 and Nokogiri 1.4.0, but when I switched to 1.8.7 it appears.  I never tracked down the cause, so keep an eye out for this one.
+XHTML vs HTML output.  This changed when I upgraded to Sanitize 2.0.0 and Nokogiri 1.4.4.  This must have become the default somewhere, which is fine with me since HTML 5 is the future.  Specs upgraded accordingly.
 == Changes from acts_as_textiled
@@ -166,4 +156,4 @@ won't need to do this.
 Enjoy.
 * By Chris Wanstrath [ chris[at]ozmm[dot]org ]
-* Butchered and Sanitized by Gabe da Silveira [ gabe[at]websaviour[dot]com ]
+* Butchered and Sanitized by Gabe da Silveira [ gabe[at]websaviour[dot]com ]

data/Rakefile CHANGED Viewed

@@ -11,9 +11,8 @@ begin
     gem.homepage = "http://github.com/dasil003/acts_as_sanitiled"
     gem.authors = ["Gabe da Silveira"]
-    gem.add_dependency('nokogiri', '~> 1.3.3')
-    gem.add_dependency('sanitize', '~> 1.1.0')
-    gem.add_dependency('RedCloth')
+    gem.add_dependency('sanitize', '>= 1.1.0', '< 3.0.0')
+    gem.add_dependency('RedCloth', '>= 4.1.0', '< 4.2.6')
     gem.add_development_dependency "bacon"
     gem.add_development_dependency "activesupport"
@@ -59,4 +58,4 @@ Rake::RDocTask.new do |rdoc|
   rdoc.title = "acts_as_sanitiled #{version}"
   rdoc.rdoc_files.include('README*')
   rdoc.rdoc_files.include('lib/**/*.rb')
-end
+end

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.1.2
1	+ 1.1.3

data/acts_as_sanitiled.gemspec CHANGED Viewed

@@ -1,65 +1,59 @@
 # Generated by jeweler
 # DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
 Gem::Specification.new do |s|
   s.name = %q{acts_as_sanitiled}
-  s.version = "1.1.2"
+  s.version = "1.1.3"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Gabe da Silveira"]
-  s.date = %q{2010-05-07}
+  s.date = %q{2011-02-10}
   s.description = %q{A modernized version of Chris Wansthrath's venerable acts_as_textiled. It automatically textiles and then sanitizes columns to your specification.  Ryan Grove's excellent Sanitize gem with nokogiri provides the backend for speedy and robust filtering of your output in order to: restrict Textile to a subset of HTML, guarantee well-formedness, and of course prevent XSS.}
   s.email = %q{gabe@websaviour.com}
   s.extra_rdoc_files = [
     "LICENSE",
-     "README.rdoc"
+    "README.rdoc"
   ]
   s.files = [
-    ".gitignore",
-     "CHANGELOG",
-     "LICENSE",
-     "README.rdoc",
-     "Rakefile",
-     "VERSION",
-     "acts_as_sanitiled.gemspec",
-     "lib/acts_as_sanitiled.rb",
-     "rails/init.rb",
-     "spec/sanitiled_spec.rb",
-     "spec/spec_helper.rb"
+    "CHANGELOG",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "acts_as_sanitiled.gemspec",
+    "lib/acts_as_sanitiled.rb",
+    "rails/init.rb",
+    "spec/sanitiled_spec.rb",
+    "spec/spec_helper.rb"
   ]
   s.homepage = %q{http://github.com/dasil003/acts_as_sanitiled}
-  s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.6}
+  s.rubygems_version = %q{1.4.2}
   s.summary = %q{Automatically textiles and/or sanitizes ActiveRecord columns}
   s.test_files = [
     "spec/sanitiled_spec.rb",
-     "spec/spec_helper.rb"
+    "spec/spec_helper.rb"
   ]
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<nokogiri>, ["~> 1.3.3"])
-      s.add_runtime_dependency(%q<sanitize>, ["~> 1.1.0"])
-      s.add_runtime_dependency(%q<RedCloth>, [">= 0"])
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<sanitize>, [">= 1.1.0", "< 3.0.0"])
+      s.add_runtime_dependency(%q<RedCloth>, [">= 4.1.0", "< 4.2.6"])
       s.add_development_dependency(%q<bacon>, [">= 0"])
       s.add_development_dependency(%q<activesupport>, [">= 0"])
     else
-      s.add_dependency(%q<nokogiri>, ["~> 1.3.3"])
-      s.add_dependency(%q<sanitize>, ["~> 1.1.0"])
-      s.add_dependency(%q<RedCloth>, [">= 0"])
+      s.add_dependency(%q<sanitize>, [">= 1.1.0", "< 3.0.0"])
+      s.add_dependency(%q<RedCloth>, [">= 4.1.0", "< 4.2.6"])
       s.add_dependency(%q<bacon>, [">= 0"])
       s.add_dependency(%q<activesupport>, [">= 0"])
     end
   else
-    s.add_dependency(%q<nokogiri>, ["~> 1.3.3"])
-    s.add_dependency(%q<sanitize>, ["~> 1.1.0"])
-    s.add_dependency(%q<RedCloth>, [">= 0"])
+    s.add_dependency(%q<sanitize>, [">= 1.1.0", "< 3.0.0"])
+    s.add_dependency(%q<RedCloth>, [">= 4.1.0", "< 4.2.6"])
     s.add_dependency(%q<bacon>, [">= 0"])
     s.add_dependency(%q<activesupport>, [">= 0"])
   end

data/spec/sanitiled_spec.rb CHANGED Viewed

@@ -37,7 +37,7 @@ EOF
     @desc_html    = '_why announces <i>Sandbox</i>'
     @desc_plain   = '_why announces Sandbox'
-    @body_html    = "<p>First line<br />\nSecond line with <strong>bold</strong></p>\n<p>Second paragraph with special char\342\204\242, <a>XSS attribute</a>,<br />\nscript&gt;script tag, and <b>unclosed tag.</b></p>"
+    @body_html    = "<p>First line<br>\nSecond line with <strong>bold</strong></p>\n<p>Second paragraph with special char\342\204\242, <a>XSS attribute</a>,<br>\nscript&gt;script tag, and <b>unclosed tag.</b></p>"
     @body_plain   = "First line\nSecond line with bold\n\nSecond paragraph with special char™, XSS attribute,\nscript>script tag, and unclosed tag."
   end
@@ -116,4 +116,4 @@ describe 'Defining fields on an ActiveRecord object' do
       end
     end.should.raise
   end
-end
+end

metadata CHANGED Viewed

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: acts_as_sanitiled
 version: !ruby/object:Gem::Version
-  prerelease: false
+  hash: 21
+  prerelease:
   segments:
   - 1
   - 1
-  - 2
-  version: 1.1.2
+  - 3
+  version: 1.1.3
 platform: ruby
 authors:
 - Gabe da Silveira
@@ -14,73 +15,85 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-05-07 00:00:00 -07:00
+date: 2011-02-10 00:00:00 -08:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: sanitize
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
+        hash: 19
         segments:
         - 1
+        - 1
+        - 0
+        version: 1.1.0
+    - - <
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
         - 3
-        - 3
-        version: 1.3.3
+        - 0
+        - 0
+        version: 3.0.0
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency
-  name: sanitize
+  name: RedCloth
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
+        hash: 59
         segments:
-        - 1
+        - 4
         - 1
         - 0
-        version: 1.1.0
-  type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: RedCloth
-  prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
+        version: 4.1.0
+    - - <
       - !ruby/object:Gem::Version
+        hash: 59
         segments:
-        - 0
-        version: "0"
+        - 4
+        - 2
+        - 6
+        version: 4.2.6
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency
   name: bacon
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
+        hash: 3
         segments:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id004
+  version_requirements: *id003
 - !ruby/object:Gem::Dependency
   name: activesupport
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
+        hash: 3
         segments:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id005
+  version_requirements: *id004
 description: "A modernized version of Chris Wansthrath's venerable acts_as_textiled. It automatically textiles and then sanitizes columns to your specification.  Ryan Grove's excellent Sanitize gem with nokogiri provides the backend for speedy and robust filtering of your output in order to: restrict Textile to a subset of HTML, guarantee well-formedness, and of course prevent XSS."
 email: gabe@websaviour.com
 executables: []
@@ -91,7 +104,6 @@ extra_rdoc_files:
 - LICENSE
 - README.rdoc
 files:
-- .gitignore
 - CHANGELOG
 - LICENSE
 - README.rdoc
@@ -107,28 +119,32 @@ homepage: http://github.com/dasil003/acts_as_sanitiled
 licenses: []
 post_install_message:
-rdoc_options:
-- --charset=UTF-8
+rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
+      hash: 3
       segments:
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
+      hash: 3
       segments:
       - 0
       version: "0"
 requirements: []
 rubyforge_project:
-rubygems_version: 1.3.6
+rubygems_version: 1.4.2
 signing_key:
 specification_version: 3
 summary: Automatically textiles and/or sanitizes ActiveRecord columns

data/.gitignore DELETED Viewed

	@@ -1,2 +0,0 @@
1	- coverage
2	- pkg