RubyGems - antisamy - Versions diffs - 0.0.1 → 0.2.0 - Mend

antisamy 0.0.1 → 0.2.0

Files changed (45) hide show

data/README.rdoc +6 -1
data/lib/antisamy/css/css_filter.rb +187 -0
data/lib/antisamy/css/css_scanner.rb +84 -0
data/lib/antisamy/css/css_validator.rb +129 -0
data/lib/antisamy/csspool/rsac/sac/conditions/attribute_condition.rb +50 -0
data/lib/antisamy/csspool/rsac/sac/conditions/begin_hyphen_condition.rb +18 -0
data/lib/antisamy/csspool/rsac/sac/conditions/class_condition.rb +18 -0
data/lib/antisamy/csspool/rsac/sac/conditions/combinator_condition.rb +36 -0
data/lib/antisamy/csspool/rsac/sac/conditions/condition.rb +29 -0
data/lib/antisamy/csspool/rsac/sac/conditions/id_condition.rb +23 -0
data/lib/antisamy/csspool/rsac/sac/conditions/one_of_condition.rb +18 -0
data/lib/antisamy/csspool/rsac/sac/conditions/pseudo_class_condition.rb +20 -0
data/lib/antisamy/csspool/rsac/sac/conditions.rb +5 -0
data/lib/antisamy/csspool/rsac/sac/document_handler.rb +66 -0
data/lib/antisamy/csspool/rsac/sac/error_handler.rb +13 -0
data/lib/antisamy/csspool/rsac/sac/generated_parser.rb +1012 -0
data/lib/antisamy/csspool/rsac/sac/generated_property_parser.rb +9284 -0
data/lib/antisamy/csspool/rsac/sac/lexeme.rb +27 -0
data/lib/antisamy/csspool/rsac/sac/lexical_unit.rb +201 -0
data/lib/antisamy/csspool/rsac/sac/parse_exception.rb +4 -0
data/lib/antisamy/csspool/rsac/sac/parser.rb +109 -0
data/lib/antisamy/csspool/rsac/sac/property_parser.rb +44 -0
data/lib/antisamy/csspool/rsac/sac/selectors/child_selector.rb +36 -0
data/lib/antisamy/csspool/rsac/sac/selectors/conditional_selector.rb +45 -0
data/lib/antisamy/csspool/rsac/sac/selectors/descendant_selector.rb +36 -0
data/lib/antisamy/csspool/rsac/sac/selectors/element_selector.rb +35 -0
data/lib/antisamy/csspool/rsac/sac/selectors/selector.rb +25 -0
data/lib/antisamy/csspool/rsac/sac/selectors/sibling_selector.rb +35 -0
data/lib/antisamy/csspool/rsac/sac/selectors/simple_selector.rb +21 -0
data/lib/antisamy/csspool/rsac/sac/selectors.rb +5 -0
data/lib/antisamy/csspool/rsac/sac/token.rb +25 -0
data/lib/antisamy/csspool/rsac/sac/tokenizer.rb +185 -0
data/lib/antisamy/csspool/rsac/sac.rb +14 -0
data/lib/antisamy/csspool/rsac/stylesheet/rule.rb +20 -0
data/lib/antisamy/csspool/rsac/stylesheet/stylesheet.rb +76 -0
data/lib/antisamy/csspool/rsac/stylesheet.rb +3 -0
data/lib/antisamy/csspool/rsac.rb +1 -0
data/lib/antisamy/html/handler.rb +4 -0
data/lib/antisamy/html/sax_filter.rb +49 -33
data/lib/antisamy/html/scanner.rb +1 -43
data/lib/antisamy/policy.rb +8 -3
data/lib/antisamy/scan_results.rb +68 -0
data/lib/antisamy.rb +4 -0
data/spec/antisamy_spec.rb +111 -3
metadata +39 -3

data/lib/antisamy/csspool/rsac/sac/lexeme.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module RSAC
+  class Lexeme
+    attr_reader :name, :pattern
+    def initialize(name, pattern=nil, &block)
+      raise ArgumentError, "name required" unless name
+      @name = name
+      patterns = []
+      patterns << pattern if pattern
+      yield(patterns) if block_given?
+      if patterns.empty?
+        raise ArgumentError, "at least one pattern required"
+      end
+      patterns.collect! do |spattern|
+        source = spattern.source
+        source = "\\A#{source}"
+        Regexp.new(source, Regexp::IGNORECASE + Regexp::MULTILINE, 'n')
+      end
+      @pattern = Regexp.union(*patterns)
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/lexical_unit.rb ADDED Viewed

@@ -0,0 +1,201 @@
+module RSAC
+  class LexicalUnit
+    attr_accessor :dimension_unit_text,
+    :lexical_unit_type,
+    :float_value,
+    :integer_value,
+    :string_value,
+    :parameters,
+    :function_name
+    def ==(other)
+      self.class === other && self.lexical_unit_type == other.lexical_unit_type
+    end
+    def eql?(other)
+      self == other
+    end
+    alias :to_s :string_value
+  end
+  class Function < LexicalUnit
+    FUNCTIONS = {
+      'counter'   => :SAC_COUNTER_FUNCTION,
+      'counters'  => :SAC_COUNTERS_FUNCTION,
+      'rect'      => :SAC_RECT_FUNCTION,
+    }
+    def initialize(name, params)
+      self.string_value = "#{name}#{params.join(', ')})"
+      name =~ /^(.*)\(/
+      self.function_name = $1
+      self.parameters = params
+      self.lexical_unit_type = FUNCTIONS[self.function_name] || :SAC_FUNCTION
+    end
+    def ==(other)
+      super && %w{ function_name parameters }.all? { |x|
+        self.send(x.to_sym) == other.send(x.to_sym)
+      }
+    end
+    def hash
+      ([self.function_name] + parameters).hash
+    end
+  end
+  class Color < LexicalUnit
+    def initialize(value)
+      self.string_value = value
+      self.lexical_unit_type = :SAC_RGBCOLOR
+      if value =~ /^#([A-F\d]{1,2})([A-F\d]{1,2})([A-F\d]{1,2})$/
+        self.parameters = [$1, $2, $3].map { |x|
+          x.length == 1 ? (x * 2).hex : x.hex
+        }.map { |x|
+          Number.new(x, '', :SAC_INTEGER)
+        }
+      else
+        self.parameters = [LexicalIdent.new(value)]
+      end
+    end
+    def ==(other)
+      super && self.parameters == other.parameters
+    end
+    def hash
+      self.parameters.hash
+    end
+    def to_s
+      if self.parameters.length < 3
+        super
+      else
+        hex = self.parameters.map { |x|
+          sprintf("%02X", x.integer_value).split('').uniq
+        }.flatten
+        hex.length != 3 ? super : "##{hex.join()}"
+      end
+    end
+  end
+  class LexicalString < LexicalUnit
+    def initialize(value)
+      self.string_value = value
+      self.lexical_unit_type = :SAC_STRING_VALUE
+    end
+    def ==(other)
+      super && self.string_value == other.string_value
+    end
+    def hash
+      self.string_value.hash
+    end
+  end
+  class LexicalIdent < LexicalUnit
+    def initialize(value)
+      self.string_value = value
+      self.lexical_unit_type = :SAC_IDENT
+    end
+    def ==(other)
+      super && self.string_value == other.string_value
+    end
+    def hash
+      self.string_value.hash
+    end
+  end
+  class LexicalURI < LexicalUnit
+    def initialize(value)
+      self.string_value = value.gsub(/^url\(/, '').gsub(/\)$/, '')
+      self.lexical_unit_type = :SAC_URI
+    end
+    def ==(other)
+      super && self.string_value == other.string_value
+    end
+    def hash
+      self.string_value.hash
+    end
+    def to_s
+      "url(#{string_value})"
+    end
+  end
+  class Number < LexicalUnit
+    NON_NEGATIVE_UNITS = [
+      :SAC_DEGREE,
+      :SAC_GRADIAN,
+      :SAC_RADIAN,
+      :SAC_MILLISECOND,
+      :SAC_SECOND,
+      :SAC_HERTZ,
+      :SAC_KILOHERTZ,
+    ]
+    UNITS = {
+      'deg'   => :SAC_DEGREE,
+      'rad'   => :SAC_RADIAN,
+      'grad'  => :SAC_GRADIAN,
+      'ms'    => :SAC_MILLISECOND,
+      's'     => :SAC_SECOND,
+      'hz'    => :SAC_HERTZ,
+      'khz'   => :SAC_KILOHERTZ,
+      'px'    => :SAC_PIXEL,
+      'cm'    => :SAC_CENTIMETER,
+      'mm'    => :SAC_MILLIMETER,
+      'in'    => :SAC_INCH,
+      'pt'    => :SAC_POINT,
+      'pc'    => :SAC_PICA,
+      '%'     => :SAC_PERCENTAGE,
+      'em'    => :SAC_EM,
+      'ex'    => :SAC_EX,
+    }
+    def initialize(value, unit = nil, type = nil)
+      if value.is_a?(String)
+        value =~ /^(-?[0-9.]*)(.*)$/
+        value = $1
+        unit  ||= $2
+      end
+      type  ||= UNITS[self.dimension_unit_text]
+      self.string_value = "#{value}#{unit}"
+      self.float_value = value.to_f
+      self.integer_value = value.to_i
+      self.dimension_unit_text = unit.downcase
+      self.lexical_unit_type = UNITS[self.dimension_unit_text] ||
+      (value =~ /\./ ? :SAC_NUMBER : :SAC_INTEGER)
+    end
+    def ==(other)
+      return true if self.float_value == 0 && other.float_value == 0
+      return false unless super
+      %w{ float_value integer_value dimension_unit_text }.all? { |x|
+        self.send(x.to_sym) == other.send(x.to_sym)
+      }
+    end
+    def hash
+      if self.float_value == 0
+        self.float_value.hash
+      else
+        %w{ float_value integer_value dimension_unit_text }.map { |x|
+          self.send(x.to_sym)
+        }.hash
+      end
+    end
+    def to_s
+      if self.float_value == 0
+        "0"
+      else
+        super
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/parse_exception.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module RSAC
+  class ParseException < RuntimeError
+  end
+end

data/lib/antisamy/csspool/rsac/sac/parser.rb ADDED Viewed

@@ -0,0 +1,109 @@
+require "antisamy/csspool/rsac/sac/document_handler"
+require "antisamy/csspool/rsac/sac/error_handler"
+require "antisamy/csspool/rsac/sac/generated_parser"
+require "antisamy/csspool/rsac/sac/lexical_unit"
+require "antisamy/csspool/rsac/sac/parse_exception"
+require "antisamy/csspool/rsac/sac/tokenizer"
+require "antisamy/csspool/rsac/sac/property_parser"
+module RSAC
+  class Parser < RSAC::GeneratedParser
+    # The version of CSSPool you're using
+    VERSION = '0.2.7'
+    TOKENIZER = Tokenizer.new
+    attr_accessor :document_handler, :error_handler, :logger
+    def initialize(document_handler = StyleSheet.new(self))
+      @error_handler = ErrorHandler.new
+      @document_handler = document_handler
+      @property_parser = PropertyParser.new()
+      @tokenizer = TOKENIZER
+      @logger = nil
+    end
+    def parse_style_sheet(string)
+      @yydebug = true
+      @tokens = TOKENIZER.tokenize(string)
+      @position = 0
+      self.document_handler.start_document(string)
+      do_parse
+      self.document_handler.end_document(string)
+      self.document_handler
+    end
+    alias :parse :parse_style_sheet
+    def parse_rule(rule)
+      returner = Class.new(DocumentHandler) {
+        attr_accessor :selector
+        alias :start_selector :selector=
+      }.new
+      old_document_handler = self.document_handler
+      self.document_handler = returner
+      self.parse("#{rule} { }")
+      self.document_handler = old_document_handler
+      returner.selector
+    end
+    # Returns the parser version.  We return CSS2, but its actually
+    # CSS2.1.  No font-face tags.  Sorry.
+    def parser_version
+      "http://www.w3.org/TR/REC-CSS2"
+    end
+    attr_reader :property_parser
+    attr_reader :tokenizer
+    private # Bro.
+    # We have to eliminate matching pairs.
+    # http://www.w3.org/TR/CSS21/syndata.html#parsing-errors
+    # See the malformed declarations section
+    def eliminate_pair_matches(error_value)
+      pairs = {}
+      pairs['"'] = '"'
+      pairs["'"] = "'"
+        pairs['{'] = '}'
+        pairs['['] = ']'
+        pairs['('] = ')'
+        error_value.to_s.strip!
+        if pairs[error_value]
+          logger.warn("Eliminating pair for: #{error_value}") if logger
+          loop {
+            token = next_token
+            eliminate_pair_matches(token[1])
+            logger.warn("Eliminated token: #{token.join(' ')}") if logger
+            if token[1] == pairs[error_value]
+              @position -= 1
+              @tokens[@position] = Token.new(:S, ' ', nil) # super hack
+              break
+            end
+          }
+        end
+      end
+      def on_error(error_token_id, error_value, value_stack)
+        if logger
+          logger.error(token_to_str(error_token_id))
+          logger.error("error value: #{error_value}")
+        end
+        eliminate_pair_matches(error_value)
+      end
+      def next_token
+        return [false, false] if @position >= @tokens.length
+        n_token = @tokens[@position]
+        @position += 1
+        if n_token.name == :COMMENT
+          self.document_handler.comment(n_token.value)
+          return next_token
+        end
+        n_token.to_racc_token
+      end
+    end
+  end

data/lib/antisamy/csspool/rsac/sac/property_parser.rb ADDED Viewed

@@ -0,0 +1,44 @@
+require "antisamy/csspool/rsac/sac/generated_property_parser"
+module RSAC
+  class PropertyParser < RSAC::GeneratedPropertyParser
+    def initialize
+      @tokens = []
+      @token_table = Racc_arg[10]
+    end
+    def parse_tokens(tokens)
+      negate = false # Nasty hack for unary minus
+      @tokens = tokens.find_all { |x| x.name != :S }.map { |token|
+        tok = if @token_table.has_key?(token.value)
+        [token.value, token.value]
+      else
+        if token.name == :delim && !@token_table.has_key?(token.value)
+          negate = true if token.value == '-'
+          nil
+        else
+          token.to_racc_token
+        end
+      end
+      if negate && tok
+        tok[1] = "-#{tok[1]}"
+        negate = false
+      end
+      tok
+    }.compact
+    begin
+      return do_parse
+    rescue ParseError => e
+      return nil
+    end
+  end
+  private
+  def next_token
+    return [false, false] if @tokens.empty?
+    @tokens.shift
+  end
+end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/child_selector.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module RSAC
+  module Selectors
+    class ChildSelector < SimpleSelector
+      attr_accessor :ancestor_selector, :simple_selector
+      alias :parent :ancestor_selector
+      alias :selector :simple_selector
+      def initialize(parent, selector)
+        super(:SAC_CHILD_SELECTOR)
+        @ancestor_selector = parent
+        @simple_selector = selector
+      end
+      def to_css
+        "#{parent.to_css} > #{selector.to_css}"
+      end
+      def to_xpath(prefix=true)
+        "#{parent.to_xpath(prefix)}/#{selector.to_xpath(false)}"
+      end
+      def specificity
+        parent.specificity.zip(selector.specificity).map { |x,y| x + y }
+      end
+      def ==(other)
+        super && parent == other.parent && selector == other.selector
+      end
+      def hash
+        [parent, selector].hash
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/conditional_selector.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module RSAC
+  module Selectors
+    class ConditionalSelector < SimpleSelector
+      attr_accessor :condition, :simple_selector
+      alias :selector :simple_selector
+      def initialize(selector, condition)
+        super(:SAC_CONDITIONAL_SELECTOR)
+        @condition = condition
+        @simple_selector = selector
+      end
+      def to_css
+        [selector, condition].map { |x|
+          x ? x.to_css : ''
+        }.join('')
+      end
+      def to_xpath(prefix=true)
+        atoms = []
+        atoms << "//" if prefix
+        atoms << (selector ? selector.to_xpath(false) : "*")
+        atoms << condition.to_xpath
+        atoms.join("")
+      end
+      def specificity
+        (selector ? selector.specificity : ([0] * 4)).zip(
+        (condition ? condition.specificity : ([0] * 4))).map { |x,y|
+          x + y
+        }
+      end
+      def ==(other)
+        super && condition == other.condition && selector == other.selector
+      end
+      def hash
+        [condition, selector].hash
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/descendant_selector.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module RSAC
+  module Selectors
+    class DescendantSelector < SimpleSelector
+      attr_accessor :ancestor_selector, :simple_selector
+      alias :ancestor :ancestor_selector
+      alias :selector :simple_selector
+      def initialize(ancestor, selector)
+        super(:SAC_DESCENDANT_SELECTOR)
+        @ancestor_selector = ancestor
+        @simple_selector = selector
+      end
+      def to_css
+        "#{ancestor.to_css} #{selector.to_css}"
+      end
+      def to_xpath(prefix=true)
+        "#{ancestor.to_xpath(prefix)}//#{selector.to_xpath(false)}"
+      end
+      def specificity
+        ancestor.specificity.zip(selector.specificity).map { |x,y| x + y }
+      end
+      def ==(other)
+        super && selector == other.selector && ancestor == other.ancestor
+      end
+      def hash
+        [selector, ancestor].hash
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/element_selector.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module RSAC
+  module Selectors
+    class ElementSelector < SimpleSelector
+      attr_reader :local_name
+      alias :name :local_name
+      def initialize(name)
+        super(:SAC_ELEMENT_NODE_SELECTOR)
+        @local_name = name
+      end
+      def to_css
+        local_name
+      end
+      def to_xpath(prefix=true)
+        atoms = [local_name]
+        atoms.unshift("//") if prefix
+        atoms.join
+      end
+      def specificity
+        [0, 0, 0, 1]
+      end
+      def ==(other)
+        super && name == other.name
+      end
+      def hash
+        name.hash
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/selector.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module RSAC
+  module Selectors
+    class Selector
+      attr_reader :selector_type
+      def initialize(selector_type)
+        @selector_type = selector_type
+      end
+      def ==(other)
+        self.class === other && selector_type == other.selector_type
+      end
+      def hash
+        selector_type.hash
+      end
+      def eql?(other)
+        self == other
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/sibling_selector.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module RSAC
+  module Selectors
+    class SiblingSelector < SimpleSelector
+      attr_accessor :selector, :sibling_selector
+      alias :sibling :sibling_selector
+      def initialize(selector, sibling)
+        super(:SAC_DIRECT_ADJACENT_SELECTOR)
+        @selector = selector
+        @sibling_selector = sibling
+      end
+      def to_css
+        "#{selector.to_css} + #{sibling.to_css}"
+      end
+      def to_xpath(prefix=true)
+        "#{selector.to_xpath(prefix)}/following-sibling::#{sibling.to_xpath(false)}"
+      end
+      def specificity
+        selector.specificity.zip(sibling.specificity).map { |x,y| x + y }
+      end
+      def ==(other)
+        super && selector == other.selector && sibling == other.sibling
+      end
+      def hash
+        [selector, sibling].hash
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors/simple_selector.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module RSAC
+  module Selectors
+    class SimpleSelector < Selector
+      def initialize(selector_type=:SAC_ANY_NODE_SELECTOR)
+        super(selector_type)
+      end
+      def to_css
+        '*'
+      end
+      def to_xpath
+        "//*"
+      end
+      def specificity
+        [0, 0, 0, 0]
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/sac/selectors.rb ADDED Viewed

@@ -0,0 +1,5 @@
+require "antisamy/csspool/rsac/sac/selectors/selector"
+%w(simple child conditional descendant element sibling).each do |type|
+  require "antisamy/csspool/rsac/sac/selectors/#{type}_selector"
+end

data/lib/antisamy/csspool/rsac/sac/token.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module RSAC
+  class Token
+    attr_reader :name, :value, :position
+    def initialize(name, value, position)
+      @name = name
+      @value = value
+      @position = position
+    end
+    def to_racc_token
+      [name, value]
+    end
+  end
+  class DelimiterToken < Token
+    def initialize(value, position)
+      super(:delim, value, position)
+    end
+    def to_racc_token
+      [value, value]
+    end
+  end
+end