antisamy 0.2.1 → 0.3.0

data/lib/antisamy/css/css_scanner.rb

@@ -1,84 +1,84 @@
-require 'open-uri'
-module AntiSamy
-  # Css Scanner class
-  class CssScanner
-    attr_accessor :policy, :errors
-    # Create a scanner with a given policy
-    def initialize(policy)
-      @policy = policy
-      @errors = []
-    end
-    # Scan the input using the provided input and output encoding
-    # will raise an error if nil input or the maximum input size is exceeded
-    def scan_inline(a_value,name,max_input)
-      return scan_sheet("#{name} { #{a_value} }",max_input,name)
-    end
-
-    def scan_sheet(input,limit,tag = nil)
-      raise ArgumentError if input.nil?
-      raise ScanError, "Max input Exceeded #{input.size} > #{limit}" if input.size > limit
-      space_remaining = limit - input.size
-      # check poilcy stuff
-      if input =~ /^\s*<!\[CDATA\[(.*)\]\]>\s*$/
-        input = $1
-      end
-      # validator needs token sizes
-      filter = CssFilter.new(@policy,tag)
-      parser = RSAC::Parser.new(filter)
-      parser.error_handler = filter
-      parser.logger = filter
-      parser.parse(input)
-      # Populate the results
-      results = ScanResults.new(Time.now)
-      if @policy.directive(Policy::USE_XHTML)
-        result.clean_html = "<![CDATA[#{filter.clean}]]>"
-      else
-        results.clean_html = filter.clean
-      end
-      results.messages = filter.errors
-      # check for style sheets
-      sheets = filter.style_sheets
-      max_sheets = @policy.directive(Policy::MAX_SHEETS).to_i
-      max_sheets ||= 1
-      import_sheets = 0
-      if sheets.size > 0
-        timeout = 1000
-        if @policy.directive(Policy::CONN_TIMEOUT)
-          timeout = @policy.directive(Policy::CONN_TIMEOUT).to_i
-        end
-        timeout /= 1000
-        sheets.each do |sheet|
-          sheet_content = ''
-          begin
-            open(sheet,{:read_timeout => timeout}) do |f|
-              sheet_content = f.read(space_remaining)
-            end
-            space_remaining -= sheet_content.size
-            if import_sheets > max_sheets
-              # skip any remaing sheets if we exceeded the import count
-              results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_EXCEEDED,"@import",sheet)
-              break;
-            end
-            
-            if sheet_content.size > 0
-              #r = scan_sheet(sheet_content,space_remaining)
-              parser.parse(sheet_content)
-              #results.messages << r.messages
-              #results.messages.flatten!
-              import_sheets += 1
-            end
-            
-            if space_remaining <= 0 or sheet_content.empty?
-              results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_INPUT_SIZE,"@import",sheet)
-              break
-            end
-          rescue Exception => e
-            results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_FAILURE,"@import",sheet)
-          end
-          # check the sheet rules
-        end
-      end      
-      results
-    end
-  end
-end
+require 'open-uri'
+module AntiSamy
+  # Css Scanner class
+  class CssScanner
+    attr_accessor :policy, :errors
+    # Create a scanner with a given policy
+    def initialize(policy)
+      @policy = policy
+      @errors = []
+    end
+    # Scan the input using the provided input and output encoding
+    # will raise an error if nil input or the maximum input size is exceeded
+    def scan_inline(a_value,name,max_input)
+      return scan_sheet("#{name} { #{a_value} }",max_input,name)
+    end
+
+    def scan_sheet(input,limit,tag = nil)
+      raise ArgumentError if input.nil?
+      raise ScanError, "Max input Exceeded #{input.size} > #{limit}" if input.size > limit
+      space_remaining = limit - input.size
+      # check poilcy stuff
+      if input =~ /^\s*<!\[CDATA\[(.*)\]\]>\s*$/
+        input = $1
+      end
+      # validator needs token sizes
+      filter = CssFilter.new(@policy,tag)
+      parser = RSAC::Parser.new(filter)
+      parser.error_handler = filter
+      parser.logger = filter
+      parser.parse(input)
+      # Populate the results
+      results = ScanResults.new(Time.now)
+      if @policy.directive(Policy::USE_XHTML)
+        result.clean_html = "<![CDATA[#{filter.clean}]]>"
+      else
+        results.clean_html = filter.clean
+      end
+      results.messages = filter.errors
+      # check for style sheets
+      sheets = filter.style_sheets
+      max_sheets = @policy.directive(Policy::MAX_SHEETS).to_i
+      max_sheets ||= 1
+      import_sheets = 0
+      if sheets.size > 0
+        timeout = 1000
+        if @policy.directive(Policy::CONN_TIMEOUT)
+          timeout = @policy.directive(Policy::CONN_TIMEOUT).to_i
+        end
+        timeout /= 1000
+        sheets.each do |sheet|
+          sheet_content = ''
+          begin
+            open(sheet,{:read_timeout => timeout}) do |f|
+              sheet_content = f.read(space_remaining)
+            end
+            space_remaining -= sheet_content.size
+            if import_sheets > max_sheets
+              # skip any remaing sheets if we exceeded the import count
+              results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_EXCEEDED,"@import",sheet)
+              break;
+            end
+            
+            if sheet_content.size > 0
+              #r = scan_sheet(sheet_content,space_remaining)
+              parser.parse(sheet_content)
+              #results.messages << r.messages
+              #results.messages.flatten!
+              import_sheets += 1
+            end
+            
+            if space_remaining <= 0 or sheet_content.empty?
+              results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_INPUT_SIZE,"@import",sheet)
+              break
+            end
+          rescue Exception => e
+            results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_FAILURE,"@import",sheet)
+          end
+          # check the sheet rules
+        end
+      end      
+      results
+    end
+  end
+end

data/lib/antisamy/css/css_validator.rb

@@ -1,129 +1,129 @@
-module AntiSamy
-  class CssValidator
-    
-    def initialize(policy)
-      @policy = policy
-    end
-    
-    # Check to see if this selector is valid according to the policy
-    def valid_selector?(name,selector)
-      #puts selector.inspect
-      return false if selector.nil?
-      case selector.selector_type
-      when :SAC_CHILD_SELECTOR
-        return valid_selector?(name,selector.selector) && valid_selector?(name,selector.ancestor)
-      when :SAC_CONDITIONAL_SELECTOR
-        return valid_selector?(name,selector.selector) && valid_condition?(name,selector.condition)
-      when :SAC_DESCENDANT_SELECTOR
-        return valid_selector?(name,selector.selector) && valid_selector?(name,selector.ancestor)
-      when :SAC_ELEMENT_NODE_SELECTOR
-        return valid_simple_selector(selector)
-      when :SAC_DIRECT_ADJACENT_SELECTOR
-        return valid_selector?(name,selector.selector) && valid_selector?(name,selector.sibling)
-      when :SAC_ANY_NODE_SELECTOR
-        return valid_simple_selector(selector)
-      else
-        raise ScanError, name
-      end
-    end
-    
-    # Validate a simple selector
-    def valid_simple_selector(selector) #:nodoc:
-      valid = false
-      inclusion = @policy.expression("cssElementSelector")
-      exclusion = @policy.expression("cssElementExclusion")
-      begin
-        css = selector.to_css
-        valid = (css =~ inclusion) and (css !~ exclusion)
-      rescue Exception=> e
-      end
-      valid     
-    end
-    
-    # Check if a given condition is valid according to the policy
-    def valid_condition?(name,condition)
-      type = condition.condition_type
-      case type
-      when :SAC_AND_CONDITION
-        a = condition.first
-        b = condition.second
-        return valid_condition?(name,a) && valid_condition?(name,b)
-      when :SAC_CLASS_CONDITION
-        inclusion = @policy.expression("cssClassSelector")
-        exclusion = @policy.expression("cssClassExclusion")
-        return validate_condition(condition,inclusion,exclusion)
-      when :SAC_ID_CONDITION
-        inclusion = @policy.expression("cssIDSelector")
-        exclusion = @policy.expression("cssIDExclusion")
-        return validate_condition(condition,inclusion,exclusion)
-      when :SAC_PSEUDO_CLASS_CONDITION
-        inclusion = @policy.expression("cssPseudoElementSelector")
-        exclusion = @policy.expression("cssPsuedoElementExclusion")
-        return validate_condition(condition,inclusion,exclusion)
-      when :SAC_ONE_OF_ATTRIBUTE_CONDITION
-        inclusion = @policy.expression("cssAttributeSelector")
-        exclusion = @policy.expression("cssAttributeExclusion")
-        return validate_condition(condition,inclusion,exclusion)
-      when :SAC_ATTRIBUTE_CONDITION
-        inclusion = @policy.expression("cssAttributeSelector")
-        exclusion = @policy.expression("cssAttributeExclusion")
-        return validate_condition(condition,inclusion,exclusion)
-      when :SAC_BEGIN_HYPHEN_ATTRIBUTE_CONDITION
-        inclusion = @policy.expression("cssAttributeSelector")
-        exclusion = @policy.expression("cssAttributeExclusion")
-        return validate_condition(condition,inclusion,exclusion)      
-      else
-        raise ScanError, name
-      end
-    end
-    
-    # validate the actual condition
-    def validate_condition(condition,inclusion,exclusion) #:nodoc:
-      valid = false
-      begin
-        css = condition.to_css
-        valid = (css =~ inclusion) and (css !~ exclusion)
-      rescue Exception=> e
-      end
-      valid
-    end
-    
-    # Validate each property value according to teh policy
-    def valid_property?(name,value)
-      prop = @policy.property(name) unless name.nil?
-      return false if prop.nil?
-      value.each do |prop_value|
-        v = prop_value.string_value
-        return false unless validate_value(prop,v)
-      end
-      return true
-    end
-    
-    # is this a valid property value
-    def validate_value(property,value) #:nodoc:
-      valid = false
-      # Check static strings
-      property.values.each do |al_val|
-        valid = true if al_val.downcase.eql?(value.downcase)
-      end
-      # Check regular expressions
-      unless valid
-        property.expressions.each do |xp_val|
-          valid = true if value =~ xp_value
-        end
-      end
-      # check short hand
-      unless valid
-        property.refs.each do |ref|
-          real = @policy.property(ref)
-          if real
-            valid = validate_value(real,value)
-          end
-        end
-      end
-      # We will check media above.
-      return valid
-    end
-    
-  end
+module AntiSamy
+  class CssValidator
+    
+    def initialize(policy)
+      @policy = policy
+    end
+    
+    # Check to see if this selector is valid according to the policy
+    def valid_selector?(name,selector)
+      #puts selector.inspect
+      return false if selector.nil?
+      case selector.selector_type
+      when :SAC_CHILD_SELECTOR
+        return valid_selector?(name,selector.selector) && valid_selector?(name,selector.ancestor)
+      when :SAC_CONDITIONAL_SELECTOR
+        return valid_selector?(name,selector.selector) && valid_condition?(name,selector.condition)
+      when :SAC_DESCENDANT_SELECTOR
+        return valid_selector?(name,selector.selector) && valid_selector?(name,selector.ancestor)
+      when :SAC_ELEMENT_NODE_SELECTOR
+        return valid_simple_selector(selector)
+      when :SAC_DIRECT_ADJACENT_SELECTOR
+        return valid_selector?(name,selector.selector) && valid_selector?(name,selector.sibling)
+      when :SAC_ANY_NODE_SELECTOR
+        return valid_simple_selector(selector)
+      else
+        raise ScanError, name
+      end
+    end
+    
+    # Validate a simple selector
+    def valid_simple_selector(selector) #:nodoc:
+      valid = false
+      inclusion = @policy.expression("cssElementSelector")
+      exclusion = @policy.expression("cssElementExclusion")
+      begin
+        css = selector.to_css
+        valid = (css =~ inclusion) and (css !~ exclusion)
+      rescue Exception=> e
+      end
+      valid     
+    end
+    
+    # Check if a given condition is valid according to the policy
+    def valid_condition?(name,condition)
+      type = condition.condition_type
+      case type
+      when :SAC_AND_CONDITION
+        a = condition.first
+        b = condition.second
+        return valid_condition?(name,a) && valid_condition?(name,b)
+      when :SAC_CLASS_CONDITION
+        inclusion = @policy.expression("cssClassSelector")
+        exclusion = @policy.expression("cssClassExclusion")
+        return validate_condition(condition,inclusion,exclusion)
+      when :SAC_ID_CONDITION
+        inclusion = @policy.expression("cssIDSelector")
+        exclusion = @policy.expression("cssIDExclusion")
+        return validate_condition(condition,inclusion,exclusion)
+      when :SAC_PSEUDO_CLASS_CONDITION
+        inclusion = @policy.expression("cssPseudoElementSelector")
+        exclusion = @policy.expression("cssPsuedoElementExclusion")
+        return validate_condition(condition,inclusion,exclusion)
+      when :SAC_ONE_OF_ATTRIBUTE_CONDITION
+        inclusion = @policy.expression("cssAttributeSelector")
+        exclusion = @policy.expression("cssAttributeExclusion")
+        return validate_condition(condition,inclusion,exclusion)
+      when :SAC_ATTRIBUTE_CONDITION
+        inclusion = @policy.expression("cssAttributeSelector")
+        exclusion = @policy.expression("cssAttributeExclusion")
+        return validate_condition(condition,inclusion,exclusion)
+      when :SAC_BEGIN_HYPHEN_ATTRIBUTE_CONDITION
+        inclusion = @policy.expression("cssAttributeSelector")
+        exclusion = @policy.expression("cssAttributeExclusion")
+        return validate_condition(condition,inclusion,exclusion)      
+      else
+        raise ScanError, name
+      end
+    end
+    
+    # validate the actual condition
+    def validate_condition(condition,inclusion,exclusion) #:nodoc:
+      valid = false
+      begin
+        css = condition.to_css
+        valid = (css =~ inclusion) and (css !~ exclusion)
+      rescue Exception=> e
+      end
+      valid
+    end
+    
+    # Validate each property value according to teh policy
+    def valid_property?(name,value)
+      prop = @policy.property(name) unless name.nil?
+      return false if prop.nil?
+      value.each do |prop_value|
+        v = prop_value.string_value
+        return false unless validate_value(prop,v)
+      end
+      return true
+    end
+    
+    # is this a valid property value
+    def validate_value(property,value) #:nodoc:
+      valid = false
+      # Check static strings
+      property.values.each do |al_val|
+        valid = true if al_val.downcase.eql?(value.downcase)
+      end
+      # Check regular expressions
+      unless valid
+        property.expressions.each do |xp_val|
+          valid = true if value =~ xp_value
+        end
+      end
+      # check short hand
+      unless valid
+        property.refs.each do |ref|
+          real = @policy.property(ref)
+          if real
+            valid = validate_value(real,value)
+          end
+        end
+      end
+      # We will check media above.
+      return valid
+    end
+    
+  end
 end

data/lib/antisamy/csspool/rsac.rb

@@ -1 +1 @@
-require 'antisamy/csspool/rsac/sac'
+require 'antisamy/csspool/rsac/sac'

data/lib/antisamy/csspool/rsac/sac.rb

@@ -1,14 +1,14 @@
-require "antisamy/csspool/rsac/sac/conditions"
-require "antisamy/csspool/rsac/sac/selectors"
-require "antisamy/csspool/rsac/sac/parser"
-require "antisamy/csspool/rsac/stylesheet"
-
-module RSAC
-  class << self
-    def parse(text)
-      parser = CSS::SAC::Parser.new
-      parser.parse(text)
-      parser
-    end
-  end
-end
+require "antisamy/csspool/rsac/sac/conditions"
+require "antisamy/csspool/rsac/sac/selectors"
+require "antisamy/csspool/rsac/sac/parser"
+require "antisamy/csspool/rsac/stylesheet"
+
+module RSAC
+  class << self
+    def parse(text)
+      parser = CSS::SAC::Parser.new
+      parser.parse(text)
+      parser
+    end
+  end
+end