berns 3.1.6 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.org +4 -0
- data/ext/berns/berns.c +39 -5
- data/lib/berns.rb +0 -22
- data/lib/berns/berns.so +0 -0
- data/lib/berns/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0d9597d10ff728258b758e65aca73ec692374d3d359acb976677f0e143800978
|
4
|
+
data.tar.gz: 8eb851e88a7674a5d9e9af5f111085af87bb958db03f0539574bdd9358dad9be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e62bb1798243beab62f44e1ba7a3fc211b53997ce44e4ba37e6c46303974a96d4391d3fcdb9c807f3b894f097e9d3c823831026d4dca645362b21f4cab050da
|
7
|
+
data.tar.gz: 047c09ea060864337ee852e51b85964bfed265009123e290e17d0f3b51782aca5ad3ca877ea45195536e8a93258dd5536e66c6e553d6afc5dfcbf970bccf7807
|
data/README.org
CHANGED
@@ -91,6 +91,10 @@ The =sanitize= method strips HTML tags from strings.
|
|
91
91
|
Berns.sanitize('This <span>should be clean</span>') # => 'This should be clean'
|
92
92
|
#+end_src
|
93
93
|
|
94
|
+
Note that this is an extremely naive implementation of HTML sanitization that
|
95
|
+
literally just looks for "<" and ">" characters and removes the contents between
|
96
|
+
them. This should probably only be used on trusted strings.
|
97
|
+
|
94
98
|
*** Standard and void elements
|
95
99
|
|
96
100
|
All standard and void HTML elements are defined as methods on Berns, so you can
|
data/ext/berns/berns.c
CHANGED
@@ -49,9 +49,8 @@ static const size_t sllen = 1;
|
|
49
49
|
static VALUE external_##element_name##_element(int argc, VALUE *argv, RB_UNUSED_VAR(VALUE self)) { \
|
50
50
|
rb_check_arity(argc, 0, 1); \
|
51
51
|
\
|
52
|
-
VALUE attrs = argv[0]; \
|
53
52
|
const char *tag = #element_name; \
|
54
|
-
char *string = void_element(tag, strlen(tag),
|
53
|
+
char *string = void_element(tag, strlen(tag), argv[0]); \
|
55
54
|
VALUE rstring = rb_utf8_str_new_cstr(string); \
|
56
55
|
free(string); \
|
57
56
|
\
|
@@ -66,9 +65,8 @@ static const size_t sllen = 1;
|
|
66
65
|
rb_check_arity(argc, 0, 1); \
|
67
66
|
\
|
68
67
|
CONTENT_FROM_BLOCK; \
|
69
|
-
VALUE attrs = argv[0]; \
|
70
68
|
const char *tag = #element_name; \
|
71
|
-
char *string = element(tag, strlen(tag), RSTRING_PTR(content), RSTRING_LEN(content),
|
69
|
+
char *string = element(tag, strlen(tag), RSTRING_PTR(content), RSTRING_LEN(content), argv[0]); \
|
72
70
|
VALUE rstring = rb_utf8_str_new_cstr(string); \
|
73
71
|
free(string); \
|
74
72
|
\
|
@@ -95,13 +93,48 @@ static char * stecpy(char *destination, const char *source, const char *end) {
|
|
95
93
|
return destination;
|
96
94
|
}
|
97
95
|
|
96
|
+
/*
|
97
|
+
* The external API for Berns.sanitize
|
98
|
+
*
|
99
|
+
* string should be a string or nil, anything else will raise an error.
|
100
|
+
*
|
101
|
+
*/
|
102
|
+
static VALUE external_sanitize(RB_UNUSED_VAR(VALUE self), VALUE string) {
|
103
|
+
if (TYPE(string) == T_NIL) {
|
104
|
+
return Qnil;
|
105
|
+
}
|
106
|
+
|
107
|
+
StringValue(string);
|
108
|
+
|
109
|
+
size_t slen = RSTRING_LEN(string);
|
110
|
+
char *str = RSTRING_PTR(string);
|
111
|
+
|
112
|
+
char dest[slen + 1];
|
113
|
+
int index = 0;
|
114
|
+
int open = 0;
|
115
|
+
|
116
|
+
for (unsigned int i = 0; i < slen; i++) {
|
117
|
+
if (str[i] == '<') {
|
118
|
+
open = 1;
|
119
|
+
} else if (str[i] == '>') {
|
120
|
+
open = 0;
|
121
|
+
} else if (!open) {
|
122
|
+
dest[index++] = str[i];
|
123
|
+
}
|
124
|
+
}
|
125
|
+
|
126
|
+
dest[index] = '\0';
|
127
|
+
|
128
|
+
return rb_utf8_str_new_cstr(dest);
|
129
|
+
}
|
130
|
+
|
98
131
|
/*
|
99
132
|
* The external API for Berns.escape_html.
|
100
133
|
*
|
101
134
|
* string should be a string, anything else will raise an error.
|
102
135
|
*
|
103
136
|
*/
|
104
|
-
static VALUE external_escape_html(
|
137
|
+
static VALUE external_escape_html(RB_UNUSED_VAR(VALUE self), VALUE string) {
|
105
138
|
StringValue(string);
|
106
139
|
|
107
140
|
uint8_t *dest = NULL;
|
@@ -653,6 +686,7 @@ void Init_berns() {
|
|
653
686
|
|
654
687
|
rb_define_singleton_method(Berns, "element", external_element, -1);
|
655
688
|
rb_define_singleton_method(Berns, "escape_html", external_escape_html, 1);
|
689
|
+
rb_define_singleton_method(Berns, "sanitize", external_sanitize, 1);
|
656
690
|
rb_define_singleton_method(Berns, "to_attribute", external_to_attribute, 2);
|
657
691
|
rb_define_singleton_method(Berns, "to_attributes", external_to_attributes, 1);
|
658
692
|
rb_define_singleton_method(Berns, "void", external_void_element, -1);
|
data/lib/berns.rb
CHANGED
@@ -1,25 +1,3 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
require 'berns/berns'
|
3
3
|
require 'berns/version'
|
4
|
-
|
5
|
-
module Berns # :nodoc:
|
6
|
-
class Error < StandardError; end
|
7
|
-
|
8
|
-
EMPTY = ''
|
9
|
-
|
10
|
-
# Regular expression for basic HTML tag sanitizing.
|
11
|
-
SANITIZE_REGEX = /<[^>]+>/.freeze
|
12
|
-
|
13
|
-
# Sanitize text input by stripping HTML tags.
|
14
|
-
#
|
15
|
-
# @example Sanitize some text, removing HTML elements.
|
16
|
-
# sanitize('This <span>should be clean</span>') # => "This should be clean"
|
17
|
-
#
|
18
|
-
# @param text [String]
|
19
|
-
# The string to sanitize.
|
20
|
-
# @return [nil, String]
|
21
|
-
# nil unless a string was passed in, otherwise the sanitized string.
|
22
|
-
def self.sanitize(string)
|
23
|
-
string&.gsub(SANITIZE_REGEX, EMPTY)
|
24
|
-
end
|
25
|
-
end
|
data/lib/berns/berns.so
CHANGED
Binary file
|
data/lib/berns/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: berns
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Taylor Beck
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-06-14 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: benchmark-ips
|