RubyGems - berns - Versions diffs - 3.1.6 → 3.2.0 - Mend

berns 3.1.6 → 3.2.0

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 35456041201304fa20aa55c6c0ee8b056fed532cca353b7a7c8229347e9e85e9
-  data.tar.gz: b8f585c668d24887a5f483654ad4a377a4e5b9274f790a1889b8f3afe0b827cb
+  metadata.gz: 0d9597d10ff728258b758e65aca73ec692374d3d359acb976677f0e143800978
+  data.tar.gz: 8eb851e88a7674a5d9e9af5f111085af87bb958db03f0539574bdd9358dad9be
 SHA512:
-  metadata.gz: 941492438079fc0fa16d906f5164eb1389fd79836dfff72ecae0fdff5983625980269312bf267128ef9118ee17cf53f5e3543b62498b471480f0d7cdb4d4810d
-  data.tar.gz: c9296d7ed90bb530ccc47c7b1f6dcee704e7212c4d824d7d536e87e941256bd413db77379a146c93afa3bcafab18965e327c3f1331c16d6a46374afc3e46a7b2
+  metadata.gz: 6e62bb1798243beab62f44e1ba7a3fc211b53997ce44e4ba37e6c46303974a96d4391d3fcdb9c807f3b894f097e9d3c823831026d4dca645362b21f4cab050da
+  data.tar.gz: 047c09ea060864337ee852e51b85964bfed265009123e290e17d0f3b51782aca5ad3ca877ea45195536e8a93258dd5536e66c6e553d6afc5dfcbf970bccf7807

data/README.org CHANGED Viewed

@@ -91,6 +91,10 @@ The =sanitize= method strips HTML tags from strings.
 Berns.sanitize('This <span>should be clean</span>') # => 'This should be clean'
 #+end_src
+Note that this is an extremely naive implementation of HTML sanitization that
+literally just looks for "<" and ">" characters and removes the contents between
+them. This should probably only be used on trusted strings.
 *** Standard and void elements
 All standard and void HTML elements are defined as methods on Berns, so you can

data/ext/berns/berns.c CHANGED Viewed

@@ -49,9 +49,8 @@ static const size_t sllen = 1;
   static VALUE external_##element_name##_element(int argc, VALUE *argv, RB_UNUSED_VAR(VALUE self)) { \
     rb_check_arity(argc, 0, 1); \
     \
-    VALUE attrs = argv[0]; \
     const char *tag = #element_name; \
-    char *string = void_element(tag, strlen(tag), attrs); \
+    char *string = void_element(tag, strlen(tag), argv[0]); \
     VALUE rstring = rb_utf8_str_new_cstr(string); \
     free(string); \
     \
@@ -66,9 +65,8 @@ static const size_t sllen = 1;
     rb_check_arity(argc, 0, 1); \
     \
     CONTENT_FROM_BLOCK; \
-    VALUE attrs = argv[0]; \
     const char *tag = #element_name; \
-    char *string = element(tag, strlen(tag), RSTRING_PTR(content), RSTRING_LEN(content), attrs); \
+    char *string = element(tag, strlen(tag), RSTRING_PTR(content), RSTRING_LEN(content), argv[0]); \
     VALUE rstring = rb_utf8_str_new_cstr(string); \
     free(string); \
     \
@@ -95,13 +93,48 @@ static char * stecpy(char *destination, const char *source, const char *end) {
   return destination;
 }
+/*
+ * The external API for Berns.sanitize
+ *
+ *   string should be a string or nil, anything else will raise an error.
+ *
+ */
+static VALUE external_sanitize(RB_UNUSED_VAR(VALUE self), VALUE string) {
+  if (TYPE(string) == T_NIL) {
+    return Qnil;
+  }
+  StringValue(string);
+  size_t slen = RSTRING_LEN(string);
+  char *str = RSTRING_PTR(string);
+  char dest[slen + 1];
+  int index = 0;
+  int open = 0;
+  for (unsigned int i = 0; i < slen; i++) {
+    if (str[i] == '<') {
+      open = 1;
+    } else if (str[i] == '>') {
+      open = 0;
+    } else if (!open) {
+      dest[index++] = str[i];
+    }
+  }
+  dest[index] = '\0';
+  return rb_utf8_str_new_cstr(dest);
+}
 /*
  * The external API for Berns.escape_html.
  *
  *   string should be a string, anything else will raise an error.
  *
  */
-static VALUE external_escape_html(const VALUE self, VALUE string) {
+static VALUE external_escape_html(RB_UNUSED_VAR(VALUE self), VALUE string) {
   StringValue(string);
   uint8_t *dest = NULL;
@@ -653,6 +686,7 @@ void Init_berns() {
   rb_define_singleton_method(Berns, "element", external_element, -1);
   rb_define_singleton_method(Berns, "escape_html", external_escape_html, 1);
+  rb_define_singleton_method(Berns, "sanitize", external_sanitize, 1);
   rb_define_singleton_method(Berns, "to_attribute", external_to_attribute, 2);
   rb_define_singleton_method(Berns, "to_attributes", external_to_attributes, 1);
   rb_define_singleton_method(Berns, "void", external_void_element, -1);

data/lib/berns.rb CHANGED Viewed

@@ -1,25 +1,3 @@
 # frozen_string_literal: true
 require 'berns/berns'
 require 'berns/version'
-module Berns # :nodoc:
-  class Error < StandardError; end
-  EMPTY = ''
-  # Regular expression for basic HTML tag sanitizing.
-  SANITIZE_REGEX = /<[^>]+>/.freeze
-  # Sanitize text input by stripping HTML tags.
-  #
-  # @example Sanitize some text, removing HTML elements.
-  #   sanitize('This <span>should be clean</span>') # => "This should be clean"
-  #
-  # @param text [String]
-  #   The string to sanitize.
-  # @return [nil, String]
-  #   nil unless a string was passed in, otherwise the sanitized string.
-  def self.sanitize(string)
-    string&.gsub(SANITIZE_REGEX, EMPTY)
-  end
-end

data/lib/berns/berns.so CHANGED Viewed

Binary file

data/lib/berns/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Berns
-  VERSION = '3.1.6'
+  VERSION = '3.2.0'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: berns
 version: !ruby/object:Gem::Version
-  version: 3.1.6
+  version: 3.2.0
 platform: ruby
 authors:
 - Taylor Beck
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-19 00:00:00.000000000 Z
+date: 2021-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: benchmark-ips