RubyGems - berns - Versions diffs - 3.1.6 → 3.2.0 - Mend

berns 3.1.6 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 35456041201304fa20aa55c6c0ee8b056fed532cca353b7a7c8229347e9e85e9
-  data.tar.gz: b8f585c668d24887a5f483654ad4a377a4e5b9274f790a1889b8f3afe0b827cb
+  metadata.gz: 0d9597d10ff728258b758e65aca73ec692374d3d359acb976677f0e143800978
+  data.tar.gz: 8eb851e88a7674a5d9e9af5f111085af87bb958db03f0539574bdd9358dad9be
 SHA512:
-  metadata.gz: 941492438079fc0fa16d906f5164eb1389fd79836dfff72ecae0fdff5983625980269312bf267128ef9118ee17cf53f5e3543b62498b471480f0d7cdb4d4810d
-  data.tar.gz: c9296d7ed90bb530ccc47c7b1f6dcee704e7212c4d824d7d536e87e941256bd413db77379a146c93afa3bcafab18965e327c3f1331c16d6a46374afc3e46a7b2
+  metadata.gz: 6e62bb1798243beab62f44e1ba7a3fc211b53997ce44e4ba37e6c46303974a96d4391d3fcdb9c807f3b894f097e9d3c823831026d4dca645362b21f4cab050da
+  data.tar.gz: 047c09ea060864337ee852e51b85964bfed265009123e290e17d0f3b51782aca5ad3ca877ea45195536e8a93258dd5536e66c6e553d6afc5dfcbf970bccf7807

data/README.org CHANGED Viewed

@@ -91,6 +91,10 @@ The =sanitize= method strips HTML tags from strings.
 Berns.sanitize('This <span>should be clean</span>') # => 'This should be clean'
 #+end_src
+Note that this is an extremely naive implementation of HTML sanitization that
+literally just looks for "<" and ">" characters and removes the contents between
+them. This should probably only be used on trusted strings.
 *** Standard and void elements
 All standard and void HTML elements are defined as methods on Berns, so you can

data/ext/berns/berns.c CHANGED Viewed

@@ -49,9 +49,8 @@ static const size_t sllen = 1;
   static VALUE external_##element_name##_element(int argc, VALUE *argv, RB_UNUSED_VAR(VALUE self)) { \
     rb_check_arity(argc, 0, 1); \
     \
-    VALUE attrs = argv[0]; \
     const char *tag = #element_name; \
-    char *string = void_element(tag, strlen(tag), attrs); \
+    char *string = void_element(tag, strlen(tag), argv[0]); \
     VALUE rstring = rb_utf8_str_new_cstr(string); \
     free(string); \
     \
@@ -66,9 +65,8 @@ static const size_t sllen = 1;
     rb_check_arity(argc, 0, 1); \
     \
     CONTENT_FROM_BLOCK; \
-    VALUE attrs = argv[0]; \
     const char *tag = #element_name; \
-    char *string = element(tag, strlen(tag), RSTRING_PTR(content), RSTRING_LEN(content), attrs); \
+    char *string = element(tag, strlen(tag), RSTRING_PTR(content), RSTRING_LEN(content), argv[0]); \
     VALUE rstring = rb_utf8_str_new_cstr(string); \
     free(string); \
     \
@@ -95,13 +93,48 @@ static char * stecpy(char *destination, const char *source, const char *end) {
   return destination;
 }
+/*
+ * The external API for Berns.sanitize
+ *
+ *   string should be a string or nil, anything else will raise an error.
+ *
+ */
+static VALUE external_sanitize(RB_UNUSED_VAR(VALUE self), VALUE string) {
+  if (TYPE(string) == T_NIL) {
+    return Qnil;
+  }
+  StringValue(string);
+  size_t slen = RSTRING_LEN(string);
+  char *str = RSTRING_PTR(string);
+  char dest[slen + 1];
+  int index = 0;
+  int open = 0;
+  for (unsigned int i = 0; i < slen; i++) {
+    if (str[i] == '<') {
+      open = 1;
+    } else if (str[i] == '>') {
+      open = 0;
+    } else if (!open) {
+      dest[index++] = str[i];
+    }
+  }
+  dest[index] = '\0';
+  return rb_utf8_str_new_cstr(dest);
+}
 /*
  * The external API for Berns.escape_html.
  *
  *   string should be a string, anything else will raise an error.
  *
  */
-static VALUE external_escape_html(const VALUE self, VALUE string) {
+static VALUE external_escape_html(RB_UNUSED_VAR(VALUE self), VALUE string) {
   StringValue(string);
   uint8_t *dest = NULL;
@@ -653,6 +686,7 @@ void Init_berns() {
   rb_define_singleton_method(Berns, "element", external_element, -1);
   rb_define_singleton_method(Berns, "escape_html", external_escape_html, 1);
+  rb_define_singleton_method(Berns, "sanitize", external_sanitize, 1);
   rb_define_singleton_method(Berns, "to_attribute", external_to_attribute, 2);
   rb_define_singleton_method(Berns, "to_attributes", external_to_attributes, 1);
   rb_define_singleton_method(Berns, "void", external_void_element, -1);

data/lib/berns.rb CHANGED Viewed

@@ -1,25 +1,3 @@
 # frozen_string_literal: true
 require 'berns/berns'
 require 'berns/version'
-module Berns # :nodoc:
-  class Error < StandardError; end
-  EMPTY = ''
-  # Regular expression for basic HTML tag sanitizing.
-  SANITIZE_REGEX = /<[^>]+>/.freeze
-  # Sanitize text input by stripping HTML tags.
-  #
-  # @example Sanitize some text, removing HTML elements.
-  #   sanitize('This <span>should be clean</span>') # => "This should be clean"
-  #
-  # @param text [String]
-  #   The string to sanitize.
-  # @return [nil, String]
-  #   nil unless a string was passed in, otherwise the sanitized string.
-  def self.sanitize(string)
-    string&.gsub(SANITIZE_REGEX, EMPTY)
-  end
-end

data/lib/berns/berns.so CHANGED Viewed

Binary file

data/lib/berns/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Berns
-  VERSION = '3.1.6'
+  VERSION = '3.2.0'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: berns
 version: !ruby/object:Gem::Version
-  version: 3.1.6
+  version: 3.2.0
 platform: ruby
 authors:
 - Taylor Beck
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-19 00:00:00.000000000 Z
+date: 2021-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: benchmark-ips