better_html 0.0.11 → 0.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d7a436fddf6b6fb7942f653d3ac6229e2abaf9b5
-  data.tar.gz: 0a7be9ddbcb902bc7fc897b7c2ed173fa01aae72
+  metadata.gz: b31eee572de6668e1791c716a07c9d93658aa566
+  data.tar.gz: 6dd1906d36f68f59fbe4d6386f0d0e7e94ce244b
 SHA512:
-  metadata.gz: 882d1cfcc881372d05484aac3177f9c88769b633c0b45f6b56a4cc120c3d41b86d5a13e2eed524725282f625dcadcdf82be97cfb2ba787eada0087ae119c0424
-  data.tar.gz: c557c7b01ca379062627fc94908b185b94592200d832f62957874567f2dfc41958565a3737290a895bd8e9961cc8c7d6cf9f35a8582a32c436812714da36f925
+  metadata.gz: 1c96cfded69fd94221810490e37b279da7e57323062a06416dd3522d8b58971cd2bb727690d0373af647871170698ef4d4b8830f13e8fa3538699224b9c33dc8
+  data.tar.gz: 49d55494ae87ce77e2cd45883a8b37b1c999badf3fc8e0a7c06ba4631a4c1d0a698243a4810ec2f6fbd80f88508b3ed4b61e0e54e1d8c08a036c01bea664aa14

data/lib/better_html/test_helper/safe_erb_tester.rb

@@ -140,6 +140,7 @@ EOF
           text.content_parts.each do |text_token|
             case text_token.type
             when :stmt, :expr_literal, :expr_escaped
+              next if text_token.type == :stmt && text_token.code.start_with?('#')
               begin
                 expr = RubyExpr.parse(text_token.code)
                 validate_ruby_helper(text_token, expr)
@@ -275,7 +276,7 @@ EOF
 
         def validate_no_statements(node)
           node.content_parts.each do |token|
-            if token.type == :stmt && !(/\A\s*end/m === token.code)
+            if token.type == :stmt && !(/\A\s*end/m === token.code) && !token.code.start_with?('#')
               add_error(
                 "erb statement not allowed here; did you mean '<%=' ?",
                 location: token.location,
@@ -286,6 +287,7 @@ EOF
 
         def validate_no_javascript_tag(node)
           node.content_parts.each do |token|
+            next if token.type == :stmt && token.code.start_with?('#')
             if [:stmt, :expr_literal, :expr_escaped].include?(token.type)
               expr = begin
                 RubyExpr.parse(token.code)

data/lib/better_html/version.rb

@@ -1,3 +1,3 @@
 module BetterHtml
-  VERSION = "0.0.11"
+  VERSION = "0.0.12"
 end

data/test/better_html/test_helper/safe_erb_tester_test.rb

@@ -11,6 +11,30 @@ module BetterHtml
         )
       end
 
+      test "multi line erb comments in text" do
+        errors = parse(<<-EOF).errors
+          text
+          <%#
+             this is a nice comment
+             !@\#{$%?&*()}
+          %>
+        EOF
+
+        assert_predicate errors, :empty?
+      end
+
+      test "multi line erb comments in html attribute" do
+        errors = parse(<<-EOF).errors
+          <div title="
+            <%#
+               this is a comment right in the middle of an attribute for some reason
+            %>
+            ">
+        EOF
+
+        assert_predicate errors, :empty?
+      end
+
       test "string without interpolation is safe" do
         errors = parse(<<-EOF).errors
           <a onclick="alert('<%= "something" %>')">
@@ -269,6 +293,16 @@ module BetterHtml
         assert_equal "erb statement not allowed here; did you mean '<%=' ?", errors.first.message
       end
 
+      test "erb comments allowed in scripts" do
+        errors = parse(<<-EOF).errors
+          <script type="text/javascript">
+            <%# comment %>
+          </script>
+        EOF
+
+        assert_predicate errors, :empty?
+      end
+
       test "script tag without content" do
         errors = parse(<<-EOF).errors
           <script type="text/javascript"></script>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: better_html
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.0.12
 platform: ruby
 authors:
 - Francois Chagnon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-14 00:00:00.000000000 Z
+date: 2017-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: erubi