better_html 1.0.1 → 1.0.2

data/test/test_helper.rb

@@ -1,6 +1,7 @@
 require "active_support"
 require "minitest/autorun"
 require 'better_html'
+require 'better_html/parser'
 
 # Filter out Minitest backtrace while allowing backtrace from other libraries
 # to be shown.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: better_html
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Francois Chagnon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-10 00:00:00.000000000 Z
+date: 2018-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ast
@@ -146,7 +146,13 @@ files:
 - lib/better_html/html_attributes.rb
 - lib/better_html/parser.rb
 - lib/better_html/railtie.rb
-- lib/better_html/test_helper/ruby_expr.rb
+- lib/better_html/test_helper/ruby_node.rb
+- lib/better_html/test_helper/safe_erb/allowed_script_type.rb
+- lib/better_html/test_helper/safe_erb/base.rb
+- lib/better_html/test_helper/safe_erb/no_javascript_tag_helper.rb
+- lib/better_html/test_helper/safe_erb/no_statements.rb
+- lib/better_html/test_helper/safe_erb/script_interpolation.rb
+- lib/better_html/test_helper/safe_erb/tag_interpolation.rb
 - lib/better_html/test_helper/safe_erb_tester.rb
 - lib/better_html/test_helper/safe_lodash_tester.rb
 - lib/better_html/test_helper/safety_error.rb
@@ -163,10 +169,15 @@ files:
 - lib/better_html/version.rb
 - lib/tasks/better_html_tasks.rake
 - test/better_html/better_erb/implementation_test.rb
+- test/better_html/errors_test.rb
 - test/better_html/helpers_test.rb
 - test/better_html/parser_test.rb
-- test/better_html/test_helper/ruby_expr_test.rb
-- test/better_html/test_helper/safe_erb_tester_test.rb
+- test/better_html/test_helper/ruby_node_test.rb
+- test/better_html/test_helper/safe_erb/allowed_script_type_test.rb
+- test/better_html/test_helper/safe_erb/no_javascript_tag_helper_test.rb
+- test/better_html/test_helper/safe_erb/no_statements_test.rb
+- test/better_html/test_helper/safe_erb/script_interpolation_test.rb
+- test/better_html/test_helper/safe_erb/tag_interpolation_test.rb
 - test/better_html/test_helper/safe_lodash_tester_test.rb
 - test/better_html/tokenizer/html_erb_test.rb
 - test/better_html/tokenizer/html_lodash_test.rb
@@ -269,11 +280,16 @@ test_files:
 - test/dummy/Rakefile
 - test/test_helper.rb
 - test/better_html/helpers_test.rb
+- test/better_html/errors_test.rb
 - test/better_html/parser_test.rb
 - test/better_html/better_erb/implementation_test.rb
-- test/better_html/test_helper/safe_erb_tester_test.rb
+- test/better_html/test_helper/safe_erb/script_interpolation_test.rb
+- test/better_html/test_helper/safe_erb/no_javascript_tag_helper_test.rb
+- test/better_html/test_helper/safe_erb/tag_interpolation_test.rb
+- test/better_html/test_helper/safe_erb/no_statements_test.rb
+- test/better_html/test_helper/safe_erb/allowed_script_type_test.rb
+- test/better_html/test_helper/ruby_node_test.rb
 - test/better_html/test_helper/safe_lodash_tester_test.rb
-- test/better_html/test_helper/ruby_expr_test.rb
 - test/better_html/tokenizer/location_test.rb
 - test/better_html/tokenizer/html_lodash_test.rb
 - test/better_html/tokenizer/html_erb_test.rb

data/lib/better_html/test_helper/ruby_expr.rb

@@ -1,117 +0,0 @@
-require 'parser/current'
-
-module BetterHtml
-  module TestHelper
-    class RubyExpr
-      BLOCK_EXPR = /\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/
-
-      class ParseError < RuntimeError; end
-
-      class MethodCall
-        attr_accessor :instance, :method, :arguments
-
-        def initialize(instance, method, arguments)
-          @instance = instance
-          @method = method
-          @arguments = arguments
-        end
-
-        def self.from_ast_node(node)
-          new(node.children[0], node.children[1], node.children[2..-1])
-        end
-      end
-
-      def initialize(ast)
-        raise ArgumentError, "expect first argument to be Parser::AST::Node" unless ast.is_a?(::Parser::AST::Node)
-        @ast = ast
-      end
-
-      def self.parse(code)
-        parser = ::Parser::CurrentRuby.new
-        parser.diagnostics.ignore_warnings = true
-        parser.diagnostics.all_errors_are_fatal = false
-        parser.diagnostics.consumer = nil
-
-        buf = ::Parser::Source::Buffer.new('(string)')
-        buf.source = code.sub(BLOCK_EXPR, '')
-        parsed = parser.parse(buf)
-        raise ParseError, "error parsing code: #{code.inspect}" unless parsed
-        new(parsed)
-      end
-
-      def start
-        @ast.loc.expression.begin_pos
-      end
-
-      def end
-        @ast.loc.expression.end_pos
-      end
-
-      def traverse(current=@ast, only: nil, &block)
-        yield current if node_match?(current, only)
-        each_child_node(current) do |child|
-          traverse(child, only: only, &block)
-        end
-      end
-
-      def each_child_node(current=@ast, only: nil, range: (0..-1))
-        current.children[range].each do |child|
-          if child.is_a?(::Parser::AST::Node) && node_match?(child, only)
-            yield child
-          end
-        end
-      end
-
-      def node_match?(current, type)
-        type.nil? || Array[type].flatten.include?(current.type)
-      end
-
-      STATIC_TYPES = [:str, :int, :true, :false, :nil]
-
-      def each_return_value_recursive(current=@ast, only: nil, &block)
-        case current.type
-        when :send, :csend, :ivar, *STATIC_TYPES
-          yield current if node_match?(current, only)
-        when :if, :masgn, :lvasgn
-          # first child is ignored as it does not contain return values
-          # for example, in `foo ? x : y` we only care about x and y, not foo
-          each_child_node(current, range: 1..-1) do |child|
-            each_return_value_recursive(child, only: only, &block)
-          end
-        else
-          each_child_node(current) do |child|
-            each_return_value_recursive(child, only: only, &block)
-          end
-        end
-      end
-
-      def static_value?
-        returns = []
-        each_return_value_recursive do |node|
-          returns << node
-        end
-        return false if returns.size == 0
-        returns.each do |node|
-          if STATIC_TYPES.include?(node.type)
-            next
-          elsif node.type == :dstr
-            each_child_node(node) do |child|
-              return false if child.type != :str
-            end
-          else
-            return false
-          end
-        end
-        true
-      end
-
-      def calls
-        calls = []
-        each_return_value_recursive(only: [:send, :csend]) do |node|
-          calls << MethodCall.from_ast_node(node)
-        end
-        calls
-      end
-    end
-  end
-end

data/test/better_html/test_helper/ruby_expr_test.rb

@@ -1,283 +0,0 @@
-require 'test_helper'
-require 'better_html/test_helper/ruby_expr'
-
-module BetterHtml
-  module TestHelper
-    class RubyExprTest < ActiveSupport::TestCase
-      test "simple call" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance call" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo.bar")
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:send, nil, :foo)', expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance call with arguments" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo(x).bar")
-        assert_equal 1, expr.calls.size
-        assert_equal "s(:send, nil, :foo,\n  s(:send, nil, :x))", expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance call with parenthesis" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("(foo).bar")
-        assert_equal 1, expr.calls.size
-        assert_equal "s(:begin,\n  s(:send, nil, :foo))", expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance call with parenthesis 2" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("(foo)")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "command call" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo bar")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal '[s(:send, nil, :bar)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "command call with block" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo bar do")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal '[s(:send, nil, :bar)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "call with parameters" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo(bar)")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal '[s(:send, nil, :bar)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance call with parameters" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo.bar(baz, x)")
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:send, nil, :foo)', expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal '[s(:send, nil, :baz), s(:send, nil, :x)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "call with parameters with if conditional modifier" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo(bar) if something?")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal '[s(:send, nil, :bar)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "call with parameters with unless conditional modifier" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("foo(bar) unless something?")
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :foo, expr.calls.first.method
-        assert_equal '[s(:send, nil, :bar)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "expression call in ternary" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("something? ? foo : bar")
-        assert_equal 2, expr.calls.size
-        refute_predicate expr, :static_value?
-
-        assert_nil expr.calls[0].instance
-        assert_equal :foo, expr.calls[0].method
-        assert_equal [], expr.calls[0].arguments
-
-        assert_nil expr.calls[1].instance
-        assert_equal :bar, expr.calls[1].method
-        assert_equal [], expr.calls[1].arguments
-      end
-
-      test "expression call with args in ternary" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("something? ? foo(x) : bar(x)")
-        assert_equal 2, expr.calls.size
-
-        assert_nil expr.calls[0].instance
-        assert_equal :foo, expr.calls[0].method
-        assert_equal '[s(:send, nil, :x)]', expr.calls[0].arguments.inspect
-
-        assert_nil expr.calls[1].instance
-        assert_equal :bar, expr.calls[1].method
-        assert_equal '[s(:send, nil, :x)]', expr.calls[1].arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "string without interpolation" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('"foo"')
-        assert_equal 0, expr.calls.size
-        assert_predicate expr, :static_value?
-      end
-
-      test "string with interpolation" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('"foo #{bar}"')
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "ternary in string with interpolation" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('"foo #{foo? ? bar : baz}"')
-        assert_equal 2, expr.calls.size
-
-        assert_nil expr.calls.first.instance
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-
-        assert_nil expr.calls.last.instance
-        assert_equal :baz, expr.calls.last.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "assignment to variable" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('x = foo.bar')
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:send, nil, :foo)', expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "assignment to variable with command call" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('raw x = foo.bar')
-        assert_equal 1, expr.calls.size
-        assert_nil expr.calls.first.instance
-        assert_equal :raw, expr.calls.first.method
-        assert_equal "[s(:lvasgn, :x,\n  s(:send,\n    s(:send, nil, :foo), :bar))]", expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "assignment with instance call" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('(x = foo).bar')
-        assert_equal 1, expr.calls.size
-        assert_equal "s(:begin,\n  s(:lvasgn, :x,\n    s(:send, nil, :foo)))", expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "assignment to multiple variables" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('x, y = foo.bar')
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:send, nil, :foo)', expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "safe navigation operator" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('foo&.bar')
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:send, nil, :foo)', expr.calls[0].instance.inspect
-        assert_equal :bar, expr.calls[0].method
-        assert_equal [], expr.calls[0].arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance variable" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('@foo')
-        assert_equal 0, expr.calls.size
-        refute_predicate expr, :static_value?
-      end
-
-      test "instance method on variable" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('@foo.bar')
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:ivar, :@foo)', expr.calls.first.instance.inspect
-        assert_equal :bar, expr.calls.first.method
-        assert_equal [], expr.calls.first.arguments
-        refute_predicate expr, :static_value?
-      end
-
-      test "index into array" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('local_assigns[:text_class] if local_assigns[:text_class]')
-        assert_equal 1, expr.calls.size
-        assert_equal 's(:send, nil, :local_assigns)', expr.calls.first.instance.inspect
-        assert_equal :[], expr.calls.first.method
-        assert_equal '[s(:sym, :text_class)]', expr.calls.first.arguments.inspect
-        refute_predicate expr, :static_value?
-      end
-
-      test "static_value? for ivar" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('@foo')
-        refute_predicate expr, :static_value?
-      end
-
-      test "static_value? for str" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("'str'")
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? for int" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("1")
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? for bool" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("true")
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? for nil" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse("nil")
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? for dstr without interpolate" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('"str"')
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? for dstr with interpolate" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('"str #{foo}"')
-        refute_predicate expr, :static_value?
-      end
-
-      test "static_value? with safe ternary" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('foo ? \'a\' : \'b\'')
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? with safe conditional" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('\'foo\' if bar?')
-        assert_predicate expr, :static_value?
-      end
-
-      test "static_value? with safe assignment" do
-        expr = BetterHtml::TestHelper::RubyExpr.parse('x = \'foo\'')
-        assert_predicate expr, :static_value?
-      end
-    end
-  end
-end