RubyGems - better_html - Versions diffs - 1.0.16 → 2.0.0 - Mend

better_html 1.0.16 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

checksums.yaml +4 -4
data/MIT-LICENSE +1 -0
data/Rakefile +19 -14
data/ext/better_html_ext/better_html.h +1 -0
data/ext/better_html_ext/extconf.rb +16 -0
data/ext/better_html_ext/html_tokenizer.c +12 -0
data/ext/better_html_ext/html_tokenizer.h +7 -0
data/ext/better_html_ext/parser.c +793 -0
data/ext/better_html_ext/parser.h +93 -0
data/ext/better_html_ext/tokenizer.c +717 -0
data/ext/better_html_ext/tokenizer.h +80 -0
data/lib/better_html/ast/iterator.rb +14 -9
data/lib/better_html/ast/node.rb +4 -2
data/lib/better_html/better_erb/erubi_implementation.rb +43 -39
data/lib/better_html/better_erb/runtime_checks.rb +140 -133
data/lib/better_html/better_erb/validated_output_buffer.rb +30 -22
data/lib/better_html/better_erb.rb +58 -54
data/lib/better_html/config.rb +7 -4
data/lib/better_html/errors.rb +4 -2
data/lib/better_html/helpers.rb +7 -3
data/lib/better_html/html_attributes.rb +6 -2
data/lib/better_html/parser.rb +21 -14
data/lib/better_html/railtie.rb +8 -4
data/lib/better_html/test_helper/ruby_node.rb +15 -10
data/lib/better_html/test_helper/safe_erb/allowed_script_type.rb +8 -4
data/lib/better_html/test_helper/safe_erb/base.rb +12 -9
data/lib/better_html/test_helper/safe_erb/no_javascript_tag_helper.rb +7 -3
data/lib/better_html/test_helper/safe_erb/no_statements.rb +7 -3
data/lib/better_html/test_helper/safe_erb/script_interpolation.rb +9 -4
data/lib/better_html/test_helper/safe_erb/tag_interpolation.rb +23 -20
data/lib/better_html/test_helper/safe_erb_tester.rb +33 -31
data/lib/better_html/test_helper/safe_lodash_tester.rb +36 -35
data/lib/better_html/test_helper/safety_error.rb +2 -0
data/lib/better_html/tokenizer/base_erb.rb +14 -10
data/lib/better_html/tokenizer/html_erb.rb +3 -2
data/lib/better_html/tokenizer/html_lodash.rb +22 -14
data/lib/better_html/tokenizer/javascript_erb.rb +3 -1
data/lib/better_html/tokenizer/location.rb +17 -6
data/lib/better_html/tokenizer/token.rb +2 -0
data/lib/better_html/tokenizer/token_array.rb +8 -8
data/lib/better_html/tree/attribute.rb +10 -6
data/lib/better_html/tree/attributes_list.rb +9 -5
data/lib/better_html/tree/tag.rb +10 -6
data/lib/better_html/version.rb +3 -1
data/lib/better_html.rb +19 -17
data/lib/tasks/better_html_tasks.rake +1 -0
metadata +39 -147
data/lib/better_html/better_erb/erubis_implementation.rb +0 -44
data/test/better_html/better_erb/implementation_test.rb +0 -406
data/test/better_html/errors_test.rb +0 -13
data/test/better_html/helpers_test.rb +0 -49
data/test/better_html/parser_test.rb +0 -314
data/test/better_html/test_helper/ruby_node_test.rb +0 -288
data/test/better_html/test_helper/safe_erb/allowed_script_type_test.rb +0 -46
data/test/better_html/test_helper/safe_erb/no_javascript_tag_helper_test.rb +0 -37
data/test/better_html/test_helper/safe_erb/no_statements_test.rb +0 -129
data/test/better_html/test_helper/safe_erb/script_interpolation_test.rb +0 -149
data/test/better_html/test_helper/safe_erb/tag_interpolation_test.rb +0 -303
data/test/better_html/test_helper/safe_lodash_tester_test.rb +0 -90
data/test/better_html/tokenizer/html_erb_test.rb +0 -180
data/test/better_html/tokenizer/html_lodash_test.rb +0 -98
data/test/better_html/tokenizer/location_test.rb +0 -75
data/test/better_html/tokenizer/token_array_test.rb +0 -146
data/test/better_html/tokenizer/token_test.rb +0 -15
data/test/dummy/README.rdoc +0 -28
data/test/dummy/Rakefile +0 -6
data/test/dummy/app/assets/javascripts/application.js +0 -13
data/test/dummy/app/assets/stylesheets/application.css +0 -15
data/test/dummy/app/controllers/application_controller.rb +0 -5
data/test/dummy/app/helpers/application_helper.rb +0 -2
data/test/dummy/app/views/layouts/application.html.erb +0 -14
data/test/dummy/bin/bundle +0 -3
data/test/dummy/bin/rails +0 -4
data/test/dummy/bin/rake +0 -4
data/test/dummy/bin/setup +0 -29
data/test/dummy/config/application.rb +0 -26
data/test/dummy/config/boot.rb +0 -5
data/test/dummy/config/database.yml +0 -25
data/test/dummy/config/environment.rb +0 -5
data/test/dummy/config/environments/development.rb +0 -41
data/test/dummy/config/environments/production.rb +0 -79
data/test/dummy/config/environments/test.rb +0 -42
data/test/dummy/config/initializers/assets.rb +0 -11
data/test/dummy/config/initializers/backtrace_silencers.rb +0 -7
data/test/dummy/config/initializers/cookies_serializer.rb +0 -3
data/test/dummy/config/initializers/filter_parameter_logging.rb +0 -4
data/test/dummy/config/initializers/inflections.rb +0 -16
data/test/dummy/config/initializers/mime_types.rb +0 -4
data/test/dummy/config/initializers/session_store.rb +0 -3
data/test/dummy/config/initializers/wrap_parameters.rb +0 -14
data/test/dummy/config/locales/en.yml +0 -23
data/test/dummy/config/routes.rb +0 -56
data/test/dummy/config/secrets.yml +0 -22
data/test/dummy/config.ru +0 -4
data/test/dummy/public/404.html +0 -67
data/test/dummy/public/422.html +0 -67
data/test/dummy/public/500.html +0 -66
data/test/dummy/public/favicon.ico +0 -0
data/test/test_helper.rb +0 -29

data/test/better_html/better_erb/implementation_test.rb DELETED Viewed

@@ -1,406 +0,0 @@
-require 'test_helper'
-require 'ostruct'
-require 'better_html/better_erb'
-require 'json'
-class BetterHtml::BetterErb::ImplementationTest < ActiveSupport::TestCase
-  test "simple template rendering" do
-    assert_equal "<foo>some value<foo>",
-      render("<foo><%= bar %><foo>", locals: { bar: 'some value' })
-  end
-  test "html_safe interpolation" do
-    assert_equal "<foo><bar /><foo>",
-      render("<foo><%= bar %><foo>", locals: { bar: '<bar />'.html_safe })
-  end
-  test "non html_safe interpolation" do
-    assert_equal "<foo>&lt;bar /&gt;<foo>",
-      render("<foo><%= bar %><foo>", locals: { bar: '<bar />' })
-  end
-  test "interpolate non-html_safe inside attribute is escaped" do
-    assert_equal "<a href=\" &#39;&quot;&gt;x \">",
-      render("<a href=\"<%= value %>\">", locals: { value: ' \'">x ' })
-  end
-  test "interpolate html_safe inside attribute is magically force-escaped" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<a href=\"<%= value %>\">", locals: { value: ' \'">x '.html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a quoted attribute value. The value cannot contain the character \".", e.message
-  end
-  test "interpolate html_safe inside single quoted attribute" do
-    config = build_config(allow_single_quoted_attributes: true)
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<a href=\'<%= value %>\'>", config: config, locals: { value: ' \'">x '.html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a quoted attribute value. The value cannot contain the character '.", e.message
-  end
-  test "interpolate in attribute name" do
-    assert_equal "<a data-safe-foo>",
-      render("<a data-<%= value %>-foo>", locals: { value: "safe" })
-  end
-  test "interpolate in attribute name with unsafe value with spaces" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<a data-<%= value %>-foo>", locals: { value: "un safe" })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a attribute name around 'data-<%= value %>'.", e.message
-  end
-  test "interpolate in attribute name with unsafe value with equal sign" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<a data-<%= value %>-foo>", locals: { value: "un=safe" })
-    end
-    assert_equal "Detected invalid characters as part of the "\
-      "interpolation into a attribute name around 'data-<%= value %>'.", e.message
-  end
-  test "interpolate in attribute name with unsafe value with quote" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<a data-<%= value %>-foo>", locals: { value: "un\"safe" })
-    end
-    assert_equal "Detected invalid characters as part of the "\
-      "interpolation into a attribute name around 'data-<%= value %>'.", e.message
-  end
-  test "interpolate after an attribute name without a value" do
-    assert_equal '<a data-foo foo="bar">',
-      render("<a data-foo <%= html_attributes(foo: 'bar') %>>")
-  end
-  test "interpolate after an attribute name with equal sign" do
-    config = build_config(allow_unquoted_attributes: true)
-    e = assert_raises(BetterHtml::DontInterpolateHere) do
-      render("<a data-foo= <%= html_attributes(foo: 'bar') %>>", config: config)
-    end
-    assert_equal "Do not interpolate without quotes after "\
-      "attribute around 'data-foo=<%= html_attributes(foo: 'bar') %>'.", e.message
-  end
-  test "interpolate after an attribute value" do
-    e = assert_raises(BetterHtml::DontInterpolateHere) do
-      render("<a foo=\"xx\"<%= html_attributes(foo: 'bar') %>>")
-    end
-    assert_equal "Add a space after this attribute value. "\
-      "Instead of <a foo=\"xx\"<%= html_attributes(foo: 'bar') %>>"\
-      " try <a foo=\"xx\" <%= html_attributes(foo: 'bar') %>>.", e.message
-  end
-  test "interpolate in attribute without quotes" do
-    config = build_config(allow_unquoted_attributes: true)
-    e = assert_raises(BetterHtml::DontInterpolateHere) do
-      render("<a href=<%= value %>>", config: config, locals: { value: "un safe" })
-    end
-    assert_equal "Do not interpolate without quotes after "\
-      "attribute around 'href=<%= value %>'.", e.message
-  end
-  test "interpolate in attribute after value" do
-    config = build_config(allow_unquoted_attributes: true)
-    e = assert_raises(BetterHtml::DontInterpolateHere) do
-      render("<a href=something<%= value %>>", config: config, locals: { value: "" })
-    end
-    assert_equal "Do not interpolate without quotes around this "\
-      "attribute value. Instead of <a href=something<%= value %>> "\
-      "try <a href=\"something<%= value %>\">.", e.message
-  end
-  test "interpolate in tag name" do
-    assert_equal "<tag-safe-foo>",
-      render("<tag-<%= value %>-foo>", locals: { value: "safe" })
-  end
-  test "interpolate in tag name with space" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<tag-<%= value %>-foo>", locals: { value: "un safe" })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a tag name around: <tag-<%= value %>>.", e.message
-  end
-  test "interpolate in tag name with slash" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<tag-<%= value %>-foo>", locals: { value: "un/safe" })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a tag name around: <tag-<%= value %>>.", e.message
-  end
-  test "interpolate in tag name with end of tag" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<tag-<%= value %>-foo>", locals: { value: "><script>" })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a tag name around: <tag-<%= value %>>.", e.message
-  end
-  test "interpolate in comment" do
-    assert_equal "<!-- safe -->",
-      render("<!-- <%= value %> -->", locals: { value: "safe" })
-  end
-  test "interpolate in comment with end-of-comment" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<!-- <%= value %> -->", locals: { value: "-->".html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a html comment around: <!-- <%= value %>.", e.message
-  end
-  test "non html_safe interpolation into comment tag" do
-    assert_equal "<!-- --&gt; -->",
-      render("<!-- <%= value %> -->", locals: { value: '-->' })
-  end
-  test "interpolate in script tag" do
-    assert_equal "<script> foo safe bar<script>",
-      render("<script> foo <%= value %> bar<script>", locals: { value: "safe" })
-  end
-  test "interpolate in script tag with start of comment" do
-    skip "skip for now; causing problems"
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<script> foo <%= value %> bar<script>", locals: { value: "<!--".html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a script tag around: <script> foo <%= value %>. "\
-      "A script tag cannot contain <script or </script anywhere inside of it.", e.message
-  end
-  test "interpolate in script tag with start of script" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<script> foo <%= value %> bar<script>", locals: { value: "<script".html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a script tag around: <script> foo <%= value %>. "\
-      "A script tag cannot contain <script or </script anywhere inside of it.", e.message
-  end
-  test "interpolate in script tag with raw interpolation" do
-    assert_equal "<script> x = \"foo\" </script>",
-      render("<script> x = <%== value %> </script>", locals: { value: JSON.dump("foo") })
-  end
-  test "interpolate in script tag with start of script case insensitive" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<script> foo <%= value %> bar<script>", locals: { value: "<ScRIpT".html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a script tag around: <script> foo <%= value %>. "\
-      "A script tag cannot contain <script or </script anywhere inside of it.", e.message
-  end
-  test "interpolate in script tag with end of script" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<script> foo <%= value %> bar<script>", locals: { value: "</script".html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a script tag around: <script> foo <%= value %>. "\
-      "A script tag cannot contain <script or </script anywhere inside of it.", e.message
-  end
-  test "interpolate html_attributes" do
-    assert_equal "<a foo=\"bar\">",
-      render("<a <%= html_attributes(foo: 'bar') %>>")
-  end
-  test "interpolate without html_attributes" do
-    e = assert_raises(BetterHtml::DontInterpolateHere) do
-      render("<a <%= 'foo=\"bar\"' %>>")
-    end
-    assert_equal "Do not interpolate String in a tag. Instead "\
-      "of <a <%= 'foo=\"bar\"' %>> please try <a <%= html_attributes(attr: value) %>>.", e.message
-  end
-  test "non html_safe interpolation into rawtext tag" do
-    assert_equal "<title>&lt;/title&gt;</title>",
-      render("<title><%= value %></title>", locals: { value: '</title>' })
-  end
-  test "html_safe interpolation into rawtext tag" do
-    assert_equal "<title><safe></title>",
-      render("<title><%= value %></title>", locals: { value: '<safe>'.html_safe })
-  end
-  test "html_safe interpolation terminating the current tag" do
-    e = assert_raises(BetterHtml::UnsafeHtmlError) do
-      render("<title><%= value %></title>", locals: { value: '</title>'.html_safe })
-    end
-    assert_equal "Detected invalid characters as part of the interpolation "\
-      "into a title tag around: <title><%= value %>.", e.message
-  end
-  test "interpolate block in middle of tag" do
-    e = assert_raises(BetterHtml::DontInterpolateHere) do
-      render(<<-HTML)
-        <a href="" <%= something do %>
-          foo
-        <% end %>
-      HTML
-    end
-    assert_equal "Ruby statement not allowed.\n"\
-      "In 'tag' on line 1 column 19:\n"\
-      "        <a href=\"\" <%= something do %>\n"\
-      "                   ^^^^^^^^^^^^^^^^^^^", e.message
-  end
-  test "interpolate with output block is valid syntax" do
-    assert_nothing_raised do
-      render(<<-HTML)
-        <%= capture do %>
-          <foo>
-        <% end %>
-      HTML
-    end
-  end
-  test "interpolate with statement block is valid syntax" do
-    assert_nothing_raised do
-      render(<<-HTML)
-        <% capture do %>
-          <foo>
-        <% end %>
-      HTML
-    end
-  end
-  test "can interpolate method calls without parenthesis" do
-    assert_equal "<div>foo</div>",
-      render("<div><%= send 'value' %></div>", locals: { value: 'foo' })
-  end
-  test "tag names are validated against tag_name_pattern regexp" do
-    e = assert_raises(BetterHtml::HtmlError) do
-      render("<foo~bar></foo~bar>")
-    end
-    assert_equal "Invalid tag name \"foo~bar\" does not match regular expression /\\A[a-z0-9\\-\\:]+\\z/\n"\
-      "On line 1 column 1:\n"\
-      "<foo~bar></foo~bar>\n"\
-      " ^^^^^^^", e.message
-  end
-  test "attribute names are validated against attribute_name_pattern regexp" do
-    e = assert_raises(BetterHtml::HtmlError) do
-      render("<foo bar_baz=\"1\">")
-    end
-    assert_equal "Invalid attribute name \"bar_baz\" does not match regular expression #{build_config.partial_attribute_name_pattern.inspect}\n"\
-      "On line 1 column 5:\n"\
-      "<foo bar_baz=\"1\">\n"\
-      "     ^^^^^^^", e.message
-  end
-  test "single quotes are disallowed when allow_single_quoted_attributes=false" do
-    config = build_config(allow_single_quoted_attributes: false)
-    e = assert_raises(BetterHtml::HtmlError) do
-      render("<foo bar='1'>", config: config)
-    end
-    assert_equal "Single-quoted attributes are not allowed\n"\
-      "On line 1 column 9:\n"\
-      "<foo bar='1'>\n"\
-      "         ^", e.message
-  end
-  test "single quotes are allowed when allow_single_quoted_attributes=true" do
-    config = build_config(allow_single_quoted_attributes: true)
-    assert_nothing_raised do
-      render("<foo bar='1'>", config: config)
-    end
-  end
-  test "unquoted values are disallowed when allow_unquoted_attributes=false" do
-    config = build_config(allow_unquoted_attributes: false)
-    e = assert_raises(BetterHtml::HtmlError) do
-      render("<foo bar=1>", config: config)
-    end
-    assert_equal "Unquoted attribute values are not allowed\n"\
-      "On line 1 column 9:\n"\
-      "<foo bar=1>\n"\
-      "         ^", e.message
-  end
-  test "unquoted values are allowed when allow_unquoted_attributes=true" do
-    config = build_config(allow_unquoted_attributes: true)
-    assert_nothing_raised do
-      render("<foo bar=1>", config: config)
-    end
-  end
-  test "capture works as intended" do
-    output = render(<<-HTML)
-      <%- foo = capture do -%>
-        <foo>
-      <%- end -%>
-      <bar><%= foo %></bar>
-    HTML
-    assert_equal "      <bar>        <foo>\n</bar>\n", output
-  end
-  test "validate! raises when tag is not terminated at end of document" do
-    document = compile("<foo")
-    e = assert_raises(BetterHtml::HtmlError) do
-      document.validate!
-    end
-    assert_equal "Detected an open tag at the end of this document.", e.message
-  end
-  test "validate! raises when rawtext tag is not terminated at end of document" do
-    document = compile("<script>")
-    e = assert_raises(BetterHtml::HtmlError) do
-      document.validate!
-    end
-    assert_equal "Detected an open tag at the end of this document.", e.message
-  end
-  test "validate! raises parsing error for attribute name" do
-    document = compile("<foo bar~baz=\"1\">")
-    e = assert_raises(BetterHtml::HtmlError) do
-      document.validate!
-    end
-    assert_equal "expected whitespace, '>', attribute name or value\n"\
-      "On line 1 column 8:\n"\
-      "<foo bar~baz=\"1\">\n"\
-      "        ^^^^^^^^^", e.message
-  end
-  private
-  class ViewContext < OpenStruct
-    include(ActionView::Helpers)
-    include(BetterHtml::Helpers)
-    attr_accessor :output_buffer
-    def get_binding
-      binding
-    end
-  end
-  def build_config(**options)
-    BetterHtml::Config.new(**options)
-  end
-  def render(source, config: build_config, locals: {})
-    context = ViewContext.new(locals)
-    impl = compile(source, config: config)
-    if ActionView.version < Gem::Version.new("5.1")
-      impl.result(context.get_binding)
-    else
-      impl.evaluate(context)
-    end
-  end
-  def compile(source, config: build_config)
-    if ActionView.version < Gem::Version.new("5.1")
-      BetterHtml::BetterErb::ErubisImplementation.new(source, config: config)
-    else
-      BetterHtml::BetterErb::ErubiImplementation.new(source, config: config)
-    end
-  end
-end

data/test/better_html/errors_test.rb DELETED Viewed

@@ -1,13 +0,0 @@
-require 'test_helper'
-require 'better_html/errors'
-module BetterHtml
-  class ErrorsTest < ActiveSupport::TestCase
-    test "add" do
-      e = Errors.new
-      e.add("foo")
-      assert_equal 1, e.size
-      assert_equal "foo", e.first
-    end
-  end
-end

data/test/better_html/helpers_test.rb DELETED Viewed

@@ -1,49 +0,0 @@
-require 'test_helper'
-class BetterHtml::HelpersTest < ActiveSupport::TestCase
-  include BetterHtml::Helpers
-  test "html_attributes return a HtmlAttributes object" do
-    assert_equal BetterHtml::HtmlAttributes, html_attributes(foo: "bar").class
-  end
-  test "html_attributes are formatted as string" do
-    assert_equal 'foo="bar" baz="qux"',
-      html_attributes(foo: "bar", baz: "qux").to_s
-  end
-  test "html_attributes keys cannot contain invalid characters" do
-    e = assert_raises(ArgumentError) do
-      html_attributes("invalid key": "bar", baz: "qux").to_s
-    end
-    assert_equal "Attribute names must match the pattern /\\A[a-zA-Z0-9\\-\\:]+\\z/", e.message
-  end
-  test "#html_attributes does not accept incorrectly escaped html_safe values" do
-    e = assert_raises(ArgumentError) do
-      html_attributes('something': 'with "> double quote'.html_safe).to_s
-    end
-    assert_equal "The value provided for attribute 'something' contains a `\"` character which is not allowed. "\
-      "Did you call .html_safe without properly escaping this data?", e.message
-  end
-  test "#html_attributes accepts correctly escaped html_safe values" do
-    assert_equal 'something="with &quot;&gt; double quote"',
-      html_attributes('something': CGI.escapeHTML('with "> double quote').html_safe).to_s
-  end
-  test "#html_attributes escapes non-html_safe values" do
-    assert_equal 'something="with &quot;&gt; double quote"',
-      html_attributes('something': 'with "> double quote').to_s
-  end
-  test "#html_attributes accepts nil values as value-less attributes" do
-    assert_equal 'data-thing data-other-thing',
-      html_attributes('data-thing': nil, 'data-other-thing': nil).to_s
-  end
-  test "#html_attributes empty string value is output" do
-    assert_equal 'data-thing="" data-other-thing=""',
-      html_attributes('data-thing': "", 'data-other-thing': "").to_s
-  end
-end