better_html 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/better_html/parser.rb +2 -0
- data/lib/better_html/test_helper/safe_erb/tag_interpolation.rb +9 -3
- data/lib/better_html/test_helper/safe_erb_tester.rb +3 -1
- data/lib/better_html/tree/attribute.rb +5 -1
- data/lib/better_html/tree/tag.rb +1 -1
- data/lib/better_html/version.rb +1 -1
- data/test/better_html/parser_test.rb +23 -0
- data/test/better_html/test_helper/safe_erb/tag_interpolation_test.rb +8 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 120de12348f0595aba1d9966e7643111a25e8ef8
|
|
4
|
+
data.tar.gz: 1d1dd0f4e7e572392e51aa38186bf9bc5973d96c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3dcc692abe303950c191c74e3ed9b03481d13721416012ee7760e3b7b03830ef2199fc5d685200272d11fff02384f6394c926419b27243588d9b128981fb4ae4
|
|
7
|
+
data.tar.gz: 83e8cfdbce133bad899a7d4b079e25424f0673c36f6bff6d78577a4822473e0da10027bd9023277775babeee1f50dc2dcd84a4edffd115820a064f44aa4f2429
|
data/lib/better_html/parser.rb
CHANGED
|
@@ -143,6 +143,8 @@ module BetterHtml
|
|
|
143
143
|
attributes_tokens << build_attribute_node(tokens)
|
|
144
144
|
elsif tokens.current.type == :attribute_quoted_value_start
|
|
145
145
|
attributes_tokens << build_nameless_attribute_node(tokens)
|
|
146
|
+
elsif tokens.current.type == :erb_begin
|
|
147
|
+
attributes_tokens << build_erb_node(tokens)
|
|
146
148
|
else
|
|
147
149
|
# todo: warn about ignored things
|
|
148
150
|
tokens.shift
|
|
@@ -5,6 +5,12 @@ module BetterHtml
|
|
|
5
5
|
module TestHelper
|
|
6
6
|
module SafeErb
|
|
7
7
|
class TagInterpolation < Base
|
|
8
|
+
|
|
9
|
+
NO_HTML_TAGS = %w(
|
|
10
|
+
title textarea script
|
|
11
|
+
style xmp iframe noembed noframes listing plaintext
|
|
12
|
+
)
|
|
13
|
+
|
|
8
14
|
def validate
|
|
9
15
|
@parser.nodes_with_type(:tag).each do |tag_node|
|
|
10
16
|
tag = Tree::Tag.from_node(tag_node)
|
|
@@ -14,20 +20,20 @@ module BetterHtml
|
|
|
14
20
|
end
|
|
15
21
|
|
|
16
22
|
@parser.nodes_with_type(:text).each do |node|
|
|
17
|
-
validate_text_node(node) unless
|
|
23
|
+
validate_text_node(node) unless no_html_tag?(node)
|
|
18
24
|
end
|
|
19
25
|
end
|
|
20
26
|
|
|
21
27
|
private
|
|
22
28
|
|
|
23
|
-
def
|
|
29
|
+
def no_html_tag?(node)
|
|
24
30
|
ast = @parser.ast.to_a
|
|
25
31
|
index = ast.find_index(node)
|
|
26
32
|
return unless (previous_node = ast[index - 1])
|
|
27
33
|
return unless previous_node.type == :tag
|
|
28
34
|
|
|
29
35
|
tag = BetterHtml::Tree::Tag.from_node(previous_node)
|
|
30
|
-
tag.name
|
|
36
|
+
NO_HTML_TAGS.include?(tag.name) && !tag.closing?
|
|
31
37
|
end
|
|
32
38
|
|
|
33
39
|
def validate_attribute(attribute)
|
|
@@ -43,9 +43,11 @@ EOF
|
|
|
43
43
|
SafeErb::NoStatements,
|
|
44
44
|
SafeErb::AllowedScriptType,
|
|
45
45
|
SafeErb::NoJavascriptTagHelper,
|
|
46
|
-
SafeErb::TagInterpolation,
|
|
47
46
|
SafeErb::ScriptInterpolation,
|
|
48
47
|
]
|
|
48
|
+
if options[:template_language] == :html
|
|
49
|
+
tester_classes << SafeErb::TagInterpolation
|
|
50
|
+
end
|
|
49
51
|
|
|
50
52
|
testers = tester_classes.map do |tester_klass|
|
|
51
53
|
tester = tester_klass.new(parser)
|
|
@@ -7,13 +7,17 @@ module BetterHtml
|
|
|
7
7
|
|
|
8
8
|
def initialize(node)
|
|
9
9
|
@node = node
|
|
10
|
-
@name_node, @equal_node, @value_node = *node
|
|
10
|
+
@name_node, @equal_node, @value_node = *node if @node.type == :attribute
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def self.from_node(node)
|
|
14
14
|
new(node)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
+
def erb?
|
|
18
|
+
@node.type == :erb
|
|
19
|
+
end
|
|
20
|
+
|
|
17
21
|
def loc
|
|
18
22
|
@node.loc
|
|
19
23
|
end
|
data/lib/better_html/tree/tag.rb
CHANGED
data/lib/better_html/version.rb
CHANGED
|
@@ -125,6 +125,29 @@ module BetterHtml
|
|
|
125
125
|
)), tree.ast
|
|
126
126
|
end
|
|
127
127
|
|
|
128
|
+
test "consume tag attributes with erb" do
|
|
129
|
+
tree = Parser.new("<div class=foo <%= erb %> name=bar>")
|
|
130
|
+
assert_equal s(:document,
|
|
131
|
+
s(:tag, nil,
|
|
132
|
+
s(:tag_name, "div"),
|
|
133
|
+
s(:tag_attributes,
|
|
134
|
+
s(:attribute,
|
|
135
|
+
s(:attribute_name, "class"),
|
|
136
|
+
s(:equal),
|
|
137
|
+
s(:attribute_value, "foo")
|
|
138
|
+
),
|
|
139
|
+
s(:erb, s(:indicator, "="), nil,
|
|
140
|
+
s(:code, " erb "), nil),
|
|
141
|
+
s(:attribute,
|
|
142
|
+
s(:attribute_name, "name"),
|
|
143
|
+
s(:equal),
|
|
144
|
+
s(:attribute_value, "bar")
|
|
145
|
+
),
|
|
146
|
+
),
|
|
147
|
+
nil
|
|
148
|
+
)), tree.ast
|
|
149
|
+
end
|
|
150
|
+
|
|
128
151
|
test "consume tag attributes nodes unquoted value" do
|
|
129
152
|
tree = Parser.new("<div foo=bar>")
|
|
130
153
|
assert_equal s(:document,
|
|
@@ -20,6 +20,14 @@ module BetterHtml
|
|
|
20
20
|
assert_equal 0, errors.size
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
test "raw in <style> tag" do
|
|
24
|
+
errors = validate(<<-EOF).errors
|
|
25
|
+
<style>@import url(<%= raw url_for("all.css") %>);</style>
|
|
26
|
+
EOF
|
|
27
|
+
|
|
28
|
+
assert_equal 0, errors.size
|
|
29
|
+
end
|
|
30
|
+
|
|
23
31
|
test "html_safe in <script> tag" do
|
|
24
32
|
errors = validate(<<-EOF).errors
|
|
25
33
|
<script>var myData = <%= foo.to_json.html_safe %>;</script>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: better_html
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Francois Chagnon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-01-
|
|
11
|
+
date: 2018-01-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ast
|