clean_room 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +8 -8
- data/clean_room.gemspec +2 -3
- data/lib/clean_room.rb +2 -0
- data/lib/clean_room/air_lock.rb +5 -0
- data/lib/clean_room/dsl.rb +5 -5
- data/lib/clean_room/version.rb +1 -1
- data/test/clean_room_test.rb +29 -17
- metadata +9 -9
data/README.md
CHANGED
@@ -26,14 +26,14 @@ CleanRoom accepts any attributes for which readers and writers are available. Th
|
|
26
26
|
* html: allow the tags as by Sanitize::Config::RELAXED
|
27
27
|
|
28
28
|
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
29
|
+
class SanitizedAttributes
|
30
|
+
attr_accessor :normal, :strict, :very_strict, :simple_html, :html
|
31
|
+
|
32
|
+
sanitize_attribute :normal
|
33
|
+
sanitize_attribute :strict, allow: :strict, character_class: "a-z"
|
34
|
+
sanitize_attribute :simple_html, allow: :simple_html
|
35
|
+
sanitize_attribute :html, allow: :html
|
36
|
+
end
|
37
37
|
|
38
38
|
|
39
39
|
## Contributing
|
data/clean_room.gemspec
CHANGED
@@ -13,9 +13,8 @@ Gem::Specification.new do |gem|
|
|
13
13
|
gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
14
14
|
gem.name = "clean_room"
|
15
15
|
gem.require_paths = ["lib"]
|
16
|
+
gem.version = CleanRoom::VERSION
|
16
17
|
|
17
|
-
gem.add_runtime_dependency "activesupport", ">= 3.0.0"
|
18
18
|
gem.add_runtime_dependency "sanitize", ">= 2.0.0"
|
19
|
-
|
20
|
-
gem.version = CleanRoom::VERSION
|
19
|
+
gem.add_runtime_dependency "sanitize-url", ">= 0.1.4"
|
21
20
|
end
|
data/lib/clean_room.rb
CHANGED
data/lib/clean_room/air_lock.rb
CHANGED
@@ -1,7 +1,10 @@
|
|
1
1
|
require 'sanitize'
|
2
|
+
require 'sanitize-url'
|
2
3
|
|
3
4
|
module CleanRoom
|
4
5
|
class AirLock
|
6
|
+
include SanitizeUrl
|
7
|
+
|
5
8
|
def shower(value, options)
|
6
9
|
if value
|
7
10
|
allow = options[:allow] || :plain_text
|
@@ -14,6 +17,8 @@ module CleanRoom
|
|
14
17
|
when :strict
|
15
18
|
regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
|
16
19
|
Sanitize.clean(value).gsub(regex, "")
|
20
|
+
when :url
|
21
|
+
sanitize_url(value)
|
17
22
|
else
|
18
23
|
Sanitize.clean(value)
|
19
24
|
end
|
data/lib/clean_room/dsl.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
module CleanRoom
|
2
2
|
module DSL
|
3
|
-
extend ActiveSupport::Concern
|
4
3
|
|
5
|
-
included
|
6
|
-
|
4
|
+
def self.included(base)
|
5
|
+
base.extend ClassMethods
|
6
|
+
base.sanitizable_attributes = {}
|
7
7
|
|
8
|
-
if respond_to? :before_save
|
9
|
-
before_save :sanitize_attributes
|
8
|
+
if base.respond_to? :before_save
|
9
|
+
base.before_save :sanitize_attributes
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
data/lib/clean_room/version.rb
CHANGED
data/test/clean_room_test.rb
CHANGED
@@ -30,30 +30,42 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
30
30
|
attribute_test(:simple_html, "<b>Test-tesT</b>", "<b>Test-tesT</b>")
|
31
31
|
attribute_test(:simple_html, "<b>Test-tesT</b><div>block</div><table><tr><td>table</td></tr></table>", "<b>Test-tesT</b> block table")
|
32
32
|
attribute_test(:html, "<b>Test-tesT</b><div>block</div><table><tr><td>table</td></tr></table>", "<b>Test-tesT</b> block <table><tr><td>table</td></tr></table>")
|
33
|
+
attribute_test(:url, "www.google.com/?q=<script>test</script>", "http://www.google.com/?q=%3Cscript%3Etest%3C/script%3E")
|
33
34
|
end
|
34
35
|
|
35
36
|
|
36
37
|
def attribute_test(field, value_in, value_out)
|
37
|
-
|
38
|
-
|
39
|
-
|
38
|
+
object = object_generator
|
39
|
+
object.send("#{field}=".to_sym, value_in)
|
40
|
+
object.sanitize_attributes
|
41
|
+
assert_equal value_out, object.send(field)
|
40
42
|
end
|
41
43
|
|
42
|
-
def
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
attr_accessor :normal, :strict, :very_strict, :simple_html, :html
|
47
|
-
|
48
|
-
sanitize_attribute :normal
|
49
|
-
sanitize_attribute :strict, allow: :strict
|
50
|
-
sanitize_attribute :very_strict, allow: :strict, character_class: "a-z"
|
51
|
-
sanitize_attribute :simple_html, allow: :simple_html
|
52
|
-
sanitize_attribute :html, allow: :html
|
53
|
-
end
|
44
|
+
def object_generator
|
45
|
+
test_class = Class.new do
|
46
|
+
include CleanRoom::DSL
|
47
|
+
attr_accessor :normal, :strict, :very_strict, :simple_html, :html, :url
|
54
48
|
|
55
|
-
|
49
|
+
sanitize_attribute :normal
|
50
|
+
sanitize_attribute :strict, allow: :strict
|
51
|
+
sanitize_attribute :very_strict, allow: :strict, character_class: "a-z"
|
52
|
+
sanitize_attribute :simple_html, allow: :simple_html
|
53
|
+
sanitize_attribute :html, allow: :html
|
54
|
+
sanitize_attribute :url, allow: :url
|
56
55
|
end
|
57
|
-
|
56
|
+
|
57
|
+
test_class.new
|
58
58
|
end
|
59
|
+
|
60
|
+
|
61
|
+
def test_with_before_save
|
62
|
+
assert_output("sanitize_attributes\n") do
|
63
|
+
test_class = Class.new do
|
64
|
+
def self.before_save(method_name)
|
65
|
+
puts method_name
|
66
|
+
end
|
67
|
+
include CleanRoom::DSL
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
59
71
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clean_room
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -12,27 +12,27 @@ cert_chain: []
|
|
12
12
|
date: 2012-06-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
|
-
name:
|
16
|
-
requirement: &
|
15
|
+
name: sanitize
|
16
|
+
requirement: &70356218609500 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version:
|
21
|
+
version: 2.0.0
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70356218609500
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
|
-
name: sanitize
|
27
|
-
requirement: &
|
26
|
+
name: sanitize-url
|
27
|
+
requirement: &70356218609000 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version:
|
32
|
+
version: 0.1.4
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70356218609000
|
36
36
|
description: Work in progress, this will be a generic attribute sanitizer which can
|
37
37
|
be used for sanitizing models and other objects holding data
|
38
38
|
email:
|