concerto_simple_rss 0.2 → 0.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 49f9ee281528a7cd9f9dc486e016c0c8fc18d1f1
|
4
|
+
data.tar.gz: 9029aa1ba7de5a5bd50d298d4da9bfce1d02a058
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 33e24a4b172fbbe03c6447c35b9f92f6dc886952269a2a41bb47decc27299cb4e7af9a542fbcede282ae170c0599439362e7940fa50dd1ebdbe4b5f0075f18c0
|
7
|
+
data.tar.gz: 8eb1e6a38caa1c4b1aa9a32bd173b79061059f5ac3597fb52814d7fcbc642f445deb3e652e7f9ae68566ef98fc83a9c051e06cb2ffe73a02a1b3bc28d21076e9
|
@@ -16,6 +16,7 @@ function previewSimpleRss() {
|
|
16
16
|
max_items = $('input#simple_rss_config_max_items').val();
|
17
17
|
reverse_order = $('select#simple_rss_config_reverse_order').val();
|
18
18
|
xsl = $('textarea#simple_rss_config_xsl').val();
|
19
|
+
sanitize_tags = $('input#simple_rss_config_sanitize_tags').val();
|
19
20
|
if (max_items == '') {
|
20
21
|
max_items = '0';
|
21
22
|
}
|
@@ -24,7 +25,8 @@ function previewSimpleRss() {
|
|
24
25
|
output_format: output_format,
|
25
26
|
max_items: max_items,
|
26
27
|
reverse_order: reverse_order,
|
27
|
-
xsl: xsl
|
28
|
+
xsl: xsl,
|
29
|
+
sanitize_tags: sanitize_tags
|
28
30
|
}, type: 'SimpleRss' });
|
29
31
|
}
|
30
32
|
}
|
@@ -42,6 +44,7 @@ function initializeSimpleRssHandlers() {
|
|
42
44
|
$('input#simple_rss_config_max_items').on('blur', previewSimpleRss);
|
43
45
|
$('select#simple_rss_config_reverse_order').on('change', previewSimpleRss);
|
44
46
|
$('textarea#simple_rss_config_xsl').on('blur', previewSimpleRss);
|
47
|
+
$('input#simple_rss_config_sanitize_tags').on('blur', previewSimpleRss);
|
45
48
|
|
46
49
|
initializedSimpleRssHandlers = true;
|
47
50
|
}
|
data/app/models/simple_rss.rb
CHANGED
@@ -24,14 +24,14 @@ class SimpleRss < DynamicContent
|
|
24
24
|
feed_items.each_slice(5).with_index do |items, index|
|
25
25
|
htmltext = HtmlText.new()
|
26
26
|
htmltext.name = "#{feed_title} (#{index+1})"
|
27
|
-
htmltext.data = "<h1>#{feed_title}</h1> #{items_to_html(items, type)}"
|
27
|
+
htmltext.data = sanitize("<h1>#{feed_title}</h1> #{items_to_html(items, type)}")
|
28
28
|
contents << htmltext
|
29
29
|
end
|
30
30
|
when 'detailed'
|
31
31
|
feed_items.each_with_index do |item, index|
|
32
32
|
htmltext = HtmlText.new()
|
33
33
|
htmltext.name = "#{feed_title} (#{index+1})"
|
34
|
-
htmltext.data = item_to_html(item, type)
|
34
|
+
htmltext.data = sanitize(item_to_html(item, type))
|
35
35
|
contents << htmltext
|
36
36
|
end
|
37
37
|
when 'xslt'
|
@@ -66,28 +66,12 @@ class SimpleRss < DynamicContent
|
|
66
66
|
# by adding the bogus namespace http://concerto.functions
|
67
67
|
# A nodeset comes in as an array of REXML::Elements
|
68
68
|
XML::XSLT.registerExtFunc("http://concerto.functions", "replace") do |nodes, pattern, replacement|
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
begin
|
73
|
-
# this will only work with nodesets for now
|
74
|
-
re_pattern = Regexp.new(pattern)
|
75
|
-
if nodes.is_a?(Array) && nodes.count > 0 && nodes.first.is_a?(REXML::Element)
|
76
|
-
nodes.each do |node|
|
77
|
-
s = node.to_s
|
78
|
-
r = s.gsub(re_pattern, replacement)
|
79
|
-
result << REXML::Document.new(r)
|
80
|
-
end
|
81
|
-
elsif nodes.is_a?(String)
|
82
|
-
result = nodes.gsub(re_pattern, replacement)
|
83
|
-
else
|
84
|
-
# dont know how to handle this
|
85
|
-
Rails.logger.info "I'm sorry, but the xsl external function replace does not know how to handle this type #{nodes.class}"
|
86
|
-
end
|
87
|
-
rescue => e
|
88
|
-
Rails.logger.error "there was a problem replacing #{pattern} with #{replacement} - #{e.message}"
|
89
|
-
end
|
69
|
+
result = xslt_replace(nodes, pattern, replacement)
|
70
|
+
result
|
71
|
+
end
|
90
72
|
|
73
|
+
XML::XSLT.registerExtFunc("http://schemas.concerto-signage.org/functions", "replace") do |nodes, pattern, replacement|
|
74
|
+
result = xslt_replace(nodes, pattern, replacement)
|
91
75
|
result
|
92
76
|
end
|
93
77
|
|
@@ -102,14 +86,15 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
102
86
|
if nodes.count == 0
|
103
87
|
htmltext = HtmlText.new()
|
104
88
|
htmltext.name = "#{feed_title}"
|
105
|
-
htmltext.data = data
|
89
|
+
htmltext.data = sanitize(data)
|
106
90
|
contents << htmltext
|
107
91
|
else
|
108
92
|
# if there are any content-items then add each one as a separate content
|
93
|
+
# and strip off the content-item wrapper
|
109
94
|
nodes.each do |n|
|
110
95
|
htmltext = HtmlText.new()
|
111
96
|
htmltext.name = "#{feed_title}"
|
112
|
-
htmltext.data = n.to_s
|
97
|
+
htmltext.data = sanitize(n.to_s.gsub(/^\s*\<content-item\>/, '').gsub(/\<\/content-item\>\s*$/,''))
|
113
98
|
contents << htmltext
|
114
99
|
end
|
115
100
|
end
|
@@ -119,7 +104,7 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
119
104
|
# add the whole result as one content
|
120
105
|
htmltext = HtmlText.new()
|
121
106
|
htmltext.name = "#{feed_title}"
|
122
|
-
htmltext.data = data
|
107
|
+
htmltext.data = sanitize(data)
|
123
108
|
contents << htmltext
|
124
109
|
end
|
125
110
|
else
|
@@ -133,6 +118,32 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
133
118
|
return contents
|
134
119
|
end
|
135
120
|
|
121
|
+
def xslt_replace(nodes, pattern, replacement)
|
122
|
+
#Rails.logger.debug("pattern = #{pattern}")
|
123
|
+
#Rails.logger.debug("replacement = #{replacement}")
|
124
|
+
result = []
|
125
|
+
begin
|
126
|
+
# this will only work with nodesets for now
|
127
|
+
re_pattern = Regexp.new(pattern)
|
128
|
+
if nodes.is_a?(Array) && nodes.count > 0 && nodes.first.is_a?(REXML::Element)
|
129
|
+
nodes.each do |node|
|
130
|
+
s = node.to_s
|
131
|
+
r = s.gsub(re_pattern, replacement)
|
132
|
+
result << REXML::Document.new(r)
|
133
|
+
end
|
134
|
+
elsif nodes.is_a?(String)
|
135
|
+
result = nodes.gsub(re_pattern, replacement)
|
136
|
+
else
|
137
|
+
# dont know how to handle this
|
138
|
+
Rails.logger.info "I'm sorry, but the xsl external function replace does not know how to handle this type #{nodes.class}"
|
139
|
+
end
|
140
|
+
rescue => e
|
141
|
+
Rails.logger.error "there was a problem replacing #{pattern} with #{replacement} - #{e.message}"
|
142
|
+
end
|
143
|
+
|
144
|
+
result
|
145
|
+
end
|
146
|
+
|
136
147
|
# fetch the feed, return the type, title, and contents (parsed) and raw feed (unparsed)
|
137
148
|
def fetch_feed(url)
|
138
149
|
require 'rss'
|
@@ -211,7 +222,7 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
211
222
|
# Simple RSS processing needs a feed URL and the format of the output content.
|
212
223
|
def self.form_attributes
|
213
224
|
attributes = super()
|
214
|
-
attributes.concat([:config => [:url, :output_format, :reverse_order, :max_items, :xsl]])
|
225
|
+
attributes.concat([:config => [:url, :output_format, :reverse_order, :max_items, :xsl, :sanitize_tags]])
|
215
226
|
end
|
216
227
|
|
217
228
|
# if the feed is valid we store the title in config
|
@@ -272,6 +283,7 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
272
283
|
o.config['max_items'] = data[:max_items]
|
273
284
|
o.config['reverse_order'] = data[:reverse_order]
|
274
285
|
o.config['xsl'] = data[:xsl]
|
286
|
+
o.config['sanitize_tags'] = data[:sanitize_tags]
|
275
287
|
results = o.build_content.first.data
|
276
288
|
rescue => e
|
277
289
|
results = "Unable to preview. #{e.message}"
|
@@ -280,4 +292,14 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
280
292
|
return results
|
281
293
|
end
|
282
294
|
|
295
|
+
def sanitize(html)
|
296
|
+
if self.config.include?('sanitize_tags') and !self.config['sanitize_tags'].empty?
|
297
|
+
whitelist = ActionView::Base.sanitized_allowed_tags
|
298
|
+
blacklist = self.config['sanitize_tags'].split(" ")
|
299
|
+
|
300
|
+
html = ActionController::Base.helpers.sanitize(html, :tags => (whitelist - blacklist))
|
301
|
+
end
|
302
|
+
html
|
303
|
+
end
|
304
|
+
|
283
305
|
end
|
@@ -33,5 +33,11 @@
|
|
33
33
|
<%= config.text_area :xsl, :class => "span12", :rows =>4, :value => @content.config['xsl'] %>
|
34
34
|
</div>
|
35
35
|
</div>
|
36
|
+
<div class="clearfix" id="simple_rss_sanitize_tags">
|
37
|
+
<%= label_tooltip "simple_rss", :sanitize_tags, 'Blacklisted HTML Tags for Sanitization', :tip => "Whitelist includes #{[*ActionView::Base.sanitized_allowed_tags].join ' '}" %>
|
38
|
+
<div class="input">
|
39
|
+
<%= config.text_field :sanitize_tags, :class => "input-xxlarge", :placeholder => 'img a', :value => @content.config['sanitize_tags'] %>
|
40
|
+
</div>
|
41
|
+
</div>
|
36
42
|
<% end %>
|
37
43
|
</fieldset>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: concerto_simple_rss
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.3'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Michalski
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-06-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|