concerto_simple_rss 0.2 → 0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 49f9ee281528a7cd9f9dc486e016c0c8fc18d1f1
|
|
4
|
+
data.tar.gz: 9029aa1ba7de5a5bd50d298d4da9bfce1d02a058
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 33e24a4b172fbbe03c6447c35b9f92f6dc886952269a2a41bb47decc27299cb4e7af9a542fbcede282ae170c0599439362e7940fa50dd1ebdbe4b5f0075f18c0
|
|
7
|
+
data.tar.gz: 8eb1e6a38caa1c4b1aa9a32bd173b79061059f5ac3597fb52814d7fcbc642f445deb3e652e7f9ae68566ef98fc83a9c051e06cb2ffe73a02a1b3bc28d21076e9
|
|
@@ -16,6 +16,7 @@ function previewSimpleRss() {
|
|
|
16
16
|
max_items = $('input#simple_rss_config_max_items').val();
|
|
17
17
|
reverse_order = $('select#simple_rss_config_reverse_order').val();
|
|
18
18
|
xsl = $('textarea#simple_rss_config_xsl').val();
|
|
19
|
+
sanitize_tags = $('input#simple_rss_config_sanitize_tags').val();
|
|
19
20
|
if (max_items == '') {
|
|
20
21
|
max_items = '0';
|
|
21
22
|
}
|
|
@@ -24,7 +25,8 @@ function previewSimpleRss() {
|
|
|
24
25
|
output_format: output_format,
|
|
25
26
|
max_items: max_items,
|
|
26
27
|
reverse_order: reverse_order,
|
|
27
|
-
xsl: xsl
|
|
28
|
+
xsl: xsl,
|
|
29
|
+
sanitize_tags: sanitize_tags
|
|
28
30
|
}, type: 'SimpleRss' });
|
|
29
31
|
}
|
|
30
32
|
}
|
|
@@ -42,6 +44,7 @@ function initializeSimpleRssHandlers() {
|
|
|
42
44
|
$('input#simple_rss_config_max_items').on('blur', previewSimpleRss);
|
|
43
45
|
$('select#simple_rss_config_reverse_order').on('change', previewSimpleRss);
|
|
44
46
|
$('textarea#simple_rss_config_xsl').on('blur', previewSimpleRss);
|
|
47
|
+
$('input#simple_rss_config_sanitize_tags').on('blur', previewSimpleRss);
|
|
45
48
|
|
|
46
49
|
initializedSimpleRssHandlers = true;
|
|
47
50
|
}
|
data/app/models/simple_rss.rb
CHANGED
|
@@ -24,14 +24,14 @@ class SimpleRss < DynamicContent
|
|
|
24
24
|
feed_items.each_slice(5).with_index do |items, index|
|
|
25
25
|
htmltext = HtmlText.new()
|
|
26
26
|
htmltext.name = "#{feed_title} (#{index+1})"
|
|
27
|
-
htmltext.data = "<h1>#{feed_title}</h1> #{items_to_html(items, type)}"
|
|
27
|
+
htmltext.data = sanitize("<h1>#{feed_title}</h1> #{items_to_html(items, type)}")
|
|
28
28
|
contents << htmltext
|
|
29
29
|
end
|
|
30
30
|
when 'detailed'
|
|
31
31
|
feed_items.each_with_index do |item, index|
|
|
32
32
|
htmltext = HtmlText.new()
|
|
33
33
|
htmltext.name = "#{feed_title} (#{index+1})"
|
|
34
|
-
htmltext.data = item_to_html(item, type)
|
|
34
|
+
htmltext.data = sanitize(item_to_html(item, type))
|
|
35
35
|
contents << htmltext
|
|
36
36
|
end
|
|
37
37
|
when 'xslt'
|
|
@@ -66,28 +66,12 @@ class SimpleRss < DynamicContent
|
|
|
66
66
|
# by adding the bogus namespace http://concerto.functions
|
|
67
67
|
# A nodeset comes in as an array of REXML::Elements
|
|
68
68
|
XML::XSLT.registerExtFunc("http://concerto.functions", "replace") do |nodes, pattern, replacement|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
begin
|
|
73
|
-
# this will only work with nodesets for now
|
|
74
|
-
re_pattern = Regexp.new(pattern)
|
|
75
|
-
if nodes.is_a?(Array) && nodes.count > 0 && nodes.first.is_a?(REXML::Element)
|
|
76
|
-
nodes.each do |node|
|
|
77
|
-
s = node.to_s
|
|
78
|
-
r = s.gsub(re_pattern, replacement)
|
|
79
|
-
result << REXML::Document.new(r)
|
|
80
|
-
end
|
|
81
|
-
elsif nodes.is_a?(String)
|
|
82
|
-
result = nodes.gsub(re_pattern, replacement)
|
|
83
|
-
else
|
|
84
|
-
# dont know how to handle this
|
|
85
|
-
Rails.logger.info "I'm sorry, but the xsl external function replace does not know how to handle this type #{nodes.class}"
|
|
86
|
-
end
|
|
87
|
-
rescue => e
|
|
88
|
-
Rails.logger.error "there was a problem replacing #{pattern} with #{replacement} - #{e.message}"
|
|
89
|
-
end
|
|
69
|
+
result = xslt_replace(nodes, pattern, replacement)
|
|
70
|
+
result
|
|
71
|
+
end
|
|
90
72
|
|
|
73
|
+
XML::XSLT.registerExtFunc("http://schemas.concerto-signage.org/functions", "replace") do |nodes, pattern, replacement|
|
|
74
|
+
result = xslt_replace(nodes, pattern, replacement)
|
|
91
75
|
result
|
|
92
76
|
end
|
|
93
77
|
|
|
@@ -102,14 +86,15 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
|
102
86
|
if nodes.count == 0
|
|
103
87
|
htmltext = HtmlText.new()
|
|
104
88
|
htmltext.name = "#{feed_title}"
|
|
105
|
-
htmltext.data = data
|
|
89
|
+
htmltext.data = sanitize(data)
|
|
106
90
|
contents << htmltext
|
|
107
91
|
else
|
|
108
92
|
# if there are any content-items then add each one as a separate content
|
|
93
|
+
# and strip off the content-item wrapper
|
|
109
94
|
nodes.each do |n|
|
|
110
95
|
htmltext = HtmlText.new()
|
|
111
96
|
htmltext.name = "#{feed_title}"
|
|
112
|
-
htmltext.data = n.to_s
|
|
97
|
+
htmltext.data = sanitize(n.to_s.gsub(/^\s*\<content-item\>/, '').gsub(/\<\/content-item\>\s*$/,''))
|
|
113
98
|
contents << htmltext
|
|
114
99
|
end
|
|
115
100
|
end
|
|
@@ -119,7 +104,7 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
|
119
104
|
# add the whole result as one content
|
|
120
105
|
htmltext = HtmlText.new()
|
|
121
106
|
htmltext.name = "#{feed_title}"
|
|
122
|
-
htmltext.data = data
|
|
107
|
+
htmltext.data = sanitize(data)
|
|
123
108
|
contents << htmltext
|
|
124
109
|
end
|
|
125
110
|
else
|
|
@@ -133,6 +118,32 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
|
133
118
|
return contents
|
|
134
119
|
end
|
|
135
120
|
|
|
121
|
+
def xslt_replace(nodes, pattern, replacement)
|
|
122
|
+
#Rails.logger.debug("pattern = #{pattern}")
|
|
123
|
+
#Rails.logger.debug("replacement = #{replacement}")
|
|
124
|
+
result = []
|
|
125
|
+
begin
|
|
126
|
+
# this will only work with nodesets for now
|
|
127
|
+
re_pattern = Regexp.new(pattern)
|
|
128
|
+
if nodes.is_a?(Array) && nodes.count > 0 && nodes.first.is_a?(REXML::Element)
|
|
129
|
+
nodes.each do |node|
|
|
130
|
+
s = node.to_s
|
|
131
|
+
r = s.gsub(re_pattern, replacement)
|
|
132
|
+
result << REXML::Document.new(r)
|
|
133
|
+
end
|
|
134
|
+
elsif nodes.is_a?(String)
|
|
135
|
+
result = nodes.gsub(re_pattern, replacement)
|
|
136
|
+
else
|
|
137
|
+
# dont know how to handle this
|
|
138
|
+
Rails.logger.info "I'm sorry, but the xsl external function replace does not know how to handle this type #{nodes.class}"
|
|
139
|
+
end
|
|
140
|
+
rescue => e
|
|
141
|
+
Rails.logger.error "there was a problem replacing #{pattern} with #{replacement} - #{e.message}"
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
result
|
|
145
|
+
end
|
|
146
|
+
|
|
136
147
|
# fetch the feed, return the type, title, and contents (parsed) and raw feed (unparsed)
|
|
137
148
|
def fetch_feed(url)
|
|
138
149
|
require 'rss'
|
|
@@ -211,7 +222,7 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
|
211
222
|
# Simple RSS processing needs a feed URL and the format of the output content.
|
|
212
223
|
def self.form_attributes
|
|
213
224
|
attributes = super()
|
|
214
|
-
attributes.concat([:config => [:url, :output_format, :reverse_order, :max_items, :xsl]])
|
|
225
|
+
attributes.concat([:config => [:url, :output_format, :reverse_order, :max_items, :xsl, :sanitize_tags]])
|
|
215
226
|
end
|
|
216
227
|
|
|
217
228
|
# if the feed is valid we store the title in config
|
|
@@ -272,6 +283,7 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
|
272
283
|
o.config['max_items'] = data[:max_items]
|
|
273
284
|
o.config['reverse_order'] = data[:reverse_order]
|
|
274
285
|
o.config['xsl'] = data[:xsl]
|
|
286
|
+
o.config['sanitize_tags'] = data[:sanitize_tags]
|
|
275
287
|
results = o.build_content.first.data
|
|
276
288
|
rescue => e
|
|
277
289
|
results = "Unable to preview. #{e.message}"
|
|
@@ -280,4 +292,14 @@ Rails.logger.debug("replacement = #{replacement}")
|
|
|
280
292
|
return results
|
|
281
293
|
end
|
|
282
294
|
|
|
295
|
+
def sanitize(html)
|
|
296
|
+
if self.config.include?('sanitize_tags') and !self.config['sanitize_tags'].empty?
|
|
297
|
+
whitelist = ActionView::Base.sanitized_allowed_tags
|
|
298
|
+
blacklist = self.config['sanitize_tags'].split(" ")
|
|
299
|
+
|
|
300
|
+
html = ActionController::Base.helpers.sanitize(html, :tags => (whitelist - blacklist))
|
|
301
|
+
end
|
|
302
|
+
html
|
|
303
|
+
end
|
|
304
|
+
|
|
283
305
|
end
|
|
@@ -33,5 +33,11 @@
|
|
|
33
33
|
<%= config.text_area :xsl, :class => "span12", :rows =>4, :value => @content.config['xsl'] %>
|
|
34
34
|
</div>
|
|
35
35
|
</div>
|
|
36
|
+
<div class="clearfix" id="simple_rss_sanitize_tags">
|
|
37
|
+
<%= label_tooltip "simple_rss", :sanitize_tags, 'Blacklisted HTML Tags for Sanitization', :tip => "Whitelist includes #{[*ActionView::Base.sanitized_allowed_tags].join ' '}" %>
|
|
38
|
+
<div class="input">
|
|
39
|
+
<%= config.text_field :sanitize_tags, :class => "input-xxlarge", :placeholder => 'img a', :value => @content.config['sanitize_tags'] %>
|
|
40
|
+
</div>
|
|
41
|
+
</div>
|
|
36
42
|
<% end %>
|
|
37
43
|
</fieldset>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: concerto_simple_rss
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.3'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Michalski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-06-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|