decontaminator 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1342e0fb22e699e0c0713c095b31231f2d161c46
+  data.tar.gz: a00919d401c57f5c0aae265842d6bfc8b7f946a2
+SHA512:
+  metadata.gz: 9bd7cd77f541ec1176fce4b3e7ca3f00f6fc24c1bd6e813e06212694a1b2c62abba407dfa030883ecda07f41527054018ccd15bceff99b82dc84394ef2c5f802
+  data.tar.gz: dd07913b676ca10a1230158fdc2aeab321a3fbeff9ee436960b346a34135f4671e61ec2f03bf6da1fd84dc157524371a58bd5d44d3c56998e039068019854bae

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Altmetric LLP
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,48 @@
+# Decontaminator [![Build Status](https://travis-ci.org/altmetric/decontaminator.svg?branch=master)](https://travis-ci.org/altmetric/decontaminator)
+
+Ruby HTML sanitizer based on a lightweight Oga parser.
+
+**Current version:** 1.0.0
+
+**Supported Ruby versions:** 1.9.3, 2.0, 2.1, 2.2, JRuby 1.7, and Rubinius 2.5
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'decontaminator'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install decontaminator
+
+## Usage
+
+```ruby
+require 'decontaminator'
+
+input = '<h1>Heading</h1><p>Lorem ipsum...</p><script>alert(1)</script>'
+fragment = Decontaminator::Fragment.new(input)
+puts fragment.decontaminate.inspect
+" Heading  Lorem ipsum... "
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/altmetric/decontaminator/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## License
+
+Copyright © 2015 Altmetric LLP
+
+Distributed under the [MIT license](https://github.com/altmetric/decontaminator/blob/master/LICENSE.txt).

data/lib/decontaminator.rb

@@ -0,0 +1 @@
+require 'decontaminator/fragment'

data/lib/decontaminator/fragment.rb

@@ -0,0 +1,80 @@
+require 'oga'
+
+module Decontaminator
+  class Fragment
+    def initialize(html_fragment)
+      @html_fragment = html_fragment
+    end
+
+    def decontaminate(options = {})
+      blacklisted_tags = NON_CONTENT_TAGS + options.fetch(:blacklist, [])
+
+      sanitize(Oga.parse_html(html_fragment).children, blacklisted_tags)
+    end
+
+    private
+
+    attr_reader :html_fragment
+
+    NON_CONTENT_TAGS = %w(
+      script
+      style
+    )
+
+    WHITESPACE_CONTENT_TAGS = %w(
+      address
+      article
+      aside
+      blockquote
+      br
+      dd
+      div
+      dl
+      dt
+      footer
+      h1
+      h2
+      h3
+      h4
+      h5
+      h6
+      header
+      hgroup
+      hr
+      li
+      nav
+      ol
+      p
+      pre
+      section
+      ul
+    )
+
+    def sanitize(node_set, blacklisted_tags)
+      node_set
+        .reject { |node| !text?(node) && blacklisted_tags.include?(node.name) }
+        .flat_map { |node| [whitespace(node, :prefix), text(node, blacklisted_tags), whitespace(node, :suffix)] }
+        .join
+    end
+
+    def text?(node)
+      node.is_a?(Oga::XML::Text)
+    end
+
+    def whitespace(node, _position)
+      if !text?(node) && WHITESPACE_CONTENT_TAGS.include?(node.name)
+        ' '
+      else
+        ''
+      end
+    end
+
+    def text(node, blacklisted_tags)
+      if text?(node)
+        node.text
+      else
+        sanitize(node.children, blacklisted_tags)
+      end
+    end
+  end
+end

data/lib/decontaminator/version.rb

@@ -0,0 +1,3 @@
+module Decontaminator
+  VERSION = '1.0.0'
+end

data/spec/decontaminator/fragment_spec.rb

@@ -0,0 +1,49 @@
+require 'decontaminator'
+
+RSpec.describe Decontaminator::Fragment do
+  describe '#decontaminate' do
+    it 'sanitizes an empty string' do
+      expect(described_class.new('').decontaminate).to eq('')
+    end
+
+    it 'sanitizes an empty paragraph' do
+      expect(described_class.new('<p></p>').decontaminate).to eq('  ')
+    end
+
+    it 'sanitizes a paragraph' do
+      expect(described_class.new('<p>Text</p>').decontaminate).to eq(' Text ')
+    end
+
+    it 'sanitizes a formatted paragraph' do
+      expect(described_class.new('<p><b>Some</b> <i>text</i></p>').decontaminate).to eq(' Some text ')
+    end
+
+    it 'sanitizes a formatted paragraph with attributes' do
+      expect(described_class.new('<p class="text"><b data-important>Some</b> <i>text</i></p>').decontaminate).to eq(' Some text ')
+    end
+
+    it 'sanitizes two formatted paragraphs' do
+      expect(described_class.new('<p>Paragraph one.</p><p>Paragraph two.</p>').decontaminate).to eq(' Paragraph one.  Paragraph two. ')
+    end
+
+    it 'sanitizes a link' do
+      expect(described_class.new('<a href="#">link</a>').decontaminate).to eq('link')
+    end
+
+    it 'sanitizes a script' do
+      expect(described_class.new('<script>alert("I am evil but well formatted!");</script').decontaminate).to eq('')
+    end
+
+    it 'sanitizes a stylesheet' do
+      expect(described_class.new('<style>a{color:red}</style>').decontaminate).to eq('')
+    end
+
+    it 'sanitizes multiple tags' do
+      expect(described_class.new('<div><section><p>Section.</p></section><aside><p>Aside.</p></aside></div>').decontaminate).to eq('   Section.    Aside.   ')
+    end
+
+    it 'sanitizes content with blacklisted tags' do
+      expect(described_class.new('<figcaption>Blacklist this</figcaption><p>but not that</p>').decontaminate(blacklist: %w(figcaption))).to eq(' but not that ')
+    end
+  end
+end

metadata

@@ -0,0 +1,69 @@
+--- !ruby/object:Gem::Specification
+name: decontaminator
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Matthew MacLeod
+- Paul Mucur
+- Jakub Pawlowicz
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: oga
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+description: Ruby HTML sanitizer based on a lightweight Oga parser.
+email:
+- matt@matt-m.co.uk
+- mudge@mudge.name
+- jakub@altmetric.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/decontaminator.rb
+- lib/decontaminator/fragment.rb
+- lib/decontaminator/version.rb
+- spec/decontaminator/fragment_spec.rb
+homepage: https://github.com/altmetric/decontaminator
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: HTML sanitizer using lightweight Oga HTML parser.
+test_files:
+- spec/decontaminator/fragment_spec.rb