RubyGems - erb_lint - Versions diffs - 0.0.4 → 0.0.5 - Mend

erb_lint 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/erb_lint/linters/deprecated_classes.rb +40 -117
data/lib/erb_lint/linters/erb_safety.rb +35 -0
metadata +31 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8866aae317226178c623de53d4c5e0791643c894
-  data.tar.gz: fac55efcf4a15f251f537af97039b8669960c00b
+  metadata.gz: 3a211bea7ec247bcf1d79ede8f37db1b6b7d1b8c
+  data.tar.gz: 362ca7b4ffb1f184818889166cb572198c1def7e
 SHA512:
-  metadata.gz: b92425a8c4fbe2c65fde42a8dab091c841e2bc0f70b29833e49c06fc99acc85b42639dc9129f200b99195930e9f7fbb96d58fdcaaefb947cd40ad76008ffe765
-  data.tar.gz: aefbb18d6756d5e08045c4d5c8c0afb6ef8fb897f0b73c72fe905158b40d1cbc1114bfada2ec59029165b1a9d72930a172c17b6cfe059a11283bf8ec80e41bc9
+  metadata.gz: 45c2ff7d03c2ec43e37562887ad9cdc9f396b0084bf290036a848aa820fed661a0f99a49d120be62100aa15c640fa4374f5937c9accb0066a06028632ac56e8f
+  data.tar.gz: 16279ef10a1f004fe97309dde027de0bf244ac0a9e047b9a0ff04be73d5d9d71494e1e2ab08d584b9123ee96f35a05525ff7b8ff09d005d3f75f000c009eacbf

data/lib/erb_lint/linters/deprecated_classes.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require 'better_html'
 module ERBLint
   module Linters
     # Checks for deprecated classes in the start tags of HTML elements.
@@ -22,144 +24,65 @@ module ERBLint
         @addendum = config.fetch('addendum', '')
       end
-      protected
-      def lint_lines(lines)
+      def lint_file(file_content)
         errors = []
-        lines.each_with_index do |line, index|
-          start_tags = StartTagHelper.start_tags(line)
-          start_tags.each do |start_tag|
-            start_tag.attributes.select(&:class?).each do |class_attr|
-              class_attr.value.split(' ').each do |class_name|
-                errors.push(*generate_errors(class_name, index + 1))
-              end
-            end
-          end
+        iterator = build_iterator(file_content)
+        each_class_name_with_line(iterator) do |class_name, line|
+          errors.push(*generate_errors(class_name, line))
+        end
+        each_texthtml_script(iterator) do |text_node|
+          errors.push(*lint_file(text_node.content))
         end
         errors
       end
       private
-      def generate_errors(class_name, line_number)
-        violated_rules(class_name).map do |violated_rule|
-          suggestion = " #{violated_rule[:suggestion]}".rstrip
-          message = "Deprecated class `%s` detected matching the pattern `%s`.%s #{@addendum}".strip
-          {
-            line: line_number,
-            message: format(message, class_name, violated_rule[:class_expr], suggestion)
-          }
-        end
+      def build_iterator(file_content)
+        BetterHtml::NodeIterator.new(file_content, template_language: :html)
       end
-      def violated_rules(class_name)
-        @deprecated_ruleset.select do |deprecated_rule|
-          /\A#{deprecated_rule[:class_expr]}\z/.match(class_name)
+      def each_class_name_with_line(iterator)
+        each_element_with_index(iterator) do |element, _index|
+          klass = element.find_attr('class')
+          next unless klass
+          klass.value_without_quotes.split(' ').each do |class_name|
+            yield class_name, klass.name_parts.first.location.line
+          end
         end
       end
-    end
-    # Provides methods and classes for finding HTML start tags and their attributes.
-    module StartTagHelper
-      # These patterns cover a superset of the W3 HTML5 specification.
-      # Additional cases not included in the spec include those that are still rendered by some browsers.
-      # Attribute Patterns
-      # https://www.w3.org/TR/html5/syntax.html#syntax-attributes
-      # attribute names must be non empty and can't contain a certain set of special characters
-      ATTRIBUTE_NAME_PATTERN = %r{[^\s"'>\/=]+}
-      ATTRIBUTE_VALUE_PATTERN = %r{
-        "([^"]*)" |           # double-quoted value
-        '([^']*)' |           # single-quoted value
-        ([^\s"'=<>`]+)        # unquoted non-empty value without special characters
-      }x
-      # attributes can be empty or have an attribute value
-      ATTRIBUTE_PATTERN = %r{
-        #{ATTRIBUTE_NAME_PATTERN}        # attribute name
-        (
-          \s*=\s*                        # any whitespace around equals sign
-          (#{ATTRIBUTE_VALUE_PATTERN})   # attribute value
-        )?                               # attributes can be empty or have an assignemnt.
-      }x
-      # Start tag Patterns
-      # https://www.w3.org/TR/html5/syntax.html#syntax-start-tag
-      TAG_NAME_PATTERN = /[A-Za-z0-9]+/ # maybe add _ < ? etc later since it gets interpreted by some browsers
-      START_TAG_PATTERN = %r{
-        <(#{TAG_NAME_PATTERN})         # start of tag with tag name
-        (
-          (
-            \s+                        # required whitespace between tag name and first attribute and between attributes
-            #{ATTRIBUTE_PATTERN}       # attributes
-          )*
-        )?                             # having an attribute block is optional
-        \/?>                           # void or foreign elements can have a slash before tag close
-      }x
-      # Represents and provides an interface for a start tag found in the HTML.
-      class StartTag
-        attr_accessor :tag_name, :attributes
-        def initialize(tag_name, attributes)
-          @tag_name = tag_name
-          @attributes = attributes
+      def each_element_with_index(iterator)
+        iterator.nodes.each_with_index do |node, index|
+          yield node, index if node.element?
         end
       end
-      # Represents and provides an interface for an attribute found in a start tag in the HTML.
-      class Attribute
-        ATTR_NAME_CLASS_PATTERN = /\Aclass\z/i # attribute names are case-insensitive
-        attr_accessor :attribute_name, :value
-        def initialize(attribute_name, value)
-          @attribute_name = attribute_name
-          @value = value
-        end
+      def each_texthtml_script(iterator)
+        each_element_with_index(iterator) do |element, index|
+          type = element.find_attr('type')
+          next unless type
+          next unless 'text/html' == type.value_without_quotes
+          next_node = iterator.nodes[index + 1]
-        def class?
-          ATTR_NAME_CLASS_PATTERN.match(@attribute_name)
+          yield next_node if next_node&.text?
         end
       end
-      class << self
-        def start_tags(line)
-          # TODO: Implement String Scanner to track quotes before the start tag begins to ensure that it is
-          #       not enclosed inside of a string. Alternatively this problem would be solved by using
-          #       a 3rd party parser like Nokogiri::XML
-          start_tag_matching_groups = line.scan(/(#{START_TAG_PATTERN})/)
-          start_tag_matching_groups.map do |start_tag_matching_group|
-            tag_name = start_tag_matching_group[1]
-            # attributes_string can be nil if there is no space after the tag name (and therefore no attributes).
-            attributes_string = start_tag_matching_group[2] || ''
-            attribute_list = attributes(attributes_string)
-            StartTag.new(tag_name, attribute_list)
-          end
+      def generate_errors(class_name, line_number)
+        violated_rules(class_name).map do |violated_rule|
+          suggestion = " #{violated_rule[:suggestion]}".rstrip
+          message = "Deprecated class `%s` detected matching the pattern `%s`.%s #{@addendum}".strip
+          {
+            line: line_number,
+            message: format(message, class_name, violated_rule[:class_expr], suggestion)
+          }
         end
+      end
-        private
-        def attributes(attributes_string)
-          attributes_string.scan(/(#{ATTRIBUTE_PATTERN})/).map do |attribute_matching_group|
-            entire_string = attribute_matching_group[0]
-            value_with_equal_sign = attribute_matching_group[1] || '' # This can be nil if attribute is empty
-            name = entire_string.sub(value_with_equal_sign, '')
-            # The 3 captures [3..5] are the possibilities specified in ATTRIBUTE_VALUE_PATTERN
-            possible_value_formats = attribute_matching_group[3..5]
-            value = possible_value_formats.reduce { |a, e| a.nil? ? e : a }
-            Attribute.new(name, value)
-          end
+      def violated_rules(class_name)
+        @deprecated_ruleset.select do |deprecated_rule|
+          /\A#{deprecated_rule[:class_expr]}\z/.match(class_name)
         end
       end
     end

data/lib/erb_lint/linters/erb_safety.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+require 'better_html'
+require 'better_html/test_helper/safe_erb_tester'
+module ERBLint
+  module Linters
+    # Detect unsafe ruby interpolations into javascript.
+    class ErbSafety < Linter
+      include LinterRegistry
+      include BetterHtml::TestHelper::SafeErbTester
+      def initialize(config)
+      end
+      def lint_file(file_content)
+        errors = []
+        tester = Tester.new(file_content)
+        tester.errors.each do |error|
+          errors << format_error(error)
+        end
+        errors
+      end
+      private
+      def format_error(error)
+        {
+          line: error.token.location.line,
+          message: error.message
+        }
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: erb_lint
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Justin Chan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-27 00:00:00.000000000 Z
+date: 2017-10-31 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: html_tokenizer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: better_html
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.5
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -49,6 +77,7 @@ files:
 - lib/erb_lint/linter.rb
 - lib/erb_lint/linter_registry.rb
 - lib/erb_lint/linters/deprecated_classes.rb
+- lib/erb_lint/linters/erb_safety.rb
 - lib/erb_lint/linters/final_newline.rb
 - lib/erb_lint/runner.rb
 homepage: https://github.com/justinthec/erb-lint