geothird-html-pipeline 0.0.12

data/lib/html/pipeline/camo_filter.rb

@@ -0,0 +1,70 @@
+require 'openssl'
+
+module HTML
+  class Pipeline
+    # HTML Filter for replacing http image URLs with camo versions. See:
+    #
+    # https://github.com/atmos/camo
+    #
+    # All images provided in user content should be run through this
+    # filter so that http image sources do not cause mixed-content warnings
+    # in browser clients.
+    #
+    # Context options:
+    #   :asset_proxy (required) - Base URL for constructed asset proxy URLs.
+    #   :asset_proxy_secret_key (required) - The shared secret used to encode URLs.
+    #
+    # This filter does not write additional information to the context.
+    class CamoFilter < Filter
+      # Hijacks images in the markup provided, replacing them with URLs that
+      # go through the github asset proxy.
+      def call
+        doc.search("img").each do |element|
+          next if element['src'].nil?
+          src = element['src'].strip
+          src = src.sub(%r!^http://github.com!, 'https://github.com')
+          next if context[:disable_asset_proxy]
+
+          if src =~ /^http:/ || src =~ /^https:\/\/img.skitch.com\//
+            element['src'] = asset_proxy_url(src)
+          else
+            element['src'] = src
+          end
+        end
+        doc
+      end
+      
+      # Implementation of validate hook.
+      # Errors should raise exceptions or use an existing validator.
+      def validate
+        needs :asset_proxy, :asset_proxy_secret_key
+      end
+
+      # The camouflaged URL for a given image URL.
+      def asset_proxy_url(url)
+        "#{asset_proxy_host}/#{asset_url_hash(url)}/#{hexencode(url)}"
+      end
+
+      # Private: calculate the HMAC digest for a image source URL.
+      def asset_url_hash(url)
+        digest = OpenSSL::Digest::Digest.new('sha1')
+        OpenSSL::HMAC.hexdigest(digest, asset_proxy_secret_key, url)
+      end
+
+      # Private: the hostname to use for generated asset proxied URLs.
+      def asset_proxy_host
+        context[:asset_proxy]
+      end
+
+      def asset_proxy_secret_key
+        context[:asset_proxy_secret_key]
+      end
+
+      # Private: helper to hexencode a string. Each byte ends up encoded into
+      # two characters, zero padded value in the range [0-9a-f].
+      def hexencode(str)
+        str.to_enum(:each_byte).map { |byte| "%02x" % byte }.join
+      end
+    end
+  end
+end

data/lib/html/pipeline/email_reply_filter.rb

@@ -0,0 +1,56 @@
+module HTML
+  class Pipeline
+    # HTML Filter that converts email reply text into an HTML DocumentFragment.
+    # It must be used as the first filter in a pipeline.
+    #
+    # Context options:
+    #   None
+    #
+    # This filter does not write any additional information to the context hash.
+    class EmailReplyFilter < TextFilter
+      include EscapeUtils
+
+      EMAIL_HIDDEN_HEADER    = %(<span class="email-hidden-toggle"><a href="#">&hellip;</a></span><div class="email-hidden-reply" style="display:none">).freeze
+      EMAIL_QUOTED_HEADER    = %(<div class="email-quoted-reply">).freeze
+      EMAIL_SIGNATURE_HEADER = %(<div class="email-signature-reply">).freeze
+      EMAIL_FRAGMENT_HEADER  = %(<div class="email-fragment">).freeze
+      EMAIL_HEADER_END       = "</div>".freeze
+
+      # Scans an email body to determine which bits are quoted and which should
+      # be hidden. EmailReplyParser is used to split the comment into an Array
+      # of quoted or unquoted Blocks. Now, we loop through them and attempt to
+      # add <div> tags around them so we can hide the hidden blocks, and style
+      # the quoted blocks differently. Since multiple blocks may be hidden, be
+      # sure to keep the "email-hidden-reply" <div>s around "email-quoted-reply"
+      # <div> tags. Call this on each comment of a visible thread in the order
+      # that they are displayed. Note: all comments are processed so we can
+      # maintain a Set of SHAs of paragraphs. Only plaintext comments skip the
+      # markdown step.
+      #
+      # Returns the email comment HTML as a String
+      def call
+        found_hidden = nil
+        paragraphs = EmailReplyParser.read(text.dup).fragments.map do |fragment|
+          pieces = [escape_html(fragment.to_s.strip).gsub(/^\s*(>|&gt;)/, '')]
+          if fragment.quoted?
+            pieces.unshift EMAIL_QUOTED_HEADER
+            pieces << EMAIL_HEADER_END
+          elsif fragment.signature?
+            pieces.unshift EMAIL_SIGNATURE_HEADER
+            pieces << EMAIL_HEADER_END
+          else
+            pieces.unshift EMAIL_FRAGMENT_HEADER
+            pieces << EMAIL_HEADER_END
+          end
+          if fragment.hidden? && !found_hidden
+            found_hidden = true
+            pieces.unshift EMAIL_HIDDEN_HEADER
+          end
+          pieces.join
+        end
+        paragraphs << EMAIL_HEADER_END if found_hidden
+        paragraphs.join("\n")
+      end
+    end
+  end
+end

data/lib/html/pipeline/emoji_filter.rb

@@ -0,0 +1,54 @@
+require 'emoji'
+
+module HTML
+  class Pipeline
+    # HTML filter that replaces :emoji: with images.
+    #
+    # Context:
+    #   :asset_root (required) - base url to link to emoji sprite
+    class EmojiFilter < Filter
+      # Build a regexp that matches all valid :emoji: names.
+      EmojiPattern = /:(#{Emoji.names.map { |name| Regexp.escape(name) }.join('|')}):/
+
+      def call
+        doc.search('text()').each do |node|
+          content = node.to_html
+          next if !content.include?(':')
+          next if has_ancestor?(node, %w(pre code))
+          html = emoji_image_filter(content)
+          next if html == content
+          node.replace(html)
+        end
+        doc
+      end
+      
+      # Implementation of validate hook.
+      # Errors should raise exceptions or use an existing validator.
+      def validate
+        needs :asset_root
+      end
+
+      # Replace :emoji: with corresponding images.
+      #
+      # text - String text to replace :emoji: in.
+      #
+      # Returns a String with :emoji: replaced with images.
+      def emoji_image_filter(text)
+        return text unless text.include?(':')
+
+        text.gsub EmojiPattern do |match|
+          name = $1
+          "<img class='emoji' title=':#{name}:' alt=':#{name}:' src='#{File.join(asset_root, "emoji", "#{name}.png")}' height='20' width='20' align='absmiddle' />"
+        end
+      end
+
+      # The base url to link emoji sprites
+      #
+      # Raises ArgumentError if context option has not been provided.
+      # Returns the context's asset_root.
+      def asset_root
+        context[:asset_root]
+      end
+    end
+  end
+end

data/lib/html/pipeline/filter.rb

@@ -0,0 +1,178 @@
+module HTML
+  class Pipeline
+    # Base class for user content HTML filters. Each filter takes an
+    # HTML string or Nokogiri::HTML::DocumentFragment, performs
+    # modifications and/or writes information to the result hash. Filters must
+    # return a DocumentFragment (typically the same instance provided to the call
+    # method) or a String with HTML markup.
+    #
+    # Example filter that replaces all images with trollface:
+    #
+    #   class FuuuFilter < HTML::Pipeline::Filter
+    #     def call
+    #       doc.search('img').each do |img|
+    #         img['src'] = "http://paradoxdgn.com/junk/avatars/trollface.jpg"
+    #       end
+    #     end
+    #   end
+    #
+    # The context Hash passes options to filters and should not be changed in
+    # place.  A Result Hash allows filters to make extracted information
+    # available to the caller and is mutable.
+    #
+    # Common context options:
+    #   :base_url   - The site's base URL
+    #   :repository - A Repository providing context for the HTML being processed
+    #
+    # Each filter may define additional options and output values. See the class
+    # docs for more info.
+    class Filter
+      class InvalidDocumentException < StandardError; end
+
+      def initialize(doc, context = nil, result = nil)
+        if doc.kind_of?(String)
+          @html = doc.to_str
+          @doc = nil
+        else
+          @doc = doc
+          @html = nil
+        end
+        @context = context || {}
+        @result = result || {}
+        validate
+      end
+      
+      # Public: Returns a simple Hash used to pass extra information into filters
+      # and also to allow filters to make extracted information available to the
+      # caller.
+      attr_reader :context
+
+      # Public: Returns a Hash used to allow filters to pass back information
+      # to callers of the various Pipelines.  This can be used for
+      # #mentioned_users, for example.
+      attr_reader :result
+
+      # The Nokogiri::HTML::DocumentFragment to be manipulated. If the filter was
+      # provided a String, parse into a DocumentFragment the first time this
+      # method is called.
+      def doc
+        @doc ||= parse_html(html)
+      end
+
+      # The String representation of the document. If a DocumentFragment was
+      # provided to the Filter, it is serialized into a String when this method is
+      # called.
+      def html
+        raise InvalidDocumentException if @html.nil? && @doc.nil?
+        @html || doc.to_html
+      end
+
+      # The main filter entry point. The doc attribute is guaranteed to be a
+      # Nokogiri::HTML::DocumentFragment when invoked. Subclasses should modify
+      # this document in place or extract information and add it to the context
+      # hash.
+      def call
+        raise NotImplementedError
+      end
+      
+      # Make sure the context has everything we need. Noop: Subclasses can override.
+      def validate
+      end
+
+      # The Repository object provided in the context hash, or nil when no
+      # :repository was specified.
+      #
+      # It's assumed that the repository context has already been checked
+      # for permissions
+      def repository
+        context[:repository]
+      end
+
+      # The User object provided in the context hash, or nil when no user
+      # was specified
+      def current_user
+        context[:current_user]
+      end
+
+      # Return whether the filter can access a given repo while
+      # applying a filter
+      #
+      # A repo can only be accessed if its pullable by the user who
+      # submitted the content of this filter, or if it's the same as
+      # the repository context in which the filter runs
+      def can_access_repo?(repo)
+        return false if repo.nil?
+        return true if repo == repository
+        repo.pullable_by?(current_user)
+      end
+
+      # The site's base URL provided in the context hash, or '/' when no
+      # base URL was specified.
+      def base_url
+        context[:base_url] || '/'
+      end
+
+      # Ensure the passed argument is a DocumentFragment. When a string is
+      # provided, it is parsed and returned; otherwise, the DocumentFragment is
+      # returned unmodified.
+      def parse_html(html)
+        HTML::Pipeline.parse(html)
+      end
+
+      # Helper method for filter subclasses used to determine if any of a node's
+      # ancestors have one of the tag names specified.
+      #
+      # node - The Node object to check.
+      # tags - An array of tag name strings to check. These should be downcase.
+      #
+      # Returns true when the node has a matching ancestor.
+      def has_ancestor?(node, tags)
+        while node = node.parent
+          if tags.include?(node.name.downcase)
+            break true
+          end
+        end
+      end
+
+      # Perform a filter on doc with the given context.
+      #
+      # Returns a HTML::Pipeline::DocumentFragment or a String containing HTML
+      # markup.
+      def self.call(doc, context = nil, result = nil)
+        new(doc, context, result).call
+      end
+
+      # Like call but guarantees that a DocumentFragment is returned, even when
+      # the last filter returns a String.
+      def self.to_document(input, context = nil)
+        html = call(input, context)
+        HTML::Pipeline::parse(html)
+      end
+
+      # Like call but guarantees that a string of HTML markup is returned.
+      def self.to_html(input, context = nil)
+        output = call(input, context)
+        if output.respond_to?(:to_html)
+          output.to_html
+        else
+          output.to_s
+        end
+      end
+      
+      # Validator for required context. This will check that anything passed in 
+      # contexts exists in @contexts
+      # 
+      # If any errors are found an ArgumentError will be raised with a
+      # message listing all the missing contexts and the filters that
+      # require them.
+      def needs(*keys)
+        missing = keys.reject { |key| context.include? key }
+
+        if missing.any?
+          raise ArgumentError,
+            "Missing context keys for #{self.class.name}: #{missing.map(&:inspect).join ', '}"
+        end
+      end
+    end
+  end
+end

data/lib/html/pipeline/https_filter.rb

@@ -0,0 +1,13 @@
+module HTML
+  class Pipeline
+    # HTML Filter for replacing http github urls with https versions.
+    class HttpsFilter < Filter
+      def call
+        doc.css('a[href^="http://github.com"]').each do |element|
+          element['href'] = element['href'].sub(/^http:/,'https:')
+        end
+        doc
+      end
+    end
+  end
+end

data/lib/html/pipeline/image_max_width_filter.rb

@@ -0,0 +1,37 @@
+module HTML
+  class Pipeline
+    # This filter rewrites image tags with a max-width inline style and also wraps
+    # the image in an <a> tag that causes the full size image to be opened in a
+    # new tab.
+    #
+    # The max-width inline styles are especially useful in HTML email which
+    # don't use a global stylesheets.
+    class ImageMaxWidthFilter < Filter
+      def call
+        doc.search('img').each do |element|
+          # Skip if there's already a style attribute. Not sure how this
+          # would happen but we can reconsider it in the future.
+          next if element['style']
+
+          # Bail out if src doesn't look like a valid http url. trying to avoid weird
+          # js injection via javascript: urls.
+          next if element['src'].to_s.strip =~ /\Ajavascript/i
+
+          element['style'] = "max-width:100%;"
+
+          if !has_ancestor?(element, %w(a))
+            link_image element
+          end
+        end
+
+        doc
+      end
+
+      def link_image(element)
+        link = doc.document.create_element('a', :href => element['src'], :target => '_blank')
+        link.add_child(element.dup)
+        element.replace(link)
+      end
+    end
+  end
+end

data/lib/html/pipeline/markdown_filter.rb

@@ -0,0 +1,29 @@
+require 'github/markdown'
+
+module HTML
+  class Pipeline
+    # HTML Filter that converts Markdown text into HTML and converts into a
+    # DocumentFragment. This is different from most filters in that it can take a
+    # non-HTML as input. It must be used as the first filter in a pipeline.
+    #
+    # Context options:
+    #   :gfm      => false    Disable GFM line-end processing
+    #
+    # This filter does not write any additional information to the context hash.
+    class MarkdownFilter < TextFilter
+      def initialize(text, context = nil, result = nil)
+        super text, context, result
+        @text = @text.gsub "\r", ''
+      end
+
+      # Convert Markdown to HTML using the best available implementation
+      # and convert into a DocumentFragment.
+      def call
+        mode = (context[:gfm] != false) ? :gfm : :markdown
+        html = GitHub::Markdown.to_html(@text, mode)
+        html.rstrip!
+        html
+      end
+    end
+  end
+end

data/lib/html/pipeline/plain_text_input_filter.rb

@@ -0,0 +1,11 @@
+module HTML
+  class Pipeline
+    # Simple filter for plain text input. HTML escapes the text input and wraps it
+    # in a div.
+    class PlainTextInputFilter < TextFilter
+      def call
+        "<div>#{EscapeUtils.escape_html(@text, false)}</div>"
+      end
+    end
+  end
+end