govuk_content_models 22.1.2 → 22.2.0

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 22.2.0
+
+* Allow new formats for raib_report for Artefacts
+* Validate only govspeak fields for safe html
+
 ## 22.1.2
 
 * Allow new formats for maib_report and for an Artefact

data/app/models/artefact.rb

@@ -90,7 +90,8 @@ class Artefact
                                   "manual",
                                   "manual-change-history",
                                   "manual-section",
-                                  "medical_safety_alert"],
+                                  "medical_safety_alert",
+                                  "raib_report"],
     "finder-api"              => ["finder",
                                   "finder_email_signup"],
     "whitehall"               => ["announcement",

data/app/validators/link_validator.rb

@@ -1,6 +1,6 @@
 class LinkValidator < ActiveModel::Validator
   def validate(record)
-    govspeak_field_names(record).each do |govspeak_field_name|
+    record.class::GOVSPEAK_FIELDS.each do |govspeak_field_name|
       govspeak_field_value = record.read_attribute(govspeak_field_name)
       next if govspeak_field_value.blank?
 
@@ -36,15 +36,4 @@ class LinkValidator < ActiveModel::Validator
     end
     errors.to_a
   end
-
-  protected
-
-  def govspeak_field_names(record)
-    if record.class.const_defined?(:GOVSPEAK_FIELDS)
-      record.class.const_get(:GOVSPEAK_FIELDS)
-    else
-      []
-    end
-  end
 end
-

data/app/validators/safe_html.rb

@@ -14,6 +14,7 @@ class SafeHtml < ActiveModel::Validator
 
   def validate(record)
     record.changes.each do |field_name, (old_value, new_value)|
+      next unless record.class::GOVSPEAK_FIELDS.include?(field_name.to_sym)
       check_struct(record, field_name, new_value)
     end
   end

data/lib/govuk_content_models/version.rb

@@ -1,4 +1,4 @@
 module GovukContentModels
   # Changing this causes Jenkins to tag and release the gem into the wild
-  VERSION = "22.1.2"
+  VERSION = "22.2.0"
 end

data/test/validators/safe_html_validator_test.rb

@@ -4,8 +4,7 @@ class SafeHtmlTest < ActiveSupport::TestCase
   class Dummy
     include Mongoid::Document
 
-    field "declared", type: String
-    field "i_am_govspeak", type: String
+    field :i_am_govspeak, type: String
 
     GOVSPEAK_FIELDS = [:i_am_govspeak]
 
@@ -17,66 +16,51 @@ class SafeHtmlTest < ActiveSupport::TestCase
   class DummyEmbeddedSingle
     include Mongoid::Document
 
-    GOVSPEAK_FIELDS = []
+    embedded_in :dummy, class_name: 'SafeHtmlTest::Dummy'
 
-    validates_with SafeHtml
+    field :i_am_govspeak, type: String
 
-    embedded_in :dummy, class_name: 'SafeHtmlTest::Dummy'
+    GOVSPEAK_FIELDS = [:i_am_govspeak]
+
+    validates_with SafeHtml
   end
 
   context "we don't quite trust mongoid (2)" do
-    should "embedded documents should be validated automatically" do
-      embedded = DummyEmbeddedSingle.new(dirty: "<script>")
-      dummy = Dummy.new(dummy_embedded_single: embedded)
+    should "validate embedded documents automatically" do
+      embedded = DummyEmbeddedSingle.new(i_am_govspeak: "<script>")
+      dummy = Dummy.new(i_am_govspeak: embedded)
       # Can't invoke embedded.valid? because that would run the validations
       assert dummy.invalid?
-      assert_includes dummy.errors.keys, :dummy_embedded_single
+      assert_includes dummy.errors.keys, :i_am_govspeak
     end
   end
 
   context "what to validate" do
-    should "test declared fields" do
-      dummy = Dummy.new(declared: "<script>alert('XSS')</script>")
-      assert dummy.invalid?
-      assert_includes dummy.errors.keys, :declared
-    end
-
-    should "test undeclared fields" do
-      dummy = Dummy.new(undeclared: "<script>")
-      assert dummy.invalid?
-      assert_includes dummy.errors.keys, :undeclared
-    end
-
     should "allow clean content in nested fields" do
-      dummy = Dummy.new(undeclared: { "clean" => ["plain text"] })
+      dummy = Dummy.new(i_am_govspeak: { "clean" => ["plain text"] })
       assert dummy.valid?
     end
 
-    should "disallow dirty content in nested fields" do
-      dummy = Dummy.new(undeclared: { "dirty" => ["<script>"] })
-      assert dummy.invalid?
-      assert_includes dummy.errors.keys, :undeclared
-    end
-
     should "disallow images not hosted by us" do
-      dummy = Dummy.new(undeclared: '<img src="http://evil.com/trollface"/>')
+      dummy = Dummy.new(i_am_govspeak: '<img src="http://evil.com/trollface"/>')
       assert dummy.invalid?
-      assert_includes dummy.errors.keys, :undeclared
+      assert_includes dummy.errors.keys, :i_am_govspeak
     end
 
     should "allow images hosted by us" do
-      dummy = Dummy.new(undeclared: '<img src="http://www.dev.gov.uk/trollface"/>')
+      dummy = Dummy.new(i_am_govspeak: '<img src="http://www.dev.gov.uk/trollface"/>')
       assert dummy.valid?
     end
 
     should "allow plain text" do
-      dummy = Dummy.new(declared: "foo bar")
+      dummy = Dummy.new(i_am_govspeak: "foo bar")
       assert dummy.valid?
     end
 
     should "check only specified fields as Govspeak" do
       nasty_govspeak = %q{[Numberwang](script:nasty(); "Wangernum")}
       assert ! Govspeak::Document.new(nasty_govspeak).valid?, "expected this to be identified as bad"
+
       dummy = Dummy.new(i_am_govspeak: nasty_govspeak)
       assert dummy.invalid?
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: govuk_content_models
 version: !ruby/object:Gem::Version
-  version: 22.1.2
+  version: 22.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-27 00:00:00.000000000 Z
+date: 2014-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bson_ext
@@ -464,7 +464,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2225036471084817263
+      hash: -4313756439197638091
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -473,7 +473,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2225036471084817263
+      hash: -4313756439197638091
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.23