govuk_content_models 22.1.2 → 22.2.0
Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG.md
CHANGED
data/app/models/artefact.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class LinkValidator < ActiveModel::Validator
|
|
2
2
|
def validate(record)
|
|
3
|
-
|
|
3
|
+
record.class::GOVSPEAK_FIELDS.each do |govspeak_field_name|
|
|
4
4
|
govspeak_field_value = record.read_attribute(govspeak_field_name)
|
|
5
5
|
next if govspeak_field_value.blank?
|
|
6
6
|
|
|
@@ -36,15 +36,4 @@ class LinkValidator < ActiveModel::Validator
|
|
|
36
36
|
end
|
|
37
37
|
errors.to_a
|
|
38
38
|
end
|
|
39
|
-
|
|
40
|
-
protected
|
|
41
|
-
|
|
42
|
-
def govspeak_field_names(record)
|
|
43
|
-
if record.class.const_defined?(:GOVSPEAK_FIELDS)
|
|
44
|
-
record.class.const_get(:GOVSPEAK_FIELDS)
|
|
45
|
-
else
|
|
46
|
-
[]
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
39
|
end
|
|
50
|
-
|
data/app/validators/safe_html.rb
CHANGED
|
@@ -14,6 +14,7 @@ class SafeHtml < ActiveModel::Validator
|
|
|
14
14
|
|
|
15
15
|
def validate(record)
|
|
16
16
|
record.changes.each do |field_name, (old_value, new_value)|
|
|
17
|
+
next unless record.class::GOVSPEAK_FIELDS.include?(field_name.to_sym)
|
|
17
18
|
check_struct(record, field_name, new_value)
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -4,8 +4,7 @@ class SafeHtmlTest < ActiveSupport::TestCase
|
|
|
4
4
|
class Dummy
|
|
5
5
|
include Mongoid::Document
|
|
6
6
|
|
|
7
|
-
field
|
|
8
|
-
field "i_am_govspeak", type: String
|
|
7
|
+
field :i_am_govspeak, type: String
|
|
9
8
|
|
|
10
9
|
GOVSPEAK_FIELDS = [:i_am_govspeak]
|
|
11
10
|
|
|
@@ -17,66 +16,51 @@ class SafeHtmlTest < ActiveSupport::TestCase
|
|
|
17
16
|
class DummyEmbeddedSingle
|
|
18
17
|
include Mongoid::Document
|
|
19
18
|
|
|
20
|
-
|
|
19
|
+
embedded_in :dummy, class_name: 'SafeHtmlTest::Dummy'
|
|
21
20
|
|
|
22
|
-
|
|
21
|
+
field :i_am_govspeak, type: String
|
|
23
22
|
|
|
24
|
-
|
|
23
|
+
GOVSPEAK_FIELDS = [:i_am_govspeak]
|
|
24
|
+
|
|
25
|
+
validates_with SafeHtml
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
context "we don't quite trust mongoid (2)" do
|
|
28
|
-
should "embedded documents
|
|
29
|
-
embedded = DummyEmbeddedSingle.new(
|
|
30
|
-
dummy = Dummy.new(
|
|
29
|
+
should "validate embedded documents automatically" do
|
|
30
|
+
embedded = DummyEmbeddedSingle.new(i_am_govspeak: "<script>")
|
|
31
|
+
dummy = Dummy.new(i_am_govspeak: embedded)
|
|
31
32
|
# Can't invoke embedded.valid? because that would run the validations
|
|
32
33
|
assert dummy.invalid?
|
|
33
|
-
assert_includes dummy.errors.keys, :
|
|
34
|
+
assert_includes dummy.errors.keys, :i_am_govspeak
|
|
34
35
|
end
|
|
35
36
|
end
|
|
36
37
|
|
|
37
38
|
context "what to validate" do
|
|
38
|
-
should "test declared fields" do
|
|
39
|
-
dummy = Dummy.new(declared: "<script>alert('XSS')</script>")
|
|
40
|
-
assert dummy.invalid?
|
|
41
|
-
assert_includes dummy.errors.keys, :declared
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
should "test undeclared fields" do
|
|
45
|
-
dummy = Dummy.new(undeclared: "<script>")
|
|
46
|
-
assert dummy.invalid?
|
|
47
|
-
assert_includes dummy.errors.keys, :undeclared
|
|
48
|
-
end
|
|
49
|
-
|
|
50
39
|
should "allow clean content in nested fields" do
|
|
51
|
-
dummy = Dummy.new(
|
|
40
|
+
dummy = Dummy.new(i_am_govspeak: { "clean" => ["plain text"] })
|
|
52
41
|
assert dummy.valid?
|
|
53
42
|
end
|
|
54
43
|
|
|
55
|
-
should "disallow dirty content in nested fields" do
|
|
56
|
-
dummy = Dummy.new(undeclared: { "dirty" => ["<script>"] })
|
|
57
|
-
assert dummy.invalid?
|
|
58
|
-
assert_includes dummy.errors.keys, :undeclared
|
|
59
|
-
end
|
|
60
|
-
|
|
61
44
|
should "disallow images not hosted by us" do
|
|
62
|
-
dummy = Dummy.new(
|
|
45
|
+
dummy = Dummy.new(i_am_govspeak: '<img src="http://evil.com/trollface"/>')
|
|
63
46
|
assert dummy.invalid?
|
|
64
|
-
assert_includes dummy.errors.keys, :
|
|
47
|
+
assert_includes dummy.errors.keys, :i_am_govspeak
|
|
65
48
|
end
|
|
66
49
|
|
|
67
50
|
should "allow images hosted by us" do
|
|
68
|
-
dummy = Dummy.new(
|
|
51
|
+
dummy = Dummy.new(i_am_govspeak: '<img src="http://www.dev.gov.uk/trollface"/>')
|
|
69
52
|
assert dummy.valid?
|
|
70
53
|
end
|
|
71
54
|
|
|
72
55
|
should "allow plain text" do
|
|
73
|
-
dummy = Dummy.new(
|
|
56
|
+
dummy = Dummy.new(i_am_govspeak: "foo bar")
|
|
74
57
|
assert dummy.valid?
|
|
75
58
|
end
|
|
76
59
|
|
|
77
60
|
should "check only specified fields as Govspeak" do
|
|
78
61
|
nasty_govspeak = %q{[Numberwang](script:nasty(); "Wangernum")}
|
|
79
62
|
assert ! Govspeak::Document.new(nasty_govspeak).valid?, "expected this to be identified as bad"
|
|
63
|
+
|
|
80
64
|
dummy = Dummy.new(i_am_govspeak: nasty_govspeak)
|
|
81
65
|
assert dummy.invalid?
|
|
82
66
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: govuk_content_models
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 22.
|
|
4
|
+
version: 22.2.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2014-10-
|
|
12
|
+
date: 2014-10-28 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bson_ext
|
|
@@ -464,7 +464,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
464
464
|
version: '0'
|
|
465
465
|
segments:
|
|
466
466
|
- 0
|
|
467
|
-
hash:
|
|
467
|
+
hash: -4313756439197638091
|
|
468
468
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
469
469
|
none: false
|
|
470
470
|
requirements:
|
|
@@ -473,7 +473,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
473
473
|
version: '0'
|
|
474
474
|
segments:
|
|
475
475
|
- 0
|
|
476
|
-
hash:
|
|
476
|
+
hash: -4313756439197638091
|
|
477
477
|
requirements: []
|
|
478
478
|
rubyforge_project:
|
|
479
479
|
rubygems_version: 1.8.23
|