herb 0.6.1-x86-linux-musl → 0.7.0-x86-linux-musl

data/lib/herb/engine/validation_error_overlay.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+module Herb
+  class Engine
+    class ValidationErrorOverlay
+      CONTEXT_LINES = 2
+
+      VALIDATOR_BADGES = {
+        "SecurityValidator" => { label: "Security", color: "#dc2626" },
+        "NestingValidator" => { label: "Nesting", color: "#f59e0b" },
+        "AccessibilityValidator" => { label: "A11y", color: "#3b82f6" },
+      }.freeze
+
+      SEVERITY_COLORS = {
+        "error" => "#dc2626",
+        "warning" => "#f59e0b",
+        "info" => "#3b82f6",
+      }.freeze
+
+      def initialize(source, error, filename: nil)
+        @source = source
+        @error = error
+        @filename = filename || "unknown"
+        @lines = source.lines
+      end
+
+      def generate_fragment
+        location = @error[:location]
+        line_num = location&.start&.line || 1
+        col_num = location&.start&.column || 1
+
+        validator_info = VALIDATOR_BADGES[@error[:source]] || { label: @error[:source], color: "#6b7280" }
+        severity_color = SEVERITY_COLORS[@error[:severity].to_s] || "#6b7280"
+
+        code_snippet = generate_code_snippet(line_num, col_num)
+
+        <<~HTML
+          <div class="herb-validation-item" data-severity="#{escape_attr(@error[:severity].to_s)}">
+            <div class="herb-validation-header">
+              <span class="herb-validation-badge" style="background: #{validator_info[:color]}">
+                #{escape_html(validator_info[:label])}
+              </span>
+              <span class="herb-validation-location">
+                #{escape_html(@filename)}:#{line_num}:#{col_num}
+              </span>
+            </div>
+            <div class="herb-validation-message" style="color: #{severity_color}">
+              #{escape_html(@error[:message])}
+            </div>
+            #{code_snippet}
+            #{generate_suggestion_html if @error[:suggestion]}
+          </div>
+        HTML
+      end
+
+      private
+
+      def generate_code_snippet(line_num, col_num)
+        start_line = [line_num - CONTEXT_LINES, 1].max
+        end_line = [line_num + CONTEXT_LINES, @lines.length].min
+
+        code_lines = [] #: Array[String]
+        (start_line..end_line).each do |line|
+          line_content = @lines[line - 1] || ""
+          is_error_line = line == line_num
+
+          highlighted_content = syntax_highlight(line_content.chomp)
+
+          if is_error_line
+            code_lines << <<~HTML
+              <div class="herb-code-line herb-error-line">
+                <div class="herb-line-number">#{line}</div>
+                <div class="herb-line-content">#{highlighted_content}</div>
+              </div>
+            HTML
+
+            if col_num.positive?
+              pointer = "#{" " * (col_num - 1)}^"
+              code_lines << <<~HTML
+                <div class="herb-error-pointer">#{escape_html(pointer)}</div>
+              HTML
+            end
+          else
+            code_lines << <<~HTML
+              <div class="herb-code-line">
+                <div class="herb-line-number">#{line}</div>
+                <div class="herb-line-content">#{highlighted_content}</div>
+              </div>
+            HTML
+          end
+        end
+
+        <<~HTML
+          <div class="herb-code-snippet">
+            #{code_lines.join}
+          </div>
+        HTML
+      end
+
+      def generate_suggestion_html
+        <<~HTML
+          <div class="herb-validation-suggestion">
+            <span class="herb-suggestion-icon">💡</span>
+            #{escape_html(@error[:suggestion])}
+          </div>
+        HTML
+      end
+
+      def syntax_highlight(code)
+        lex_result = ::Herb.lex(code)
+        return escape_html(code) if lex_result.errors.any?
+
+        tokens = lex_result.value
+        highlight_with_tokens(tokens, code)
+      rescue StandardError
+        escape_html(code)
+      end
+
+      def highlight_with_tokens(tokens, code)
+        return escape_html(code) if tokens.nil? || tokens.empty?
+
+        highlighted = ""
+        last_end = 0
+
+        tokens.each do |token|
+          char_offset = get_character_offset(code, token.location.start.line, token.location.start.column)
+          char_end = get_character_offset(code, token.location.end_point.line, token.location.end_point.column)
+
+          highlighted += escape_html(code[last_end...char_offset]) if char_offset > last_end
+
+          token_text = code[char_offset...char_end]
+          highlighted += apply_token_style(token, token_text)
+          last_end = char_end
+        end
+
+        highlighted += escape_html(code[last_end..]) if last_end < code.length
+
+        highlighted
+      end
+
+      def get_character_offset(_content, line, column)
+        return column - 1 if line == 1
+
+        column - 1
+      end
+
+      def apply_token_style(token, text)
+        escaped_text = escape_html(text)
+
+        case token.type
+        when "TOKEN_ERB_START", "TOKEN_ERB_END"
+          "<span class=\"herb-erb\">#{escaped_text}</span>"
+        when "TOKEN_ERB_CONTENT"
+          "<span class=\"herb-erb-content\">#{escaped_text}</span>"
+        when "TOKEN_HTML_TAG_START", "TOKEN_HTML_TAG_START_CLOSE", "TOKEN_HTML_TAG_END", "TOKEN_HTML_TAG_SELF_CLOSE", "TOKEN_IDENTIFIER"
+          "<span class=\"herb-tag\">#{escaped_text}</span>"
+        when "TOKEN_HTML_ATTRIBUTE_NAME"
+          "<span class=\"herb-attr\">#{escaped_text}</span>"
+        when "TOKEN_QUOTE", "TOKEN_HTML_ATTRIBUTE_VALUE"
+          "<span class=\"herb-value\">#{escaped_text}</span>"
+        when "TOKEN_HTML_COMMENT_START", "TOKEN_HTML_COMMENT_END", "TOKEN_HTML_COMMENT_CONTENT"
+          "<span class=\"herb-comment\">#{escaped_text}</span>"
+        else
+          escaped_text
+        end
+      end
+
+      def escape_html(text)
+        text.to_s
+            .gsub("&", "&amp;")
+            .gsub("<", "&lt;")
+            .gsub(">", "&gt;")
+            .gsub('"', "&quot;")
+            .gsub("'", "&#39;")
+      end
+
+      def escape_attr(text)
+        escape_html(text).gsub("\n", "&#10;").gsub("\r", "&#13;")
+      end
+    end
+  end
+end

data/lib/herb/engine/validation_errors.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+# typed: false
+
+# rbs_inline: disabled
+
+module Herb
+  class Engine
+    class SecurityError < StandardError
+      attr_reader :line, :column, :filename, :suggestion
+
+      def initialize(message, line: nil, column: nil, filename: nil, suggestion: nil)
+        @line = line
+        @column = column
+        @filename = filename
+        @suggestion = suggestion
+
+        super(build_error_message(message))
+      end
+
+      private
+
+      def build_error_message(message)
+        parts = [] #: Array[String]
+
+        if @filename || (@line && @column)
+          location_parts = [] #: Array[String]
+
+          location_parts << @filename if @filename
+          location_parts << "#{@line}:#{@column}" if @line && @column
+
+          parts << location_parts.join(":")
+        end
+
+        parts << message
+
+        parts << "Suggestion: #{@suggestion}" if @suggestion
+
+        parts.join(" - ")
+      end
+    end
+
+    module ValidationErrors
+      class ValidationError
+        attr_reader :type, :location, :message
+
+        def initialize(type, location, message)
+          @type = type
+          @location = location
+          @message = message
+        end
+      end
+
+      class SecurityValidationError
+        attr_reader :type, :location, :message, :suggestion
+
+        def initialize(location, message, suggestion)
+          @type = "SecurityError"
+          @location = location
+          @message = message
+          @suggestion = suggestion
+        end
+      end
+    end
+  end
+end

data/lib/herb/engine/validator.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module Herb
+  class Engine
+    class Validator < Herb::Visitor
+      attr_reader :diagnostics
+
+      def initialize
+        super
+
+        @diagnostics = []
+      end
+
+      def validate(node)
+        visit(node)
+      end
+
+      def error(message, location, code: nil, source: nil)
+        add_diagnostic(message, location, :error, code: code, source: source)
+      end
+
+      def warning(message, location, code: nil, source: nil)
+        add_diagnostic(message, location, :warning, code: code, source: source)
+      end
+
+      def info(message, location, code: nil, source: nil)
+        add_diagnostic(message, location, :info, code: code, source: source)
+      end
+
+      def hint(message, location, code: nil, source: nil)
+        add_diagnostic(message, location, :hint, code: code, source: source)
+      end
+
+      def errors?
+        @diagnostics.any? { |diagnostic| diagnostic[:severity] == :error }
+      end
+
+      def warnings?
+        @diagnostics.any? { |diagnostic| diagnostic[:severity] == :warning }
+      end
+
+      def errors
+        @diagnostics.select { |diagnostic| diagnostic[:severity] == :error }
+      end
+
+      def warnings
+        @diagnostics.select { |diagnostic| diagnostic[:severity] == :warning }
+      end
+
+      def clear_diagnostics
+        @diagnostics.clear
+      end
+
+      def diagnostic_count(severity = nil)
+        return @diagnostics.length unless severity
+
+        @diagnostics.count { |diagnostic| diagnostic[:severity] == severity }
+      end
+
+      private
+
+      def add_diagnostic(message, location, severity, code: nil, source: nil)
+        diagnostic = {
+          message: message,
+          location: location,
+          severity: severity,
+          code: code,
+          source: source || self.class.name,
+        }
+
+        @diagnostics << diagnostic
+      end
+    end
+  end
+end

data/lib/herb/engine/validators/accessibility_validator.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+# typed: true
+
+require_relative "../validator"
+
+module Herb
+  class Engine
+    module Validators
+      class AccessibilityValidator < Validator
+        def visit_html_attribute_node(node)
+          validate_attribute(node)
+          super
+        end
+
+        private
+
+        def validate_attribute(node)
+          # TODO: Add accessibility attribute validation
+        end
+
+        def validate_id_format(node)
+          # TODO: Add ID format validation
+        end
+
+        def add_validation_error(type, location, message)
+          error(message, location, code: type, source: "AccessibilityValidator")
+        end
+      end
+    end
+  end
+end

data/lib/herb/engine/validators/nesting_validator.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+# typed: false
+
+# rbs_inline: disabled
+
+require_relative "../validator"
+
+module Herb
+  class Engine
+    module Validators
+      class NestingValidator < Validator
+        def visit_html_element_node(node)
+          validate_html_nesting(node)
+          super
+        end
+
+        private
+
+        def validate_html_nesting(node)
+          tag_name = node.tag_name&.value&.downcase
+          return unless tag_name
+
+          case tag_name
+          when "p"
+            validate_no_block_elements_in_paragraph(node)
+          when "a"
+            validate_no_nested_anchors(node)
+          when "button"
+            validate_no_interactive_in_button(node)
+          end
+        end
+
+        def validate_no_block_elements_in_paragraph(node)
+          block_elements = %w[div section article header footer nav aside p h1 h2 h3 h4 h5 h6 ul ol dl table form]
+
+          node.body.each do |child|
+            next unless child.is_a?(Herb::AST::HTMLElementNode)
+
+            child_tag = child.tag_name&.value&.downcase
+            next unless child_tag && block_elements.include?(child_tag)
+
+            add_validation_error(
+              "InvalidNestingError",
+              child.location,
+              "Block element <#{child_tag}> cannot be nested inside <p> at line #{child.location.start.line}"
+            )
+          end
+        end
+
+        def validate_no_nested_anchors(node)
+          find_nested_elements(node, "a") do |nested|
+            add_validation_error(
+              "NestedAnchorError",
+              nested.location,
+              "Anchor <a> cannot be nested inside another anchor at line #{nested.location.start.line}"
+            )
+          end
+        end
+
+        def validate_no_interactive_in_button(node)
+          interactive_elements = %w[a button input select textarea]
+
+          node.body.each do |child|
+            next unless child.is_a?(Herb::AST::HTMLElementNode)
+
+            child_tag = child.tag_name&.value&.downcase
+            next unless child_tag && interactive_elements.include?(child_tag)
+
+            add_validation_error(
+              "InvalidNestingError",
+              child.location,
+              "Interactive element <#{child_tag}> cannot be nested inside <button> at line #{child.location.start.line}"
+            )
+          end
+        end
+
+        def find_nested_elements(node, tag_name, &block)
+          node.body.each do |child|
+            if child.is_a?(Herb::AST::HTMLElementNode)
+              if child.tag_name&.value&.downcase == tag_name
+                yield child
+              else
+                find_nested_elements(child, tag_name, &block)
+              end
+            end
+          end
+        end
+
+        def add_validation_error(type, location, message)
+          error(message, location, code: type, source: "NestingValidator")
+        end
+      end
+    end
+  end
+end

data/lib/herb/engine/validators/security_validator.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+# typed: true
+
+require_relative "../validator"
+
+module Herb
+  class Engine
+    module Validators
+      class SecurityValidator < Validator
+        def visit_html_open_tag_node(node)
+          validate_tag_security(node)
+
+          super
+        end
+
+        def visit_html_attribute_name_node(node)
+          validate_attribute_name_security(node)
+
+          super
+        end
+
+        private
+
+        def validate_tag_security(node)
+          node.children.each do |child|
+            next if child.is_a?(Herb::AST::HTMLAttributeNode)
+            next if child.is_a?(Herb::AST::WhitespaceNode)
+
+            next unless child.is_a?(Herb::AST::ERBContentNode) && erb_outputs?(child)
+
+            add_security_error(
+              child.location,
+              "ERB output tags (<%= %>) are not allowed in attribute position.",
+              "Use control flow (<% %>) with static attributes instead."
+            )
+          end
+        end
+
+        def validate_attribute_name_security(node)
+          node.children.each do |child|
+            next unless child.is_a?(Herb::AST::ERBContentNode) && erb_outputs?(child)
+
+            add_security_error(
+              child.location,
+              "ERB output in attribute names is not allowed for security reasons.",
+              "Use static attribute names with dynamic values instead."
+            )
+          end
+        end
+
+        def add_security_error(location, message, suggestion)
+          add_diagnostic(message, location, :error, code: "SecurityViolation", source: "SecurityValidator",
+                                                    suggestion: suggestion)
+        end
+
+        def add_diagnostic(message, location, severity, code: nil, source: nil, suggestion: nil)
+          diagnostic = {
+            message: message,
+            location: location,
+            severity: severity,
+            code: code,
+            source: source || self.class.name,
+            suggestion: suggestion,
+          }
+
+          @diagnostics << diagnostic
+        end
+      end
+    end
+  end
+end