herb 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5c394bc2c2281a98fffdbd20598cf1b8fb14c710
+  data.tar.gz: a3179a63d031f7599274f144ef7d846518a0bd96
+SHA512:
+  metadata.gz: 02bd3e967c8d5433d141d4c4fb6c84c6610c2ca280413016def1280a7b4b77520289e582c070d030455f3a66b714cab34f292c46c7de94199e95ab8356d90b40
+  data.tar.gz: d2c7bfbd62d6188b5bbf7741b90113ffef0945ae7724f2e92ae98efc2d099a75496a3b4215836dc09bdd3a688776f547e46962a8457605eb219025bd34511c90

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c)      2016 Francesco Rodriguez
+Copyright (c) 2011-2016 Michel Martens
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,171 @@
+herb [![Build Status](https://travis-ci.org/frodsan/herb.svg)](https://travis-ci.org/frodsan/herb)
+====
+
+Minimal template engine with default escaping.
+
+Description
+-----------
+
+Herb is a fork of [Mote] that uses a [ERB]-like style syntax and auto-escape HTML special characters by default.
+
+Installation
+------------
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "herb"
+```
+
+And then execute:
+
+```
+$ bundle
+```
+
+Or install it yourself as:
+
+```
+$ gem install herb
+```
+
+Basic Usage
+-----------
+
+This is a basic example:
+
+```ruby
+require "herb"
+
+template = Herb.parse("your template goes here!")
+template.call
+# => "your template goes here!"
+```
+
+Herb recognizes two tags to evaluate Ruby code: `<% %>`, and `<%= %>`. The difference between them is that while the `<% %>` tags only evaluate the code, the `<%= %>` tags also prints the result to the template.
+
+Imagine that your template looks like this:
+
+```erb
+<% # single line code %>
+<% gems = ["rack", "cuba", "herb"] %>
+
+<%
+  # multi-line code
+  sorted = gems.sort
+%>
+
+<ul>
+<% sorted.each do |name| %>
+  <li><%= name %></li>
+<% end %>
+</ul>
+```
+
+The generated result will be like:
+
+```html
+<ul>
+  <li>cuba</li>
+  <li>herb</li>
+  <li>rack</li>
+</ul>
+```
+
+Parameters
+----------
+
+The values passed to the template are available as local variables:
+
+```ruby
+template = Herb.parse("Hello {{ name }}", [:name])
+template.call(name: "Ruby")
+# => Hello Ruby
+```
+
+You can also use the `params` local variable to access the given parameters:
+
+```ruby
+template = Herb.parse("Hello {{ params[:name] }}")
+template.call(name: "Ruby")
+# => Hello Ruby
+```
+
+Auto-escaping
+-------------
+
+By default, Herb escapes HTML special characters to prevent [XSS][xss] attacks. You can start the expression with an exclamation mark to disable escaping for that expression:
+
+```ruby
+template = Herb.parse("Hello {{ name }}", [:name])
+template.call(name: "<b>World</b>")
+# => Hello &lt;b&gt;World&lt;b&gt;
+
+template = Herb.parse("Hello {{! name }}", [:name])
+template.call(name: "<b>World</b>")
+# => Hello <b>World</b>
+```
+
+Herb::Helpers
+--------------
+
+There's a helper available in the `Herb::Helpers` module, and you are
+free to include it in your code. To do it, just type:
+
+```ruby
+include Herb::Helpers
+```
+
+### Using the `herb` helper
+
+The `herb` helper receives a file name and a hash and returns the rendered version of its content. The compiled template is cached for subsequent calls.
+
+```ruby
+herb("test/basic.erb", n: 3)
+# => "***\n"
+```
+
+### Template caching
+
+When the `herb` helper is first called with a template name, the file is read and parsed, and a proc is created and stored in the current thread. The parameters passed are defined as local variables in the template. If you want to provide more parameters once the template was cached, you won't be able to access the values as local variables, but you can always access the `params` hash.
+
+For example:
+
+```ruby
+# First call
+herb("foo.erb", a: 1, b: 2)
+```
+
+Contributing
+------------
+
+Fork the project with:
+
+```
+$ git clone git@github.com:frodsan/herb.git
+```
+
+To install dependencies, use:
+
+```
+$ bundle install
+```
+
+To run the test suite, do:
+
+```
+$ rake test
+```
+
+For bug reports and pull requests use [GitHub][issues].
+
+License
+-------
+
+Herb is released under the [MIT License][mit].
+
+[erb]: http://ruby-doc.org/stdlib-2.3.1/libdoc/erb/rdoc/ERB.html
+[issues]: https://github.com/frodsan/herb/issues
+[mit]: http://www.opensource.org/licenses/MIT
+[mote]: https://github.com/soveran/mote
+[xss]: http://en.wikipedia.org/wiki/Cross-Site_Scripting

data/lib/herb.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2016      Francesco Rodríguez
+# Copyright (c) 2011-2016 Michel Martens (https://github.com/soveran/mote)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+module Herb
+  PATTERN = /(<%)\s+(.*?)\s+%>(?:\n)|(<%==?)(.*?)%>/m
+
+  def self.parse(template, vars = [], context = self)
+    terms = template.split(PATTERN)
+    parts = "proc do |params = {}, __o = ''|\n".dup
+
+    vars.each { |var| parts << sprintf("%s = params[%p]\n", var, var) }
+
+    while (term = terms.shift)
+      parts << parse_expression(terms, term)
+    end
+
+    parts << "__o; end"
+
+    compile(context, parts)
+  end
+
+  def self.parse_expression(terms, term)
+    case term
+    when "<%"   then terms.shift << "\n"
+    when "<%="  then "__o << Herb.h((" + terms.shift << ").to_s)\n"
+    when "<%==" then "__o << (" + terms.shift << ").to_s\n"
+    else             "__o << " + term.dump << "\n"
+    end
+  end
+
+  def self.compile(context, parts)
+    context.instance_eval(parts)
+  end
+
+  HTML_ESCAPE = {
+    "&" => "&amp;",
+    ">" => "&gt;",
+    "<" => "&lt;",
+    '"' => "&#39;",
+    "'" => "&#34;"
+  }.freeze
+
+  UNSAFE = /[&"'><]/
+
+  def self.h(str)
+    str.gsub(UNSAFE, HTML_ESCAPE)
+  end
+
+  module Helpers
+    def herb(file, params = {}, context = self)
+      herb_cache[file] ||= Herb.parse(File.read(file), params.keys, context)
+      herb_cache[file].call(params)
+    end
+
+    def herb_cache
+      Thread.current[:herb_cache] ||= {}
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "minitest/autorun"
+require "minitest/pride"
+require "minitest/sugar"
+require_relative "../lib/herb"

data/test/helpers_test.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative "helper"
+
+class HelpersTest < Minitest::Test
+  include Herb::Helpers
+
+  setup do
+    herb_cache.clear
+  end
+
+  def foo
+    "foo"
+  end
+
+  test "using functions in the context" do
+    assert_equal("foo\n", herb("test/views/foo.erb"))
+  end
+
+  test "passing in a context" do
+    assert_raises(NameError) do
+      herb("test/views/foo.erb", {}, TOPLEVEL_BINDING)
+    end
+  end
+end

data/test/parsing_test.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require_relative "helper"
+
+class ParsingTest < Minitest::Test
+  test "assignment" do
+    template = Herb.parse("<%= 1 + 2 %>")
+
+    assert_equal("3", template.call)
+  end
+
+  test "control flow" do
+    template = <<-EOT.gsub(/ {4}/, "")
+    <% if false %>
+      false
+    <% else %>
+      true
+    <% end %>
+    EOT
+
+    result = Herb.parse(template).call
+
+    assert_equal("  true\n", result)
+  end
+
+  test "parameters" do
+    template = <<-EOT.gsub(/ {4}/, "")
+    <% params[:n].times do %>
+    *
+    <% end %>
+    EOT
+
+    example = Herb.parse(template)
+
+    assert_equal("*\n*\n*\n", example[n: 3])
+    assert_equal("*\n*\n*\n*\n", example[n: 4])
+  end
+
+  test "multiline" do
+    example = Herb.parse("The\nMan\nAnd\n<%=\"The\"%>\nSea")
+
+    assert_equal("The\nMan\nAnd\nThe\nSea", example.call)
+  end
+
+  test "quotes" do
+    example = Herb.parse("'foo' 'bar' 'baz'")
+
+    assert_equal("'foo' 'bar' 'baz'", example.call)
+  end
+
+  test "context" do
+    context = Object.new
+
+    def context.user
+      "Bruno"
+    end
+
+    example = Herb.parse("<%= user %>", [], context)
+
+    assert_equal("Bruno", example.call)
+  end
+
+  test "locals" do
+    example = Herb.parse("<%= user %>", [:user], self)
+
+    assert_equal("Mayn", example.call(user: "Mayn"))
+  end
+
+  test "nil" do
+    example = Herb.parse("<%= params[:user] %>", [], TOPLEVEL_BINDING)
+
+    assert_equal("", example.call(user: nil))
+  end
+
+  test "multi-line" do
+    template = <<-EOT.gsub(/^    /, "")
+    <%
+      # Multiline code evaluation
+      lucky = [1, 3, 7, 9, 13, 15]
+      prime = [2, 3, 5, 7, 11, 13]
+    %>
+
+    <%= lucky & prime %>
+    EOT
+
+    example = Herb.parse(template)
+
+    assert_equal "\n[3, 7, 13]\n", example.call
+  end
+
+  test "escapes by default" do
+    text = %q(<>&"')
+
+    template = Herb.parse("<%= params[:text] %>")
+
+    result = template.call(text: text)
+
+    assert_equal("&lt;&gt;&amp;&#39;&#34;", result)
+  end
+
+  test "no escaping please" do
+    text = %q(<>&"')
+
+    template = Herb.parse("<%== params[:text] %>")
+
+    result = template.call(text: text)
+
+    assert_equal(text, result)
+  end
+end

metadata

@@ -0,0 +1,108 @@
+--- !ruby/object:Gem::Specification
+name: herb
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Francesco Rodriguez
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.8'
+- !ruby/object:Gem::Dependency
+  name: minitest-sugar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.39'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.39'
+description: ERB-like template engine that escapes HTML by default
+email: frodsan@protonmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/herb.rb
+- test/helper.rb
+- test/helpers_test.rb
+- test/parsing_test.rb
+homepage: https://github.com/frodsan/herb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: ERB-like template engine that escapes HTML by default
+test_files:
+- test/helper.rb
+- test/helpers_test.rb
+- test/parsing_test.rb