hesburgh-lib 0.1.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d99e85ae0d14a16c5071498783dfb24a7d8f83c7
-  data.tar.gz: 27dae28d870c72d535cc9957c098f49190eedc95
+  metadata.gz: ab9abdeacd77fc8237db9eca673b45ac4fd791fd
+  data.tar.gz: b3e02b8c413f90d40704eb90772787b38bbed682
 SHA512:
-  metadata.gz: f0ef7d50fc6c044cfb2eaf1ce53cb710aea0d10502649a8ea071fbee7a0cd313b4b17b370b9a8b4b8c7a1d771d780ee61670310c15614a03bbe868c4feb2b4ed
-  data.tar.gz: 17f4fe6c4987ade521ec7783f1c4339797800ba9d9e81c40afbfd9b26739c29a21ce86b4ae44f050116f1b64f572f848703c2ed10b881aa1c32311003285315a
+  metadata.gz: b63654cdbac306215603a564aa18b5fe3ccd6ea1893275d034578ad0da9fb275d38d35b7aac8fc595618f182810eb42754c2cefbc49bb31fe80b233b3ad148ea
+  data.tar.gz: 3786b0e3eb0de4ab3e8d8a648d8f59feccdf1d775d52d63eab9973f60967a46ac70aed8c93829d51f3ef7ecddcae77f9493987794d53fd435038c391c39f510e

data/bin/build-multi-commit-message

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby -wU
 
-if ARGV.grep(/^-+h(elp)?$/i).size > 0
+unless ARGV.grep(/^-+h(elp)?$/i).empty?
   $stdout.puts ""
   $stdout.puts "$ #{File.basename(__FILE__)} [branch_name]"
   $stdout.puts ""

data/bin/update-dependency

@@ -16,7 +16,7 @@ REPOSITORY_PATH = ENV.fetch('REPOSITORY_PATH') { Dir.pwd }
 #
 # *****************************************************************************
 
-if ARGV.grep(/^-+h(elp)?$/i).size > 0
+unless ARGV.grep(/^-+h(elp)?$/i).empty?
   $stdout.puts ""
   $stdout.puts "$ #{File.basename(__FILE__)} <gem1> <gem2>"
   $stdout.puts ""
@@ -45,7 +45,7 @@ end
 GEM_NAMES = ARGV
 
 # Guard that we have a clean working directory
-if `cd #{REPOSITORY_PATH} && git status --porcelain`.strip.size > 0
+unless `cd #{REPOSITORY_PATH} && git status --porcelain`.strip.empty?
   $stderr.puts "Repository @ #{REPOSITORY_PATH} did not have a clean working directory"
   exit!(2)
 end

data/hesburgh-lib.gemspec

@@ -18,6 +18,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
+  spec.add_development_dependency 'loofah', "~> 2.0.3"
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rake", "~> 10.0"

data/lib/hesburgh/lib/controller_with_runner.rb

@@ -47,16 +47,13 @@ module Hesburgh
       def runner(runner_name = nil)
         return @runner if @runner # For Dependency Injection
         runner_name = action_name.classify unless runner_name
-        if runner_container.const_defined?(runner_name)
-          runner_container.const_get(runner_name)
-        else
-          fail RunnerNotFoundError, container: runner_container, name: runner_name
-        end
+        return runner_container.const_get(runner_name) if runner_container.const_defined?(runner_name)
+        raise(RunnerNotFoundError, container: runner_container, name: runner_name)
       end
 
       # Exposed for purposes of Dependency Injection.
       def runner=(object)
-        fail(ImproperRunnerError, runner: object, method_name: :run) unless object.respond_to?(:run)
+        raise(ImproperRunnerError, runner: object, method_name: :run) unless object.respond_to?(:run)
         @runner = object
       end
 

data/lib/hesburgh/lib/html_scrubber.rb

@@ -0,0 +1,120 @@
+require 'loofah'
+require 'loofah/scrubber'
+
+module Hesburgh
+  module Lib
+    # Exposes a consistent means of scrubbing HTML.
+    #
+    # @see Rails `sanitize` method
+    # @todo Extract to the Hesburgh::Lib gem
+    module HtmlScrubber
+      ALLOWED_INLINE_TAGS = %w(abbr acronym b big cit cite code dfn em i mark samp small strong sub sup time tt var).freeze
+      ALLOWED_INLINE_WITH_LINK_TAGS = (%w(a) + ALLOWED_INLINE_TAGS).freeze
+      ALLOWED_INLINE_ATTRIBUTES = %w(datetime title href rel dir).freeze
+      ALLOWED_BLOCK_ATTRIBUTES = ALLOWED_INLINE_ATTRIBUTES
+
+      # We want to render this information as part of the metadata of a page. Examples include the `html head title` attribute
+      def self.build_meta_tag_scrubber(tags: [], attributes: :fallback)
+        AllowedTagsScrubber.new(tags: tags, attributes: attributes)
+      end
+
+      # We expect a single line of content. Examples include a "title" of an item
+      def self.build_inline_scrubber(tags: ALLOWED_INLINE_TAGS, attributes: ALLOWED_INLINE_ATTRIBUTES)
+        AllowedTagsScrubber.new(tags: tags, attributes: attributes)
+      end
+
+      # We expect a single line of content but are allowing links (A-tags) to be included.
+      def self.build_inline_with_link_scrubber(tags: ALLOWED_INLINE_WITH_LINK_TAGS, attributes: ALLOWED_INLINE_ATTRIBUTES)
+        AllowedTagsScrubber.new(tags: tags, attributes: attributes)
+      end
+
+      # We are allowing multiple lines of content. Examples include an "abstract" of an item
+      def self.build_block_scrubber
+        AllowedTagsScrubber.new(tags: AllowedTagsScrubber::FALLBACK, attributes: ALLOWED_BLOCK_ATTRIBUTES)
+      end
+
+      # Responsible for stripping and general sanitization of HTML documents
+      class AllowedTagsScrubber < Loofah::Scrubber
+        FALLBACK = :fallback
+        # @param tags [Symbol, Array<String>] What are the tags we are we going to keep. Otherwise the tag (but not content) is stripped.
+        # @param attributes [Symbol, Array<String>] What are the attributes we are we going to keep? Otherwise the attribute and its value
+        #                                           are dropped.
+        # @param direction [Symbol] How are we processing the nodes; This is an assumption based on the Loofah::Scrubber
+        def initialize(tags: FALLBACK, attributes: FALLBACK, direction: :bottom_up)
+          self.direction = direction
+          self.tags = tags
+          self.attributes = attributes
+        end
+
+        # A convenience method for sanitiziation
+        def sanitize(input)
+          return '' if input.to_s.strip == ''
+          return input unless input.is_a?(String)
+          Loofah.fragment(input).scrub!(self).to_s.strip
+        end
+        alias call sanitize
+
+        def scrub(node)
+          return node.remove if script_node?(node)
+          if node_allowed?(node)
+            scrub_node_attributes(node)
+            return CONTINUE
+          else
+            node.before node.children
+            node.remove
+          end
+        end
+
+        private
+
+        attr_reader :tags, :attributes
+        attr_accessor :direction
+
+        def tags=(input)
+          @tags = extract_with_fallback_consideration(input)
+        end
+
+        def attributes=(input)
+          @attributes = extract_with_fallback_consideration(input)
+        end
+
+        def extract_with_fallback_consideration(input)
+          return FALLBACK if input == FALLBACK
+          Array.wrap(input)
+        end
+
+        def script_node?(node)
+          node.name == 'script'
+        end
+
+        def scrub_node_attributes(node)
+          return fallback_scrub_node_attributes(node) if attributes == FALLBACK
+          node.attribute_nodes.each do |attr_node|
+            attr_node.remove unless attributes.include?(attr_node.name)
+          end
+        end
+
+        def allowed_not_element_node_types
+          [Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE]
+        end
+
+        def fallback_scrub_node_attributes(node)
+          Loofah::HTML5::Scrub.scrub_attributes(node)
+          true
+        end
+
+        def fallback_allowed_element_detection(node)
+          Loofah::HTML5::Scrub.allowed_element?(node.name)
+        end
+
+        def node_allowed?(node)
+          return fallback_allowed_element_detection(node) if tags == FALLBACK
+          return true if allowed_not_element_node_types.include?(node.type)
+          return false unless node.type == Nokogiri::XML::Node::ELEMENT_NODE
+          tags.include?(node.name)
+        end
+      end
+      private_constant :AllowedTagsScrubber
+    end
+  end
+end

data/lib/hesburgh/lib/mock_runner.rb

@@ -35,20 +35,13 @@ module Hesburgh
       end
 
       def run(*args)
-        if @run_with == args
-          if block_given?
-            return yield(self)
-          else
-            return @callback_name, *@yields
-          end
-        else
-          fail RunWithMismatchError, actual: args, expected: @run_with
-        end
+        raise RunWithMismatchError, actual: args, expected: @run_with unless @run_with == args
+        return yield(self) if block_given?
+        return @callback_name, *@yields
       end
 
       def method_missing(method_name, &_block)
-        super unless @callback_name.to_s == method_name.to_s
-        return @callback_name, *yield(@yields)
+        return @callback_name, *yield(@yields) if @callback_name.to_s == method_name.to_s
       end
 
       private

data/lib/hesburgh/lib/runner.rb

@@ -36,7 +36,7 @@ module Hesburgh
       end
 
       def run(*_args)
-        fail NotImplementedError, ("You must define #{self.class}#run")
+        raise(NotImplementedError, "You must define #{self.class}#run")
       end
 
       private

data/lib/hesburgh/lib/version.rb

@@ -1,5 +1,5 @@
 module Hesburgh
   module Lib
-    VERSION = "0.1.1.1"
+    VERSION = "0.2.0".freeze
   end
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: hesburgh-lib
 version: !ruby/object:Gem::Version
-  version: 0.1.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Jeremy Friesen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-09 00:00:00.000000000 Z
+date: 2016-04-13 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: loofah
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -110,6 +124,7 @@ files:
 - hesburgh-lib.gemspec
 - lib/hesburgh/lib.rb
 - lib/hesburgh/lib/controller_with_runner.rb
+- lib/hesburgh/lib/html_scrubber.rb
 - lib/hesburgh/lib/mock_runner.rb
 - lib/hesburgh/lib/named_callbacks.rb
 - lib/hesburgh/lib/runner.rb