hesburgh-lib 0.1.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d99e85ae0d14a16c5071498783dfb24a7d8f83c7
4
- data.tar.gz: 27dae28d870c72d535cc9957c098f49190eedc95
3
+ metadata.gz: ab9abdeacd77fc8237db9eca673b45ac4fd791fd
4
+ data.tar.gz: b3e02b8c413f90d40704eb90772787b38bbed682
5
5
  SHA512:
6
- metadata.gz: f0ef7d50fc6c044cfb2eaf1ce53cb710aea0d10502649a8ea071fbee7a0cd313b4b17b370b9a8b4b8c7a1d771d780ee61670310c15614a03bbe868c4feb2b4ed
7
- data.tar.gz: 17f4fe6c4987ade521ec7783f1c4339797800ba9d9e81c40afbfd9b26739c29a21ce86b4ae44f050116f1b64f572f848703c2ed10b881aa1c32311003285315a
6
+ metadata.gz: b63654cdbac306215603a564aa18b5fe3ccd6ea1893275d034578ad0da9fb275d38d35b7aac8fc595618f182810eb42754c2cefbc49bb31fe80b233b3ad148ea
7
+ data.tar.gz: 3786b0e3eb0de4ab3e8d8a648d8f59feccdf1d775d52d63eab9973f60967a46ac70aed8c93829d51f3ef7ecddcae77f9493987794d53fd435038c391c39f510e
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby -wU
2
2
 
3
- if ARGV.grep(/^-+h(elp)?$/i).size > 0
3
+ unless ARGV.grep(/^-+h(elp)?$/i).empty?
4
4
  $stdout.puts ""
5
5
  $stdout.puts "$ #{File.basename(__FILE__)} [branch_name]"
6
6
  $stdout.puts ""
@@ -16,7 +16,7 @@ REPOSITORY_PATH = ENV.fetch('REPOSITORY_PATH') { Dir.pwd }
16
16
  #
17
17
  # *****************************************************************************
18
18
 
19
- if ARGV.grep(/^-+h(elp)?$/i).size > 0
19
+ unless ARGV.grep(/^-+h(elp)?$/i).empty?
20
20
  $stdout.puts ""
21
21
  $stdout.puts "$ #{File.basename(__FILE__)} <gem1> <gem2>"
22
22
  $stdout.puts ""
@@ -45,7 +45,7 @@ end
45
45
  GEM_NAMES = ARGV
46
46
 
47
47
  # Guard that we have a clean working directory
48
- if `cd #{REPOSITORY_PATH} && git status --porcelain`.strip.size > 0
48
+ unless `cd #{REPOSITORY_PATH} && git status --porcelain`.strip.empty?
49
49
  $stderr.puts "Repository @ #{REPOSITORY_PATH} did not have a clean working directory"
50
50
  exit!(2)
51
51
  end
data/hesburgh-lib.gemspec CHANGED
@@ -18,6 +18,7 @@ Gem::Specification.new do |spec|
18
18
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
19
  spec.require_paths = ["lib"]
20
20
 
21
+ spec.add_development_dependency 'loofah', "~> 2.0.3"
21
22
  spec.add_development_dependency "bundler", "~> 1.7"
22
23
  spec.add_development_dependency "rspec", "~> 3.0"
23
24
  spec.add_development_dependency "rake", "~> 10.0"
@@ -47,16 +47,13 @@ module Hesburgh
47
47
  def runner(runner_name = nil)
48
48
  return @runner if @runner # For Dependency Injection
49
49
  runner_name = action_name.classify unless runner_name
50
- if runner_container.const_defined?(runner_name)
51
- runner_container.const_get(runner_name)
52
- else
53
- fail RunnerNotFoundError, container: runner_container, name: runner_name
54
- end
50
+ return runner_container.const_get(runner_name) if runner_container.const_defined?(runner_name)
51
+ raise(RunnerNotFoundError, container: runner_container, name: runner_name)
55
52
  end
56
53
 
57
54
  # Exposed for purposes of Dependency Injection.
58
55
  def runner=(object)
59
- fail(ImproperRunnerError, runner: object, method_name: :run) unless object.respond_to?(:run)
56
+ raise(ImproperRunnerError, runner: object, method_name: :run) unless object.respond_to?(:run)
60
57
  @runner = object
61
58
  end
62
59
 
@@ -0,0 +1,120 @@
1
+ require 'loofah'
2
+ require 'loofah/scrubber'
3
+
4
+ module Hesburgh
5
+ module Lib
6
+ # Exposes a consistent means of scrubbing HTML.
7
+ #
8
+ # @see Rails `sanitize` method
9
+ # @todo Extract to the Hesburgh::Lib gem
10
+ module HtmlScrubber
11
+ ALLOWED_INLINE_TAGS = %w(abbr acronym b big cit cite code dfn em i mark samp small strong sub sup time tt var).freeze
12
+ ALLOWED_INLINE_WITH_LINK_TAGS = (%w(a) + ALLOWED_INLINE_TAGS).freeze
13
+ ALLOWED_INLINE_ATTRIBUTES = %w(datetime title href rel dir).freeze
14
+ ALLOWED_BLOCK_ATTRIBUTES = ALLOWED_INLINE_ATTRIBUTES
15
+
16
+ # We want to render this information as part of the metadata of a page. Examples include the `html head title` attribute
17
+ def self.build_meta_tag_scrubber(tags: [], attributes: :fallback)
18
+ AllowedTagsScrubber.new(tags: tags, attributes: attributes)
19
+ end
20
+
21
+ # We expect a single line of content. Examples include a "title" of an item
22
+ def self.build_inline_scrubber(tags: ALLOWED_INLINE_TAGS, attributes: ALLOWED_INLINE_ATTRIBUTES)
23
+ AllowedTagsScrubber.new(tags: tags, attributes: attributes)
24
+ end
25
+
26
+ # We expect a single line of content but are allowing links (A-tags) to be included.
27
+ def self.build_inline_with_link_scrubber(tags: ALLOWED_INLINE_WITH_LINK_TAGS, attributes: ALLOWED_INLINE_ATTRIBUTES)
28
+ AllowedTagsScrubber.new(tags: tags, attributes: attributes)
29
+ end
30
+
31
+ # We are allowing multiple lines of content. Examples include an "abstract" of an item
32
+ def self.build_block_scrubber
33
+ AllowedTagsScrubber.new(tags: AllowedTagsScrubber::FALLBACK, attributes: ALLOWED_BLOCK_ATTRIBUTES)
34
+ end
35
+
36
+ # Responsible for stripping and general sanitization of HTML documents
37
+ class AllowedTagsScrubber < Loofah::Scrubber
38
+ FALLBACK = :fallback
39
+ # @param tags [Symbol, Array<String>] What are the tags we are we going to keep. Otherwise the tag (but not content) is stripped.
40
+ # @param attributes [Symbol, Array<String>] What are the attributes we are we going to keep? Otherwise the attribute and its value
41
+ # are dropped.
42
+ # @param direction [Symbol] How are we processing the nodes; This is an assumption based on the Loofah::Scrubber
43
+ def initialize(tags: FALLBACK, attributes: FALLBACK, direction: :bottom_up)
44
+ self.direction = direction
45
+ self.tags = tags
46
+ self.attributes = attributes
47
+ end
48
+
49
+ # A convenience method for sanitiziation
50
+ def sanitize(input)
51
+ return '' if input.to_s.strip == ''
52
+ return input unless input.is_a?(String)
53
+ Loofah.fragment(input).scrub!(self).to_s.strip
54
+ end
55
+ alias call sanitize
56
+
57
+ def scrub(node)
58
+ return node.remove if script_node?(node)
59
+ if node_allowed?(node)
60
+ scrub_node_attributes(node)
61
+ return CONTINUE
62
+ else
63
+ node.before node.children
64
+ node.remove
65
+ end
66
+ end
67
+
68
+ private
69
+
70
+ attr_reader :tags, :attributes
71
+ attr_accessor :direction
72
+
73
+ def tags=(input)
74
+ @tags = extract_with_fallback_consideration(input)
75
+ end
76
+
77
+ def attributes=(input)
78
+ @attributes = extract_with_fallback_consideration(input)
79
+ end
80
+
81
+ def extract_with_fallback_consideration(input)
82
+ return FALLBACK if input == FALLBACK
83
+ Array.wrap(input)
84
+ end
85
+
86
+ def script_node?(node)
87
+ node.name == 'script'
88
+ end
89
+
90
+ def scrub_node_attributes(node)
91
+ return fallback_scrub_node_attributes(node) if attributes == FALLBACK
92
+ node.attribute_nodes.each do |attr_node|
93
+ attr_node.remove unless attributes.include?(attr_node.name)
94
+ end
95
+ end
96
+
97
+ def allowed_not_element_node_types
98
+ [Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE]
99
+ end
100
+
101
+ def fallback_scrub_node_attributes(node)
102
+ Loofah::HTML5::Scrub.scrub_attributes(node)
103
+ true
104
+ end
105
+
106
+ def fallback_allowed_element_detection(node)
107
+ Loofah::HTML5::Scrub.allowed_element?(node.name)
108
+ end
109
+
110
+ def node_allowed?(node)
111
+ return fallback_allowed_element_detection(node) if tags == FALLBACK
112
+ return true if allowed_not_element_node_types.include?(node.type)
113
+ return false unless node.type == Nokogiri::XML::Node::ELEMENT_NODE
114
+ tags.include?(node.name)
115
+ end
116
+ end
117
+ private_constant :AllowedTagsScrubber
118
+ end
119
+ end
120
+ end
@@ -35,20 +35,13 @@ module Hesburgh
35
35
  end
36
36
 
37
37
  def run(*args)
38
- if @run_with == args
39
- if block_given?
40
- return yield(self)
41
- else
42
- return @callback_name, *@yields
43
- end
44
- else
45
- fail RunWithMismatchError, actual: args, expected: @run_with
46
- end
38
+ raise RunWithMismatchError, actual: args, expected: @run_with unless @run_with == args
39
+ return yield(self) if block_given?
40
+ return @callback_name, *@yields
47
41
  end
48
42
 
49
43
  def method_missing(method_name, &_block)
50
- super unless @callback_name.to_s == method_name.to_s
51
- return @callback_name, *yield(@yields)
44
+ return @callback_name, *yield(@yields) if @callback_name.to_s == method_name.to_s
52
45
  end
53
46
 
54
47
  private
@@ -36,7 +36,7 @@ module Hesburgh
36
36
  end
37
37
 
38
38
  def run(*_args)
39
- fail NotImplementedError, ("You must define #{self.class}#run")
39
+ raise(NotImplementedError, "You must define #{self.class}#run")
40
40
  end
41
41
 
42
42
  private
@@ -1,5 +1,5 @@
1
1
  module Hesburgh
2
2
  module Lib
3
- VERSION = "0.1.1.1"
3
+ VERSION = "0.2.0".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hesburgh-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Friesen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-09 00:00:00.000000000 Z
11
+ date: 2016-04-13 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: loofah
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 2.0.3
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 2.0.3
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: bundler
15
29
  requirement: !ruby/object:Gem::Requirement
@@ -110,6 +124,7 @@ files:
110
124
  - hesburgh-lib.gemspec
111
125
  - lib/hesburgh/lib.rb
112
126
  - lib/hesburgh/lib/controller_with_runner.rb
127
+ - lib/hesburgh/lib/html_scrubber.rb
113
128
  - lib/hesburgh/lib/mock_runner.rb
114
129
  - lib/hesburgh/lib/named_callbacks.rb
115
130
  - lib/hesburgh/lib/runner.rb