RubyGems - hom - Versions diffs - 1.3.0 → 1.3.1 - Mend

hom 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 80265a394bf1cecc27755bfcc583dbc81cb3ea51ffcb110fae6a61ecc3d0f0cd
+  data.tar.gz: 9ab3f813474864c3db170c4add2780309a2470f8bc4acca7c6daa2355bd27087
+SHA512:
+  metadata.gz: 1d7d556b5749cd886a0731f39734e32cd34dde6ee8ffc0c07294034d0554c0f9bc2f6c35c51bf1f206b50bd9f03a6c01fae28bab158590f1792782f1bee341d6
+  data.tar.gz: 6e27e6d36d7648c968c8bec6c45a99c263e056945eacab2b4de3538220a40f5ad881e5cf30974e5561c0645044eb3ea9968cda6c2ea0e4ab148e1f1d207206c7

data/CHANGES.md ADDED

@@ -0,0 +1,57 @@
+# 1.3.1
+* Added metadata to gemspec
+# 1.3.0
+* HOM::NodeList#join now returns a new node list
+* Added plus method to HOM::Element
+* Added plus method to HOM::Entity
+# 1.2.0
+* Added html_safe? methods to HOM::Element and HOM::NodeList for compatibility with [erubis-auto](https://github.com/timcraft/erubis-auto)
+# 1.1.0
+* Added HOM::NodeList class
+# 1.0.0
+* Ruby 1.8.7 compatibility
+* Removed support for rendering arbitrary objects by calling #html
+# 0.4.0
+* Deprecated support for rendering arbitrary objects by calling #html
+* Added notion of undefined content, changing how elements with nil content are rendered:
+  With an element like this: `HOM::Element.new(:h1, {}, nil)`
+  Pre v0.4.0 rendering: `<h1>`
+  Post v0.4.0 rendering: `<h1></h1>`
+# 0.3.0
+* Added notion of undefined attribute values, nil is now rendered as an empty value:
+  With an element like this: `HOM::Element.new(:input, {:value => nil})`
+  Pre v0.3.0 rendering: `<input value>`
+  Post v0.3.0 rendering: `<input value="">`
+* Removed Element#lookup method
+# 0.2.0
+* Replaced method missing attribute access with Element#lookup method
+# 0.1.0
+* First version!

data/LICENSE.txt ADDED

@@ -0,0 +1,4 @@
+Copyright (c) 2011-2020 TIMCRAFT
+This is an Open Source project licensed under the terms of the LGPLv3 license.
+Please see <http://www.gnu.org/licenses/lgpl-3.0.html> for license text.

data/README.md CHANGED

@@ -1,26 +1,24 @@
-hom
-===
+# hom
+[![Gem Version](https://badge.fury.io/rb/hom.svg)](https://badge.fury.io/rb/hom) [![Build Status](https://api.travis-ci.org/timcraft/hom.svg?branch=master)](https://travis-ci.org/timcraft/hom)
 A straightforward API for generating HTML.
-Motivation
-----------
+## Motivation
 HOM helps you implement HTML presentation logic in your code. Things like
 navigation links, select boxes, sets of checkboxes; anything with behaviour
 that is too complex for your templates.
-Installation
-------------
+## Installation
     $ gem install hom
-Quick start
------------
+## Quick start
 ```ruby
 require 'hom'
@@ -29,8 +27,7 @@ puts HOM::Element.new(:h1, nil, 'hello world')
 ```
-Using HOM::Element
-------------------
+## Using HOM::Element
 Create instances of HOM::Element to represent DOM elements. The first
 constructor argument is a symbol representing the tag name. For example,
@@ -73,8 +70,7 @@ generated HTML markup. HOM::Element objects are safe to use directly in Rails
 templates, all escaping is handled automatically.
-Using HOM::Entity
------------------
+## Using HOM::Entity
 Create instances of HOM::Entity to represent HTML entities. Use an integer
 argument for numeric entities and a symbol/string argument for named entities,
@@ -87,8 +83,7 @@ HOM::Entity.new(:nbsp)
 ```
-Using HOM::NodeList
--------------------
+## Using HOM::NodeList
 Use HOM::NodeList to group nodes together without having to wrap them in an
 outer element. For example:
@@ -100,3 +95,37 @@ HOM::NodeList.new(['This is a ', HOM::Element.new(:strong, nil, 'Contrived'), '
 Calling #to_s on a HOM::NodeList object will return a string containing the
 generated HTML markup. Calling #join will insert separator nodes, a bit like
 Array#join, but returning HTML safe output.
+## XSS 101
+Do you have helper methods that look like this:
+```ruby
+def user_name(user)
+  "<strong>#{user.name}</strong>".html_safe
+end
+```
+Bzzzt, that's a security vulnerability right there. If you're using Rails
+you should have code that looks like this:
+```ruby
+def user_name(user)
+  content_tag(:strong, user.name)
+end
+```
+The content_tag helper will automatically escape content not explicitly
+marked as safe. HOM will do very much the same thing, the equivalent helper
+method would look like this:
+```ruby
+def user_name(user)
+  HOM::Element.new(:strong, nil, user.name)
+end
+```
+Moral of the story: building up fragments of HTML using string interpolation
+and concatenation is highly error prone. Solution: use content_tag or HOM to
+safely build your content, and audit your usage of html_safe.

data/hom.gemspec CHANGED

@@ -1,18 +1,20 @@
 Gem::Specification.new do |s|
   s.name = 'hom'
-  s.version = '1.3.0'
+  s.version = '1.3.1'
+  s.license = 'LGPL-3.0'
   s.platform = Gem::Platform::RUBY
   s.authors = ['Tim Craft']
   s.email = ['mail@timcraft.com']
-  s.homepage = 'http://github.com/timcraft/hom'
+  s.homepage = 'https://github.com/timcraft/hom'
   s.description = 'A straightforward API for generating HTML'
   s.summary = 'See description'
-  s.files = Dir.glob('{lib,spec}/**/*') + %w(Rakefile README.md hom.gemspec)
-  s.add_development_dependency('rake', '~> 10.0.3')
-  s.add_development_dependency('activesupport', ['>= 3.0.3'])
+  s.files = Dir.glob('lib/**/*.rb') + %w(LICENSE.txt README.md CHANGES.md hom.gemspec)
+  s.required_ruby_version = '>= 1.9.3'
   s.require_path = 'lib'
-  if RUBY_VERSION == '1.8.7'
-    s.add_development_dependency('minitest', '>= 4.2.0')
-  end
+  s.metadata = {
+    'homepage' => 'https://github.com/timcraft/hom',
+    'source_code_uri' => 'https://github.com/timcraft/hom',
+    'bug_tracker_uri' => 'https://github.com/timcraft/hom/issues',
+    'changelog_uri' => 'https://github.com/timcraft/hom/blob/main/CHANGES.md'
+  }
 end

metadata CHANGED

@@ -1,48 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: hom
 version: !ruby/object:Gem::Version
-  version: 1.3.0
-  prerelease:
+  version: 1.3.1
 platform: ruby
 authors:
 - Tim Craft
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-06-10 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 10.0.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 10.0.3
-- !ruby/object:Gem::Dependency
-  name: activesupport
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 3.0.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 3.0.3
+date: 2020-11-03 00:00:00.000000000 Z
+dependencies: []
 description: A straightforward API for generating HTML
 email:
 - mail@timcraft.com
@@ -50,37 +17,36 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/hom.rb
-- spec/element_spec.rb
-- spec/encoding_spec.rb
-- spec/entity_spec.rb
-- spec/node_list_spec.rb
-- Rakefile
+- CHANGES.md
+- LICENSE.txt
 - README.md
 - hom.gemspec
-homepage: http://github.com/timcraft/hom
-licenses: []
-post_install_message:
+- lib/hom.rb
+homepage: https://github.com/timcraft/hom
+licenses:
+- LGPL-3.0
+metadata:
+  homepage: https://github.com/timcraft/hom
+  source_code_uri: https://github.com/timcraft/hom
+  bug_tracker_uri: https://github.com/timcraft/hom/issues
+  changelog_uri: https://github.com/timcraft/hom/blob/main/CHANGES.md
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 1.8.25
-signing_key:
-specification_version: 3
+rubygems_version: 3.1.4
+signing_key:
+specification_version: 4
 summary: See description
 test_files: []
-has_rdoc:

data/Rakefile DELETED

@@ -1,8 +0,0 @@
-require 'rake/testtask'
-task :default => :spec
-Rake::TestTask.new(:spec) do |t|
-  t.test_files = FileList['spec/*_spec.rb']
-  t.warning = true
-end

data/spec/element_spec.rb DELETED

@@ -1,42 +0,0 @@
-require 'minitest/autorun'
-require 'active_support/core_ext/string/output_safety'
-if defined? require_relative
-  require_relative '../lib/hom'
-else
-  require File.join(File.dirname(__FILE__), '../lib/hom')
-end
-describe 'HOM::Element' do
-  describe 'content query method' do
-    it 'returns false if the content is undefined' do
-      HOM::Element.new(:br).content?.must_equal(false)
-    end
-    it 'returns true otherwise' do
-      HOM::Element.new(:h1, nil, '').content?.must_equal(true)
-    end
-  end
-  describe 'html_safe query method' do
-    it 'returns true' do
-      HOM::Element.new(:br).html_safe?.must_equal(true)
-    end
-  end
-  describe 'to_s method' do
-    it 'returns an html safe string containing the encoded element' do
-      output = HOM::Element.new(:br).to_s
-      output.html_safe?.must_equal(true)
-      output.must_equal('<br>')
-    end
-  end
-  describe 'addition of an element with another object' do
-    it 'returns a node list containing the two nodes' do
-      nodes = HOM::Element.new(:br) + "\n"
-      nodes.must_be_instance_of(HOM::NodeList)
-      nodes.to_s.must_equal("<br>\n")
-    end
-  end
-end

data/spec/encoding_spec.rb DELETED

@@ -1,102 +0,0 @@
-require 'minitest/autorun'
-require 'active_support/core_ext/string/output_safety'
-if defined? require_relative
-  require_relative '../lib/hom'
-else
-  require File.join(File.dirname(__FILE__), '../lib/hom')
-end
-describe 'HOM::Encoding' do
-  describe 'encode method' do
-    it 'renders elements with a tag name' do
-      element = HOM::Element.new(:br)
-      HOM::Encoding.encode(element).must_equal('<br>')
-    end
-    it 'renders elements with a symbol attribute' do
-      element = HOM::Element.new(:input, :disabled)
-      HOM::Encoding.encode(element).must_equal('<input disabled>')
-    end
-    it 'renders elements with a hash of attributes' do
-      element = HOM::Element.new(:input, {:type => :text, :size => 30, :value => nil})
-      output = HOM::Encoding.encode(element)
-      output.must_match(/<input .+>/)
-      output.must_include(' type="text"')
-      output.must_include(' size="30"')
-      output.must_include(' value=""')
-    end
-    it 'renders elements with an array of mixed attributes' do
-      element = HOM::Element.new(:input, [{:type => :text, :size => 30}, :disabled])
-      output = HOM::Encoding.encode(element)
-      output.must_match(/<input .+>/)
-      output.must_include(' type="text"')
-      output.must_include(' size="30"')
-      output.must_include(' disabled')
-    end
-    it 'renders elements with empty content' do
-      element = HOM::Element.new(:h1, nil, '')
-      HOM::Encoding.encode(element).must_equal('<h1></h1>')
-    end
-    it 'renders elements with string content' do
-      element = HOM::Element.new(:h2, nil, 'hello world')
-      HOM::Encoding.encode(element).must_equal('<h2>hello world</h2>')
-    end
-    it 'renders elements with numeric content' do
-      element = HOM::Element.new(:h4, nil, 1234567890)
-      HOM::Encoding.encode(element).must_equal('<h4>1234567890</h4>')
-    end
-    it 'renders elements with a single child element' do
-      element = HOM::Element.new(:h5, nil, HOM::Element.new(:b, nil, 'how bold'))
-      HOM::Encoding.encode(element).must_equal('<h5><b>how bold</b></h5>')
-    end
-    it 'renders elements with nil content' do
-      element = HOM::Element.new(:h6, nil, nil)
-      HOM::Encoding.encode(element).must_equal('<h6></h6>')
-    end
-    it 'renders elements with multiple child elements' do
-      element = HOM::Element.new(:ul, nil, (1..3).map { |n| HOM::Element.new(:li, nil, n) })
-      HOM::Encoding.encode(element).must_equal('<ul><li>1</li><li>2</li><li>3</li></ul>')
-    end
-    it 'escapes string content' do
-      element = HOM::Element.new(:h3, nil, 'a && b, x > y')
-      HOM::Encoding.encode(element).must_equal('<h3>a &amp;&amp; b, x &gt; y</h3>')
-    end
-    it 'does not escape content that has been marked as html safe' do
-      element = HOM::Element.new(:span, nil, '<br>'.html_safe)
-      HOM::Encoding.encode(element).must_equal('<span><br></span>')
-    end
-  end
-  describe 'safe_encode method' do
-    it 'encodes the argument and marks it as html safe' do
-      element = HOM::Element.new(:br)
-      output = HOM::Encoding.safe_encode(element)
-      output.must_equal('<br>')
-      output.html_safe?.must_equal(true)
-    end
-  end
-end

data/spec/entity_spec.rb DELETED

@@ -1,67 +0,0 @@
-require 'minitest/autorun'
-if defined? require_relative
-  require_relative '../lib/hom'
-else
-  require File.join(File.dirname(__FILE__), '../lib/hom')
-end
-describe 'HOM::Entity' do
-  before do
-    @named_entity = HOM::Entity.new(:nbsp)
-    @numeric_entity = HOM::Entity.new(160)
-  end
-  describe 'value method' do
-    it 'returns the value passed to the constructor' do
-      @named_entity.value.must_equal(:nbsp)
-      @numeric_entity.value.must_equal(160)
-    end
-  end
-  describe 'numeric query method' do
-    it 'returns false for named entities' do
-      @named_entity.numeric?.must_equal(false)
-    end
-    it 'returns true for numeric entities' do
-      @numeric_entity.numeric?.must_equal(true)
-    end
-  end
-  describe 'named query method' do
-    it 'returns true for named entities' do
-      @named_entity.named?.must_equal(true)
-    end
-    it 'returns false for numeric entities' do
-      @numeric_entity.named?.must_equal(false)
-    end
-  end
-  describe 'to_s method' do
-    it 'returns the encoded html entity' do
-      @named_entity.to_s.must_equal('&nbsp;')
-      @numeric_entity.to_s.must_equal('&#160;')
-    end
-  end
-  describe 'html_safe query method' do
-    it 'returns true' do
-      @named_entity.html_safe?.must_equal(true)
-      @numeric_entity.html_safe?.must_equal(true)
-    end
-  end
-  describe 'addition of an entity with another object' do
-    it 'returns a node list containing the two nodes' do
-      nodes = HOM::Entity.new(:pound) + '9.99'
-      nodes.must_be_instance_of(HOM::NodeList)
-      nodes.to_s.must_equal('&pound;9.99')
-    end
-  end
-end

data/spec/node_list_spec.rb DELETED

@@ -1,59 +0,0 @@
-require 'minitest/autorun'
-require 'active_support/core_ext/string/output_safety'
-if defined? require_relative
-  require_relative '../lib/hom'
-else
-  require File.join(File.dirname(__FILE__), '../lib/hom')
-end
-describe 'HOM::NodeList' do
-  describe 'html_safe query method' do
-    it 'returns true' do
-      HOM::NodeList.new([]).html_safe?.must_equal(true)
-    end
-  end
-  describe 'to_s method' do
-    it 'returns an html safe string containing the encoded nodes' do
-      nodes = HOM::NodeList.new(['Hello', HOM::Entity.new(:nbsp), HOM::Element.new(:b, nil, 'World')])
-      output = nodes.to_s
-      output.must_equal('Hello&nbsp;<b>World</b>')
-      output.html_safe?.must_equal(true)
-    end
-  end
-  describe 'to_a method' do
-    it 'returns the array of nodes passed to the constructor' do
-      nodes = HOM::NodeList.new(%w(a b c))
-      nodes.to_a.must_equal(%w(a b c))
-    end
-  end
-  describe 'addition of two node lists' do
-    it 'returns a new node list containing the items in each list' do
-      nodes = HOM::NodeList.new(['one']) + HOM::NodeList.new(['two'])
-      nodes.must_be_instance_of(HOM::NodeList)
-      nodes.to_a.must_equal(%w(one two))
-    end
-  end
-  describe 'addition of a node list with an element object' do
-    it 'returns a new node list containing the items in the list and the additional element' do
-      element = HOM::Element.new(:b, nil, 'World')
-      nodes = HOM::NodeList.new(['Hello', HOM::Entity.new(:nbsp)]) + element
-      nodes.must_be_instance_of(HOM::NodeList)
-      nodes.to_s.must_equal('Hello&nbsp;<b>World</b>')
-    end
-  end
-  describe 'join method' do
-    it 'returns a new node list containing the items in the list seperated by the given node' do
-      nodes = HOM::NodeList.new(%w(a b c)).join(HOM::Entity.new(:nbsp))
-      nodes.must_be_instance_of(HOM::NodeList)
-      nodes.to_s.must_equal('a&nbsp;b&nbsp;c')
-    end
-  end
-end