html_terminator 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore ADDED
@@ -0,0 +1,18 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
18
+ .DS_Store
data/Gemfile ADDED
@@ -0,0 +1,11 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in html_terminator.gemspec
4
+ gemspec
5
+
6
+ group :test do
7
+ gem 'activerecord', '~> 2.3.0'
8
+ gem 'sqlite3'
9
+ gem 'guard-rspec'
10
+ gem 'rb-fsevent'
11
+ end
data/Guardfile ADDED
@@ -0,0 +1,5 @@
1
+ guard 'rspec', :version => 2, :cli => '--colour --format nested' do
2
+ watch(%r{^spec/.+_spec\.rb$})
3
+ watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
4
+ watch('spec/spec_helper.rb') { "spec" }
5
+ end
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Steel Fu
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,63 @@
1
+ ```
2
+                           _ _
3
+       r┐               ,r:ー'´.::.:: .:..`ヽ、
4
+       |i |                f´.::.,__.:::::..::::::::::::::ヽ
5
+       |l |              チr'´    ̄ ̄ヾ;::.:.|
6
+      ,r1|              キ| __ '´ __  l;::..l
7
+      |l ||              }撻鬱ij!'徼i匐}レ''1
8
+      |lr' i|               f{`~゛ツ; ヾ~´ iノ}|
9
+      ||l l|                ぃ  ´'_`   Y´
10
+      ||| l|                ト、 ´ ̄ ` ,ィ{
11
+      ||| i|                    | `ー-‐ '  }`iー -- 、
12
+      ||| l|                ,! i   / ノ  l _,シ ム
13
+      ||| l|               〃ト、_,,,. ;i'メ  |/ ,/  \
14
+     |! ∥             //lliiiiiiiiiiiiiiiill/{r―‐^ i〃/    ヽ
15
+     |l ∥            / ,イllliiiiiiiiiiiiillll/´  /r- ゝ  '     l
16
+     || ∥           / /´フliiiiiiiiiilllll/ ,  /   |/    |
17
+      jlj l|           / ir'    |liiiiiiiilllllli'  /    |   ーイ、
18
+     ム- 、|          ハ |,    /iiiiillllllllll|  /      |      i
19
+     ノ   `i        / lj   /llllllllllllllllll{/       l      |
20
+     ヽ   /          l |  /llllliillllllllllllll|         |       |
21
+    、r┤ ,ム、        | ヽ|  /lliiiiiiiiiillllllllllll}          |      |
22
+    '{ヽ'r_'__ i         〉  l |iiiiiiiiiiiiiiilllllllllll|        | 、    |
23
+    /〉ー-{ ソト 、     /   ||iiiiiiiiiiiiiiiiiillllllll!、       |  二   |
24
+    しt_;ュ',//   ヽ、 /    | |iiiiiiiiiiiiiiiiiiiiillllllヽ、       |    ` |
25
+     (_,イー'      ´     | |iiiiiiiiiiiiiiiiiiiiiiiiiiiiiillヽ、     ||    ヽ |
26
+      └-、   ノ´        | |iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii|     ||      |
27
+ ```
28
+
29
+ # HtmlTerminator
30
+
31
+ Visits Active Record fields and terminates unsafe HTML.
32
+
33
+ ## Installation
34
+
35
+ Add this line to your application's Gemfile:
36
+
37
+ gem 'html_terminator'
38
+
39
+ And then execute:
40
+
41
+ $ bundle
42
+
43
+ Or install it yourself as:
44
+
45
+ $ gem install html_terminator
46
+
47
+ ## Usage
48
+
49
+ In your Rails models:
50
+
51
+ terminate_html :field1, :field2, :field3
52
+
53
+ or
54
+
55
+ terminate_html :except => [:field8, :field9]
56
+
57
+ ## Contributing
58
+
59
+ 1. Fork it
60
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
61
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
62
+ 4. Push to the branch (`git push origin my-new-feature`)
63
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'html_terminator/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "html_terminator"
8
+ spec.version = HtmlTerminator::VERSION
9
+ spec.authors = ["Steel Fu", "Matt Diebolt"]
10
+ spec.email = ["steel@polleverywhere.com", "matt@polleverywhere.com"]
11
+ spec.description = %q{Terminate Active Records fields of html}
12
+ spec.summary = %q{Terminate Active Records fields of html}
13
+ spec.homepage = ""
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.3"
22
+ spec.add_development_dependency "rake"
23
+
24
+ spec.add_runtime_dependency "sanitize"
25
+ end
@@ -0,0 +1,69 @@
1
+ require "html_terminator/version"
2
+ require 'sanitize'
3
+
4
+ module HtmlTerminator
5
+ SANITIZE_OPTIONS = {
6
+ :elements => ["b", "em", "i", "strong", "u", "br"]
7
+ }
8
+
9
+ def self.sanitize(val)
10
+ Sanitize.clean(val, SANITIZE_OPTIONS).strip
11
+ end
12
+
13
+ module ClassMethods
14
+ def terminate_html(*args)
15
+ class_attribute :html_terminator_fields
16
+
17
+ # By default all fields are to be seen by the terminator
18
+ self.html_terminator_fields = self.columns.inject([]) do |list, col|
19
+ if col.type == :string or col.type == :text
20
+ list << col.name.to_sym
21
+ end
22
+
23
+ list
24
+ end
25
+
26
+ if args.length == 1
27
+ if args[0].is_a?(Symbol)
28
+ self.html_terminator_fields = args
29
+ elsif args[0].is_a?(Object)
30
+ self.html_terminator_fields -= (args[0][:except] || [])
31
+ end
32
+ elsif args.length > 1
33
+ self.html_terminator_fields = args
34
+ end
35
+
36
+ unless self.html_terminator_fields.empty?
37
+ # sanitize writes
38
+ before_validation :terminate_html
39
+
40
+ # sanitize reads
41
+ self.html_terminator_fields.each do |attr|
42
+ define_method "#{attr}" do |*args|
43
+ # sanitize it
44
+ HtmlTerminator.sanitize super(*args)
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
50
+
51
+ module InstanceMethods
52
+ def terminate_html
53
+ self.html_terminator_fields.each do |field|
54
+ value = self[field]
55
+
56
+ unless value.nil?
57
+ self[field] = HtmlTerminator.sanitize(value)
58
+ end
59
+ end
60
+ end
61
+ end
62
+
63
+ def self.included(base)
64
+ base.send :extend, ClassMethods
65
+ base.send :include, InstanceMethods
66
+ end
67
+ end
68
+
69
+ ActiveRecord::Base.send :include, HtmlTerminator
@@ -0,0 +1,3 @@
1
+ module HtmlTerminator
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,26 @@
1
+ require 'spec_helper'
2
+
3
+ describe HtmlTerminator do
4
+ it "should terminate name only fields specified" do
5
+ @user = User.new
6
+
7
+ @user.first_name = "Hello <img>"
8
+ @user.first_name.should == "Hello"
9
+
10
+ @user.last_name = "Hello <img>"
11
+ @user.last_name.should == "Hello <img>"
12
+
13
+ @user.age = 3
14
+ @user.age.should == 3
15
+ end
16
+
17
+ it "should terminate all except what is specified" do
18
+ @student = Student.new
19
+
20
+ @student.first_name = "Hello <img>"
21
+ @student.first_name.should == "Hello <img>"
22
+
23
+ @student.last_name = "Hello <img>"
24
+ @student.last_name.should == "Hello"
25
+ end
26
+ end
@@ -0,0 +1,7 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+
4
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
5
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
6
+
7
+ require 'support/active_record'
@@ -0,0 +1,33 @@
1
+ require 'active_record'
2
+ require 'html_terminator'
3
+
4
+ ActiveRecord::Base.establish_connection({
5
+ :adapter => 'sqlite3',
6
+ :database => ':memory:'
7
+ })
8
+
9
+ ActiveRecord::Schema.define do
10
+ create_table "users", :force => true do |t|
11
+ t.column "first_name", :text
12
+ t.column "last_name", :text
13
+ t.column "age", :integer
14
+ end
15
+
16
+ create_table "students", :force => true do |t|
17
+ t.column "first_name", :text
18
+ t.column "last_name", :text
19
+ t.column "age", :integer
20
+ end
21
+ end
22
+
23
+ class User < ActiveRecord::Base
24
+ include HtmlTerminator
25
+
26
+ terminate_html :first_name
27
+ end
28
+
29
+ class Student < ActiveRecord::Base
30
+ include HtmlTerminator
31
+
32
+ terminate_html :except => [:first_name]
33
+ end
metadata ADDED
@@ -0,0 +1,111 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: html_terminator
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Steel Fu
9
+ - Matt Diebolt
10
+ autorequire:
11
+ bindir: bin
12
+ cert_chain: []
13
+ date: 2013-11-05 00:00:00.000000000 Z
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: bundler
17
+ requirement: !ruby/object:Gem::Requirement
18
+ none: false
19
+ requirements:
20
+ - - ~>
21
+ - !ruby/object:Gem::Version
22
+ version: '1.3'
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ none: false
27
+ requirements:
28
+ - - ~>
29
+ - !ruby/object:Gem::Version
30
+ version: '1.3'
31
+ - !ruby/object:Gem::Dependency
32
+ name: rake
33
+ requirement: !ruby/object:Gem::Requirement
34
+ none: false
35
+ requirements:
36
+ - - ! '>='
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ type: :development
40
+ prerelease: false
41
+ version_requirements: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ name: sanitize
49
+ requirement: !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ! '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ type: :runtime
56
+ prerelease: false
57
+ version_requirements: !ruby/object:Gem::Requirement
58
+ none: false
59
+ requirements:
60
+ - - ! '>='
61
+ - !ruby/object:Gem::Version
62
+ version: '0'
63
+ description: Terminate Active Records fields of html
64
+ email:
65
+ - steel@polleverywhere.com
66
+ - matt@polleverywhere.com
67
+ executables: []
68
+ extensions: []
69
+ extra_rdoc_files: []
70
+ files:
71
+ - .gitignore
72
+ - Gemfile
73
+ - Guardfile
74
+ - LICENSE.txt
75
+ - README.md
76
+ - Rakefile
77
+ - html_terminator.gemspec
78
+ - lib/html_terminator.rb
79
+ - lib/html_terminator/version.rb
80
+ - spec/html_terminator_spec.rb
81
+ - spec/spec_helper.rb
82
+ - spec/support/active_record.rb
83
+ homepage: ''
84
+ licenses:
85
+ - MIT
86
+ post_install_message:
87
+ rdoc_options: []
88
+ require_paths:
89
+ - lib
90
+ required_ruby_version: !ruby/object:Gem::Requirement
91
+ none: false
92
+ requirements:
93
+ - - ! '>='
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ required_rubygems_version: !ruby/object:Gem::Requirement
97
+ none: false
98
+ requirements:
99
+ - - ! '>='
100
+ - !ruby/object:Gem::Version
101
+ version: '0'
102
+ requirements: []
103
+ rubyforge_project:
104
+ rubygems_version: 1.8.23
105
+ signing_key:
106
+ specification_version: 3
107
+ summary: Terminate Active Records fields of html
108
+ test_files:
109
+ - spec/html_terminator_spec.rb
110
+ - spec/spec_helper.rb
111
+ - spec/support/active_record.rb