html_terminator 0.0.3 → 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 39b8f069bc265e35b278f46ef68fc414ef234ee5
+  data.tar.gz: 0a5fa89a7c15d585814ce420d14b51711b479ab7
+SHA512:
+  metadata.gz: 4f4125c44661d12232e5200bc5a505cecb1a372457c62c6d94c1b0d37b3854ba6bf5460680a605b6baab66066a7dda81134aa5c0993ca523e250cad0066e08bc
+  data.tar.gz: cc2bfdb08ce2b0c7fa78f60e127cd0cacb931c2335e5ef9bc189bab5f2f6a963e6838647c272f48664c5edd02dd9c7bb03c506a9faba67b2682363022e7a21f0

data/Gemfile

@@ -4,8 +4,8 @@ source 'https://rubygems.org'
 gemspec
 
 group :test do
-  gem 'activerecord', '~> 2.3.0'
+  gem "activerecord", "~> 4.2"
   gem 'sqlite3'
   gem 'guard-rspec'
   gem 'rb-fsevent'
-end
+end

data/html_terminator.gemspec

@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
 
-  spec.add_runtime_dependency "sanitize"
+  spec.add_runtime_dependency "sanitize", "~> 4.0"
 end

data/lib/html_terminator/version.rb

@@ -1,3 +1,3 @@
 module HtmlTerminator
-  VERSION = "0.0.3"
+  VERSION = "1.0.0"
 end

data/lib/html_terminator.rb

@@ -7,45 +7,54 @@ module HtmlTerminator
   }
 
   def self.sanitize(val)
-    if val and val.is_a?(String)
-      Sanitize.clean(val, SANITIZE_OPTIONS).strip
+    if val.is_a?(String) && !skip_sanitize?(val)
+      Sanitize.fragment(val, SANITIZE_OPTIONS).strip.gsub(/&/, "&")
     else
       val
     end
   end
 
+  # Don't sanitize if only one bracket is present.
+  # Without this, "1 < 2" gets incorrectly sanitized as "1".
+  def self.skip_sanitize?(val)
+    val.count("<") + val.count(">") == 1
+  end
+
   module ClassMethods
     def terminate_html(*args)
       class_attribute :html_terminator_fields
 
-      # By default all fields are to be seen by the terminator
-      self.html_terminator_fields = self.columns.inject([]) do |list, col|
-        if col.type == :string or col.type == :text
-          list << col.name.to_sym
-        end
+      # Table may not exist yet when schema is initially getting loaded
+      if self.table_exists?
+        # By default all fields are to be seen by the terminator
+        self.html_terminator_fields = self.columns.inject([]) do |list, col|
+          if col.type == :string or col.type == :text
+            list << col.name.to_sym
+          end
 
-        list
-      end
+          list
+        end
 
-      if args.length == 1
-        if args[0].is_a?(Symbol)
+        if args.length == 1
+          if args[0].is_a?(Symbol)
+            self.html_terminator_fields = args
+          elsif args[0].is_a?(Object)
+            self.html_terminator_fields -= (args[0][:except] || [])
+          end
+        elsif args.length > 1
           self.html_terminator_fields = args
-        elsif args[0].is_a?(Object)
-          self.html_terminator_fields -= (args[0][:except] || [])
         end
-      elsif args.length > 1
-        self.html_terminator_fields = args
-      end
 
-      unless self.html_terminator_fields.empty?
-        # sanitize writes
-        before_validation :terminate_html
+        unless self.html_terminator_fields.empty?
+          # sanitize writes
+          before_validation :terminate_html
 
-        # sanitize reads
-        self.html_terminator_fields.each do |attr|
-          define_method "#{attr}" do |*args|
-            # sanitize it
-            HtmlTerminator.sanitize super(*args)
+          # sanitize reads
+          self.html_terminator_fields.each do |attr|
+            define_method(attr) do |*rargs|
+              # sanitize it
+              HtmlTerminator.sanitize super(*rargs)
+            end
           end
         end
       end
@@ -70,4 +79,4 @@ module HtmlTerminator
   end
 end
 
-ActiveRecord::Base.send :include, HtmlTerminator
+ActiveRecord::Base.send :include, HtmlTerminator

data/spec/html_terminator_spec.rb

@@ -14,6 +14,30 @@ describe HtmlTerminator do
     @user.age.should == 3
   end
 
+  it "doesn't escape ampersands" do
+    @user = OnlyFirstName.new
+
+    @user.first_name = "A & B & C"
+    @user.first_name.should == "A & B & C"
+  end
+
+  it "skips sanitize when only one bracket" do
+    @user = OnlyFirstName.new
+
+    @user.first_name = "1 < 2"
+    @user.first_name.should == "1 < 2"
+
+    @user.first_name = "2 > 1"
+    @user.first_name.should == "2 > 1"
+  end
+
+  it "handles ampersands" do
+    @user = OnlyFirstName.new
+
+    @user.first_name = "Mr. & Mrs. Smith"
+    @user.first_name.should == "Mr. & Mrs. Smith"
+  end
+
   it "sanitizes all except what is specified" do
     @user = ExceptFirstName.new
 
@@ -33,6 +57,6 @@ describe HtmlTerminator do
   it "doesn't blow up if value is not a string" do
     @user = OnlyFirstName.new
     @user.first_name = 1
-    @user.first_name.should == 1
+    @user.first_name.should == "1"
   end
-end
+end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: html_terminator
 version: !ruby/object:Gem::Version
-  version: 0.0.3
-  prerelease: 
+  version: 1.0.0
 platform: ruby
 authors:
 - Steel Fu
@@ -10,56 +9,50 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-12 00:00:00.000000000 Z
+date: 2015-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sanitize
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.0'
 description: Terminate Active Records fields of html
 email:
 - steel@polleverywhere.com
@@ -68,8 +61,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - Guardfile
 - LICENSE.txt
@@ -84,29 +77,29 @@ files:
 homepage: ''
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Terminate Active Records fields of html
 test_files:
 - spec/html_terminator_spec.rb
 - spec/spec_helper.rb
 - spec/support/active_record.rb
+has_rdoc: