html_terminator 2.0.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ed1a46465f0b8d627c1b92e47e232373f2dd71ec
-  data.tar.gz: 717809ee3bd7bd73895f2b2a558c6335e720679c
+SHA256:
+  metadata.gz: da8941e0209c1029fa79212d9563b6ea121e5db4db540f9c8faf140ef2735529
+  data.tar.gz: 5b77e328701c7c868e06944fa213f13b59587c0938f617f2b2d9210889eb920f
 SHA512:
-  metadata.gz: 66c00ffa3ac6b4a8f5667bbd0ebef76d84d92bfad7bb922c1f71173dfc321df40364836db52e2d0af360f9ca83d05a4761f30265719fdd02c7cc353d8d788a4c
-  data.tar.gz: 5e86b8127abfc48f721a25828f2684b61e3197b06a44383cf81d8f65c85fdc28e5e72b69698fe98d41fd8d6ade625eff1ba6e096b47d1c89b134f79be9580cc9
+  metadata.gz: 946918cfb7df6799c6a069eb3bfdd3b2e950000968a7c8818a205702cc67bcc1a78a6d5ec01783a5b29b57b19610158b41a25b7f58565428c38846c700e0ea86
+  data.tar.gz: 9435af5e56df23be869426c87d9f7bc05fe9c462ced7e1e673548bb775f68f9a370c9bc3cfcc4dfab37282d484452e45a3fefd41c016df2aacb8acf92bb0645b

data/.travis.yml

@@ -1,5 +1,7 @@
 script: bundle exec rspec
 language: ruby
 rvm:
-  - 2.0.0
-  - 1.9.3
+  - 2.1.10
+  - 2.2.5
+  - 2.3.1
+gemfile: Gemfile.ci

data/Gemfile

@@ -5,7 +5,7 @@ gemspec
 
 group :test do
   gem "activerecord", "~> 4.2"
-  gem 'sqlite3'
+  gem 'sqlite3', "~> 1.3.0" # tied to activerecord
   gem 'guard-rspec'
   gem 'rb-fsevent'
 end

data/Gemfile.ci

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in html_terminator.gemspec
+gemspec
+
+group :test do
+  gem "activerecord", "~> 4.2"
+  gem "sqlite3"
+  gem "rspec"
+end

data/README.md

@@ -52,15 +52,13 @@ In your Rails models:
 
     terminate_html :field1, :field2, :field3
 
-or
-
-    terminate_html :except => [:field8, :field9]
-
 ## Options
 
 Out of the box, HTML Terminator will strip out ALL html. You can pass in specific elements you want to preserve like this:
 
     terminate_html :field1, :elements => ["b", "i", "em"]
+    terminate_html :field2, :elements => ["br"]
+    terminate_html :field3, :elements => ["em"]
 
 Learn more about configuration options [Here](https://github.com/rgrove/sanitize#custom-configuration)
 

data/html_terminator.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["steel@polleverywhere.com", "matt@polleverywhere.com"]
   spec.description   = %q{Terminate Active Records fields of html}
   spec.summary       = %q{Terminate Active Records fields of html}
-  spec.homepage      = ""
+  spec.homepage      = "https://github.com/polleverywhere/html_terminator/"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files`.split($/)
@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
 
-  spec.add_runtime_dependency "sanitize", "~> 4.0"
+  spec.add_runtime_dependency "sanitize", "~> 5.2.1"
 end

data/lib/html_terminator.rb

@@ -1,54 +1,59 @@
 require "html_terminator/version"
 require "html_terminator/extract_options"
-require 'sanitize'
+require "sanitize"
 
 module HtmlTerminator
   SANITIZE_OPTIONS = {
     :elements => []
   }
 
-  def self.sanitize(val, config)
+  def self.sanitize(val, config = {})
     if val.is_a?(String)
       # Sanitize produces escaped content.
       # Unescape it to get the raw html
-      CGI.unescapeHTML Sanitize.fragment(val, config).strip
+      CGI.unescapeHTML(Sanitize.fragment(val, config).strip)
     else
       val
     end
   end
 
   module ClassMethods
-    def terminate_html(*args)
-      class_attribute :html_terminator_fields
-      class_attribute :html_terminator_options
+    def fields
+      self.columns.inject([]) do |list, col|
+        if col.type == :string or col.type == :text
+          list << col.name.to_sym
+        end
+
+        list
+      end
+    end
 
+    def terminate_html(*args)
       # Table may not exist yet when schema is initially getting loaded
       if self.table_exists?
-        # By default all fields are to be seen by the terminator
-        self.html_terminator_fields = self.columns.inject([]) do |list, col|
-          if col.type == :string or col.type == :text
-            list << col.name.to_sym
-          end
-
-          list
+        # object key/value of field => options
+        unless method_defined?(:html_terminator_fields)
+          class_attribute :html_terminator_fields
+          self.html_terminator_fields = {}
         end
 
-        self.html_terminator_options = SANITIZE_OPTIONS.merge(args.extract_options!)
-        self.html_terminator_fields = args if args.length > 0
+        options = args.extract_options!
+        options = SANITIZE_OPTIONS.clone.merge(options)
 
-        # Handle exceptions
-        exceptions = self.html_terminator_options.delete(:except) || []
-        self.html_terminator_fields -= (exceptions)
+        valid_fields = self.fields & args
+
+        valid_fields.each do |field|
+          self.html_terminator_fields[field] = options.deep_dup
+        end
 
         unless self.html_terminator_fields.empty?
-          # sanitize writes
           before_validation :terminate_html
 
           # sanitize reads
-          self.html_terminator_fields.each do |attr|
+          valid_fields.each do |attr|
             define_method(attr) do |*rargs|
               # sanitize it
-              HtmlTerminator.sanitize super(*rargs), self.html_terminator_options
+              HtmlTerminator.sanitize super(*rargs), options
             end
           end
         end
@@ -58,11 +63,11 @@ module HtmlTerminator
 
   module InstanceMethods
     def terminate_html
-      self.html_terminator_fields.each do |field|
+      self.html_terminator_fields.each do |field, options|
         value = self[field]
 
         unless value.nil?
-          self[field] = HtmlTerminator.sanitize(value, self.html_terminator_options)
+          self[field] = HtmlTerminator.sanitize(value, options)
         end
       end
     end

data/lib/html_terminator/version.rb

@@ -1,3 +1,3 @@
 module HtmlTerminator
-  VERSION = "2.0.0"
+  VERSION = "5.0.0"
 end

data/spec/html_terminator_spec.rb

@@ -1,68 +1,88 @@
-require 'spec_helper'
+require "spec_helper"
 
 describe HtmlTerminator do
   it "sanitizes only fields specified" do
-    @user = OnlyFirstName.new
+    user = OnlyFirstName.new
 
-    @user.first_name = "Hello <img>"
-    @user.first_name.should == "Hello"
+    user.first_name = "Hello <img>"
+    expect(user.first_name).to eql("Hello")
 
-    @user.last_name = "Hello <img>"
-    @user.last_name.should == "Hello <img>"
+    user.last_name = "Hello <img>"
+    expect(user.last_name).to eql("Hello <img>")
 
-    @user.age = 3
-    @user.age.should == 3
+    user.age = 3
+    expect(user.age).to eql(3)
   end
 
   it "doesn't escape ampersands" do
-    @user = OnlyFirstName.new
+    user = OnlyFirstName.new
 
-    @user.first_name = "A & B & C"
-    @user.first_name.should == "A & B & C"
+    user.first_name = "A & B & C"
+    expect(user.first_name).to eql("A & B & C")
   end
 
   it "skips sanitize when only one bracket" do
-    @user = OnlyFirstName.new
+    user = OnlyFirstName.new
 
-    @user.first_name = "1 < 2"
-    @user.first_name.should == "1 < 2"
+    user.first_name = "1 < 2"
+    expect(user.first_name).to eql("1 < 2")
 
-    @user.first_name = "2 > 1"
-    @user.first_name.should == "2 > 1"
+    user.first_name = "2 > 1"
+    expect(user.first_name).to eql("2 > 1")
   end
 
   it "handles ampersands" do
-    @user = OnlyFirstName.new
+    user = OnlyFirstName.new
 
-    @user.first_name = "Mr. & Mrs. Smith"
-    @user.first_name.should == "Mr. & Mrs. Smith"
+    user.first_name = "Mr. & Mrs. Smith"
+    expect(user.first_name).to eql("Mr. & Mrs. Smith")
   end
 
-  it "sanitizes all except what is specified" do
-    @user = ExceptFirstName.new
-
-    @user.first_name = "Hello <img>"
-    @user.first_name.should == "Hello <img>"
+  it "doesn't blow up if value is not a string" do
+    user = OnlyFirstName.new
+    user.first_name = 1
+    expect(user.first_name).to eql("1")
+  end
 
-    @user.last_name = "Hello <img>"
-    @user.last_name.should == "Hello"
+  it "honors options that are passed in" do
+    user = FirstNameWithOptions.new
+    user.first_name = "Hello <flexbox></flexbox><hr><br><img>"
+    expect(user.first_name).to eql("Hello <flexbox></flexbox>")
   end
 
-  it "doesn't blow up if value is nil" do
-    @user = ExceptFirstName.new
-    @user.first_name = nil
-    @user.first_name.should == nil
+  describe "#sanitize" do
+    it "strips out all html by default" do
+      val = HtmlTerminator.sanitize "<flexbox></flexbox><hr><br><img>"
+      expect(val).to eql("")
+    end
+
+    it "does not mark the output as html_safe" do
+      val = HtmlTerminator.sanitize "<flexbox></flexbox><hr><br><img>"
+      expect(val.html_safe?).to eql(false)
+    end
+
+    it "does not escape output that isn't stripped" do
+      val = HtmlTerminator.sanitize "<div>I said, \"Hello, John O'hare.\"</div>"
+      expect(val).to eql("I said, \"Hello, John O'hare.\"")
+    end
   end
 
-  it "doesn't blow up if value is not a string" do
-    @user = OnlyFirstName.new
-    @user.first_name = 1
-    @user.first_name.should == "1"
+  it "sanitizes different fields with different options" do
+    user = TwoFieldsWithOptions.new
+    user.first_name = "Hello <br><strong>strong</strong><em>em</em>"
+    user.last_name = "Hello <br><strong>strong</strong><em>em</em>"
+
+    expect(user.first_name).to eql("Hello  <strong>strong</strong>em")
+    expect(user.last_name).to eql("Hello  strong<em>em</em>")
   end
 
-  it "honors options that are passed in" do
-    @user = FirstNameWithOptions.new
-    @user.first_name = "Hello <flexbox></flexbox><hr><br><img>"
-    @user.first_name.should == "Hello <flexbox></flexbox>"
+  it "sanitizes on validation" do
+    user = TwoFieldsWithOptions.new
+    user.first_name = "Hello <br><strong>strong</strong><em>em</em>"
+    user.last_name = "Hello <br><strong>strong</strong><em>em</em>"
+    user.valid?
+
+    expect(user.read_attribute(:first_name)).to eql("Hello  <strong>strong</strong>em")
+    expect(user.read_attribute(:last_name)).to eql("Hello  strong<em>em</em>")
   end
 end

data/spec/spec_helper.rb

@@ -1,7 +1,9 @@
-require 'rubygems'
-require 'bundler/setup'
+require "rubygems"
+require "bundler/setup"
 
 $LOAD_PATH.unshift(File.dirname(__FILE__))
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
 
-require 'support/active_record'
+require "support/active_record"
+require "active_support"
+require "active_support/core_ext/string/output_safety.rb"

data/spec/support/active_record.rb

@@ -1,9 +1,9 @@
-require 'active_record'
-require 'html_terminator'
+require "active_record"
+require "html_terminator"
 
 ActiveRecord::Base.establish_connection({
-  :adapter => 'sqlite3',
-  :database => ':memory:'
+  :adapter => "sqlite3",
+  :database => ":memory:"
 })
 
 ActiveRecord::Schema.define do
@@ -13,7 +13,7 @@ ActiveRecord::Schema.define do
     t.column "age", :integer
   end
 
-  create_table "except_first_names", :force => true do |t|
+  create_table "two_fields_with_options", :force => true do |t|
     t.column "first_name",  :text
     t.column "last_name",  :text
     t.column "age", :integer
@@ -32,10 +32,11 @@ class OnlyFirstName < ActiveRecord::Base
   terminate_html :first_name
 end
 
-class ExceptFirstName < ActiveRecord::Base
+class TwoFieldsWithOptions < ActiveRecord::Base
   include HtmlTerminator
 
-  terminate_html :except => [:first_name]
+  terminate_html :first_name, elements: ["strong"]
+  terminate_html :last_name, elements: ["em"]
 end
 
 class FirstNameWithOptions < ActiveRecord::Base

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: html_terminator
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 5.0.0
 platform: ruby
 authors:
 - Steel Fu
 - Matt Diebolt
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-01-29 00:00:00.000000000 Z
+date: 2020-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: 5.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: 5.2.1
 description: Terminate Active Records fields of html
 email:
 - steel@polleverywhere.com
@@ -64,6 +64,7 @@ files:
 - ".gitignore"
 - ".travis.yml"
 - Gemfile
+- Gemfile.ci
 - Guardfile
 - LICENSE.txt
 - README.md
@@ -75,11 +76,11 @@ files:
 - spec/html_terminator_spec.rb
 - spec/spec_helper.rb
 - spec/support/active_record.rb
-homepage: ''
+homepage: https://github.com/polleverywhere/html_terminator/
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -94,9 +95,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.3
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Terminate Active Records fields of html
 test_files: