html_terminator 2.0.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: ed1a46465f0b8d627c1b92e47e232373f2dd71ec
4
- data.tar.gz: 717809ee3bd7bd73895f2b2a558c6335e720679c
2
+ SHA256:
3
+ metadata.gz: da8941e0209c1029fa79212d9563b6ea121e5db4db540f9c8faf140ef2735529
4
+ data.tar.gz: 5b77e328701c7c868e06944fa213f13b59587c0938f617f2b2d9210889eb920f
5
5
  SHA512:
6
- metadata.gz: 66c00ffa3ac6b4a8f5667bbd0ebef76d84d92bfad7bb922c1f71173dfc321df40364836db52e2d0af360f9ca83d05a4761f30265719fdd02c7cc353d8d788a4c
7
- data.tar.gz: 5e86b8127abfc48f721a25828f2684b61e3197b06a44383cf81d8f65c85fdc28e5e72b69698fe98d41fd8d6ade625eff1ba6e096b47d1c89b134f79be9580cc9
6
+ metadata.gz: 946918cfb7df6799c6a069eb3bfdd3b2e950000968a7c8818a205702cc67bcc1a78a6d5ec01783a5b29b57b19610158b41a25b7f58565428c38846c700e0ea86
7
+ data.tar.gz: 9435af5e56df23be869426c87d9f7bc05fe9c462ced7e1e673548bb775f68f9a370c9bc3cfcc4dfab37282d484452e45a3fefd41c016df2aacb8acf92bb0645b
@@ -1,5 +1,7 @@
1
1
  script: bundle exec rspec
2
2
  language: ruby
3
3
  rvm:
4
- - 2.0.0
5
- - 1.9.3
4
+ - 2.1.10
5
+ - 2.2.5
6
+ - 2.3.1
7
+ gemfile: Gemfile.ci
data/Gemfile CHANGED
@@ -5,7 +5,7 @@ gemspec
5
5
 
6
6
  group :test do
7
7
  gem "activerecord", "~> 4.2"
8
- gem 'sqlite3'
8
+ gem 'sqlite3', "~> 1.3.0" # tied to activerecord
9
9
  gem 'guard-rspec'
10
10
  gem 'rb-fsevent'
11
11
  end
@@ -0,0 +1,10 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in html_terminator.gemspec
4
+ gemspec
5
+
6
+ group :test do
7
+ gem "activerecord", "~> 4.2"
8
+ gem "sqlite3"
9
+ gem "rspec"
10
+ end
data/README.md CHANGED
@@ -52,15 +52,13 @@ In your Rails models:
52
52
 
53
53
  terminate_html :field1, :field2, :field3
54
54
 
55
- or
56
-
57
- terminate_html :except => [:field8, :field9]
58
-
59
55
  ## Options
60
56
 
61
57
  Out of the box, HTML Terminator will strip out ALL html. You can pass in specific elements you want to preserve like this:
62
58
 
63
59
  terminate_html :field1, :elements => ["b", "i", "em"]
60
+ terminate_html :field2, :elements => ["br"]
61
+ terminate_html :field3, :elements => ["em"]
64
62
 
65
63
  Learn more about configuration options [Here](https://github.com/rgrove/sanitize#custom-configuration)
66
64
 
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
10
10
  spec.email = ["steel@polleverywhere.com", "matt@polleverywhere.com"]
11
11
  spec.description = %q{Terminate Active Records fields of html}
12
12
  spec.summary = %q{Terminate Active Records fields of html}
13
- spec.homepage = ""
13
+ spec.homepage = "https://github.com/polleverywhere/html_terminator/"
14
14
  spec.license = "MIT"
15
15
 
16
16
  spec.files = `git ls-files`.split($/)
@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
21
21
  spec.add_development_dependency "bundler", "~> 1.3"
22
22
  spec.add_development_dependency "rake"
23
23
 
24
- spec.add_runtime_dependency "sanitize", "~> 4.0"
24
+ spec.add_runtime_dependency "sanitize", "~> 5.2.1"
25
25
  end
@@ -1,54 +1,59 @@
1
1
  require "html_terminator/version"
2
2
  require "html_terminator/extract_options"
3
- require 'sanitize'
3
+ require "sanitize"
4
4
 
5
5
  module HtmlTerminator
6
6
  SANITIZE_OPTIONS = {
7
7
  :elements => []
8
8
  }
9
9
 
10
- def self.sanitize(val, config)
10
+ def self.sanitize(val, config = {})
11
11
  if val.is_a?(String)
12
12
  # Sanitize produces escaped content.
13
13
  # Unescape it to get the raw html
14
- CGI.unescapeHTML Sanitize.fragment(val, config).strip
14
+ CGI.unescapeHTML(Sanitize.fragment(val, config).strip)
15
15
  else
16
16
  val
17
17
  end
18
18
  end
19
19
 
20
20
  module ClassMethods
21
- def terminate_html(*args)
22
- class_attribute :html_terminator_fields
23
- class_attribute :html_terminator_options
21
+ def fields
22
+ self.columns.inject([]) do |list, col|
23
+ if col.type == :string or col.type == :text
24
+ list << col.name.to_sym
25
+ end
26
+
27
+ list
28
+ end
29
+ end
24
30
 
31
+ def terminate_html(*args)
25
32
  # Table may not exist yet when schema is initially getting loaded
26
33
  if self.table_exists?
27
- # By default all fields are to be seen by the terminator
28
- self.html_terminator_fields = self.columns.inject([]) do |list, col|
29
- if col.type == :string or col.type == :text
30
- list << col.name.to_sym
31
- end
32
-
33
- list
34
+ # object key/value of field => options
35
+ unless method_defined?(:html_terminator_fields)
36
+ class_attribute :html_terminator_fields
37
+ self.html_terminator_fields = {}
34
38
  end
35
39
 
36
- self.html_terminator_options = SANITIZE_OPTIONS.merge(args.extract_options!)
37
- self.html_terminator_fields = args if args.length > 0
40
+ options = args.extract_options!
41
+ options = SANITIZE_OPTIONS.clone.merge(options)
38
42
 
39
- # Handle exceptions
40
- exceptions = self.html_terminator_options.delete(:except) || []
41
- self.html_terminator_fields -= (exceptions)
43
+ valid_fields = self.fields & args
44
+
45
+ valid_fields.each do |field|
46
+ self.html_terminator_fields[field] = options.deep_dup
47
+ end
42
48
 
43
49
  unless self.html_terminator_fields.empty?
44
- # sanitize writes
45
50
  before_validation :terminate_html
46
51
 
47
52
  # sanitize reads
48
- self.html_terminator_fields.each do |attr|
53
+ valid_fields.each do |attr|
49
54
  define_method(attr) do |*rargs|
50
55
  # sanitize it
51
- HtmlTerminator.sanitize super(*rargs), self.html_terminator_options
56
+ HtmlTerminator.sanitize super(*rargs), options
52
57
  end
53
58
  end
54
59
  end
@@ -58,11 +63,11 @@ module HtmlTerminator
58
63
 
59
64
  module InstanceMethods
60
65
  def terminate_html
61
- self.html_terminator_fields.each do |field|
66
+ self.html_terminator_fields.each do |field, options|
62
67
  value = self[field]
63
68
 
64
69
  unless value.nil?
65
- self[field] = HtmlTerminator.sanitize(value, self.html_terminator_options)
70
+ self[field] = HtmlTerminator.sanitize(value, options)
66
71
  end
67
72
  end
68
73
  end
@@ -1,3 +1,3 @@
1
1
  module HtmlTerminator
2
- VERSION = "2.0.0"
2
+ VERSION = "5.0.0"
3
3
  end
@@ -1,68 +1,88 @@
1
- require 'spec_helper'
1
+ require "spec_helper"
2
2
 
3
3
  describe HtmlTerminator do
4
4
  it "sanitizes only fields specified" do
5
- @user = OnlyFirstName.new
5
+ user = OnlyFirstName.new
6
6
 
7
- @user.first_name = "Hello <img>"
8
- @user.first_name.should == "Hello"
7
+ user.first_name = "Hello <img>"
8
+ expect(user.first_name).to eql("Hello")
9
9
 
10
- @user.last_name = "Hello <img>"
11
- @user.last_name.should == "Hello <img>"
10
+ user.last_name = "Hello <img>"
11
+ expect(user.last_name).to eql("Hello <img>")
12
12
 
13
- @user.age = 3
14
- @user.age.should == 3
13
+ user.age = 3
14
+ expect(user.age).to eql(3)
15
15
  end
16
16
 
17
17
  it "doesn't escape ampersands" do
18
- @user = OnlyFirstName.new
18
+ user = OnlyFirstName.new
19
19
 
20
- @user.first_name = "A & B & C"
21
- @user.first_name.should == "A & B & C"
20
+ user.first_name = "A & B & C"
21
+ expect(user.first_name).to eql("A & B & C")
22
22
  end
23
23
 
24
24
  it "skips sanitize when only one bracket" do
25
- @user = OnlyFirstName.new
25
+ user = OnlyFirstName.new
26
26
 
27
- @user.first_name = "1 < 2"
28
- @user.first_name.should == "1 < 2"
27
+ user.first_name = "1 < 2"
28
+ expect(user.first_name).to eql("1 < 2")
29
29
 
30
- @user.first_name = "2 > 1"
31
- @user.first_name.should == "2 > 1"
30
+ user.first_name = "2 > 1"
31
+ expect(user.first_name).to eql("2 > 1")
32
32
  end
33
33
 
34
34
  it "handles ampersands" do
35
- @user = OnlyFirstName.new
35
+ user = OnlyFirstName.new
36
36
 
37
- @user.first_name = "Mr. & Mrs. Smith"
38
- @user.first_name.should == "Mr. & Mrs. Smith"
37
+ user.first_name = "Mr. & Mrs. Smith"
38
+ expect(user.first_name).to eql("Mr. & Mrs. Smith")
39
39
  end
40
40
 
41
- it "sanitizes all except what is specified" do
42
- @user = ExceptFirstName.new
43
-
44
- @user.first_name = "Hello <img>"
45
- @user.first_name.should == "Hello <img>"
41
+ it "doesn't blow up if value is not a string" do
42
+ user = OnlyFirstName.new
43
+ user.first_name = 1
44
+ expect(user.first_name).to eql("1")
45
+ end
46
46
 
47
- @user.last_name = "Hello <img>"
48
- @user.last_name.should == "Hello"
47
+ it "honors options that are passed in" do
48
+ user = FirstNameWithOptions.new
49
+ user.first_name = "Hello <flexbox></flexbox><hr><br><img>"
50
+ expect(user.first_name).to eql("Hello <flexbox></flexbox>")
49
51
  end
50
52
 
51
- it "doesn't blow up if value is nil" do
52
- @user = ExceptFirstName.new
53
- @user.first_name = nil
54
- @user.first_name.should == nil
53
+ describe "#sanitize" do
54
+ it "strips out all html by default" do
55
+ val = HtmlTerminator.sanitize "<flexbox></flexbox><hr><br><img>"
56
+ expect(val).to eql("")
57
+ end
58
+
59
+ it "does not mark the output as html_safe" do
60
+ val = HtmlTerminator.sanitize "<flexbox></flexbox><hr><br><img>"
61
+ expect(val.html_safe?).to eql(false)
62
+ end
63
+
64
+ it "does not escape output that isn't stripped" do
65
+ val = HtmlTerminator.sanitize "<div>I said, \"Hello, John O'hare.\"</div>"
66
+ expect(val).to eql("I said, \"Hello, John O'hare.\"")
67
+ end
55
68
  end
56
69
 
57
- it "doesn't blow up if value is not a string" do
58
- @user = OnlyFirstName.new
59
- @user.first_name = 1
60
- @user.first_name.should == "1"
70
+ it "sanitizes different fields with different options" do
71
+ user = TwoFieldsWithOptions.new
72
+ user.first_name = "Hello <br><strong>strong</strong><em>em</em>"
73
+ user.last_name = "Hello <br><strong>strong</strong><em>em</em>"
74
+
75
+ expect(user.first_name).to eql("Hello <strong>strong</strong>em")
76
+ expect(user.last_name).to eql("Hello strong<em>em</em>")
61
77
  end
62
78
 
63
- it "honors options that are passed in" do
64
- @user = FirstNameWithOptions.new
65
- @user.first_name = "Hello <flexbox></flexbox><hr><br><img>"
66
- @user.first_name.should == "Hello <flexbox></flexbox>"
79
+ it "sanitizes on validation" do
80
+ user = TwoFieldsWithOptions.new
81
+ user.first_name = "Hello <br><strong>strong</strong><em>em</em>"
82
+ user.last_name = "Hello <br><strong>strong</strong><em>em</em>"
83
+ user.valid?
84
+
85
+ expect(user.read_attribute(:first_name)).to eql("Hello <strong>strong</strong>em")
86
+ expect(user.read_attribute(:last_name)).to eql("Hello strong<em>em</em>")
67
87
  end
68
88
  end
@@ -1,7 +1,9 @@
1
- require 'rubygems'
2
- require 'bundler/setup'
1
+ require "rubygems"
2
+ require "bundler/setup"
3
3
 
4
4
  $LOAD_PATH.unshift(File.dirname(__FILE__))
5
- $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
5
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
6
6
 
7
- require 'support/active_record'
7
+ require "support/active_record"
8
+ require "active_support"
9
+ require "active_support/core_ext/string/output_safety.rb"
@@ -1,9 +1,9 @@
1
- require 'active_record'
2
- require 'html_terminator'
1
+ require "active_record"
2
+ require "html_terminator"
3
3
 
4
4
  ActiveRecord::Base.establish_connection({
5
- :adapter => 'sqlite3',
6
- :database => ':memory:'
5
+ :adapter => "sqlite3",
6
+ :database => ":memory:"
7
7
  })
8
8
 
9
9
  ActiveRecord::Schema.define do
@@ -13,7 +13,7 @@ ActiveRecord::Schema.define do
13
13
  t.column "age", :integer
14
14
  end
15
15
 
16
- create_table "except_first_names", :force => true do |t|
16
+ create_table "two_fields_with_options", :force => true do |t|
17
17
  t.column "first_name", :text
18
18
  t.column "last_name", :text
19
19
  t.column "age", :integer
@@ -32,10 +32,11 @@ class OnlyFirstName < ActiveRecord::Base
32
32
  terminate_html :first_name
33
33
  end
34
34
 
35
- class ExceptFirstName < ActiveRecord::Base
35
+ class TwoFieldsWithOptions < ActiveRecord::Base
36
36
  include HtmlTerminator
37
37
 
38
- terminate_html :except => [:first_name]
38
+ terminate_html :first_name, elements: ["strong"]
39
+ terminate_html :last_name, elements: ["em"]
39
40
  end
40
41
 
41
42
  class FirstNameWithOptions < ActiveRecord::Base
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: html_terminator
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 5.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Steel Fu
8
8
  - Matt Diebolt
9
- autorequire:
9
+ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-01-29 00:00:00.000000000 Z
12
+ date: 2020-06-17 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -45,14 +45,14 @@ dependencies:
45
45
  requirements:
46
46
  - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: '4.0'
48
+ version: 5.2.1
49
49
  type: :runtime
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: '4.0'
55
+ version: 5.2.1
56
56
  description: Terminate Active Records fields of html
57
57
  email:
58
58
  - steel@polleverywhere.com
@@ -64,6 +64,7 @@ files:
64
64
  - ".gitignore"
65
65
  - ".travis.yml"
66
66
  - Gemfile
67
+ - Gemfile.ci
67
68
  - Guardfile
68
69
  - LICENSE.txt
69
70
  - README.md
@@ -75,11 +76,11 @@ files:
75
76
  - spec/html_terminator_spec.rb
76
77
  - spec/spec_helper.rb
77
78
  - spec/support/active_record.rb
78
- homepage: ''
79
+ homepage: https://github.com/polleverywhere/html_terminator/
79
80
  licenses:
80
81
  - MIT
81
82
  metadata: {}
82
- post_install_message:
83
+ post_install_message:
83
84
  rdoc_options: []
84
85
  require_paths:
85
86
  - lib
@@ -94,9 +95,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
94
95
  - !ruby/object:Gem::Version
95
96
  version: '0'
96
97
  requirements: []
97
- rubyforge_project:
98
- rubygems_version: 2.2.3
99
- signing_key:
98
+ rubygems_version: 3.0.3
99
+ signing_key:
100
100
  specification_version: 4
101
101
  summary: Terminate Active Records fields of html
102
102
  test_files: