html_terminator 2.0.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +4 -2
- data/Gemfile +1 -1
- data/Gemfile.ci +10 -0
- data/README.md +2 -4
- data/html_terminator.gemspec +2 -2
- data/lib/html_terminator.rb +28 -23
- data/lib/html_terminator/version.rb +1 -1
- data/spec/html_terminator_spec.rb +58 -38
- data/spec/spec_helper.rb +6 -4
- data/spec/support/active_record.rb +8 -7
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: da8941e0209c1029fa79212d9563b6ea121e5db4db540f9c8faf140ef2735529
|
4
|
+
data.tar.gz: 5b77e328701c7c868e06944fa213f13b59587c0938f617f2b2d9210889eb920f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 946918cfb7df6799c6a069eb3bfdd3b2e950000968a7c8818a205702cc67bcc1a78a6d5ec01783a5b29b57b19610158b41a25b7f58565428c38846c700e0ea86
|
7
|
+
data.tar.gz: 9435af5e56df23be869426c87d9f7bc05fe9c462ced7e1e673548bb775f68f9a370c9bc3cfcc4dfab37282d484452e45a3fefd41c016df2aacb8acf92bb0645b
|
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
data/Gemfile.ci
ADDED
data/README.md
CHANGED
@@ -52,15 +52,13 @@ In your Rails models:
|
|
52
52
|
|
53
53
|
terminate_html :field1, :field2, :field3
|
54
54
|
|
55
|
-
or
|
56
|
-
|
57
|
-
terminate_html :except => [:field8, :field9]
|
58
|
-
|
59
55
|
## Options
|
60
56
|
|
61
57
|
Out of the box, HTML Terminator will strip out ALL html. You can pass in specific elements you want to preserve like this:
|
62
58
|
|
63
59
|
terminate_html :field1, :elements => ["b", "i", "em"]
|
60
|
+
terminate_html :field2, :elements => ["br"]
|
61
|
+
terminate_html :field3, :elements => ["em"]
|
64
62
|
|
65
63
|
Learn more about configuration options [Here](https://github.com/rgrove/sanitize#custom-configuration)
|
66
64
|
|
data/html_terminator.gemspec
CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
|
|
10
10
|
spec.email = ["steel@polleverywhere.com", "matt@polleverywhere.com"]
|
11
11
|
spec.description = %q{Terminate Active Records fields of html}
|
12
12
|
spec.summary = %q{Terminate Active Records fields of html}
|
13
|
-
spec.homepage = ""
|
13
|
+
spec.homepage = "https://github.com/polleverywhere/html_terminator/"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
16
|
spec.files = `git ls-files`.split($/)
|
@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.add_development_dependency "bundler", "~> 1.3"
|
22
22
|
spec.add_development_dependency "rake"
|
23
23
|
|
24
|
-
spec.add_runtime_dependency "sanitize", "~>
|
24
|
+
spec.add_runtime_dependency "sanitize", "~> 5.2.1"
|
25
25
|
end
|
data/lib/html_terminator.rb
CHANGED
@@ -1,54 +1,59 @@
|
|
1
1
|
require "html_terminator/version"
|
2
2
|
require "html_terminator/extract_options"
|
3
|
-
require
|
3
|
+
require "sanitize"
|
4
4
|
|
5
5
|
module HtmlTerminator
|
6
6
|
SANITIZE_OPTIONS = {
|
7
7
|
:elements => []
|
8
8
|
}
|
9
9
|
|
10
|
-
def self.sanitize(val, config)
|
10
|
+
def self.sanitize(val, config = {})
|
11
11
|
if val.is_a?(String)
|
12
12
|
# Sanitize produces escaped content.
|
13
13
|
# Unescape it to get the raw html
|
14
|
-
CGI.unescapeHTML
|
14
|
+
CGI.unescapeHTML(Sanitize.fragment(val, config).strip)
|
15
15
|
else
|
16
16
|
val
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
20
|
module ClassMethods
|
21
|
-
def
|
22
|
-
|
23
|
-
|
21
|
+
def fields
|
22
|
+
self.columns.inject([]) do |list, col|
|
23
|
+
if col.type == :string or col.type == :text
|
24
|
+
list << col.name.to_sym
|
25
|
+
end
|
26
|
+
|
27
|
+
list
|
28
|
+
end
|
29
|
+
end
|
24
30
|
|
31
|
+
def terminate_html(*args)
|
25
32
|
# Table may not exist yet when schema is initially getting loaded
|
26
33
|
if self.table_exists?
|
27
|
-
#
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
end
|
32
|
-
|
33
|
-
list
|
34
|
+
# object key/value of field => options
|
35
|
+
unless method_defined?(:html_terminator_fields)
|
36
|
+
class_attribute :html_terminator_fields
|
37
|
+
self.html_terminator_fields = {}
|
34
38
|
end
|
35
39
|
|
36
|
-
|
37
|
-
|
40
|
+
options = args.extract_options!
|
41
|
+
options = SANITIZE_OPTIONS.clone.merge(options)
|
38
42
|
|
39
|
-
|
40
|
-
|
41
|
-
|
43
|
+
valid_fields = self.fields & args
|
44
|
+
|
45
|
+
valid_fields.each do |field|
|
46
|
+
self.html_terminator_fields[field] = options.deep_dup
|
47
|
+
end
|
42
48
|
|
43
49
|
unless self.html_terminator_fields.empty?
|
44
|
-
# sanitize writes
|
45
50
|
before_validation :terminate_html
|
46
51
|
|
47
52
|
# sanitize reads
|
48
|
-
|
53
|
+
valid_fields.each do |attr|
|
49
54
|
define_method(attr) do |*rargs|
|
50
55
|
# sanitize it
|
51
|
-
HtmlTerminator.sanitize super(*rargs),
|
56
|
+
HtmlTerminator.sanitize super(*rargs), options
|
52
57
|
end
|
53
58
|
end
|
54
59
|
end
|
@@ -58,11 +63,11 @@ module HtmlTerminator
|
|
58
63
|
|
59
64
|
module InstanceMethods
|
60
65
|
def terminate_html
|
61
|
-
self.html_terminator_fields.each do |field|
|
66
|
+
self.html_terminator_fields.each do |field, options|
|
62
67
|
value = self[field]
|
63
68
|
|
64
69
|
unless value.nil?
|
65
|
-
self[field] = HtmlTerminator.sanitize(value,
|
70
|
+
self[field] = HtmlTerminator.sanitize(value, options)
|
66
71
|
end
|
67
72
|
end
|
68
73
|
end
|
@@ -1,68 +1,88 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
3
|
describe HtmlTerminator do
|
4
4
|
it "sanitizes only fields specified" do
|
5
|
-
|
5
|
+
user = OnlyFirstName.new
|
6
6
|
|
7
|
-
|
8
|
-
|
7
|
+
user.first_name = "Hello <img>"
|
8
|
+
expect(user.first_name).to eql("Hello")
|
9
9
|
|
10
|
-
|
11
|
-
|
10
|
+
user.last_name = "Hello <img>"
|
11
|
+
expect(user.last_name).to eql("Hello <img>")
|
12
12
|
|
13
|
-
|
14
|
-
|
13
|
+
user.age = 3
|
14
|
+
expect(user.age).to eql(3)
|
15
15
|
end
|
16
16
|
|
17
17
|
it "doesn't escape ampersands" do
|
18
|
-
|
18
|
+
user = OnlyFirstName.new
|
19
19
|
|
20
|
-
|
21
|
-
|
20
|
+
user.first_name = "A & B & C"
|
21
|
+
expect(user.first_name).to eql("A & B & C")
|
22
22
|
end
|
23
23
|
|
24
24
|
it "skips sanitize when only one bracket" do
|
25
|
-
|
25
|
+
user = OnlyFirstName.new
|
26
26
|
|
27
|
-
|
28
|
-
|
27
|
+
user.first_name = "1 < 2"
|
28
|
+
expect(user.first_name).to eql("1 < 2")
|
29
29
|
|
30
|
-
|
31
|
-
|
30
|
+
user.first_name = "2 > 1"
|
31
|
+
expect(user.first_name).to eql("2 > 1")
|
32
32
|
end
|
33
33
|
|
34
34
|
it "handles ampersands" do
|
35
|
-
|
35
|
+
user = OnlyFirstName.new
|
36
36
|
|
37
|
-
|
38
|
-
|
37
|
+
user.first_name = "Mr. & Mrs. Smith"
|
38
|
+
expect(user.first_name).to eql("Mr. & Mrs. Smith")
|
39
39
|
end
|
40
40
|
|
41
|
-
it "
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
41
|
+
it "doesn't blow up if value is not a string" do
|
42
|
+
user = OnlyFirstName.new
|
43
|
+
user.first_name = 1
|
44
|
+
expect(user.first_name).to eql("1")
|
45
|
+
end
|
46
46
|
|
47
|
-
|
48
|
-
|
47
|
+
it "honors options that are passed in" do
|
48
|
+
user = FirstNameWithOptions.new
|
49
|
+
user.first_name = "Hello <flexbox></flexbox><hr><br><img>"
|
50
|
+
expect(user.first_name).to eql("Hello <flexbox></flexbox>")
|
49
51
|
end
|
50
52
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
53
|
+
describe "#sanitize" do
|
54
|
+
it "strips out all html by default" do
|
55
|
+
val = HtmlTerminator.sanitize "<flexbox></flexbox><hr><br><img>"
|
56
|
+
expect(val).to eql("")
|
57
|
+
end
|
58
|
+
|
59
|
+
it "does not mark the output as html_safe" do
|
60
|
+
val = HtmlTerminator.sanitize "<flexbox></flexbox><hr><br><img>"
|
61
|
+
expect(val.html_safe?).to eql(false)
|
62
|
+
end
|
63
|
+
|
64
|
+
it "does not escape output that isn't stripped" do
|
65
|
+
val = HtmlTerminator.sanitize "<div>I said, \"Hello, John O'hare.\"</div>"
|
66
|
+
expect(val).to eql("I said, \"Hello, John O'hare.\"")
|
67
|
+
end
|
55
68
|
end
|
56
69
|
|
57
|
-
it "
|
58
|
-
|
59
|
-
|
60
|
-
|
70
|
+
it "sanitizes different fields with different options" do
|
71
|
+
user = TwoFieldsWithOptions.new
|
72
|
+
user.first_name = "Hello <br><strong>strong</strong><em>em</em>"
|
73
|
+
user.last_name = "Hello <br><strong>strong</strong><em>em</em>"
|
74
|
+
|
75
|
+
expect(user.first_name).to eql("Hello <strong>strong</strong>em")
|
76
|
+
expect(user.last_name).to eql("Hello strong<em>em</em>")
|
61
77
|
end
|
62
78
|
|
63
|
-
it "
|
64
|
-
|
65
|
-
|
66
|
-
|
79
|
+
it "sanitizes on validation" do
|
80
|
+
user = TwoFieldsWithOptions.new
|
81
|
+
user.first_name = "Hello <br><strong>strong</strong><em>em</em>"
|
82
|
+
user.last_name = "Hello <br><strong>strong</strong><em>em</em>"
|
83
|
+
user.valid?
|
84
|
+
|
85
|
+
expect(user.read_attribute(:first_name)).to eql("Hello <strong>strong</strong>em")
|
86
|
+
expect(user.read_attribute(:last_name)).to eql("Hello strong<em>em</em>")
|
67
87
|
end
|
68
88
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,7 +1,9 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "rubygems"
|
2
|
+
require "bundler/setup"
|
3
3
|
|
4
4
|
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
5
|
-
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__),
|
5
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
|
6
6
|
|
7
|
-
require
|
7
|
+
require "support/active_record"
|
8
|
+
require "active_support"
|
9
|
+
require "active_support/core_ext/string/output_safety.rb"
|
@@ -1,9 +1,9 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "active_record"
|
2
|
+
require "html_terminator"
|
3
3
|
|
4
4
|
ActiveRecord::Base.establish_connection({
|
5
|
-
:adapter =>
|
6
|
-
:database =>
|
5
|
+
:adapter => "sqlite3",
|
6
|
+
:database => ":memory:"
|
7
7
|
})
|
8
8
|
|
9
9
|
ActiveRecord::Schema.define do
|
@@ -13,7 +13,7 @@ ActiveRecord::Schema.define do
|
|
13
13
|
t.column "age", :integer
|
14
14
|
end
|
15
15
|
|
16
|
-
create_table "
|
16
|
+
create_table "two_fields_with_options", :force => true do |t|
|
17
17
|
t.column "first_name", :text
|
18
18
|
t.column "last_name", :text
|
19
19
|
t.column "age", :integer
|
@@ -32,10 +32,11 @@ class OnlyFirstName < ActiveRecord::Base
|
|
32
32
|
terminate_html :first_name
|
33
33
|
end
|
34
34
|
|
35
|
-
class
|
35
|
+
class TwoFieldsWithOptions < ActiveRecord::Base
|
36
36
|
include HtmlTerminator
|
37
37
|
|
38
|
-
terminate_html :
|
38
|
+
terminate_html :first_name, elements: ["strong"]
|
39
|
+
terminate_html :last_name, elements: ["em"]
|
39
40
|
end
|
40
41
|
|
41
42
|
class FirstNameWithOptions < ActiveRecord::Base
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: html_terminator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Steel Fu
|
8
8
|
- Matt Diebolt
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2020-06-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -45,14 +45,14 @@ dependencies:
|
|
45
45
|
requirements:
|
46
46
|
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version:
|
48
|
+
version: 5.2.1
|
49
49
|
type: :runtime
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version:
|
55
|
+
version: 5.2.1
|
56
56
|
description: Terminate Active Records fields of html
|
57
57
|
email:
|
58
58
|
- steel@polleverywhere.com
|
@@ -64,6 +64,7 @@ files:
|
|
64
64
|
- ".gitignore"
|
65
65
|
- ".travis.yml"
|
66
66
|
- Gemfile
|
67
|
+
- Gemfile.ci
|
67
68
|
- Guardfile
|
68
69
|
- LICENSE.txt
|
69
70
|
- README.md
|
@@ -75,11 +76,11 @@ files:
|
|
75
76
|
- spec/html_terminator_spec.rb
|
76
77
|
- spec/spec_helper.rb
|
77
78
|
- spec/support/active_record.rb
|
78
|
-
homepage:
|
79
|
+
homepage: https://github.com/polleverywhere/html_terminator/
|
79
80
|
licenses:
|
80
81
|
- MIT
|
81
82
|
metadata: {}
|
82
|
-
post_install_message:
|
83
|
+
post_install_message:
|
83
84
|
rdoc_options: []
|
84
85
|
require_paths:
|
85
86
|
- lib
|
@@ -94,9 +95,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
94
95
|
- !ruby/object:Gem::Version
|
95
96
|
version: '0'
|
96
97
|
requirements: []
|
97
|
-
|
98
|
-
|
99
|
-
signing_key:
|
98
|
+
rubygems_version: 3.0.3
|
99
|
+
signing_key:
|
100
100
|
specification_version: 4
|
101
101
|
summary: Terminate Active Records fields of html
|
102
102
|
test_files:
|