jets-html-sanitizer 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,174 @@
1
+ require "minitest/autorun"
2
+ require "jets-html-sanitizer"
3
+
4
+ class ScrubberTest < Minitest::Test
5
+ protected
6
+
7
+ def assert_scrubbed(html, expected = html)
8
+ output = Loofah.scrub_fragment(html, @scrubber).to_s
9
+ assert_equal expected, output
10
+ end
11
+
12
+ def to_node(text)
13
+ Loofah.fragment(text).children.first
14
+ end
15
+
16
+ def assert_node_skipped(text)
17
+ assert_scrub_returns(Loofah::Scrubber::CONTINUE, text)
18
+ end
19
+
20
+ def assert_scrub_stopped(text)
21
+ assert_scrub_returns(Loofah::Scrubber::STOP, text)
22
+ end
23
+
24
+ def assert_scrub_returns(return_value, text)
25
+ node = to_node(text)
26
+ assert_equal return_value, @scrubber.scrub(node)
27
+ end
28
+ end
29
+
30
+ class PermitScrubberTest < ScrubberTest
31
+
32
+ def setup
33
+ @scrubber = Jets::Html::PermitScrubber.new
34
+ end
35
+
36
+ def test_responds_to_scrub
37
+ assert @scrubber.respond_to?(:scrub)
38
+ end
39
+
40
+ def test_default_scrub_behavior
41
+ assert_scrubbed '<tag>hello</tag>', 'hello'
42
+ end
43
+
44
+ def test_default_attributes_removal_behavior
45
+ assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
46
+ end
47
+
48
+ def test_leaves_supplied_tags
49
+ @scrubber.tags = %w(a)
50
+ assert_scrubbed '<a>hello</a>'
51
+ end
52
+
53
+ def test_leaves_only_supplied_tags
54
+ html = '<tag>leave me <span>now</span></tag>'
55
+ @scrubber.tags = %w(tag)
56
+ assert_scrubbed html, '<tag>leave me now</tag>'
57
+ end
58
+
59
+ def test_leaves_only_supplied_tags_nested
60
+ html = '<tag>leave <em>me <span>now</span></em></tag>'
61
+ @scrubber.tags = %w(tag)
62
+ assert_scrubbed html, '<tag>leave me now</tag>'
63
+ end
64
+
65
+ def test_leaves_supplied_attributes
66
+ @scrubber.attributes = %w(cooler)
67
+ assert_scrubbed '<a cooler="hello"></a>'
68
+ end
69
+
70
+ def test_leaves_only_supplied_attributes
71
+ @scrubber.attributes = %w(cooler)
72
+ assert_scrubbed '<a cooler="hello" b="c" d="e"></a>', '<a cooler="hello"></a>'
73
+ end
74
+
75
+ def test_leaves_supplied_tags_and_attributes
76
+ @scrubber.tags = %w(tag)
77
+ @scrubber.attributes = %w(cooler)
78
+ assert_scrubbed '<tag cooler="hello"></tag>'
79
+ end
80
+
81
+ def test_leaves_only_supplied_tags_and_attributes
82
+ @scrubber.tags = %w(tag)
83
+ @scrubber.attributes = %w(cooler)
84
+ html = '<a></a><tag href=""></tag><tag cooler=""></tag>'
85
+ assert_scrubbed html, '<tag></tag><tag cooler=""></tag>'
86
+ end
87
+
88
+ def test_leaves_text
89
+ assert_scrubbed('some text')
90
+ end
91
+
92
+ def test_skips_text_nodes
93
+ assert_node_skipped('some text')
94
+ end
95
+
96
+ def test_tags_accessor_validation
97
+ e = assert_raises(ArgumentError) do
98
+ @scrubber.tags = 'tag'
99
+ end
100
+
101
+ assert_equal "You should pass :tags as an Enumerable", e.message
102
+ assert_nil @scrubber.tags, "Tags should be nil when validation fails"
103
+ end
104
+
105
+ def test_attributes_accessor_validation
106
+ e = assert_raises(ArgumentError) do
107
+ @scrubber.attributes = 'cooler'
108
+ end
109
+
110
+ assert_equal "You should pass :attributes as an Enumerable", e.message
111
+ assert_nil @scrubber.attributes, "Attributes should be nil when validation fails"
112
+ end
113
+ end
114
+
115
+ class TargetScrubberTest < ScrubberTest
116
+ def setup
117
+ @scrubber = Jets::Html::TargetScrubber.new
118
+ end
119
+
120
+ def test_targeting_tags_removes_only_them
121
+ @scrubber.tags = %w(a h1)
122
+ html = '<script></script><a></a><h1></h1>'
123
+ assert_scrubbed html, '<script></script>'
124
+ end
125
+
126
+ def test_targeting_tags_removes_only_them_nested
127
+ @scrubber.tags = %w(a)
128
+ html = '<tag><a><tag><a></a></tag></a></tag>'
129
+ assert_scrubbed html, '<tag><tag></tag></tag>'
130
+ end
131
+
132
+ def test_targeting_attributes_removes_only_them
133
+ @scrubber.attributes = %w(class id)
134
+ html = '<a class="a" id="b" onclick="c"></a>'
135
+ assert_scrubbed html, '<a onclick="c"></a>'
136
+ end
137
+
138
+ def test_targeting_tags_and_attributes_removes_only_them
139
+ @scrubber.tags = %w(tag)
140
+ @scrubber.attributes = %w(remove)
141
+ html = '<tag remove="" other=""></tag><a remove="" other=""></a>'
142
+ assert_scrubbed html, '<a other=""></a>'
143
+ end
144
+ end
145
+
146
+ class TextOnlyScrubberTest < ScrubberTest
147
+ def setup
148
+ @scrubber = Jets::Html::TextOnlyScrubber.new
149
+ end
150
+
151
+ def test_removes_all_tags_and_keep_the_content
152
+ assert_scrubbed '<tag>hello</tag>', 'hello'
153
+ end
154
+
155
+ def test_skips_text_nodes
156
+ assert_node_skipped('some text')
157
+ end
158
+ end
159
+
160
+ class ReturningStopFromScrubNodeTest < ScrubberTest
161
+ class ScrubStopper < Jets::Html::PermitScrubber
162
+ def scrub_node(node)
163
+ Loofah::Scrubber::STOP
164
+ end
165
+ end
166
+
167
+ def setup
168
+ @scrubber = ScrubStopper.new
169
+ end
170
+
171
+ def test_returns_stop_from_scrub_if_scrub_node_does
172
+ assert_scrub_stopped '<script>remove me</script>'
173
+ end
174
+ end
metadata ADDED
@@ -0,0 +1,131 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: jets-html-sanitizer
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.4
5
+ platform: ruby
6
+ authors:
7
+ - Tung Nguyen
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-01-11 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: loofah
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.2'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 2.2.2
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '2.2'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 2.2.2
33
+ - !ruby/object:Gem::Dependency
34
+ name: bundler
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: '1.3'
40
+ type: :development
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - "~>"
45
+ - !ruby/object:Gem::Version
46
+ version: '1.3'
47
+ - !ruby/object:Gem::Dependency
48
+ name: rake
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ - !ruby/object:Gem::Dependency
62
+ name: minitest
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - ">="
66
+ - !ruby/object:Gem::Version
67
+ version: '0'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ - !ruby/object:Gem::Dependency
76
+ name: rails-dom-testing
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - ">="
80
+ - !ruby/object:Gem::Version
81
+ version: '0'
82
+ type: :development
83
+ prerelease: false
84
+ version_requirements: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
89
+ description: HTML sanitization for Jets applications
90
+ email:
91
+ - tongueroo@gmail.com
92
+ executables: []
93
+ extensions: []
94
+ extra_rdoc_files: []
95
+ files:
96
+ - CHANGELOG.md
97
+ - MIT-LICENSE
98
+ - README.md
99
+ - lib/jets-html-sanitizer.rb
100
+ - lib/jets/html/sanitizer.rb
101
+ - lib/jets/html/sanitizer/version.rb
102
+ - lib/jets/html/scrubbers.rb
103
+ - test/sanitizer_test.rb
104
+ - test/scrubbers_test.rb
105
+ homepage: https://github.com/jets/jets-html-sanitizer
106
+ licenses:
107
+ - MIT
108
+ metadata: {}
109
+ post_install_message:
110
+ rdoc_options: []
111
+ require_paths:
112
+ - lib
113
+ required_ruby_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
123
+ requirements: []
124
+ rubyforge_project:
125
+ rubygems_version: 2.7.6
126
+ signing_key:
127
+ specification_version: 4
128
+ summary: This gem is responsible to sanitize HTML fragments in Jets applications.
129
+ test_files:
130
+ - test/scrubbers_test.rb
131
+ - test/sanitizer_test.rb