jets-html-sanitizer 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +7 -0
- data/MIT-LICENSE +48 -0
- data/README.md +142 -0
- data/lib/jets-html-sanitizer.rb +73 -0
- data/lib/jets/html/sanitizer.rb +152 -0
- data/lib/jets/html/sanitizer/version.rb +7 -0
- data/lib/jets/html/scrubbers.rb +201 -0
- data/test/sanitizer_test.rb +564 -0
- data/test/scrubbers_test.rb +174 -0
- metadata +131 -0
@@ -0,0 +1,174 @@
|
|
1
|
+
require "minitest/autorun"
|
2
|
+
require "jets-html-sanitizer"
|
3
|
+
|
4
|
+
class ScrubberTest < Minitest::Test
|
5
|
+
protected
|
6
|
+
|
7
|
+
def assert_scrubbed(html, expected = html)
|
8
|
+
output = Loofah.scrub_fragment(html, @scrubber).to_s
|
9
|
+
assert_equal expected, output
|
10
|
+
end
|
11
|
+
|
12
|
+
def to_node(text)
|
13
|
+
Loofah.fragment(text).children.first
|
14
|
+
end
|
15
|
+
|
16
|
+
def assert_node_skipped(text)
|
17
|
+
assert_scrub_returns(Loofah::Scrubber::CONTINUE, text)
|
18
|
+
end
|
19
|
+
|
20
|
+
def assert_scrub_stopped(text)
|
21
|
+
assert_scrub_returns(Loofah::Scrubber::STOP, text)
|
22
|
+
end
|
23
|
+
|
24
|
+
def assert_scrub_returns(return_value, text)
|
25
|
+
node = to_node(text)
|
26
|
+
assert_equal return_value, @scrubber.scrub(node)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
class PermitScrubberTest < ScrubberTest
|
31
|
+
|
32
|
+
def setup
|
33
|
+
@scrubber = Jets::Html::PermitScrubber.new
|
34
|
+
end
|
35
|
+
|
36
|
+
def test_responds_to_scrub
|
37
|
+
assert @scrubber.respond_to?(:scrub)
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_default_scrub_behavior
|
41
|
+
assert_scrubbed '<tag>hello</tag>', 'hello'
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_default_attributes_removal_behavior
|
45
|
+
assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
|
46
|
+
end
|
47
|
+
|
48
|
+
def test_leaves_supplied_tags
|
49
|
+
@scrubber.tags = %w(a)
|
50
|
+
assert_scrubbed '<a>hello</a>'
|
51
|
+
end
|
52
|
+
|
53
|
+
def test_leaves_only_supplied_tags
|
54
|
+
html = '<tag>leave me <span>now</span></tag>'
|
55
|
+
@scrubber.tags = %w(tag)
|
56
|
+
assert_scrubbed html, '<tag>leave me now</tag>'
|
57
|
+
end
|
58
|
+
|
59
|
+
def test_leaves_only_supplied_tags_nested
|
60
|
+
html = '<tag>leave <em>me <span>now</span></em></tag>'
|
61
|
+
@scrubber.tags = %w(tag)
|
62
|
+
assert_scrubbed html, '<tag>leave me now</tag>'
|
63
|
+
end
|
64
|
+
|
65
|
+
def test_leaves_supplied_attributes
|
66
|
+
@scrubber.attributes = %w(cooler)
|
67
|
+
assert_scrubbed '<a cooler="hello"></a>'
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_leaves_only_supplied_attributes
|
71
|
+
@scrubber.attributes = %w(cooler)
|
72
|
+
assert_scrubbed '<a cooler="hello" b="c" d="e"></a>', '<a cooler="hello"></a>'
|
73
|
+
end
|
74
|
+
|
75
|
+
def test_leaves_supplied_tags_and_attributes
|
76
|
+
@scrubber.tags = %w(tag)
|
77
|
+
@scrubber.attributes = %w(cooler)
|
78
|
+
assert_scrubbed '<tag cooler="hello"></tag>'
|
79
|
+
end
|
80
|
+
|
81
|
+
def test_leaves_only_supplied_tags_and_attributes
|
82
|
+
@scrubber.tags = %w(tag)
|
83
|
+
@scrubber.attributes = %w(cooler)
|
84
|
+
html = '<a></a><tag href=""></tag><tag cooler=""></tag>'
|
85
|
+
assert_scrubbed html, '<tag></tag><tag cooler=""></tag>'
|
86
|
+
end
|
87
|
+
|
88
|
+
def test_leaves_text
|
89
|
+
assert_scrubbed('some text')
|
90
|
+
end
|
91
|
+
|
92
|
+
def test_skips_text_nodes
|
93
|
+
assert_node_skipped('some text')
|
94
|
+
end
|
95
|
+
|
96
|
+
def test_tags_accessor_validation
|
97
|
+
e = assert_raises(ArgumentError) do
|
98
|
+
@scrubber.tags = 'tag'
|
99
|
+
end
|
100
|
+
|
101
|
+
assert_equal "You should pass :tags as an Enumerable", e.message
|
102
|
+
assert_nil @scrubber.tags, "Tags should be nil when validation fails"
|
103
|
+
end
|
104
|
+
|
105
|
+
def test_attributes_accessor_validation
|
106
|
+
e = assert_raises(ArgumentError) do
|
107
|
+
@scrubber.attributes = 'cooler'
|
108
|
+
end
|
109
|
+
|
110
|
+
assert_equal "You should pass :attributes as an Enumerable", e.message
|
111
|
+
assert_nil @scrubber.attributes, "Attributes should be nil when validation fails"
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
class TargetScrubberTest < ScrubberTest
|
116
|
+
def setup
|
117
|
+
@scrubber = Jets::Html::TargetScrubber.new
|
118
|
+
end
|
119
|
+
|
120
|
+
def test_targeting_tags_removes_only_them
|
121
|
+
@scrubber.tags = %w(a h1)
|
122
|
+
html = '<script></script><a></a><h1></h1>'
|
123
|
+
assert_scrubbed html, '<script></script>'
|
124
|
+
end
|
125
|
+
|
126
|
+
def test_targeting_tags_removes_only_them_nested
|
127
|
+
@scrubber.tags = %w(a)
|
128
|
+
html = '<tag><a><tag><a></a></tag></a></tag>'
|
129
|
+
assert_scrubbed html, '<tag><tag></tag></tag>'
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_targeting_attributes_removes_only_them
|
133
|
+
@scrubber.attributes = %w(class id)
|
134
|
+
html = '<a class="a" id="b" onclick="c"></a>'
|
135
|
+
assert_scrubbed html, '<a onclick="c"></a>'
|
136
|
+
end
|
137
|
+
|
138
|
+
def test_targeting_tags_and_attributes_removes_only_them
|
139
|
+
@scrubber.tags = %w(tag)
|
140
|
+
@scrubber.attributes = %w(remove)
|
141
|
+
html = '<tag remove="" other=""></tag><a remove="" other=""></a>'
|
142
|
+
assert_scrubbed html, '<a other=""></a>'
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
class TextOnlyScrubberTest < ScrubberTest
|
147
|
+
def setup
|
148
|
+
@scrubber = Jets::Html::TextOnlyScrubber.new
|
149
|
+
end
|
150
|
+
|
151
|
+
def test_removes_all_tags_and_keep_the_content
|
152
|
+
assert_scrubbed '<tag>hello</tag>', 'hello'
|
153
|
+
end
|
154
|
+
|
155
|
+
def test_skips_text_nodes
|
156
|
+
assert_node_skipped('some text')
|
157
|
+
end
|
158
|
+
end
|
159
|
+
|
160
|
+
class ReturningStopFromScrubNodeTest < ScrubberTest
|
161
|
+
class ScrubStopper < Jets::Html::PermitScrubber
|
162
|
+
def scrub_node(node)
|
163
|
+
Loofah::Scrubber::STOP
|
164
|
+
end
|
165
|
+
end
|
166
|
+
|
167
|
+
def setup
|
168
|
+
@scrubber = ScrubStopper.new
|
169
|
+
end
|
170
|
+
|
171
|
+
def test_returns_stop_from_scrub_if_scrub_node_does
|
172
|
+
assert_scrub_stopped '<script>remove me</script>'
|
173
|
+
end
|
174
|
+
end
|
metadata
ADDED
@@ -0,0 +1,131 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: jets-html-sanitizer
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.4
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Tung Nguyen
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-01-11 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: loofah
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.2'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 2.2.2
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '2.2'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 2.2.2
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: bundler
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '1.3'
|
40
|
+
type: :development
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '1.3'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rake
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - ">="
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ">="
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: minitest
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ">="
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: rails-dom-testing
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ">="
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ">="
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
description: HTML sanitization for Jets applications
|
90
|
+
email:
|
91
|
+
- tongueroo@gmail.com
|
92
|
+
executables: []
|
93
|
+
extensions: []
|
94
|
+
extra_rdoc_files: []
|
95
|
+
files:
|
96
|
+
- CHANGELOG.md
|
97
|
+
- MIT-LICENSE
|
98
|
+
- README.md
|
99
|
+
- lib/jets-html-sanitizer.rb
|
100
|
+
- lib/jets/html/sanitizer.rb
|
101
|
+
- lib/jets/html/sanitizer/version.rb
|
102
|
+
- lib/jets/html/scrubbers.rb
|
103
|
+
- test/sanitizer_test.rb
|
104
|
+
- test/scrubbers_test.rb
|
105
|
+
homepage: https://github.com/jets/jets-html-sanitizer
|
106
|
+
licenses:
|
107
|
+
- MIT
|
108
|
+
metadata: {}
|
109
|
+
post_install_message:
|
110
|
+
rdoc_options: []
|
111
|
+
require_paths:
|
112
|
+
- lib
|
113
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - ">="
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '0'
|
123
|
+
requirements: []
|
124
|
+
rubyforge_project:
|
125
|
+
rubygems_version: 2.7.6
|
126
|
+
signing_key:
|
127
|
+
specification_version: 4
|
128
|
+
summary: This gem is responsible to sanitize HTML fragments in Jets applications.
|
129
|
+
test_files:
|
130
|
+
- test/scrubbers_test.rb
|
131
|
+
- test/sanitizer_test.rb
|