jets-html-sanitizer 1.0.4

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,174 @@
1
+ require "minitest/autorun"
2
+ require "jets-html-sanitizer"
3
+
4
+ class ScrubberTest < Minitest::Test
5
+ protected
6
+
7
+ def assert_scrubbed(html, expected = html)
8
+ output = Loofah.scrub_fragment(html, @scrubber).to_s
9
+ assert_equal expected, output
10
+ end
11
+
12
+ def to_node(text)
13
+ Loofah.fragment(text).children.first
14
+ end
15
+
16
+ def assert_node_skipped(text)
17
+ assert_scrub_returns(Loofah::Scrubber::CONTINUE, text)
18
+ end
19
+
20
+ def assert_scrub_stopped(text)
21
+ assert_scrub_returns(Loofah::Scrubber::STOP, text)
22
+ end
23
+
24
+ def assert_scrub_returns(return_value, text)
25
+ node = to_node(text)
26
+ assert_equal return_value, @scrubber.scrub(node)
27
+ end
28
+ end
29
+
30
+ class PermitScrubberTest < ScrubberTest
31
+
32
+ def setup
33
+ @scrubber = Jets::Html::PermitScrubber.new
34
+ end
35
+
36
+ def test_responds_to_scrub
37
+ assert @scrubber.respond_to?(:scrub)
38
+ end
39
+
40
+ def test_default_scrub_behavior
41
+ assert_scrubbed '<tag>hello</tag>', 'hello'
42
+ end
43
+
44
+ def test_default_attributes_removal_behavior
45
+ assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
46
+ end
47
+
48
+ def test_leaves_supplied_tags
49
+ @scrubber.tags = %w(a)
50
+ assert_scrubbed '<a>hello</a>'
51
+ end
52
+
53
+ def test_leaves_only_supplied_tags
54
+ html = '<tag>leave me <span>now</span></tag>'
55
+ @scrubber.tags = %w(tag)
56
+ assert_scrubbed html, '<tag>leave me now</tag>'
57
+ end
58
+
59
+ def test_leaves_only_supplied_tags_nested
60
+ html = '<tag>leave <em>me <span>now</span></em></tag>'
61
+ @scrubber.tags = %w(tag)
62
+ assert_scrubbed html, '<tag>leave me now</tag>'
63
+ end
64
+
65
+ def test_leaves_supplied_attributes
66
+ @scrubber.attributes = %w(cooler)
67
+ assert_scrubbed '<a cooler="hello"></a>'
68
+ end
69
+
70
+ def test_leaves_only_supplied_attributes
71
+ @scrubber.attributes = %w(cooler)
72
+ assert_scrubbed '<a cooler="hello" b="c" d="e"></a>', '<a cooler="hello"></a>'
73
+ end
74
+
75
+ def test_leaves_supplied_tags_and_attributes
76
+ @scrubber.tags = %w(tag)
77
+ @scrubber.attributes = %w(cooler)
78
+ assert_scrubbed '<tag cooler="hello"></tag>'
79
+ end
80
+
81
+ def test_leaves_only_supplied_tags_and_attributes
82
+ @scrubber.tags = %w(tag)
83
+ @scrubber.attributes = %w(cooler)
84
+ html = '<a></a><tag href=""></tag><tag cooler=""></tag>'
85
+ assert_scrubbed html, '<tag></tag><tag cooler=""></tag>'
86
+ end
87
+
88
+ def test_leaves_text
89
+ assert_scrubbed('some text')
90
+ end
91
+
92
+ def test_skips_text_nodes
93
+ assert_node_skipped('some text')
94
+ end
95
+
96
+ def test_tags_accessor_validation
97
+ e = assert_raises(ArgumentError) do
98
+ @scrubber.tags = 'tag'
99
+ end
100
+
101
+ assert_equal "You should pass :tags as an Enumerable", e.message
102
+ assert_nil @scrubber.tags, "Tags should be nil when validation fails"
103
+ end
104
+
105
+ def test_attributes_accessor_validation
106
+ e = assert_raises(ArgumentError) do
107
+ @scrubber.attributes = 'cooler'
108
+ end
109
+
110
+ assert_equal "You should pass :attributes as an Enumerable", e.message
111
+ assert_nil @scrubber.attributes, "Attributes should be nil when validation fails"
112
+ end
113
+ end
114
+
115
+ class TargetScrubberTest < ScrubberTest
116
+ def setup
117
+ @scrubber = Jets::Html::TargetScrubber.new
118
+ end
119
+
120
+ def test_targeting_tags_removes_only_them
121
+ @scrubber.tags = %w(a h1)
122
+ html = '<script></script><a></a><h1></h1>'
123
+ assert_scrubbed html, '<script></script>'
124
+ end
125
+
126
+ def test_targeting_tags_removes_only_them_nested
127
+ @scrubber.tags = %w(a)
128
+ html = '<tag><a><tag><a></a></tag></a></tag>'
129
+ assert_scrubbed html, '<tag><tag></tag></tag>'
130
+ end
131
+
132
+ def test_targeting_attributes_removes_only_them
133
+ @scrubber.attributes = %w(class id)
134
+ html = '<a class="a" id="b" onclick="c"></a>'
135
+ assert_scrubbed html, '<a onclick="c"></a>'
136
+ end
137
+
138
+ def test_targeting_tags_and_attributes_removes_only_them
139
+ @scrubber.tags = %w(tag)
140
+ @scrubber.attributes = %w(remove)
141
+ html = '<tag remove="" other=""></tag><a remove="" other=""></a>'
142
+ assert_scrubbed html, '<a other=""></a>'
143
+ end
144
+ end
145
+
146
+ class TextOnlyScrubberTest < ScrubberTest
147
+ def setup
148
+ @scrubber = Jets::Html::TextOnlyScrubber.new
149
+ end
150
+
151
+ def test_removes_all_tags_and_keep_the_content
152
+ assert_scrubbed '<tag>hello</tag>', 'hello'
153
+ end
154
+
155
+ def test_skips_text_nodes
156
+ assert_node_skipped('some text')
157
+ end
158
+ end
159
+
160
+ class ReturningStopFromScrubNodeTest < ScrubberTest
161
+ class ScrubStopper < Jets::Html::PermitScrubber
162
+ def scrub_node(node)
163
+ Loofah::Scrubber::STOP
164
+ end
165
+ end
166
+
167
+ def setup
168
+ @scrubber = ScrubStopper.new
169
+ end
170
+
171
+ def test_returns_stop_from_scrub_if_scrub_node_does
172
+ assert_scrub_stopped '<script>remove me</script>'
173
+ end
174
+ end
metadata ADDED
@@ -0,0 +1,131 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: jets-html-sanitizer
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.4
5
+ platform: ruby
6
+ authors:
7
+ - Tung Nguyen
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-01-11 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: loofah
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.2'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 2.2.2
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '2.2'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 2.2.2
33
+ - !ruby/object:Gem::Dependency
34
+ name: bundler
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: '1.3'
40
+ type: :development
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - "~>"
45
+ - !ruby/object:Gem::Version
46
+ version: '1.3'
47
+ - !ruby/object:Gem::Dependency
48
+ name: rake
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ - !ruby/object:Gem::Dependency
62
+ name: minitest
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - ">="
66
+ - !ruby/object:Gem::Version
67
+ version: '0'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ - !ruby/object:Gem::Dependency
76
+ name: rails-dom-testing
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - ">="
80
+ - !ruby/object:Gem::Version
81
+ version: '0'
82
+ type: :development
83
+ prerelease: false
84
+ version_requirements: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
89
+ description: HTML sanitization for Jets applications
90
+ email:
91
+ - tongueroo@gmail.com
92
+ executables: []
93
+ extensions: []
94
+ extra_rdoc_files: []
95
+ files:
96
+ - CHANGELOG.md
97
+ - MIT-LICENSE
98
+ - README.md
99
+ - lib/jets-html-sanitizer.rb
100
+ - lib/jets/html/sanitizer.rb
101
+ - lib/jets/html/sanitizer/version.rb
102
+ - lib/jets/html/scrubbers.rb
103
+ - test/sanitizer_test.rb
104
+ - test/scrubbers_test.rb
105
+ homepage: https://github.com/jets/jets-html-sanitizer
106
+ licenses:
107
+ - MIT
108
+ metadata: {}
109
+ post_install_message:
110
+ rdoc_options: []
111
+ require_paths:
112
+ - lib
113
+ required_ruby_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
123
+ requirements: []
124
+ rubyforge_project:
125
+ rubygems_version: 2.7.6
126
+ signing_key:
127
+ specification_version: 4
128
+ summary: This gem is responsible to sanitize HTML fragments in Jets applications.
129
+ test_files:
130
+ - test/scrubbers_test.rb
131
+ - test/sanitizer_test.rb