lazy_form 0.0.2 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lazy_form.gemspec +1 -1
  3. data/lib/lazy_form.rb +25 -4
  4. data/test/builder_test.rb +46 -0
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 46cb809f06ff9f3f265019d51f973614b47e4ea2
4
- data.tar.gz: 2c1bcc21bce9ba0ffde4dee860d05034f55d76e4
3
+ metadata.gz: ffa4a44f12319d4b5edd758c86137a65a43f75ae
4
+ data.tar.gz: 8e2dd5cdd07a57e8c25b55f5c401e23d8aa5e158
5
5
  SHA512:
6
- metadata.gz: 39e24a9f2be2169e232b29fa7a5747a318679a3028bb9fa0e5e79cb4a5da9af299f65cd85eb5fe9e792fda4dbe1c6a971cc0320d61a9e7bf3b90a859cb6380f1
7
- data.tar.gz: 4f96c72df723fef854157511359cf5394062c8e82de0ea162cdc407d1e901d95833652a153d142a7a839c3a611924ef4cc6aed170e27fcaec9f1e343dabbb4cf
6
+ metadata.gz: 99276e23a39f418542d03e8c3a883e45b7444ed852fe5fb4b994ad204c0bc720a5748687bcb5e28c5315e520de8ed30d3865b8cd190e7197205d756ad5026404
7
+ data.tar.gz: 274db62f40fa14f718de9a5ddafae0b86f41d0822aa4b0bf6e6fc097b7ce69ba141125e9b5484a5ac7eba982ac593b9b6fe19f9617eb34c153d7b612e6684f74
data/lazy_form.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = 'lazy_form'
7
- spec.version = '0.0.2'
7
+ spec.version = '0.0.4'
8
8
  spec.authors = ['Patricio Mac Adden']
9
9
  spec.email = ['patriciomacadden@gmail.com']
10
10
  spec.summary = %q{Forms for the rest of us, the lazy.}
data/lib/lazy_form.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'inflecto'
2
+ require 'cgi/escape'
2
3
 
3
4
  module LazyForm
4
5
  module Helper
@@ -23,6 +24,8 @@ module LazyForm
23
24
  class Tag
24
25
  attr_reader :name, :attributes, :block
25
26
 
27
+ BOOLEAN_ATTRIBUTES = %i(autofocus checked disabled readonly required)
28
+
26
29
  def initialize(name, attributes = {}, &block)
27
30
  @name = name
28
31
  @attributes = attributes
@@ -46,6 +49,8 @@ module LazyForm
46
49
  attributes.collect do |k, v|
47
50
  if v.is_a? Hash
48
51
  build_attributes Hash[v.collect { |ik, iv| [:"#{k}-#{ik}", iv] }]
52
+ elsif BOOLEAN_ATTRIBUTES.include? k
53
+ v ? k : ''
49
54
  else
50
55
  "#{k}=\"#{v}\""
51
56
  end
@@ -57,7 +62,6 @@ module LazyForm
57
62
  BUTTONS = %w(button image reset submit)
58
63
 
59
64
  INPUT_TYPES = [
60
- 'checkbox',
61
65
  'color',
62
66
  'date',
63
67
  'datetime',
@@ -91,6 +95,18 @@ module LazyForm
91
95
  end
92
96
  end
93
97
 
98
+ def checkbox(object_attribute, attributes = {})
99
+ attributes[:id] ||= as_id object_attribute
100
+ attributes[:name] ||= as_name object_attribute
101
+ attributes[:type] = 'checkbox'
102
+ begin
103
+ attributes[:checked] = :checked if object.send object_attribute
104
+ rescue NoMethodError
105
+ end
106
+
107
+ Tag.new 'input', attributes
108
+ end
109
+
94
110
  def datetime_local(object_attribute, attributes = {})
95
111
  attributes[:id] ||= as_id object_attribute
96
112
  attributes[:name] ||= as_name object_attribute
@@ -112,6 +128,7 @@ module LazyForm
112
128
  attributes[:value] ||= object.send object_attribute
113
129
  rescue NoMethodError
114
130
  end
131
+ attributes[:value] = escape attributes[:value]
115
132
 
116
133
  Tag.new 'input', attributes
117
134
  end
@@ -120,7 +137,7 @@ module LazyForm
120
137
  def label(object_attribute, content = nil, attributes = {})
121
138
  attributes[:for] ||= as_id object_attribute
122
139
 
123
- Tag.new('label', attributes) { content }
140
+ Tag.new('label', attributes) { escape content }
124
141
  end
125
142
 
126
143
  def select(object_attribute, options = {}, attributes = {})
@@ -135,11 +152,15 @@ module LazyForm
135
152
  attributes[:name] ||= as_name object_attribute
136
153
  content ||= object.send object_attribute
137
154
 
138
- Tag.new('textarea', attributes) { content }
155
+ Tag.new('textarea', attributes) { escape content }
139
156
  end
140
157
 
141
158
  private
142
159
 
160
+ def escape(text)
161
+ CGI.escapeHTML text unless text.nil?
162
+ end
163
+
143
164
  def as_id(attribute)
144
165
  Inflecto.underscore "#{object.class.name}_#{attribute}"
145
166
  end
@@ -158,7 +179,7 @@ module LazyForm
158
179
  opts[:selected] = :selected if k == object.send(object_attribute)
159
180
  rescue NoMethodError
160
181
  end
161
- Tag.new('option', opts) { v }
182
+ Tag.new('option', opts) { escape v }
162
183
  end
163
184
  end.join
164
185
  end
data/test/builder_test.rb CHANGED
@@ -12,6 +12,14 @@ scope LazyForm::Builder do
12
12
  end
13
13
  end
14
14
 
15
+ LazyForm::Tag::BOOLEAN_ATTRIBUTES.each do |attr|
16
+ scope attr do
17
+ test "returns an input with #{attr} attribute" do
18
+ assert_equal "<input #{attr} id=\"person_name\" name=\"person[name]\" type=\"radio\"/>", @builder.radio(:name, "#{attr}": :true).to_s
19
+ end
20
+ end
21
+ end
22
+
15
23
  LazyForm::Builder::BUTTONS.each do |type|
16
24
  scope type do
17
25
  test "returns a #{type} input" do
@@ -26,6 +34,18 @@ scope LazyForm::Builder do
26
34
  end
27
35
  end
28
36
 
37
+ scope '#checkbox' do
38
+ test "returns a checkbox input" do
39
+ tag = @builder.checkbox :admin
40
+ assert_equal '<input id="person_admin" name="person[admin]" type="checkbox"/>', tag.to_s
41
+ end
42
+
43
+ test "returns a checkbox input with attributes" do
44
+ tag = @builder.checkbox :admin, style: 'margin-top: 5px', data: { something: 'something' }
45
+ assert_equal '<input style="margin-top: 5px" data-something="something" id="person_admin" name="person[admin]" type="checkbox"/>', tag.to_s
46
+ end
47
+ end
48
+
29
49
  scope '#datetime_local' do
30
50
  test "returns a datetime-local input" do
31
51
  tag = @builder.datetime_local :birth_date
@@ -52,6 +72,19 @@ scope LazyForm::Builder do
52
72
  end
53
73
  end
54
74
 
75
+ scope '#text' do
76
+ test 'returns a text input with the passed value escaped' do
77
+ tag = @builder.send :text, :first_name, value: '"><script>alert("hello world")</script>'
78
+ assert_equal "<input value=\"&quot;&gt;&lt;script&gt;alert(&quot;hello world&quot;)&lt;/script&gt;\" id=\"person_first_name\" name=\"person[first_name]\" type=\"text\"/>", tag.to_s
79
+ end
80
+
81
+ test "returns a text input with the object's value escaped" do
82
+ @person.first_name = '"><script>alert("hello world")</script>'
83
+ tag = @builder.send :text, :first_name
84
+ assert_equal "<input id=\"person_first_name\" name=\"person[first_name]\" type=\"text\" value=\"&quot;&gt;&lt;script&gt;alert(&quot;hello world&quot;)&lt;/script&gt;\"/>", tag.to_s
85
+ end
86
+ end
87
+
55
88
  scope '#label' do
56
89
  test 'returns a label' do
57
90
  assert_equal '<label for="person_first_name">First name</label>', @builder.label(:first_name, 'First name').to_s
@@ -60,6 +93,10 @@ scope LazyForm::Builder do
60
93
  test 'returns a label with attributes' do
61
94
  assert_equal '<label style="color: blue" for="person_first_name">First name</label>', @builder.label(:first_name, 'First name', style: 'color: blue').to_s
62
95
  end
96
+
97
+ test 'returns an escaped label' do
98
+ assert_equal '<label style="color: blue" for="person_first_name">&lt;script&gt;alert(&quot;First name&quot;)&lt;/script&gt;</label>', @builder.label(:first_name, "<script>alert(\"First name\")</script>", style: 'color: blue').to_s
99
+ end
63
100
  end
64
101
 
65
102
  scope '#select' do
@@ -79,6 +116,10 @@ scope LazyForm::Builder do
79
116
  @person.gender = :m
80
117
  assert_equal '<select id="person_gender" name="person[gender]"><option value="m" selected="selected">Male</option><option value="f">Female</option></select>', @builder.select(:gender, { m: 'Male', f: 'Female' }).to_s
81
118
  end
119
+
120
+ test 'returns a select with options escaped' do
121
+ assert_equal '<select id="person_gender" name="person[gender]"><option value="m">&lt;script&gt;alert(&quot;male&quot;)&lt;/script&gt;</option><option value="f">Female</option></select>', @builder.select(:gender, { m: "<script>alert(\"male\")</script>", f: 'Female' }).to_s
122
+ end
82
123
  end
83
124
 
84
125
  scope '#textarea' do
@@ -91,6 +132,11 @@ scope LazyForm::Builder do
91
132
  assert_equal '<textarea id="person_first_name" name="person[first_name]">Patricio</textarea>', @builder.textarea(:first_name).to_s
92
133
  end
93
134
 
135
+ test "returns a textarea with the object's value escaped" do
136
+ @person.first_name = "</textarea><script>alert('hello world')</script><textarea>"
137
+ assert_equal '<textarea id="person_first_name" name="person[first_name]">&lt;/textarea&gt;&lt;script&gt;alert(&#39;hello world&#39;)&lt;/script&gt;&lt;textarea&gt;</textarea>', @builder.textarea(:first_name).to_s
138
+ end
139
+
94
140
  test 'returns a textarea with a default value' do
95
141
  assert_equal '<textarea id="person_first_name" name="person[first_name]">First name</textarea>', @builder.textarea(:first_name, 'First name').to_s
96
142
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lazy_form
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Patricio Mac Adden
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-10 00:00:00.000000000 Z
11
+ date: 2018-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -192,7 +192,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
192
192
  version: '0'
193
193
  requirements: []
194
194
  rubyforge_project:
195
- rubygems_version: 2.2.2
195
+ rubygems_version: 2.5.2.1
196
196
  signing_key:
197
197
  specification_version: 4
198
198
  summary: Forms for the rest of us, the lazy.