lazy_form 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lazy_form.gemspec +1 -1
  3. data/lib/lazy_form.rb +25 -4
  4. data/test/builder_test.rb +46 -0
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 46cb809f06ff9f3f265019d51f973614b47e4ea2
4
- data.tar.gz: 2c1bcc21bce9ba0ffde4dee860d05034f55d76e4
3
+ metadata.gz: ffa4a44f12319d4b5edd758c86137a65a43f75ae
4
+ data.tar.gz: 8e2dd5cdd07a57e8c25b55f5c401e23d8aa5e158
5
5
  SHA512:
6
- metadata.gz: 39e24a9f2be2169e232b29fa7a5747a318679a3028bb9fa0e5e79cb4a5da9af299f65cd85eb5fe9e792fda4dbe1c6a971cc0320d61a9e7bf3b90a859cb6380f1
7
- data.tar.gz: 4f96c72df723fef854157511359cf5394062c8e82de0ea162cdc407d1e901d95833652a153d142a7a839c3a611924ef4cc6aed170e27fcaec9f1e343dabbb4cf
6
+ metadata.gz: 99276e23a39f418542d03e8c3a883e45b7444ed852fe5fb4b994ad204c0bc720a5748687bcb5e28c5315e520de8ed30d3865b8cd190e7197205d756ad5026404
7
+ data.tar.gz: 274db62f40fa14f718de9a5ddafae0b86f41d0822aa4b0bf6e6fc097b7ce69ba141125e9b5484a5ac7eba982ac593b9b6fe19f9617eb34c153d7b612e6684f74
data/lazy_form.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = 'lazy_form'
7
- spec.version = '0.0.2'
7
+ spec.version = '0.0.4'
8
8
  spec.authors = ['Patricio Mac Adden']
9
9
  spec.email = ['patriciomacadden@gmail.com']
10
10
  spec.summary = %q{Forms for the rest of us, the lazy.}
data/lib/lazy_form.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'inflecto'
2
+ require 'cgi/escape'
2
3
 
3
4
  module LazyForm
4
5
  module Helper
@@ -23,6 +24,8 @@ module LazyForm
23
24
  class Tag
24
25
  attr_reader :name, :attributes, :block
25
26
 
27
+ BOOLEAN_ATTRIBUTES = %i(autofocus checked disabled readonly required)
28
+
26
29
  def initialize(name, attributes = {}, &block)
27
30
  @name = name
28
31
  @attributes = attributes
@@ -46,6 +49,8 @@ module LazyForm
46
49
  attributes.collect do |k, v|
47
50
  if v.is_a? Hash
48
51
  build_attributes Hash[v.collect { |ik, iv| [:"#{k}-#{ik}", iv] }]
52
+ elsif BOOLEAN_ATTRIBUTES.include? k
53
+ v ? k : ''
49
54
  else
50
55
  "#{k}=\"#{v}\""
51
56
  end
@@ -57,7 +62,6 @@ module LazyForm
57
62
  BUTTONS = %w(button image reset submit)
58
63
 
59
64
  INPUT_TYPES = [
60
- 'checkbox',
61
65
  'color',
62
66
  'date',
63
67
  'datetime',
@@ -91,6 +95,18 @@ module LazyForm
91
95
  end
92
96
  end
93
97
 
98
+ def checkbox(object_attribute, attributes = {})
99
+ attributes[:id] ||= as_id object_attribute
100
+ attributes[:name] ||= as_name object_attribute
101
+ attributes[:type] = 'checkbox'
102
+ begin
103
+ attributes[:checked] = :checked if object.send object_attribute
104
+ rescue NoMethodError
105
+ end
106
+
107
+ Tag.new 'input', attributes
108
+ end
109
+
94
110
  def datetime_local(object_attribute, attributes = {})
95
111
  attributes[:id] ||= as_id object_attribute
96
112
  attributes[:name] ||= as_name object_attribute
@@ -112,6 +128,7 @@ module LazyForm
112
128
  attributes[:value] ||= object.send object_attribute
113
129
  rescue NoMethodError
114
130
  end
131
+ attributes[:value] = escape attributes[:value]
115
132
 
116
133
  Tag.new 'input', attributes
117
134
  end
@@ -120,7 +137,7 @@ module LazyForm
120
137
  def label(object_attribute, content = nil, attributes = {})
121
138
  attributes[:for] ||= as_id object_attribute
122
139
 
123
- Tag.new('label', attributes) { content }
140
+ Tag.new('label', attributes) { escape content }
124
141
  end
125
142
 
126
143
  def select(object_attribute, options = {}, attributes = {})
@@ -135,11 +152,15 @@ module LazyForm
135
152
  attributes[:name] ||= as_name object_attribute
136
153
  content ||= object.send object_attribute
137
154
 
138
- Tag.new('textarea', attributes) { content }
155
+ Tag.new('textarea', attributes) { escape content }
139
156
  end
140
157
 
141
158
  private
142
159
 
160
+ def escape(text)
161
+ CGI.escapeHTML text unless text.nil?
162
+ end
163
+
143
164
  def as_id(attribute)
144
165
  Inflecto.underscore "#{object.class.name}_#{attribute}"
145
166
  end
@@ -158,7 +179,7 @@ module LazyForm
158
179
  opts[:selected] = :selected if k == object.send(object_attribute)
159
180
  rescue NoMethodError
160
181
  end
161
- Tag.new('option', opts) { v }
182
+ Tag.new('option', opts) { escape v }
162
183
  end
163
184
  end.join
164
185
  end
data/test/builder_test.rb CHANGED
@@ -12,6 +12,14 @@ scope LazyForm::Builder do
12
12
  end
13
13
  end
14
14
 
15
+ LazyForm::Tag::BOOLEAN_ATTRIBUTES.each do |attr|
16
+ scope attr do
17
+ test "returns an input with #{attr} attribute" do
18
+ assert_equal "<input #{attr} id=\"person_name\" name=\"person[name]\" type=\"radio\"/>", @builder.radio(:name, "#{attr}": :true).to_s
19
+ end
20
+ end
21
+ end
22
+
15
23
  LazyForm::Builder::BUTTONS.each do |type|
16
24
  scope type do
17
25
  test "returns a #{type} input" do
@@ -26,6 +34,18 @@ scope LazyForm::Builder do
26
34
  end
27
35
  end
28
36
 
37
+ scope '#checkbox' do
38
+ test "returns a checkbox input" do
39
+ tag = @builder.checkbox :admin
40
+ assert_equal '<input id="person_admin" name="person[admin]" type="checkbox"/>', tag.to_s
41
+ end
42
+
43
+ test "returns a checkbox input with attributes" do
44
+ tag = @builder.checkbox :admin, style: 'margin-top: 5px', data: { something: 'something' }
45
+ assert_equal '<input style="margin-top: 5px" data-something="something" id="person_admin" name="person[admin]" type="checkbox"/>', tag.to_s
46
+ end
47
+ end
48
+
29
49
  scope '#datetime_local' do
30
50
  test "returns a datetime-local input" do
31
51
  tag = @builder.datetime_local :birth_date
@@ -52,6 +72,19 @@ scope LazyForm::Builder do
52
72
  end
53
73
  end
54
74
 
75
+ scope '#text' do
76
+ test 'returns a text input with the passed value escaped' do
77
+ tag = @builder.send :text, :first_name, value: '"><script>alert("hello world")</script>'
78
+ assert_equal "<input value=\"&quot;&gt;&lt;script&gt;alert(&quot;hello world&quot;)&lt;/script&gt;\" id=\"person_first_name\" name=\"person[first_name]\" type=\"text\"/>", tag.to_s
79
+ end
80
+
81
+ test "returns a text input with the object's value escaped" do
82
+ @person.first_name = '"><script>alert("hello world")</script>'
83
+ tag = @builder.send :text, :first_name
84
+ assert_equal "<input id=\"person_first_name\" name=\"person[first_name]\" type=\"text\" value=\"&quot;&gt;&lt;script&gt;alert(&quot;hello world&quot;)&lt;/script&gt;\"/>", tag.to_s
85
+ end
86
+ end
87
+
55
88
  scope '#label' do
56
89
  test 'returns a label' do
57
90
  assert_equal '<label for="person_first_name">First name</label>', @builder.label(:first_name, 'First name').to_s
@@ -60,6 +93,10 @@ scope LazyForm::Builder do
60
93
  test 'returns a label with attributes' do
61
94
  assert_equal '<label style="color: blue" for="person_first_name">First name</label>', @builder.label(:first_name, 'First name', style: 'color: blue').to_s
62
95
  end
96
+
97
+ test 'returns an escaped label' do
98
+ assert_equal '<label style="color: blue" for="person_first_name">&lt;script&gt;alert(&quot;First name&quot;)&lt;/script&gt;</label>', @builder.label(:first_name, "<script>alert(\"First name\")</script>", style: 'color: blue').to_s
99
+ end
63
100
  end
64
101
 
65
102
  scope '#select' do
@@ -79,6 +116,10 @@ scope LazyForm::Builder do
79
116
  @person.gender = :m
80
117
  assert_equal '<select id="person_gender" name="person[gender]"><option value="m" selected="selected">Male</option><option value="f">Female</option></select>', @builder.select(:gender, { m: 'Male', f: 'Female' }).to_s
81
118
  end
119
+
120
+ test 'returns a select with options escaped' do
121
+ assert_equal '<select id="person_gender" name="person[gender]"><option value="m">&lt;script&gt;alert(&quot;male&quot;)&lt;/script&gt;</option><option value="f">Female</option></select>', @builder.select(:gender, { m: "<script>alert(\"male\")</script>", f: 'Female' }).to_s
122
+ end
82
123
  end
83
124
 
84
125
  scope '#textarea' do
@@ -91,6 +132,11 @@ scope LazyForm::Builder do
91
132
  assert_equal '<textarea id="person_first_name" name="person[first_name]">Patricio</textarea>', @builder.textarea(:first_name).to_s
92
133
  end
93
134
 
135
+ test "returns a textarea with the object's value escaped" do
136
+ @person.first_name = "</textarea><script>alert('hello world')</script><textarea>"
137
+ assert_equal '<textarea id="person_first_name" name="person[first_name]">&lt;/textarea&gt;&lt;script&gt;alert(&#39;hello world&#39;)&lt;/script&gt;&lt;textarea&gt;</textarea>', @builder.textarea(:first_name).to_s
138
+ end
139
+
94
140
  test 'returns a textarea with a default value' do
95
141
  assert_equal '<textarea id="person_first_name" name="person[first_name]">First name</textarea>', @builder.textarea(:first_name, 'First name').to_s
96
142
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lazy_form
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Patricio Mac Adden
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-10 00:00:00.000000000 Z
11
+ date: 2018-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -192,7 +192,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
192
192
  version: '0'
193
193
  requirements: []
194
194
  rubyforge_project:
195
- rubygems_version: 2.2.2
195
+ rubygems_version: 2.5.2.1
196
196
  signing_key:
197
197
  specification_version: 4
198
198
  summary: Forms for the rest of us, the lazy.