lazy_form 0.0.2 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lazy_form.gemspec +1 -1
- data/lib/lazy_form.rb +25 -4
- data/test/builder_test.rb +46 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ffa4a44f12319d4b5edd758c86137a65a43f75ae
|
4
|
+
data.tar.gz: 8e2dd5cdd07a57e8c25b55f5c401e23d8aa5e158
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 99276e23a39f418542d03e8c3a883e45b7444ed852fe5fb4b994ad204c0bc720a5748687bcb5e28c5315e520de8ed30d3865b8cd190e7197205d756ad5026404
|
7
|
+
data.tar.gz: 274db62f40fa14f718de9a5ddafae0b86f41d0822aa4b0bf6e6fc097b7ce69ba141125e9b5484a5ac7eba982ac593b9b6fe19f9617eb34c153d7b612e6684f74
|
data/lazy_form.gemspec
CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = 'lazy_form'
|
7
|
-
spec.version = '0.0.
|
7
|
+
spec.version = '0.0.4'
|
8
8
|
spec.authors = ['Patricio Mac Adden']
|
9
9
|
spec.email = ['patriciomacadden@gmail.com']
|
10
10
|
spec.summary = %q{Forms for the rest of us, the lazy.}
|
data/lib/lazy_form.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'inflecto'
|
2
|
+
require 'cgi/escape'
|
2
3
|
|
3
4
|
module LazyForm
|
4
5
|
module Helper
|
@@ -23,6 +24,8 @@ module LazyForm
|
|
23
24
|
class Tag
|
24
25
|
attr_reader :name, :attributes, :block
|
25
26
|
|
27
|
+
BOOLEAN_ATTRIBUTES = %i(autofocus checked disabled readonly required)
|
28
|
+
|
26
29
|
def initialize(name, attributes = {}, &block)
|
27
30
|
@name = name
|
28
31
|
@attributes = attributes
|
@@ -46,6 +49,8 @@ module LazyForm
|
|
46
49
|
attributes.collect do |k, v|
|
47
50
|
if v.is_a? Hash
|
48
51
|
build_attributes Hash[v.collect { |ik, iv| [:"#{k}-#{ik}", iv] }]
|
52
|
+
elsif BOOLEAN_ATTRIBUTES.include? k
|
53
|
+
v ? k : ''
|
49
54
|
else
|
50
55
|
"#{k}=\"#{v}\""
|
51
56
|
end
|
@@ -57,7 +62,6 @@ module LazyForm
|
|
57
62
|
BUTTONS = %w(button image reset submit)
|
58
63
|
|
59
64
|
INPUT_TYPES = [
|
60
|
-
'checkbox',
|
61
65
|
'color',
|
62
66
|
'date',
|
63
67
|
'datetime',
|
@@ -91,6 +95,18 @@ module LazyForm
|
|
91
95
|
end
|
92
96
|
end
|
93
97
|
|
98
|
+
def checkbox(object_attribute, attributes = {})
|
99
|
+
attributes[:id] ||= as_id object_attribute
|
100
|
+
attributes[:name] ||= as_name object_attribute
|
101
|
+
attributes[:type] = 'checkbox'
|
102
|
+
begin
|
103
|
+
attributes[:checked] = :checked if object.send object_attribute
|
104
|
+
rescue NoMethodError
|
105
|
+
end
|
106
|
+
|
107
|
+
Tag.new 'input', attributes
|
108
|
+
end
|
109
|
+
|
94
110
|
def datetime_local(object_attribute, attributes = {})
|
95
111
|
attributes[:id] ||= as_id object_attribute
|
96
112
|
attributes[:name] ||= as_name object_attribute
|
@@ -112,6 +128,7 @@ module LazyForm
|
|
112
128
|
attributes[:value] ||= object.send object_attribute
|
113
129
|
rescue NoMethodError
|
114
130
|
end
|
131
|
+
attributes[:value] = escape attributes[:value]
|
115
132
|
|
116
133
|
Tag.new 'input', attributes
|
117
134
|
end
|
@@ -120,7 +137,7 @@ module LazyForm
|
|
120
137
|
def label(object_attribute, content = nil, attributes = {})
|
121
138
|
attributes[:for] ||= as_id object_attribute
|
122
139
|
|
123
|
-
Tag.new('label', attributes) { content }
|
140
|
+
Tag.new('label', attributes) { escape content }
|
124
141
|
end
|
125
142
|
|
126
143
|
def select(object_attribute, options = {}, attributes = {})
|
@@ -135,11 +152,15 @@ module LazyForm
|
|
135
152
|
attributes[:name] ||= as_name object_attribute
|
136
153
|
content ||= object.send object_attribute
|
137
154
|
|
138
|
-
Tag.new('textarea', attributes) { content }
|
155
|
+
Tag.new('textarea', attributes) { escape content }
|
139
156
|
end
|
140
157
|
|
141
158
|
private
|
142
159
|
|
160
|
+
def escape(text)
|
161
|
+
CGI.escapeHTML text unless text.nil?
|
162
|
+
end
|
163
|
+
|
143
164
|
def as_id(attribute)
|
144
165
|
Inflecto.underscore "#{object.class.name}_#{attribute}"
|
145
166
|
end
|
@@ -158,7 +179,7 @@ module LazyForm
|
|
158
179
|
opts[:selected] = :selected if k == object.send(object_attribute)
|
159
180
|
rescue NoMethodError
|
160
181
|
end
|
161
|
-
Tag.new('option', opts) { v }
|
182
|
+
Tag.new('option', opts) { escape v }
|
162
183
|
end
|
163
184
|
end.join
|
164
185
|
end
|
data/test/builder_test.rb
CHANGED
@@ -12,6 +12,14 @@ scope LazyForm::Builder do
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
+
LazyForm::Tag::BOOLEAN_ATTRIBUTES.each do |attr|
|
16
|
+
scope attr do
|
17
|
+
test "returns an input with #{attr} attribute" do
|
18
|
+
assert_equal "<input #{attr} id=\"person_name\" name=\"person[name]\" type=\"radio\"/>", @builder.radio(:name, "#{attr}": :true).to_s
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
15
23
|
LazyForm::Builder::BUTTONS.each do |type|
|
16
24
|
scope type do
|
17
25
|
test "returns a #{type} input" do
|
@@ -26,6 +34,18 @@ scope LazyForm::Builder do
|
|
26
34
|
end
|
27
35
|
end
|
28
36
|
|
37
|
+
scope '#checkbox' do
|
38
|
+
test "returns a checkbox input" do
|
39
|
+
tag = @builder.checkbox :admin
|
40
|
+
assert_equal '<input id="person_admin" name="person[admin]" type="checkbox"/>', tag.to_s
|
41
|
+
end
|
42
|
+
|
43
|
+
test "returns a checkbox input with attributes" do
|
44
|
+
tag = @builder.checkbox :admin, style: 'margin-top: 5px', data: { something: 'something' }
|
45
|
+
assert_equal '<input style="margin-top: 5px" data-something="something" id="person_admin" name="person[admin]" type="checkbox"/>', tag.to_s
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
29
49
|
scope '#datetime_local' do
|
30
50
|
test "returns a datetime-local input" do
|
31
51
|
tag = @builder.datetime_local :birth_date
|
@@ -52,6 +72,19 @@ scope LazyForm::Builder do
|
|
52
72
|
end
|
53
73
|
end
|
54
74
|
|
75
|
+
scope '#text' do
|
76
|
+
test 'returns a text input with the passed value escaped' do
|
77
|
+
tag = @builder.send :text, :first_name, value: '"><script>alert("hello world")</script>'
|
78
|
+
assert_equal "<input value=\""><script>alert("hello world")</script>\" id=\"person_first_name\" name=\"person[first_name]\" type=\"text\"/>", tag.to_s
|
79
|
+
end
|
80
|
+
|
81
|
+
test "returns a text input with the object's value escaped" do
|
82
|
+
@person.first_name = '"><script>alert("hello world")</script>'
|
83
|
+
tag = @builder.send :text, :first_name
|
84
|
+
assert_equal "<input id=\"person_first_name\" name=\"person[first_name]\" type=\"text\" value=\""><script>alert("hello world")</script>\"/>", tag.to_s
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
55
88
|
scope '#label' do
|
56
89
|
test 'returns a label' do
|
57
90
|
assert_equal '<label for="person_first_name">First name</label>', @builder.label(:first_name, 'First name').to_s
|
@@ -60,6 +93,10 @@ scope LazyForm::Builder do
|
|
60
93
|
test 'returns a label with attributes' do
|
61
94
|
assert_equal '<label style="color: blue" for="person_first_name">First name</label>', @builder.label(:first_name, 'First name', style: 'color: blue').to_s
|
62
95
|
end
|
96
|
+
|
97
|
+
test 'returns an escaped label' do
|
98
|
+
assert_equal '<label style="color: blue" for="person_first_name"><script>alert("First name")</script></label>', @builder.label(:first_name, "<script>alert(\"First name\")</script>", style: 'color: blue').to_s
|
99
|
+
end
|
63
100
|
end
|
64
101
|
|
65
102
|
scope '#select' do
|
@@ -79,6 +116,10 @@ scope LazyForm::Builder do
|
|
79
116
|
@person.gender = :m
|
80
117
|
assert_equal '<select id="person_gender" name="person[gender]"><option value="m" selected="selected">Male</option><option value="f">Female</option></select>', @builder.select(:gender, { m: 'Male', f: 'Female' }).to_s
|
81
118
|
end
|
119
|
+
|
120
|
+
test 'returns a select with options escaped' do
|
121
|
+
assert_equal '<select id="person_gender" name="person[gender]"><option value="m"><script>alert("male")</script></option><option value="f">Female</option></select>', @builder.select(:gender, { m: "<script>alert(\"male\")</script>", f: 'Female' }).to_s
|
122
|
+
end
|
82
123
|
end
|
83
124
|
|
84
125
|
scope '#textarea' do
|
@@ -91,6 +132,11 @@ scope LazyForm::Builder do
|
|
91
132
|
assert_equal '<textarea id="person_first_name" name="person[first_name]">Patricio</textarea>', @builder.textarea(:first_name).to_s
|
92
133
|
end
|
93
134
|
|
135
|
+
test "returns a textarea with the object's value escaped" do
|
136
|
+
@person.first_name = "</textarea><script>alert('hello world')</script><textarea>"
|
137
|
+
assert_equal '<textarea id="person_first_name" name="person[first_name]"></textarea><script>alert('hello world')</script><textarea></textarea>', @builder.textarea(:first_name).to_s
|
138
|
+
end
|
139
|
+
|
94
140
|
test 'returns a textarea with a default value' do
|
95
141
|
assert_equal '<textarea id="person_first_name" name="person[first_name]">First name</textarea>', @builder.textarea(:first_name, 'First name').to_s
|
96
142
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lazy_form
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Patricio Mac Adden
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-07-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -192,7 +192,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
192
192
|
version: '0'
|
193
193
|
requirements: []
|
194
194
|
rubyforge_project:
|
195
|
-
rubygems_version: 2.2.
|
195
|
+
rubygems_version: 2.5.2.1
|
196
196
|
signing_key:
|
197
197
|
specification_version: 4
|
198
198
|
summary: Forms for the rest of us, the lazy.
|