loofah-activerecord 1.0.0 → 1.1.0

data/CHANGELOG.rdoc

@@ -1,4 +1,11 @@
-= Changelog
+
+== 1.1.0 (2013-01-16)
+
+Enhancements:
+
+* Support for Rails 3.1 and 3.2 (Thanks, Igal Koshevoy!)
+* Altered the installed directory structure to be lib/loofah/activerecord (was lib/loofah-activerecord).
+
 
 == 1.0.0 (2010-10-26)
 

data/Gemfile

@@ -1 +1,19 @@
-gemspec
+# -*- ruby -*-
+
+# DO NOT EDIT THIS FILE. Instead, edit Rakefile, and run `rake bundler:gemfile`.
+
+source "https://rubygems.org/"
+
+gem "loofah", ">=1.0.0"
+
+gem "bundler", "~>1.2.0", :group => [:development, :test]
+gem "hoe", "~>3.3", :group => [:development, :test]
+gem "rr", "~>1.0", :group => [:development, :test]
+gem "hoe-gemspec", ">=0", :group => [:development, :test]
+gem "rdoc", "~>3.10", :group => [:development, :test]
+gem "hoe-git", ">=0", :group => [:development, :test]
+gem "hoe-bundler", ">=0", :group => [:development, :test]
+gem "minitest", "~>2.2", :group => [:development, :test]
+gem "acts_as_fu", ">=0.0.5", :group => [:development, :test]
+
+# vim: syntax=ruby

data/Manifest.txt

@@ -5,9 +5,9 @@ Manifest.txt
 README.rdoc
 Rakefile
 lib/loofah-activerecord.rb
-lib/loofah-activerecord/active_record.rb
-lib/loofah-activerecord/railtie.rb
-lib/loofah-activerecord/xss_foliate.rb
+lib/loofah/activerecord/active_record.rb
+lib/loofah/activerecord/railtie.rb
+lib/loofah/activerecord/xss_foliate.rb
 rails_test/Rakefile
 rails_test/common/active_record/app/models/post.rb
 rails_test/common/active_record/test/unit/posts_test.rb

data/README.rdoc

@@ -1,8 +1,8 @@
 = loofah-activerecord
 
 * http://github.com/flavorjones/loofah-activerecord
-* http://loofah.rubyforge.org
-* http://rubyforge.org/projects/loofah
+* http://rubydoc.info/github/flavorjones/loofah-activerecord/master/frames
+* http://librelist.com/browser/loofah
 
 == Description
 
@@ -11,42 +11,45 @@ ActiveRecord models.
 
 == Features
 
-* Two ActiveRecord extensions:
-  * Loofah::XssFoliate, an XssTerminate[http://github.com/look/xss_terminate/tree/master] drop-in replacement, is an *opt-out* sanitizer. By default all models and attributes are sanitized.
+There are two ActiveRecord extensions included with loofah-activerecord:
+
   * Loofah::ActiveRecordExtension is an *opt-in* sanitizer. You must explicitly declare attributes to be sanitized.
+  * Loofah::XssFoliate, a drop-in replacement for XssTerminate[http://github.com/look/xss_terminate/tree/master], is an *opt-out* sanitizer. By default all models and attributes are sanitized.
 
 === ActiveRecord Extension \#1: Opt-In
 
-See Loofah::ActiveRecordExtension for full documentation. The methods
-mixed into ActiveRecord are:
+See Loofah::ActiveRecordExtension for full documentation. The class
+methods mixed into ActiveRecord are:
 
-* Loofah::ActiveRecordExtension.html_document
-* Loofah::ActiveRecordExtension.html_fragment
+* +html_document+
+* +html_fragment+
 
 which are used to declare how specific string and text attributes
-should be scrubbed at +before_validation+.
+should be scrubbed during +before_validation+.
 
   # app/model/post.rb
   class Post < ActiveRecord::Base
-    html_fragment :body, :scrub => :prune  # scrubs 'body' at before_validation
+    html_fragment :body, :scrub => :prune  # scrubs `body` using the :prune scrubber
   end
 
 === ActiveRecord Extension \#2: Opt-Out
 
-See Loofah::XssFoliate::ClassMethods for more documentation. The methods mixed into ActiveRecord are:
+See Loofah::XssFoliate::ClassMethods for more documentation. The class
+methods mixed into ActiveRecord are:
 
-* Loofah::XssFoliate::ClassMethods.xss_foliate
-* Loofah::XssFoliate::ClassMethods.xss_foliated?
+* +xss_foliate+
+* +xss_foliated?+
 
 which are used to declare how specific string and text attributes
-should be scrubbed at +before_validation+.
+should be scrubbed during +before_validation+.
 
-Attributes are stripped by default, unless another scrubber is
-specified or the attribute is present in an +:except+ clause.
+Attributes are scrubbed with the +:strip+ scrubber by default, unless
+another scrubber is specified or the attribute is present in an
++:except+ clause.
 
 == Requirements
 
-* Nokogiri >= 1.3.3
+* Loofah >= 1.0.0
 * Rails 3.0, 2.3, 2.2, 2.1, 2.0 or 1.2 (pow!)
 
 == Installation
@@ -57,11 +60,11 @@ Unsurprisingly:
 
 == Support
 
-The bug tracker is available here (the Loofah project):
+The bug tracker is available here:
 
-* http://github.com/flavorjones/loofah/issues
+* http://github.com/flavorjones/loofah-activerecord/issues
 
-And the mailing list is on librelist (also the Loofah mailing list):
+And the mailing list is on librelist (the general Loofah mailing list):
 
 * loofah@librelist.com / http://librelist.com
 
@@ -89,7 +92,7 @@ This library was split out of the Loofah project for version 1.0.0.
 
 The MIT License
 
-Copyright (c) 2009, 2010 by Mike Dalessio
+Copyright (c) 2009, 2010, 2011 by Mike Dalessio
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/Rakefile

@@ -14,10 +14,14 @@ Hoe.spec "loofah-activerecord" do
   self.readme_file      = "README.rdoc"
 
   extra_deps << ["loofah", ">= 1.0.0"]
-  extra_dev_deps << ["mocha", ">=0.9"]
-  extra_dev_deps << ["shoulda", ">=2.10"]
+
+  extra_dev_deps << ["minitest", "~>2.2"]
+  extra_dev_deps << ["rr", "~>1.0"]
   extra_dev_deps << ["acts_as_fu", ">=0.0.5"]
-  extra_dev_deps << ["bundler", "=1.0.0"]
+  extra_dev_deps << ["bundler", "~>1.2.0"]
+  extra_dev_deps << ["hoe-git", ">=0"]
+  extra_dev_deps << ["hoe-bundler", ">=0"]
+  extra_dev_deps << ["hoe-gemspec", ">=0"]
 end
 
 load "rails_test/Rakefile"
@@ -40,11 +44,6 @@ task :fix_css do
       margin-top                : .5em ;
     }
 
-    #main ul, div#documentation ul {
-      list-style-type           : disc ! IMPORTANT ;
-      list-style-position       : inside ! IMPORTANT ;
-    }
-
     h2 + ul {
       margin-top                : 1em;
     }

data/lib/loofah-activerecord.rb

@@ -3,17 +3,17 @@ $LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__))) unless $LOAD_PATH.i
 require 'loofah'
 
 module Loofah::ActiveRecord
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end
 
 if defined?(Rails) && Rails::VERSION::MAJOR == 3
-  require 'loofah-activerecord/railtie'
+  require 'loofah/activerecord/railtie'
 elsif defined? Rails.configuration and Rails.configuration.frameworks.include?([:active_record]) # >= 2.1
   Rails.configuration.after_initialize do
-    require 'loofah-activerecord/active_record'
-    require 'loofah-activerecord/xss_foliate'
+    require 'loofah/activerecord/active_record'
+    require 'loofah/activerecord/xss_foliate'
   end
 elsif defined? ActiveRecord::Base # <= 2.0
-  require 'loofah-activerecord/active_record'
-  require 'loofah-activerecord/xss_foliate'
+  require 'loofah/activerecord/active_record'
+  require 'loofah/activerecord/xss_foliate'
 end

data/lib/{loofah-activerecord → loofah/activerecord}/railtie.rb

@@ -4,8 +4,8 @@ module Loofah::ActiveRecord
     initializer "loofah-activerecord.initialize" do |app|
       activerecord_railtie = app.railties.all.select {|railtie| railtie.class.to_s == "ActiveRecord::Railtie" }
       if activerecord_railtie
-        require 'loofah-activerecord/active_record'
-        require 'loofah-activerecord/xss_foliate'
+        require 'loofah/activerecord/active_record'
+        require 'loofah/activerecord/xss_foliate'
       end
     end
   end

data/lib/{loofah-activerecord → loofah/activerecord}/xss_foliate.rb

@@ -88,6 +88,13 @@ module Loofah
       REAL_OPTIONS = VALID_OPTIONS - ALIASED_OPTIONS.keys
       # :startdoc:
 
+      def self.extended(base)
+        # Rails 3.0 and later
+        if base.respond_to?(:class_attribute)
+          base.send(:class_attribute, :xss_foliate_options)
+        end
+      end
+
       #
       #  Annotate your model with this method to specify which fields
       #  you want scrubbed, and how you want them scrubbed. XssFoliate
@@ -120,7 +127,10 @@ module Loofah
       #
       def xss_foliate(options = {})
         callback_already_declared = \
-        if respond_to?(:before_validation_callback_chain)
+        if respond_to?(:class_attribute)
+          # Rails 3.0 and later
+          false
+        elsif respond_to?(:before_validation_callback_chain)
           # Rails 2.1 and later
           before_validation_callback_chain.any? {|cb| cb.method == :xss_foliate_fields}
         else
@@ -131,7 +141,10 @@ module Loofah
 
         unless callback_already_declared
           before_validation        :xss_foliate_fields
-          class_inheritable_reader :xss_foliate_options
+          unless respond_to?(:class_attribute)
+            # Rails 3.0 and later
+            class_inheritable_reader :xss_foliate_options
+          end
           include XssFoliate::InstanceMethods
         end
 
@@ -147,7 +160,12 @@ module Loofah
           options[real] += Array(options.delete(option)).collect { |val| val.to_sym } if options[option]
         end
 
-        write_inheritable_attribute(:xss_foliate_options, options)
+        if respond_to?(:class_attribute)
+          # Rails 3.0 and later
+          self.xss_foliate_options = options
+        else
+          write_inheritable_attribute(:xss_foliate_options, options)
+        end
       end
 
       #
@@ -155,7 +173,13 @@ module Loofah
       #  xss_foliation to its attributes. Could be useful in test suites.
       #
       def xss_foliated?
-        options = read_inheritable_attribute(:xss_foliate_options)
+        options =
+          if respond_to?(:class_attribute)
+            # Rails 3.0 and later
+            xss_foliate_options
+          else
+            read_inheritable_attribute(:xss_foliate_options)
+          end
         ! (options.nil? || options.empty?)
       end
     end

data/rails_test/Rakefile

@@ -1,63 +1,118 @@
-def run(cmd)
-  puts "* running: #{cmd}"
-  system cmd
-  raise "ERROR running command" unless $? == 0
-end
+namespace "test" do
+  require "bundler"
+  require "yaml"
+
+  def gem_versions_for rails_version
+    mm = rails_version.split(".")[0,2].join(".")
+    YAML.load_file("gem-versions.yml")[mm]
+  end
 
-def setup_rails_app dir
-  dir =~ /rails-([^-]+)-(.*)/
-  version, flavor = $1, $2
-  run "./generate_test_directory #{version} #{flavor}"
-  bundler_cache = File.expand_path("bundler_cache")
-  Dir.chdir dir do
-    File.open("Gemfile", "w") do |gemfile|
-      gemfile.write <<-GEM
-        source :gemcutter
-        gem "rails", "=#{version}"
-        gem "loofah", :path => File.join(File.dirname(__FILE__),"../../../loofah")
-        gem "loofah-activerecord", :path => File.join(File.dirname(__FILE__),"../..")
-        gem "sqlite3-ruby", :require => "sqlite3"
-      GEM
+  def ruby_version_for rails_version
+    mmp = if rails_version =~ /^([12]\.|3\.0)/
+            "1.8.7"
+          else
+            "1.9.3"
+          end
+
+    rbenv_versions = `rbenv versions`.split("\n").map do |line|
+      line[2..-1].split.first
     end
-    run "bundle install --path=#{bundler_cache}"
+
+    desired_version = rbenv_versions.reverse.select do |rbenv_version|
+      rbenv_version =~ /^#{mmp}/
+    end.first
+
+    raise "ERROR: No Ruby version matching #{mmp} installed with rbenv" if desired_version.nil?
+
+    desired_version
   end
-end
 
-def test_rails_app dir
-  @results ||= {}
-  Dir.chdir(dir) do
-    ENV['RAILS_ENV'] = "test"
-    FileUtils.mkdir_p "log"
+  def dir_to_version_and_flavor dir
+    dir =~ /rails-([^-]+)-(.*)/
+    return [$1, $2]
+  end
+
+  def run(cmd, rbenv_version=nil)
+    puts "* running: #{cmd}"
     begin
-      run "touch db/test.sqlite3" # db:create doesn't exist before rails 2.0
-      run "bundle exec rake db:migrate test:units"
-    rescue Object
-      @results[dir] = "FAIL"
-    else
-      @results[dir] = "SUCCESS"
+      if rbenv_version
+        puts "  (with ruby version #{rbenv_version})"
+        ENV['RBENV_VERSION'] = rbenv_version
+        cmd = "rbenv exec #{cmd}"
+      end
+      system cmd
+    ensure
+      ENV.delete('RBENV_VERSION')
     end
+    raise "ERROR running command" unless $? == 0
   end
-end
 
-def print_results
-  puts "----- RESULTS -----"
-  @results.keys.sort.each do |key|
-    puts "* #{key}: #{@results[key]}"
+  def setup_rails_app dir
+    version, flavor = *(dir_to_version_and_flavor dir)
+    ruby_version = ruby_version_for version
+
+    run "./generate_test_directory #{version} #{flavor}"
+    bundler_cache = File.expand_path("bundler_cache")
+    snowflakes = Array gem_versions_for(version)
+    Dir.chdir dir do
+      File.open("Gemfile", "w") do |gemfile|
+        gemfile.write <<-GEM
+          source :gemcutter
+          gem "rails", "=#{version}"
+          gem "loofah", :path => File.join(File.dirname(__FILE__),"../../../loofah")
+          gem "loofah-activerecord", :path => File.join(File.dirname(__FILE__),"../..")
+          gem "sqlite3-ruby", :require => "sqlite3"
+        GEM
+        snowflakes.each { |name, versionspec| gemfile.puts %Q{gem "#{name}", "#{versionspec}"} }
+      end
+      FileUtils.rm_f "Gemfile.lock"
+      Bundler.with_clean_env do
+        begin
+          run "bundle install --quiet --local --path=#{bundler_cache}", ruby_version
+        rescue
+          run "bundle install --quiet --path=#{bundler_cache}", ruby_version
+        end
+      end
+    end
   end
-end
 
-Dir["#{File.dirname(__FILE__)}/rails-*"].sort.each do |fqdir|
-  dir = File.basename fqdir
-  desc "test #{dir}"
-  task "test:#{dir}" do
-    Dir.chdir(File.dirname(__FILE__)) do
-      setup_rails_app dir
-      test_rails_app dir
+  def test_rails_app dir
+    version, flavor = *(dir_to_version_and_flavor dir)
+    ruby_version = ruby_version_for version
+
+    @results ||= {}
+    Dir.chdir(dir) do
+      ENV['RAILS_ENV'] = "test"
+      FileUtils.mkdir_p "log"
+      begin
+        run "touch db/test.sqlite3" # db:create doesn't exist before rails 2.0
+        Bundler.with_clean_env { run "bundle exec rake db:migrate test:units", ruby_version }
+      rescue Object
+        @results[dir] = "FAIL"
+      else
+        @results[dir] = "SUCCESS"
+      end
+    end
+  end
+
+  def print_results
+    puts "----- RESULTS -----"
+    @results.keys.sort.each do |key|
+      puts "* #{key}: #{@results[key]}"
+    end
+  end
+
+  Dir["#{File.dirname(__FILE__)}/rails-*"].sort.each do |fqdir|
+    dir = File.basename fqdir
+    desc "test #{dir}"
+    task "#{dir}" do
+      Dir.chdir(File.dirname(__FILE__)) do
+        setup_rails_app dir
+        test_rails_app dir
+      end
     end
   end
-end
 
-namespace :test do
   desc "run tests across various versions of Rails"
   task :rails do
     Dir["#{File.dirname(__FILE__)}/rails-*"].sort.reverse.each do |fqdir|