loofah 0.4.4 → 0.4.5

data/Manifest.txt

@@ -25,10 +25,12 @@ lib/loofah/xml/document_fragment.rb
 lib/loofah/xss_foliate.rb
 test/helper.rb
 test/html5/test_sanitizer.rb
-test/test_active_record.rb
-test/test_ad_hoc.rb
-test/test_api.rb
-test/test_helpers.rb
-test/test_scrubber.rb
-test/test_scrubbers.rb
-test/test_xss_foliate.rb
+test/integration/test_ad_hoc.rb
+test/integration/test_helpers.rb
+test/integration/test_scrubbers.rb
+test/unit/test_active_record.rb
+test/unit/test_api.rb
+test/unit/test_helpers.rb
+test/unit/test_scrubber.rb
+test/unit/test_scrubbers.rb
+test/unit/test_xss_foliate.rb

data/lib/loofah.rb

@@ -26,7 +26,7 @@ require 'loofah/helpers'
 #
 module Loofah
   # The version of Loofah you are using
-  VERSION = '0.4.4'
+  VERSION = '0.4.5'
 
   # The minimum required version of Nokogiri
   REQUIRED_NOKOGIRI_VERSION = '1.3.3'

data/lib/loofah/html/document.rb

@@ -10,10 +10,11 @@ module Loofah
       include Loofah::DocumentDecorator
 
       #
-      #  Returns a plain-text version of the markup contained by the document
+      #  Returns a plain-text version of the markup contained by the document,
+      #  with HTML entities encoded.
       #
       def text
-        xpath("/html/body").inner_text
+        encode_special_chars xpath("/html/body").inner_text
       end
       alias :inner_text :text
       alias :to_str     :text

data/lib/loofah/html/document_fragment.rb

@@ -6,8 +6,6 @@ module Loofah
     #  See Loofah::ScrubBehavior for additional methods.
     #
     class DocumentFragment < Nokogiri::HTML::DocumentFragment
-      include Loofah::ScrubBehavior::Node
-
       class << self
         #
         #  Overridden Nokogiri::HTML::DocumentFragment
@@ -31,7 +29,7 @@ module Loofah
       #  Returns a plain-text version of the markup contained by the fragment
       #
       def text
-        serialize_roots.children.inner_text
+        encode_special_chars serialize_roots.children.inner_text
       end
       alias :inner_text :text
       alias :to_str     :text

data/lib/loofah/xml/document_fragment.rb

@@ -6,8 +6,6 @@ module Loofah
     #  See Loofah::ScrubBehavior for additional methods.
     #
     class DocumentFragment < Nokogiri::XML::DocumentFragment
-      include Loofah::ScrubBehavior::Node
-
       class << self
         #
         #  Overridden Nokogiri::XML::DocumentFragment

data/test/{test_ad_hoc.rb → integration/test_ad_hoc.rb}

@@ -1,109 +1,94 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
 
 class TestAdHoc < Test::Unit::TestCase
 
-  def test_empty_string_with_escape
-    assert_equal "", Loofah.scrub_fragment("", :escape).to_xml
-  end
-
-  def test_empty_string_with_prune
-    assert_equal Loofah.scrub_document("", :prune).text, ""
-  end
-
-  def test_xml_document_scrub
-    xml = Loofah.xml_document <<-EOXML
-    <root>
-      <employee deceased='true'>Abraham Lincoln</employee>
-      <employee deceased='false'>Abe Vigoda</employee>
-    </root>
-    EOXML
-    bring_out_your_dead = Loofah::Scrubber.new do |node|
-      if node.name == "employee" and node["deceased"] == "true"
-        node.remove
-        Loofah::Scrubber::STOP # don't bother with the rest of the subtree
+  context "blank input string" do
+    context "fragment" do
+      should "return a blank string" do
+        assert_equal "", Loofah.scrub_fragment("", :prune).to_s
       end
     end
-    assert_equal 2, xml.css("employee").length
-    
-    xml.scrub!(bring_out_your_dead)
-
-    employees = xml.css "employee"
-    assert_equal 1, employees.length
-    assert_equal "Abe Vigoda", employees.first.inner_text
-  end
 
-  def test_xml_fragment_scrub
-    xml = Loofah.xml_fragment <<-EOXML
-      <employee deceased='true'>Abraham Lincoln</employee>
-      <employee deceased='false'>Abe Vigoda</employee>
-    EOXML
-    bring_out_your_dead = Loofah::Scrubber.new do |node|
-      if node.name == "employee" and node["deceased"] == "true"
-        node.remove
-        Loofah::Scrubber::STOP # don't bother with the rest of the subtree
+    context "document" do
+      should "return a blank string" do
+        assert_equal "", Loofah.scrub_document("", :prune).root.to_s
       end
     end
-    assert_equal 2, xml.css("employee").length
-    
-    xml.scrub!(bring_out_your_dead)
-
-    employees = xml.css "employee"
-    assert_equal 1, employees.length
-    assert_equal "Abe Vigoda", employees.first.inner_text
   end
 
-  def test_html_fragment_to_s_should_not_include_head_tags
-    html = Loofah.fragment "<style>foo</style><div>bar</div>"
-    assert_equal "<div>bar</div>", html.to_s
-  end
+  context "integration test" do
+    context "xml document" do
+      context "custom scrubber" do
+        should "act as expected" do
+          xml = Loofah.xml_document <<-EOXML
+            <root>
+              <employee deceased='true'>Abraham Lincoln</employee>
+              <employee deceased='false'>Abe Vigoda</employee>
+            </root>
+          EOXML
+          bring_out_your_dead = Loofah::Scrubber.new do |node|
+            if node.name == "employee" and node["deceased"] == "true"
+              node.remove
+              Loofah::Scrubber::STOP # don't bother with the rest of the subtree
+            end
+          end
+          assert_equal 2, xml.css("employee").length
+          
+          xml.scrub!(bring_out_your_dead)
+
+          employees = xml.css "employee"
+          assert_equal 1, employees.length
+          assert_equal "Abe Vigoda", employees.first.inner_text
+        end
+      end
+    end
 
-  def test_html_fragment_text_should_not_include_head_tags
-    html = Loofah.fragment "<style>foo</style><div>bar</div>"
-    assert_equal "bar", html.text
-  end
+    context "xml fragment" do
+      context "custom scrubber" do
+        should "act as expected" do
+          xml = Loofah.xml_fragment <<-EOXML
+            <employee deceased='true'>Abraham Lincoln</employee>
+            <employee deceased='false'>Abe Vigoda</employee>
+          EOXML
+          bring_out_your_dead = Loofah::Scrubber.new do |node|
+            if node.name == "employee" and node["deceased"] == "true"
+              node.remove
+              Loofah::Scrubber::STOP # don't bother with the rest of the subtree
+            end
+          end
+          assert_equal 2, xml.css("employee").length
+          
+          xml.scrub!(bring_out_your_dead)
+
+          employees = xml.css "employee"
+          assert_equal 1, employees.length
+          assert_equal "Abe Vigoda", employees.first.inner_text
+        end
+      end
+    end
 
-  def test_html_document_text_should_not_include_head_tags
-    html = Loofah.document "<style>foo</style><div>bar</div>"
-    assert_equal "bar", html.text
-  end
+    context "html fragment" do
+      context "#to_s" do
+        should "not include head tags (like style)" do
+          html = Loofah.fragment "<style>foo</style><div>bar</div>"
+          assert_equal "<div>bar</div>", html.to_s
+        end
+      end
 
-  def test_node_scrub_should_only_scrub_subtree
-    xml = Loofah.document <<-EOHTML
-    <html><body>
-      <div class='scrub'>
-        <script>I should be removed</script>
-      </div>
-      <div class='noscrub'>
-        <script>I should remain</script>
-      </div>
-    </body></html>
-    EOHTML
-    node = xml.at_css "div.scrub"
-    node.scrub!(:prune)
-    assert_contains         xml.to_s, /I should remain/
-    assert_does_not_contain xml.to_s, /I should be removed/
-  end
+      context "#text" do
+        should "not include head tags (like style)" do
+          html = Loofah.fragment "<style>foo</style><div>bar</div>"
+          assert_equal "bar", html.text
+        end
+      end
+    end
 
-  def test_nodeset_scrub_should_only_scrub_subtrees
-    xml = Loofah.document <<-EOHTML
-    <html><body>
-      <div class='scrub'>
-        <script>I should be removed</script>
-      </div>
-      <div class='noscrub'>
-        <script>I should remain</script>
-      </div>
-      <div class='scrub'>
-        <script>I should also be removed</script>
-      </div>
-    </body></html>
-    EOHTML
-    node_set = xml.css "div.scrub"
-    assert_equal 2, node_set.length
-    node_set.scrub!(:prune)
-    assert_contains         xml.to_s, /I should remain/
-    assert_does_not_contain xml.to_s, /I should be removed/
-    assert_does_not_contain xml.to_s, /I should also be removed/
+    context "html document" do
+      should "not include head tags (like style)" do
+        html = Loofah.document "<style>foo</style><div>bar</div>"
+        assert_equal "bar", html.text
+      end
+    end
   end
 
   def test_removal_of_illegal_tag
@@ -263,9 +248,4 @@ mso-bidi-language:#0400;}
     html = "<p>Foo</p>\n<p>Bar</p>"
     assert_equal "Foo\nBar", Loofah.scrub_document(html, :prune).text
   end
-
-  def test_removal_of_entities
-    html = "<p>this is &lt; that &quot;&amp;&quot; the other &gt; boo&apos;ya</p>"
-    assert_equal 'this is < that "&" the other > boo\'ya', Loofah.scrub_document(html, :prune).text
-  end
 end

data/test/integration/test_helpers.rb

@@ -0,0 +1,33 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
+
+class TestHelpers < Test::Unit::TestCase
+  context "#strip_tags" do
+    context "on safe markup" do
+      should "strip out tags" do
+        assert_equal "omgwtfbbq!!1!", Loofah::Helpers.strip_tags("<div>omgwtfbbq</div><span>!!1!</span>")
+      end
+    end
+
+    context "on hack attack" do
+      should "strip escape html entities" do
+        bad_shit = "&lt;script&gt;alert('evil')&lt;/script&gt;"
+        assert_equal bad_shit, Loofah::Helpers.strip_tags(bad_shit)
+      end
+    end
+  end
+
+  context "#sanitize" do
+    context "on safe markup" do
+      should "render the safe html" do
+        html = "<div>omgwtfbbq</div><span>!!1!</span>"
+        assert_equal html, Loofah::Helpers.sanitize(html)
+      end
+    end
+
+    context "on hack attack" do
+      should "strip the unsafe tags" do
+        assert_equal "alert('evil')<span>w00t</span>", Loofah::Helpers.sanitize("<script>alert('evil')</script><span>w00t</span>")
+      end
+    end
+  end
+end

data/test/integration/test_scrubbers.rb

@@ -0,0 +1,294 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
+
+class TestScrubbers < Test::Unit::TestCase
+
+  INVALID_FRAGMENT = "<invalid>foo<p>bar</p>bazz</invalid><div>quux</div>"
+  INVALID_ESCAPED  = "&lt;invalid&gt;foo&lt;p&gt;bar&lt;/p&gt;bazz&lt;/invalid&gt;<div>quux</div>"
+  INVALID_PRUNED   = "<div>quux</div>"
+  INVALID_STRIPPED = "foo<p>bar</p>bazz<div>quux</div>"
+
+  WHITEWASH_FRAGMENT = "<o:div>no</o:div><div id='no'>foo</div><invalid>bar</invalid>"
+  WHITEWASH_RESULT   = "<div>foo</div>"
+
+  NOFOLLOW_FRAGMENT = '<a href="http://www.example.com/">Click here</a>'
+  NOFOLLOW_RESULT   = '<a href="http://www.example.com/" rel="nofollow">Click here</a>'
+
+  ENTITY_FRAGMENT   = "<p>this is &lt; that &quot;&amp;&quot; the other &gt; boo&apos;ya</p><div>w00t</div>"
+  ENTITY_TEXT       = %Q(this is < that "&" the other > boo\'yaw00t)
+
+  ENTITY_HACK_ATTACK            = "<div><div>Hack attack!</div><div>&lt;script&gt;alert('evil')&lt;/script&gt;</div></div>"
+  ENTITY_HACK_ATTACK_TEXT_SCRUB = "Hack attack!&lt;script&gt;alert('evil')&lt;/script&gt;"
+
+  context "Document" do
+    context "#scrub!" do
+      context ":escape" do
+        should "escape bad tags" do
+          doc = Loofah::HTML::Document.parse "<html><body>#{INVALID_FRAGMENT}</body></html>"
+          result = doc.scrub! :escape
+
+          assert_equal INVALID_ESCAPED, doc.xpath('/html/body').inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":prune" do
+        should "prune bad tags" do
+          doc = Loofah::HTML::Document.parse "<html><body>#{INVALID_FRAGMENT}</body></html>"
+          result = doc.scrub! :prune
+
+          assert_equal INVALID_PRUNED, doc.xpath('/html/body').inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":strip" do
+        should "strip bad tags" do
+          doc = Loofah::HTML::Document.parse "<html><body>#{INVALID_FRAGMENT}</body></html>"
+          result = doc.scrub! :strip
+
+          assert_equal INVALID_STRIPPED, doc.xpath('/html/body').inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":whitewash" do
+        should "whitewash the markup" do
+          doc = Loofah::HTML::Document.parse "<html><body>#{WHITEWASH_FRAGMENT}</body></html>"
+          result = doc.scrub! :whitewash
+
+          assert_equal WHITEWASH_RESULT, doc.xpath('/html/body').inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":nofollow" do
+        should "add a 'nofollow' attribute to hyperlinks" do
+          doc = Loofah::HTML::Document.parse "<html><body>#{NOFOLLOW_FRAGMENT}</body></html>"
+          result = doc.scrub! :nofollow
+
+          assert_equal NOFOLLOW_RESULT, doc.xpath('/html/body').inner_html
+          assert_equal doc, result
+        end
+      end
+    end
+
+    context "#scrub_document" do
+      should "be a shortcut for parse-and-scrub" do
+        mock_doc = mock
+        Loofah.expects(:document).with(:string_or_io).returns(mock_doc)
+        mock_doc.expects(:scrub!).with(:method)
+
+        Loofah.scrub_document(:string_or_io, :method)
+      end
+    end
+
+    context "#text" do
+      should "leave behind only inner text with html entities still escaped" do
+        doc = Loofah::HTML::Document.parse "<html><body>#{ENTITY_HACK_ATTACK}</body></html>"
+        result = doc.text
+
+        assert_equal ENTITY_HACK_ATTACK_TEXT_SCRUB, result
+      end
+    end
+
+    context "#to_s" do
+      should "generate HTML" do
+        doc = Loofah.scrub_document "<html><head><title>quux</title></head><body><div>foo</div></body></html>", :prune
+        assert_not_nil doc.xpath("/html").first
+        assert_not_nil doc.xpath("/html/head").first
+        assert_not_nil doc.xpath("/html/body").first
+
+        string = doc.to_s
+        assert_contains string, /<!DOCTYPE/
+        assert_contains string, /<html>/
+        assert_contains string, /<head>/
+        assert_contains string, /<body>/
+      end
+    end
+
+    context "#serialize" do
+      should "generate HTML" do
+        doc = Loofah.scrub_document "<html><head><title>quux</title></head><body><div>foo</div></body></html>", :prune
+        assert_not_nil doc.xpath("/html").first
+        assert_not_nil doc.xpath("/html/head").first
+        assert_not_nil doc.xpath("/html/body").first
+
+        string = doc.serialize
+        assert_contains string, /<!DOCTYPE/
+        assert_contains string, /<html>/
+        assert_contains string, /<head>/
+        assert_contains string, /<body>/
+      end
+    end
+
+    context "Node" do
+      context "#scrub!" do
+        should "only scrub subtree" do
+          xml = Loofah.document <<-EOHTML
+           <html><body>
+             <div class='scrub'>
+               <script>I should be removed</script>
+             </div>
+             <div class='noscrub'>
+               <script>I should remain</script>
+             </div>
+           </body></html>
+          EOHTML
+          node = xml.at_css "div.scrub"
+          node.scrub!(:prune)
+          assert_contains         xml.to_s, /I should remain/
+          assert_does_not_contain xml.to_s, /I should be removed/
+        end
+      end
+    end
+
+    context "NodeSet" do
+      context "#scrub!" do
+        should "only scrub subtrees" do
+          xml = Loofah.document <<-EOHTML
+            <html><body>
+              <div class='scrub'>
+                <script>I should be removed</script>
+              </div>
+              <div class='noscrub'>
+                <script>I should remain</script>
+              </div>
+              <div class='scrub'>
+                <script>I should also be removed</script>
+              </div>
+            </body></html>
+          EOHTML
+          node_set = xml.css "div.scrub"
+          assert_equal 2, node_set.length
+          node_set.scrub!(:prune)
+          assert_contains         xml.to_s, /I should remain/
+          assert_does_not_contain xml.to_s, /I should be removed/
+          assert_does_not_contain xml.to_s, /I should also be removed/
+        end
+      end
+    end
+  end
+  
+  context "DocumentFragment" do
+    context "#scrub!" do
+      context ":escape" do
+        should "escape bad tags" do
+          doc = Loofah::HTML::DocumentFragment.parse "<div>#{INVALID_FRAGMENT}</div>"
+          result = doc.scrub! :escape
+
+          assert_equal INVALID_ESCAPED, doc.xpath("./div").inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":prune" do
+        should "prune bad tags" do
+          doc = Loofah::HTML::DocumentFragment.parse "<div>#{INVALID_FRAGMENT}</div>"
+          result = doc.scrub! :prune
+
+          assert_equal INVALID_PRUNED, doc.xpath("./div").inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":strip" do
+        should "strip bad tags" do
+          doc = Loofah::HTML::DocumentFragment.parse "<div>#{INVALID_FRAGMENT}</div>"
+          result = doc.scrub! :strip
+
+          assert_equal INVALID_STRIPPED, doc.xpath("./div").inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":whitewash" do
+        should "whitewash the markup" do
+          doc = Loofah::HTML::DocumentFragment.parse "<div>#{WHITEWASH_FRAGMENT}</div>"
+          result = doc.scrub! :whitewash
+
+          assert_equal WHITEWASH_RESULT, doc.xpath("./div").inner_html
+          assert_equal doc, result
+        end
+      end
+
+      context ":nofollow" do
+        should "add a 'nofollow' attribute to hyperlinks" do
+          doc = Loofah::HTML::DocumentFragment.parse "<div>#{NOFOLLOW_FRAGMENT}</div>"
+          result = doc.scrub! :nofollow
+
+          assert_equal NOFOLLOW_RESULT, doc.xpath("./div").inner_html
+          assert_equal doc, result
+        end
+      end
+    end
+
+    context "#scrub_fragment" do
+      should "be a shortcut for parse-and-scrub" do
+        mock_doc = mock
+        Loofah.expects(:fragment).with(:string_or_io).returns(mock_doc)
+        mock_doc.expects(:scrub!).with(:method)
+
+        Loofah.scrub_fragment(:string_or_io, :method)
+      end
+    end
+
+    context "#text" do
+      should "leave behind only inner text with html entities still escaped" do
+        doc = Loofah::HTML::DocumentFragment.parse "<div>#{ENTITY_HACK_ATTACK}</div>"
+        result = doc.text
+
+        assert_equal ENTITY_HACK_ATTACK_TEXT_SCRUB, result
+      end
+    end
+
+    context "#to_s" do
+      should "not remove entities" do
+        string = Loofah.scrub_fragment(ENTITY_FRAGMENT, :prune).to_s
+        assert_contains string, /this is &lt;/
+      end
+    end
+
+    context "Node" do
+      context "#scrub!" do
+        should "only scrub subtree" do
+          xml = Loofah.fragment <<-EOHTML
+            <div class='scrub'>
+              <script>I should be removed</script>
+            </div>
+            <div class='noscrub'>
+              <script>I should remain</script>
+            </div>
+          EOHTML
+          node = xml.at_css "div.scrub"
+          node.scrub!(:prune)
+          assert_contains         xml.to_s, /I should remain/
+          assert_does_not_contain xml.to_s, /I should be removed/
+        end
+      end
+    end
+
+    context "NodeSet" do
+      context "#scrub!" do
+        should "only scrub subtrees" do
+          xml = Loofah.fragment <<-EOHTML
+            <div class='scrub'>
+              <script>I should be removed</script>
+            </div>
+            <div class='noscrub'>
+              <script>I should remain</script>
+            </div>
+            <div class='scrub'>
+              <script>I should also be removed</script>
+            </div>
+          EOHTML
+          node_set = xml.css "div.scrub"
+          assert_equal 2, node_set.length
+          node_set.scrub!(:prune)
+          assert_contains         xml.to_s, /I should remain/
+          assert_does_not_contain xml.to_s, /I should be removed/
+          assert_does_not_contain xml.to_s, /I should also be removed/
+        end
+      end
+    end
+  end
+end

data/test/{test_active_record.rb → unit/test_active_record.rb}

@@ -1,14 +1,13 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
 
 require 'loofah/active_record'
 
 class TestActiveRecord < Test::Unit::TestCase
 
   HTML_STRING = "<div>omgwtfbbq</div>"
-  PLAIN_TEXT = "vanilla text"
+  PLAIN_TEXT  = "vanilla text"
 
   context "with a Post model" do
-
     setup do
       ActsAsFu.build_model(:posts) do
         string :plain_text
@@ -26,7 +25,7 @@ class TestActiveRecord < Test::Unit::TestCase
 
         should "scrub the specified field" do
           Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).never
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :prune).never
           @post.valid?
         end
 
@@ -37,7 +36,7 @@ class TestActiveRecord < Test::Unit::TestCase
 
         should "generate strings" do
           @post.valid?
-          assert_equal String, @post.html_string.class
+          assert_equal String,      @post.html_string.class
           assert_equal HTML_STRING, @post.html_string
         end
       end
@@ -51,7 +50,7 @@ class TestActiveRecord < Test::Unit::TestCase
 
         should "scrub the specified field" do
           Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).never
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :prune).never
           @post.valid?
         end
       end
@@ -66,7 +65,7 @@ class TestActiveRecord < Test::Unit::TestCase
 
         should "scrub the specified field, but not other fields" do
           Loofah.expects(:scrub_document).with(HTML_STRING, :strip).once
-          Loofah.expects(:scrub_document).with(PLAIN_TEXT, :strip).never
+          Loofah.expects(:scrub_document).with(PLAIN_TEXT,  :strip).never
           @post.valid?
         end
 
@@ -89,7 +88,7 @@ class TestActiveRecord < Test::Unit::TestCase
 
         should "scrub the specified field, but not other fields" do
           Loofah.expects(:scrub_document).with(HTML_STRING, :strip).once
-          Loofah.expects(:scrub_document).with(PLAIN_TEXT, :strip).never
+          Loofah.expects(:scrub_document).with(PLAIN_TEXT,  :strip).never
           @post.valid?
         end
       end
@@ -140,7 +139,5 @@ class TestActiveRecord < Test::Unit::TestCase
         assert @called
       end
     end
-
   end
-
 end

data/test/{test_api.rb → unit/test_api.rb}

@@ -1,4 +1,4 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
 
 class TestApi < Test::Unit::TestCase
 

data/test/{test_helpers.rb → unit/test_helpers.rb}

@@ -1,10 +1,10 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
 
 class TestHelpers < Test::Unit::TestCase
 
   HTML_STRING = "<div>omgwtfbbq</div>"
 
-  context "when calling strip_tags" do
+  context "#strip_tags" do
     should "invoke Loofah.fragment.text" do
       mock_doc = mock
       Loofah.expects(:fragment).with(HTML_STRING).returns(mock_doc)
@@ -14,8 +14,8 @@ class TestHelpers < Test::Unit::TestCase
     end
   end
 
-  context "when calling sanitize" do
-    should "invoke Loofah.scrub_fragment(:escape).to_s" do
+  context "#sanitize" do
+    should "invoke Loofah.scrub_fragment(:strip).to_s" do
       mock_doc = mock
       Loofah.expects(:fragment).with(HTML_STRING).returns(mock_doc)
       mock_doc.expects(:scrub!).with(:strip).returns(mock_doc)
@@ -24,5 +24,4 @@ class TestHelpers < Test::Unit::TestCase
       Loofah::Helpers.sanitize HTML_STRING
     end
   end
-
 end

data/test/{test_scrubber.rb → unit/test_scrubber.rb}

@@ -1,4 +1,4 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
 
 class TestScrubber < Test::Unit::TestCase
 
@@ -147,10 +147,12 @@ class TestScrubber < Test::Unit::TestCase
     setup do
       @klass = Class.new(Loofah::Scrubber) do
         attr_accessor :count
+
         def initialize(direction=nil)
           @direction = direction
           @count = 0
         end
+
         def scrub(node)
           @count += 1
           Loofah::Scrubber::STOP

data/test/unit/test_scrubbers.rb

@@ -0,0 +1,14 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
+
+class TestScrubbers < Test::Unit::TestCase
+  [ Loofah::HTML::Document, Loofah::HTML::DocumentFragment ].each do |klass|
+    context klass do
+      context "bad scrub method" do
+        should "raise a ScrubberNotFound exception" do
+          doc = klass.parse "<p>foo</p>"
+          assert_raises(Loofah::ScrubberNotFound) { doc.scrub! :frippery }
+        end
+      end
+    end
+  end
+end

data/test/{test_xss_foliate.rb → unit/test_xss_foliate.rb}

@@ -1,4 +1,4 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'helper'))
 
 class TestXssFoliate < Test::Unit::TestCase
 
@@ -59,8 +59,8 @@ class TestXssFoliate < Test::Unit::TestCase
         should "calls the right scrubber" do
           assert_nothing_raised(ArgumentError) { Post.xss_foliate :prune => :plain_text }
           Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
-          assert new_post.valid?
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :prune).once
+          new_post.valid?
         end
       end
 
@@ -70,8 +70,8 @@ class TestXssFoliate < Test::Unit::TestCase
             Post.xss_foliate :prune => [:plain_text, :html_string]
           }
           Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
-          assert new_post.valid?
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :prune).once
+          new_post.valid?
         end
       end
 
@@ -79,8 +79,8 @@ class TestXssFoliate < Test::Unit::TestCase
         should "calls the right scrubber" do
           assert_nothing_raised(ArgumentError) { Post.xss_foliate :prune => 'plain_text' }
           Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
-          assert new_post.valid?
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :prune).once
+          new_post.valid?
         end
       end
 
@@ -90,8 +90,8 @@ class TestXssFoliate < Test::Unit::TestCase
             Post.xss_foliate :prune => ['plain_text', 'html_string']
           }
           Loofah.expects(:scrub_fragment).with(HTML_STRING, :prune).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).once
-          assert new_post.valid?
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :prune).once
+          new_post.valid?
         end
       end
     end
@@ -104,8 +104,8 @@ class TestXssFoliate < Test::Unit::TestCase
 
         should "scrub all fields" do
           mock_doc = mock
-          Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).once.returns(mock_doc)
+          Loofah.expects(:scrub_fragment).with(HTML_STRING,   :strip).once.returns(mock_doc)
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,    :strip).once.returns(mock_doc)
           Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
           mock_doc.expects(:to_s).twice
           assert new_post.valid?
@@ -119,11 +119,11 @@ class TestXssFoliate < Test::Unit::TestCase
 
         should "not scrub omitted field" do
           mock_doc = mock
-          Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).never
+          Loofah.expects(:scrub_fragment).with(HTML_STRING,   :strip).once.returns(mock_doc)
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,    :strip).never
           Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
           mock_doc.expects(:to_s).once
-          assert new_post.valid?
+          new_post.valid?
         end
       end
 
@@ -135,11 +135,11 @@ class TestXssFoliate < Test::Unit::TestCase
 
           should "not that field appropriately" do
             mock_doc = mock
-            Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once.returns(mock_doc)
-            Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, method).once.returns(mock_doc)
+            Loofah.expects(:scrub_fragment).with(HTML_STRING,   :strip).once.returns(mock_doc)
+            Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,    method).once.returns(mock_doc)
             Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
             mock_doc.expects(:to_s).twice
-            assert new_post.valid?
+            new_post.valid?
           end
         end
       end
@@ -150,10 +150,10 @@ class TestXssFoliate < Test::Unit::TestCase
         end
 
         should "not that field appropriately" do
-          Loofah.expects(:scrub_fragment).with(HTML_STRING, :strip).once
-          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :escape).once
-          Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip).never
-          assert new_post.valid?
+          Loofah.expects(:scrub_fragment).with(HTML_STRING,   :strip) .once
+          Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,    :escape).once
+          Loofah.expects(:scrub_fragment).with(INTEGER_VALUE, :strip) .never
+          new_post.valid?
         end
       end
     end
@@ -166,7 +166,7 @@ class TestXssFoliate < Test::Unit::TestCase
 
       should "not be valid after sanitizing" do
         Loofah.expects(:scrub_fragment).with(WHITESPACEY, :strip).once
-        Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :strip).once
+        Loofah.expects(:scrub_fragment).with(PLAIN_TEXT,  :strip).once
         assert ! new_post(:html_string => WHITESPACEY).valid?
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: loofah
 version: !ruby/object:Gem::Version 
-  version: 0.4.4
+  version: 0.4.5
 platform: ruby
 authors: 
 - Mike Dalessio
@@ -31,7 +31,7 @@ cert_chain:
   FlqnTjy13J3nD30uxy9a1g==
   -----END CERTIFICATE-----
 
-date: 2010-02-01 00:00:00 -05:00
+date: 2010-02-02 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -135,13 +135,15 @@ files:
 - lib/loofah/xss_foliate.rb
 - test/helper.rb
 - test/html5/test_sanitizer.rb
-- test/test_active_record.rb
-- test/test_ad_hoc.rb
-- test/test_api.rb
-- test/test_helpers.rb
-- test/test_scrubber.rb
-- test/test_scrubbers.rb
-- test/test_xss_foliate.rb
+- test/integration/test_ad_hoc.rb
+- test/integration/test_helpers.rb
+- test/integration/test_scrubbers.rb
+- test/unit/test_active_record.rb
+- test/unit/test_api.rb
+- test/unit/test_helpers.rb
+- test/unit/test_scrubber.rb
+- test/unit/test_scrubbers.rb
+- test/unit/test_xss_foliate.rb
 has_rdoc: true
 homepage: http://github.com/flavorjones/loofah
 licenses: []
@@ -172,11 +174,13 @@ signing_key:
 specification_version: 3
 summary: Loofah is a general library for manipulating HTML/XML documents and fragments
 test_files: 
-- test/test_xss_foliate.rb
-- test/test_helpers.rb
-- test/test_scrubber.rb
-- test/test_scrubbers.rb
-- test/test_api.rb
-- test/test_ad_hoc.rb
+- test/integration/test_helpers.rb
+- test/integration/test_scrubbers.rb
+- test/integration/test_ad_hoc.rb
+- test/unit/test_xss_foliate.rb
+- test/unit/test_helpers.rb
+- test/unit/test_scrubber.rb
+- test/unit/test_scrubbers.rb
+- test/unit/test_api.rb
+- test/unit/test_active_record.rb
 - test/html5/test_sanitizer.rb
-- test/test_active_record.rb

data/test/test_scrubbers.rb

@@ -1,144 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
-
-class TestScrubber < Test::Unit::TestCase
-
-  [ Loofah::HTML::Document, Loofah::HTML::DocumentFragment ].each do |klass|
-    define_method "test_#{klass}_bad_sanitize_method" do
-      doc = klass.parse "<p>foo</p>"
-      assert_raises(Loofah::ScrubberNotFound) { doc.scrub! :frippery }
-    end
-  end
-
-  INVALID_FRAGMENT = "<invalid>foo<p>bar</p>bazz</invalid><div>quux</div>"
-  INVALID_ESCAPED  = "&lt;invalid&gt;foo&lt;p&gt;bar&lt;/p&gt;bazz&lt;/invalid&gt;<div>quux</div>"
-  INVALID_PRUNED   = "<div>quux</div>"
-  INVALID_STRIPPED = "foo<p>bar</p>bazz<div>quux</div>"
-
-  WHITEWASH_FRAGMENT = "<o:div>no</o:div><div id='no'>foo</div><invalid>bar</invalid>"
-  WHITEWASH_RESULT   = "<div>foo</div>"
-
-  NOFOLLOW_FRAGMENT = '<a href="http://www.example.com/">Click here</a>'
-  NOFOLLOW_RESULT   = '<a href="http://www.example.com/" rel="nofollow">Click here</a>'
-
-  def test_document_escape_bad_tags
-    doc = Loofah::HTML::Document.parse "<html><body>#{INVALID_FRAGMENT}</body></html>"
-    result = doc.scrub! :escape
-
-    assert_equal INVALID_ESCAPED, doc.xpath('/html/body').inner_html
-    assert_equal doc, result
-  end
-
-  def test_fragment_escape_bad_tags
-    doc = Loofah::HTML::DocumentFragment.parse "<div>#{INVALID_FRAGMENT}</div>"
-    result = doc.scrub! :escape
-
-    assert_equal INVALID_ESCAPED, doc.xpath("./div").inner_html
-    assert_equal doc, result
-  end
-
-  def test_document_prune_bad_tags
-    doc = Loofah::HTML::Document.parse "<html><body>#{INVALID_FRAGMENT}</body></html>"
-    result = doc.scrub! :prune
-
-    assert_equal INVALID_PRUNED, doc.xpath('/html/body').inner_html
-    assert_equal doc, result
-  end
-
-  def test_fragment_prune_bad_tags
-    doc = Loofah::HTML::DocumentFragment.parse "<div>#{INVALID_FRAGMENT}</div>"
-    result = doc.scrub! :prune
-
-    assert_equal INVALID_PRUNED, doc.xpath("./div").inner_html
-    assert_equal doc, result
-  end
-
-  def test_document_strip_bad_tags
-    doc = Loofah::HTML::Document.parse "<html><body>#{INVALID_FRAGMENT}</body></html>"
-    result = doc.scrub! :strip
-
-    assert_equal INVALID_STRIPPED, doc.xpath('/html/body').inner_html
-    assert_equal doc, result
-  end
-
-  def test_fragment_strip_bad_tags
-    doc = Loofah::HTML::DocumentFragment.parse "<div>#{INVALID_FRAGMENT}</div>"
-    result = doc.scrub! :strip
-
-    assert_equal INVALID_STRIPPED, doc.xpath("./div").inner_html
-    assert_equal doc, result
-  end
-
-  def test_document_whitewash
-    doc = Loofah::HTML::Document.parse "<html><body>#{WHITEWASH_FRAGMENT}</body></html>"
-    result = doc.scrub! :whitewash
-
-    assert_equal WHITEWASH_RESULT, doc.xpath('/html/body').inner_html
-    assert_equal doc, result
-  end
-
-  def test_fragment_whitewash
-    doc = Loofah::HTML::DocumentFragment.parse "<div>#{WHITEWASH_FRAGMENT}</div>"
-    result = doc.scrub! :whitewash
-
-    assert_equal WHITEWASH_RESULT, doc.xpath("./div").inner_html
-    assert_equal doc, result
-  end
-
-  def test_document_nofollow
-    doc = Loofah::HTML::Document.parse "<html><body>#{NOFOLLOW_FRAGMENT}</body></html>"
-    result = doc.scrub! :nofollow
-
-    assert_equal NOFOLLOW_RESULT, doc.xpath('/html/body').inner_html
-    assert_equal doc, result
-  end
-
-  def test_fragment_nofollow
-    doc = Loofah::HTML::DocumentFragment.parse "<div>#{NOFOLLOW_FRAGMENT}</div>"
-    result = doc.scrub! :nofollow
-
-    assert_equal NOFOLLOW_RESULT, doc.xpath("./div").inner_html
-    assert_equal doc, result
-  end
-
-  def test_fragment_shortcut
-    mock_doc = mock
-    Loofah.expects(:fragment).with(:string_or_io).returns(mock_doc)
-    mock_doc.expects(:scrub!).with(:method)
-
-    Loofah.scrub_fragment(:string_or_io, :method)
-  end
-
-  def test_document_shortcut
-    mock_doc = mock
-    Loofah.expects(:document).with(:string_or_io).returns(mock_doc)
-    mock_doc.expects(:scrub!).with(:method)
-
-    Loofah.scrub_document(:string_or_io, :method)
-  end
-
-  def test_document_to_s
-    doc = Loofah.scrub_document "<html><head><title>quux</title></head><body><div>foo</div></body></html>", :prune
-    assert_not_nil doc.xpath("/html").first
-    assert_not_nil doc.xpath("/html/head").first
-    assert_not_nil doc.xpath("/html/body").first
-
-    assert_contains doc.to_s, /<!DOCTYPE/
-    assert_contains doc.to_s, /<html>/
-    assert_contains doc.to_s, /<head>/
-    assert_contains doc.to_s, /<body>/
-  end
-
-  def test_document_serialize
-    doc = Loofah.scrub_document "<html><head><title>quux</title></head><body><div>foo</div></body></html>", :prune
-
-    assert_not_nil doc.xpath("/html").first
-    assert_not_nil doc.xpath("/html/head").first
-    assert_not_nil doc.xpath("/html/body").first
-
-    assert_contains doc.serialize, /<!DOCTYPE/
-    assert_contains doc.serialize, /<html>/
-    assert_contains doc.serialize, /<head>/
-    assert_contains doc.serialize, /<body>/
-  end
-
-end