loofah 2.2.3 → 2.21.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +269 -31
  3. data/README.md +109 -124
  4. data/lib/loofah/concerns.rb +207 -0
  5. data/lib/loofah/elements.rb +85 -79
  6. data/lib/loofah/helpers.rb +37 -20
  7. data/lib/loofah/{html → html4}/document.rb +6 -7
  8. data/lib/loofah/html4/document_fragment.rb +15 -0
  9. data/lib/loofah/html5/document.rb +17 -0
  10. data/lib/loofah/html5/document_fragment.rb +15 -0
  11. data/lib/loofah/html5/libxml2_workarounds.rb +10 -8
  12. data/lib/loofah/html5/safelist.rb +1055 -0
  13. data/lib/loofah/html5/scrub.rb +153 -58
  14. data/lib/loofah/metahelpers.rb +11 -6
  15. data/lib/loofah/scrubber.rb +22 -15
  16. data/lib/loofah/scrubbers.rb +66 -55
  17. data/lib/loofah/version.rb +6 -0
  18. data/lib/loofah/xml/document.rb +2 -0
  19. data/lib/loofah/xml/document_fragment.rb +4 -7
  20. data/lib/loofah.rb +131 -38
  21. metadata +28 -216
  22. data/.gemtest +0 -0
  23. data/Gemfile +0 -22
  24. data/Manifest.txt +0 -40
  25. data/Rakefile +0 -79
  26. data/benchmark/benchmark.rb +0 -149
  27. data/benchmark/fragment.html +0 -96
  28. data/benchmark/helper.rb +0 -73
  29. data/benchmark/www.slashdot.com.html +0 -2560
  30. data/lib/loofah/html/document_fragment.rb +0 -40
  31. data/lib/loofah/html5/whitelist.rb +0 -186
  32. data/lib/loofah/instance_methods.rb +0 -127
  33. data/test/assets/msword.html +0 -63
  34. data/test/assets/testdata_sanitizer_tests1.dat +0 -502
  35. data/test/helper.rb +0 -18
  36. data/test/html5/test_sanitizer.rb +0 -382
  37. data/test/integration/test_ad_hoc.rb +0 -204
  38. data/test/integration/test_helpers.rb +0 -43
  39. data/test/integration/test_html.rb +0 -72
  40. data/test/integration/test_scrubbers.rb +0 -400
  41. data/test/integration/test_xml.rb +0 -55
  42. data/test/unit/test_api.rb +0 -142
  43. data/test/unit/test_encoding.rb +0 -20
  44. data/test/unit/test_helpers.rb +0 -62
  45. data/test/unit/test_scrubber.rb +0 -229
  46. data/test/unit/test_scrubbers.rb +0 -14
@@ -1,62 +0,0 @@
1
- require "helper"
2
-
3
- class UnitTestHelpers < Loofah::TestCase
4
-
5
- HTML_STRING = "<div>omgwtfbbq</div>"
6
-
7
- describe "Helpers" do
8
- context ".strip_tags" do
9
- it "invoke Loofah.fragment.text" do
10
- mock_doc = Object.new
11
- mock(Loofah).fragment(HTML_STRING) { mock_doc }
12
- mock(mock_doc).text
13
-
14
- Loofah::Helpers.strip_tags HTML_STRING
15
- end
16
- end
17
-
18
- context ".sanitize" do
19
- it "invoke Loofah.scrub_fragment(:strip).to_s" do
20
- mock_doc = Object.new
21
- mock_node = Object.new
22
- mock(Loofah).fragment(HTML_STRING) { mock_doc }
23
- mock(mock_doc).scrub!(:strip) { mock_doc }
24
- mock(mock_doc).xpath("./form") { [mock_node] }
25
- mock(mock_node).remove
26
- mock(mock_doc).to_s
27
-
28
- Loofah::Helpers.sanitize HTML_STRING
29
- end
30
- end
31
-
32
- context ".sanitize_css" do
33
- it "invokes HTML5lib's css scrubber" do
34
- mock(Loofah::HTML5::Scrub).scrub_css("foobar")
35
- Loofah::Helpers.sanitize_css("foobar")
36
- end
37
- end
38
-
39
- describe "ActionView" do
40
- describe "FullSanitizer#sanitize" do
41
- it "calls .strip_tags" do
42
- mock(Loofah::Helpers).strip_tags("foobar")
43
- Loofah::Helpers::ActionView::FullSanitizer.new.sanitize "foobar"
44
- end
45
- end
46
-
47
- describe "WhiteListSanitizer#sanitize" do
48
- it "calls .sanitize" do
49
- mock(Loofah::Helpers).sanitize("foobar")
50
- Loofah::Helpers::ActionView::WhiteListSanitizer.new.sanitize "foobar"
51
- end
52
- end
53
-
54
- describe "WhiteListSanitizer#sanitize_css" do
55
- it "calls .sanitize_css" do
56
- mock(Loofah::Helpers).sanitize_css("foobar")
57
- Loofah::Helpers::ActionView::WhiteListSanitizer.new.sanitize_css "foobar"
58
- end
59
- end
60
- end
61
- end
62
- end
@@ -1,229 +0,0 @@
1
- require "helper"
2
-
3
- class UnitTestScrubber < Loofah::TestCase
4
-
5
- FRAGMENT = "<span>hello</span><span>goodbye</span>"
6
- FRAGMENT_NODE_COUNT = 4 # span, text, span, text
7
- FRAGMENT_NODE_STOP_TOP_DOWN = 2 # span, span
8
- DOCUMENT = "<html><head><link></link></head><body><span>hello</span><span>goodbye</span></body></html>"
9
- DOCUMENT_NODE_COUNT = 8 # html, head, link, body, span, text, span, text
10
- DOCUMENT_NODE_STOP_TOP_DOWN = 1 # html
11
-
12
- context "receiving a block" do
13
- before do
14
- @count = 0
15
- end
16
-
17
- context "returning CONTINUE" do
18
- before do
19
- @scrubber = Loofah::Scrubber.new do |node|
20
- @count += 1
21
- Loofah::Scrubber::CONTINUE
22
- end
23
- end
24
-
25
- it "operate properly on a fragment" do
26
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
27
- assert_equal FRAGMENT_NODE_COUNT, @count
28
- end
29
-
30
- it "operate properly on a document" do
31
- Loofah.scrub_document(DOCUMENT, @scrubber)
32
- assert_equal DOCUMENT_NODE_COUNT, @count
33
- end
34
- end
35
-
36
- context "returning STOP" do
37
- before do
38
- @scrubber = Loofah::Scrubber.new do |node|
39
- @count += 1
40
- Loofah::Scrubber::STOP
41
- end
42
- end
43
-
44
- it "operate as top-down on a fragment" do
45
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
46
- assert_equal FRAGMENT_NODE_STOP_TOP_DOWN, @count
47
- end
48
-
49
- it "operate as top-down on a document" do
50
- Loofah.scrub_document(DOCUMENT, @scrubber)
51
- assert_equal DOCUMENT_NODE_STOP_TOP_DOWN, @count
52
- end
53
- end
54
-
55
- context "returning neither CONTINUE nor STOP" do
56
- before do
57
- @scrubber = Loofah::Scrubber.new do |node|
58
- @count += 1
59
- end
60
- end
61
-
62
- it "act as if CONTINUE was returned" do
63
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
64
- assert_equal FRAGMENT_NODE_COUNT, @count
65
- end
66
- end
67
-
68
- context "not specifying direction" do
69
- before do
70
- @scrubber = Loofah::Scrubber.new() do |node|
71
- @count += 1
72
- Loofah::Scrubber::STOP
73
- end
74
- end
75
-
76
- it "operate as top-down on a fragment" do
77
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
78
- assert_equal FRAGMENT_NODE_STOP_TOP_DOWN, @count
79
- end
80
-
81
- it "operate as top-down on a document" do
82
- Loofah.scrub_document(DOCUMENT, @scrubber)
83
- assert_equal DOCUMENT_NODE_STOP_TOP_DOWN, @count
84
- end
85
- end
86
-
87
- context "specifying top-down direction" do
88
- before do
89
- @scrubber = Loofah::Scrubber.new(:direction => :top_down) do |node|
90
- @count += 1
91
- Loofah::Scrubber::STOP
92
- end
93
- end
94
-
95
- it "operate as top-down on a fragment" do
96
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
97
- assert_equal FRAGMENT_NODE_STOP_TOP_DOWN, @count
98
- end
99
-
100
- it "operate as top-down on a document" do
101
- Loofah.scrub_document(DOCUMENT, @scrubber)
102
- assert_equal DOCUMENT_NODE_STOP_TOP_DOWN, @count
103
- end
104
- end
105
-
106
- context "specifying bottom-up direction" do
107
- before do
108
- @scrubber = Loofah::Scrubber.new(:direction => :bottom_up) do |node|
109
- @count += 1
110
- end
111
- end
112
-
113
- it "operate as bottom-up on a fragment" do
114
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
115
- assert_equal FRAGMENT_NODE_COUNT, @count
116
- end
117
-
118
- it "operate as bottom-up on a document" do
119
- Loofah.scrub_document(DOCUMENT, @scrubber)
120
- assert_equal DOCUMENT_NODE_COUNT, @count
121
- end
122
- end
123
-
124
- context "invalid direction" do
125
- it "raise an exception" do
126
- assert_raises(ArgumentError) {
127
- Loofah::Scrubber.new(:direction => :quux) { }
128
- }
129
- end
130
- end
131
-
132
- context "given a block taking zero arguments" do
133
- before do
134
- @scrubber = Loofah::Scrubber.new do
135
- @count += 1
136
- end
137
- end
138
-
139
- it "work anyway, shrug" do
140
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
141
- assert_equal FRAGMENT_NODE_COUNT, @count
142
- end
143
- end
144
- end
145
-
146
- context "defining a new Scrubber class" do
147
- before do
148
- @klass = Class.new(Loofah::Scrubber) do
149
- attr_accessor :count
150
-
151
- def initialize(direction=nil)
152
- @direction = direction
153
- @count = 0
154
- end
155
-
156
- def scrub(node)
157
- @count += 1
158
- Loofah::Scrubber::STOP
159
- end
160
- end
161
- end
162
-
163
- context "when not specifying direction" do
164
- before do
165
- @scrubber = @klass.new
166
- assert_nil @scrubber.direction
167
- end
168
-
169
- it "operate as top-down on a fragment" do
170
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
171
- assert_equal FRAGMENT_NODE_STOP_TOP_DOWN, @scrubber.count
172
- end
173
-
174
- it "operate as top-down on a document" do
175
- Loofah.scrub_document(DOCUMENT, @scrubber)
176
- assert_equal DOCUMENT_NODE_STOP_TOP_DOWN, @scrubber.count
177
- end
178
- end
179
-
180
- context "when direction is specified as top_down" do
181
- before do
182
- @scrubber = @klass.new(:top_down)
183
- assert_equal :top_down, @scrubber.direction
184
- end
185
-
186
- it "operate as top-down on a fragment" do
187
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
188
- assert_equal FRAGMENT_NODE_STOP_TOP_DOWN, @scrubber.count
189
- end
190
-
191
- it "operate as top-down on a document" do
192
- Loofah.scrub_document(DOCUMENT, @scrubber)
193
- assert_equal DOCUMENT_NODE_STOP_TOP_DOWN, @scrubber.count
194
- end
195
- end
196
-
197
- context "when direction is specified as bottom_up" do
198
- before do
199
- @scrubber = @klass.new(:bottom_up)
200
- assert_equal :bottom_up, @scrubber.direction
201
- end
202
-
203
- it "operate as bottom-up on a fragment" do
204
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
205
- assert_equal FRAGMENT_NODE_COUNT, @scrubber.count
206
- end
207
-
208
- it "operate as bottom-up on a document" do
209
- Loofah.scrub_document(DOCUMENT, @scrubber)
210
- assert_equal DOCUMENT_NODE_COUNT, @scrubber.count
211
- end
212
- end
213
- end
214
-
215
- context "creating a new Scrubber class with no scrub method" do
216
- before do
217
- @klass = Class.new(Loofah::Scrubber) do
218
- def initialize ; end
219
- end
220
- @scrubber = @klass.new
221
- end
222
-
223
- it "raise an exception" do
224
- assert_raises(Loofah::ScrubberNotFound) {
225
- Loofah.scrub_fragment(FRAGMENT, @scrubber)
226
- }
227
- end
228
- end
229
- end
@@ -1,14 +0,0 @@
1
- require "helper"
2
-
3
- class UnitTestScrubbers < Loofah::TestCase
4
- [ Loofah::HTML::Document, Loofah::HTML::DocumentFragment ].each do |klass|
5
- context klass do
6
- context "bad scrub method" do
7
- it "raise a ScrubberNotFound exception" do
8
- doc = klass.parse "<p>foo</p>"
9
- assert_raises(Loofah::ScrubberNotFound) { doc.scrub! :frippery }
10
- end
11
- end
12
- end
13
- end
14
- end