loofah 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of loofah might be problematic. Click here for more details.

data.tar.gz.sig CHANGED
Binary file
@@ -1,6 +1,20 @@
1
1
  = Changelog
2
2
 
3
- == 0.2.0
3
+ == 0.2.1 (2009-09-19)
4
+
5
+ Enhancements:
6
+
7
+ * when loaded in a Rails app, automatically extend ActiveRecord::Base
8
+ with html_fragment and html_document. GH #6 (Thanks Josh Nichols!)
9
+
10
+ Bugfixes:
11
+
12
+ * ActiveRecord scrubbing should generate strings instead of Document or
13
+ DocumentFragment objects. GH #5
14
+ * init.rb fixed to support installation as a Rails plugin. GH #6
15
+ (Thanks Josh Nichols!)
16
+
17
+ == 0.2.0 (2009-09-11)
4
18
 
5
19
  * Swank new API.
6
20
  * ActiveRecord extension.
@@ -6,6 +6,7 @@ Rakefile
6
6
  TODO.rdoc
7
7
  benchmark/benchmark.rb
8
8
  benchmark/fragment.html
9
+ benchmark/helper.rb
9
10
  benchmark/www.slashdot.com.html
10
11
  init.rb
11
12
  lib/loofah.rb
@@ -1,5 +1,6 @@
1
1
  = Loofah
2
2
 
3
+ * http://loofah.rubyforge.org/
3
4
  * http://rubyforge.org/projects/loofah
4
5
  * http://github.com/flavorjones/loofah
5
6
 
@@ -27,6 +28,10 @@ This library was formerly known as Dryopteris.
27
28
  * ActiveRecord extension.
28
29
  * 99 44/100 % Tenderlove-free!
29
30
 
31
+ Here is a speed test comparing Loofah to other commonly-used sanitization libraries:
32
+
33
+ * http://gist.github.com/170193
34
+
30
35
  == SYNOPSIS
31
36
 
32
37
  For a full explanation, see the documentation for Loofah.
@@ -47,7 +52,9 @@ OR
47
52
  === ACTIVERECORD EXTENSION
48
53
 
49
54
  # config/environment.rb
50
- require 'loofah/active_record'
55
+ Rails::Initializer.run do |config|
56
+ config.gem 'loofah'
57
+ end
51
58
 
52
59
  # db/schema.rb
53
60
  create_table "posts" do |t|
@@ -100,6 +107,7 @@ Featuring code contributed by:
100
107
  * John Barnette
101
108
  * Josh Owens
102
109
  * Paul Dix
110
+ * Josh Nichols
103
111
 
104
112
  == LICENSE
105
113
 
@@ -1,45 +1,19 @@
1
1
  #!/usr/bin/env ruby
2
- require 'rubygems'
3
- require 'open-uri'
4
- require 'hpricot'
5
- require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
6
- require 'benchmark'
7
- require "action_view"
8
- require "action_controller/vendor/html-scanner"
9
- require "sanitize"
10
-
11
- class RailsSanitize
12
- include ActionView::Helpers::SanitizeHelper
13
- extend ActionView::Helpers::SanitizeHelper::ClassMethods
14
- end
15
-
16
- class HTML5libSanitize
17
- require 'html5/html5parser'
18
- require 'html5/liberalxmlparser'
19
- require 'html5/treewalkers'
20
- require 'html5/treebuilders'
21
- require 'html5/serializer'
22
- require 'html5/sanitizer'
23
-
24
- include HTML5
25
-
26
- def sanitize(html)
27
- HTMLParser.parse_fragment(html, {
28
- :tokenizer => HTMLSanitizer,
29
- :encoding => 'utf-8',
30
- :tree => TreeBuilders::REXML::TreeBuilder
31
- }).to_s
32
- end
33
- end
2
+ require "#{File.dirname(__FILE__)}/helper.rb"
34
3
 
35
4
  BIG_FILE = File.read(File.join(File.dirname(__FILE__), "www.slashdot.com.html"))
36
5
  FRAGMENT = File.read(File.join(File.dirname(__FILE__), "fragment.html"))
6
+ SNIPPET = "This is typical form field input in <b>length and content."
37
7
 
38
- def bench(content, ntimes)
8
+ def bench(content, ntimes, fragment_p)
39
9
  Benchmark.bm(15) do |x|
40
10
  x.report('Loofah') do
41
11
  ntimes.times do
42
- Loofah.sanitize(content)
12
+ if fragment_p
13
+ Loofah.scrub_fragment(content, :escape)
14
+ else
15
+ Loofah.scrub_document(content, :escape)
16
+ end
43
17
  end
44
18
  end
45
19
 
@@ -67,6 +41,9 @@ def bench(content, ntimes)
67
41
  end
68
42
  end
69
43
 
70
- #bench BIG_FILE, 100
71
- bench FRAGMENT, 1000
72
-
44
+ puts "Large document, #{BIG_FILE.length} bytes (x100)"
45
+ bench BIG_FILE, 100, false
46
+ puts "Small fragment, #{FRAGMENT.length} bytes (x1000)"
47
+ bench FRAGMENT, 1000, true
48
+ puts "Text snippet, #{SNIPPET.length} bytes (x10000)"
49
+ bench SNIPPET, 10000, true
@@ -0,0 +1,32 @@
1
+ require 'rubygems'
2
+ require 'open-uri'
3
+ require 'hpricot'
4
+ require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
5
+ require 'benchmark'
6
+ require "action_view"
7
+ require "action_controller/vendor/html-scanner"
8
+ require "sanitize"
9
+
10
+ class RailsSanitize
11
+ include ActionView::Helpers::SanitizeHelper
12
+ extend ActionView::Helpers::SanitizeHelper::ClassMethods
13
+ end
14
+
15
+ class HTML5libSanitize
16
+ require 'html5/html5parser'
17
+ require 'html5/liberalxmlparser'
18
+ require 'html5/treewalkers'
19
+ require 'html5/treebuilders'
20
+ require 'html5/serializer'
21
+ require 'html5/sanitizer'
22
+
23
+ include HTML5
24
+
25
+ def sanitize(html)
26
+ HTMLParser.parse_fragment(html, {
27
+ :tokenizer => HTMLSanitizer,
28
+ :encoding => 'utf-8',
29
+ :tree => TreeBuilders::REXML::TreeBuilder
30
+ }).to_s
31
+ end
32
+ end
data/init.rb CHANGED
@@ -1,2 +1 @@
1
- require "loofah/rails_extension"
2
- ActiveRecord::Base.send(:include, Loofah::RailsExtension)
1
+ require "loofah"
@@ -161,7 +161,7 @@ require 'loofah/deprecated'
161
161
  #
162
162
  module Loofah
163
163
  # The version of Loofah you are using
164
- VERSION = '0.2.0'
164
+ VERSION = '0.2.1'
165
165
 
166
166
  # The minimum required version of Nokogiri
167
167
  REQUIRED_NOKOGIRI_VERSION = '1.3.3'
@@ -195,3 +195,9 @@ end
195
195
  if Nokogiri::VERSION < Loofah::REQUIRED_NOKOGIRI_VERSION
196
196
  raise RuntimeError, "Loofah requires Nokogiri #{Loofah::REQUIRED_NOKOGIRI_VERSION} or later (currently #{Nokogiri::VERSION})"
197
197
  end
198
+
199
+ if defined? Rails.configuration
200
+ Rails.configuration.after_initialize do
201
+ require 'loofah/active_record'
202
+ end
203
+ end
@@ -3,7 +3,9 @@ module Loofah
3
3
  # Loofah can scrub ActiveRecord attributes in a before_save callback:
4
4
  #
5
5
  # # in environment.rb
6
- # require 'loofah/active_record'
6
+ # Rails::Initializer.run do |config|
7
+ # config.gem 'loofah'
8
+ # end
7
9
  #
8
10
  # # db/schema.rb
9
11
  # create_table "posts" do |t|
@@ -16,7 +18,7 @@ module Loofah
16
18
  # html_fragment :body, :scrub => :prune # scrubs 'body' in a before_save
17
19
  # end
18
20
  #
19
- module ActiveRecord
21
+ module ActiveRecordExtension
20
22
  #
21
23
  # scrub an ActiveRecord attribute +attr+ as an HTML fragment
22
24
  # using the method specified in the required +:scrub+ option.
@@ -24,7 +26,7 @@ module Loofah
24
26
  def html_fragment(attr, options={})
25
27
  raise ArgumentError, "html_fragment requires :scrub option" unless method = options[:scrub]
26
28
  before_save do |record|
27
- record[attr] = Loofah.scrub_fragment(record[attr], method)
29
+ record[attr] = Loofah.scrub_fragment(record[attr], method).to_s
28
30
  end
29
31
  end
30
32
 
@@ -35,10 +37,10 @@ module Loofah
35
37
  def html_document(attr, options={})
36
38
  raise ArgumentError, "html_document requires :scrub option" unless method = options[:scrub]
37
39
  before_save do |record|
38
- record[attr] = Loofah.scrub_document(record[attr], method)
40
+ record[attr] = Loofah.scrub_document(record[attr], method).to_s
39
41
  end
40
42
  end
41
43
  end
42
44
  end
43
45
 
44
- ActiveRecord::Base.extend(Loofah::ActiveRecord)
46
+ ActiveRecord::Base.extend(Loofah::ActiveRecordExtension)
@@ -1,7 +1,7 @@
1
- require 'test/unit'
2
1
  require 'rubygems'
3
- require 'mocha'
2
+ require 'test/unit'
4
3
  require 'shoulda'
4
+ require 'mocha'
5
5
  require 'acts_as_fu'
6
6
  require File.expand_path(File.join(File.dirname(__FILE__), "..", "lib", "loofah"))
7
7
 
@@ -27,6 +27,12 @@ class TestActiveRecord < Test::Unit::TestCase
27
27
  Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).never
28
28
  @post.save
29
29
  end
30
+
31
+ should "generate strings" do
32
+ @post.save
33
+ assert_equal String, @post.html_string.class
34
+ assert_equal HTML_STRING, @post.html_string
35
+ end
30
36
  end
31
37
 
32
38
  context "scrubbing field as a document" do
@@ -40,6 +46,11 @@ class TestActiveRecord < Test::Unit::TestCase
40
46
  Loofah.expects(:scrub_document).with(PLAIN_TEXT, :strip).never
41
47
  @post.save
42
48
  end
49
+
50
+ should "generate strings" do
51
+ @post.save
52
+ assert_equal String, @post.html_string.class
53
+ end
43
54
  end
44
55
 
45
56
  context "not passing any options" do
@@ -82,17 +82,17 @@ class TestScrubber < Test::Unit::TestCase
82
82
  end
83
83
 
84
84
  def test_fragment_shortcut
85
- doc = mock
86
- Loofah.expects(:fragment).with(:string_or_io).returns(doc)
87
- doc.expects(:scrub!).with(:method)
85
+ mock_doc = mock
86
+ Loofah.expects(:fragment).with(:string_or_io).returns(mock_doc)
87
+ mock_doc.expects(:scrub!).with(:method)
88
88
 
89
89
  Loofah.scrub_fragment(:string_or_io, :method)
90
90
  end
91
91
 
92
92
  def test_document_shortcut
93
- doc = mock
94
- Loofah.expects(:document).with(:string_or_io).returns(doc)
95
- doc.expects(:scrub!).with(:method)
93
+ mock_doc = mock
94
+ Loofah.expects(:document).with(:string_or_io).returns(mock_doc)
95
+ mock_doc.expects(:scrub!).with(:method)
96
96
 
97
97
  Loofah.scrub_document(:string_or_io, :method)
98
98
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
@@ -31,7 +31,7 @@ cert_chain:
31
31
  FlqnTjy13J3nD30uxy9a1g==
32
32
  -----END CERTIFICATE-----
33
33
 
34
- date: 2009-08-11 00:00:00 -04:00
34
+ date: 2009-08-19 00:00:00 -04:00
35
35
  default_executable:
36
36
  dependencies:
37
37
  - !ruby/object:Gem::Dependency
@@ -88,6 +88,7 @@ files:
88
88
  - TODO.rdoc
89
89
  - benchmark/benchmark.rb
90
90
  - benchmark/fragment.html
91
+ - benchmark/helper.rb
91
92
  - benchmark/www.slashdot.com.html
92
93
  - init.rb
93
94
  - lib/loofah.rb
@@ -109,7 +110,7 @@ files:
109
110
  - test/test_scrubber.rb
110
111
  - test/test_strip_tags.rb
111
112
  has_rdoc: true
112
- homepage: http://rubyforge.org/projects/loofah
113
+ homepage: http://loofah.rubyforge.org/
113
114
  licenses: []
114
115
 
115
116
  post_install_message:
metadata.gz.sig CHANGED
Binary file