RubyGems - loofah - Versions diffs - 0.2.0 → 0.2.1 - Mend

loofah 0.2.0 → 0.2.1

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (14) hide show

data.tar.gz.sig CHANGED

Binary file

data/CHANGELOG.rdoc CHANGED

@@ -1,6 +1,20 @@
 = Changelog
-== 0.2.0
+== 0.2.1 (2009-09-19)
+Enhancements:
+* when loaded in a Rails app, automatically extend ActiveRecord::Base
+  with html_fragment and html_document. GH #6 (Thanks Josh Nichols!)
+Bugfixes:
+* ActiveRecord scrubbing should generate strings instead of Document or
+  DocumentFragment objects. GH #5
+* init.rb fixed to support installation as a Rails plugin. GH #6
+  (Thanks Josh Nichols!)
+== 0.2.0 (2009-09-11)
 * Swank new API.
 * ActiveRecord extension.

data/Manifest.txt CHANGED

@@ -6,6 +6,7 @@ Rakefile
 TODO.rdoc
 benchmark/benchmark.rb
 benchmark/fragment.html
+benchmark/helper.rb
 benchmark/www.slashdot.com.html
 init.rb
 lib/loofah.rb

data/README.rdoc CHANGED

@@ -1,5 +1,6 @@
 = Loofah
+* http://loofah.rubyforge.org/
 * http://rubyforge.org/projects/loofah
 * http://github.com/flavorjones/loofah
@@ -27,6 +28,10 @@ This library was formerly known as Dryopteris.
 * ActiveRecord extension.
 * 99 44/100 % Tenderlove-free!
+Here is a speed test comparing Loofah to other commonly-used sanitization libraries:
+* http://gist.github.com/170193
 == SYNOPSIS
 For a full explanation, see the documentation for Loofah.
@@ -47,7 +52,9 @@ OR
 === ACTIVERECORD EXTENSION
   # config/environment.rb
-  require 'loofah/active_record'
+  Rails::Initializer.run do |config|
+    config.gem 'loofah'
+  end
   # db/schema.rb
   create_table "posts" do |t|
@@ -100,6 +107,7 @@ Featuring code contributed by:
 * John Barnette
 * Josh Owens
 * Paul Dix
+* Josh Nichols
 == LICENSE

data/benchmark/benchmark.rb CHANGED

@@ -1,45 +1,19 @@
 #!/usr/bin/env ruby
-require 'rubygems'
-require 'open-uri'
-require 'hpricot'
-require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
-require 'benchmark'
-require "action_view"
-require "action_controller/vendor/html-scanner"
-require "sanitize"
-class RailsSanitize
-  include ActionView::Helpers::SanitizeHelper
-  extend ActionView::Helpers::SanitizeHelper::ClassMethods
-end
-class HTML5libSanitize
-  require 'html5/html5parser'
-  require 'html5/liberalxmlparser'
-  require 'html5/treewalkers'
-  require 'html5/treebuilders'
-  require 'html5/serializer'
-  require 'html5/sanitizer'
-  include HTML5
-  def sanitize(html)
-    HTMLParser.parse_fragment(html, {
-      :tokenizer  => HTMLSanitizer,
-      :encoding   => 'utf-8',
-      :tree       => TreeBuilders::REXML::TreeBuilder
-    }).to_s
-  end
-end
+require "#{File.dirname(__FILE__)}/helper.rb"
 BIG_FILE = File.read(File.join(File.dirname(__FILE__), "www.slashdot.com.html"))
 FRAGMENT = File.read(File.join(File.dirname(__FILE__), "fragment.html"))
+SNIPPET = "This is typical form field input in <b>length and content."
-def bench(content, ntimes)
+def bench(content, ntimes, fragment_p)
   Benchmark.bm(15) do |x|
     x.report('Loofah') do
       ntimes.times do
-        Loofah.sanitize(content)
+        if fragment_p
+          Loofah.scrub_fragment(content, :escape)
+        else
+          Loofah.scrub_document(content, :escape)
+        end
       end
     end
@@ -67,6 +41,9 @@ def bench(content, ntimes)
   end
 end
-#bench BIG_FILE, 100
-bench FRAGMENT, 1000
+puts "Large document, #{BIG_FILE.length} bytes (x100)"
+bench BIG_FILE, 100, false
+puts "Small fragment, #{FRAGMENT.length} bytes (x1000)"
+bench FRAGMENT, 1000, true
+puts "Text snippet, #{SNIPPET.length} bytes (x10000)"
+bench SNIPPET, 10000, true

data/benchmark/helper.rb ADDED

@@ -0,0 +1,32 @@
+require 'rubygems'
+require 'open-uri'
+require 'hpricot'
+require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
+require 'benchmark'
+require "action_view"
+require "action_controller/vendor/html-scanner"
+require "sanitize"
+class RailsSanitize
+  include ActionView::Helpers::SanitizeHelper
+  extend ActionView::Helpers::SanitizeHelper::ClassMethods
+end
+class HTML5libSanitize
+  require 'html5/html5parser'
+  require 'html5/liberalxmlparser'
+  require 'html5/treewalkers'
+  require 'html5/treebuilders'
+  require 'html5/serializer'
+  require 'html5/sanitizer'
+  include HTML5
+  def sanitize(html)
+    HTMLParser.parse_fragment(html, {
+      :tokenizer  => HTMLSanitizer,
+      :encoding   => 'utf-8',
+      :tree       => TreeBuilders::REXML::TreeBuilder
+    }).to_s
+  end
+end

data/init.rb CHANGED

@@ -1,2 +1 @@
-require "loofah/rails_extension"
-ActiveRecord::Base.send(:include, Loofah::RailsExtension)
+require "loofah"

data/lib/loofah.rb CHANGED

@@ -161,7 +161,7 @@ require 'loofah/deprecated'
 #
 module Loofah
   # The version of Loofah you are using
-  VERSION = '0.2.0'
+  VERSION = '0.2.1'
   # The minimum required version of Nokogiri
   REQUIRED_NOKOGIRI_VERSION = '1.3.3'
@@ -195,3 +195,9 @@ end
 if Nokogiri::VERSION < Loofah::REQUIRED_NOKOGIRI_VERSION
   raise RuntimeError, "Loofah requires Nokogiri #{Loofah::REQUIRED_NOKOGIRI_VERSION} or later (currently #{Nokogiri::VERSION})"
 end
+if defined? Rails.configuration
+  Rails.configuration.after_initialize do
+    require 'loofah/active_record'
+  end
+end

data/lib/loofah/active_record.rb CHANGED

@@ -3,7 +3,9 @@ module Loofah
   # Loofah can scrub ActiveRecord attributes in a before_save callback:
   #
   #   # in environment.rb
-  #   require 'loofah/active_record'
+  #   Rails::Initializer.run do |config|
+  #     config.gem 'loofah'
+  #   end
   #
   #   # db/schema.rb
   #   create_table "posts" do |t|
@@ -16,7 +18,7 @@ module Loofah
   #     html_fragment :body, :scrub => :prune  # scrubs 'body' in a before_save
   #   end
   #
-  module ActiveRecord
+  module ActiveRecordExtension
     #
     #  scrub an ActiveRecord attribute +attr+ as an HTML fragment
     #  using the method specified in the required +:scrub+ option.
@@ -24,7 +26,7 @@ module Loofah
     def html_fragment(attr, options={})
       raise ArgumentError, "html_fragment requires :scrub option" unless method = options[:scrub]
       before_save do |record|
-        record[attr] = Loofah.scrub_fragment(record[attr], method)
+        record[attr] = Loofah.scrub_fragment(record[attr], method).to_s
       end
     end
@@ -35,10 +37,10 @@ module Loofah
     def html_document(attr, options={})
       raise ArgumentError, "html_document requires :scrub option" unless method = options[:scrub]
       before_save do |record|
-        record[attr] = Loofah.scrub_document(record[attr], method)
+        record[attr] = Loofah.scrub_document(record[attr], method).to_s
       end
     end
   end
 end
-ActiveRecord::Base.extend(Loofah::ActiveRecord)
+ActiveRecord::Base.extend(Loofah::ActiveRecordExtension)

data/test/helper.rb CHANGED

@@ -1,7 +1,7 @@
-require 'test/unit'
 require 'rubygems'
-require 'mocha'
+require 'test/unit'
 require 'shoulda'
+require 'mocha'
 require 'acts_as_fu'
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "lib", "loofah"))

data/test/test_active_record.rb CHANGED

@@ -27,6 +27,12 @@ class TestActiveRecord < Test::Unit::TestCase
         Loofah.expects(:scrub_fragment).with(PLAIN_TEXT, :prune).never
         @post.save
       end
+      should "generate strings" do
+        @post.save
+        assert_equal String, @post.html_string.class
+        assert_equal HTML_STRING, @post.html_string
+      end
     end
     context "scrubbing field as a document" do
@@ -40,6 +46,11 @@ class TestActiveRecord < Test::Unit::TestCase
         Loofah.expects(:scrub_document).with(PLAIN_TEXT, :strip).never
         @post.save
       end
+      should "generate strings" do
+        @post.save
+        assert_equal String, @post.html_string.class
+      end
     end
     context "not passing any options" do

data/test/test_scrubber.rb CHANGED

@@ -82,17 +82,17 @@ class TestScrubber < Test::Unit::TestCase
   end
   def test_fragment_shortcut
-    doc = mock
-    Loofah.expects(:fragment).with(:string_or_io).returns(doc)
-    doc.expects(:scrub!).with(:method)
+    mock_doc = mock
+    Loofah.expects(:fragment).with(:string_or_io).returns(mock_doc)
+    mock_doc.expects(:scrub!).with(:method)
     Loofah.scrub_fragment(:string_or_io, :method)
   end
   def test_document_shortcut
-    doc = mock
-    Loofah.expects(:document).with(:string_or_io).returns(doc)
-    doc.expects(:scrub!).with(:method)
+    mock_doc = mock
+    Loofah.expects(:document).with(:string_or_io).returns(mock_doc)
+    mock_doc.expects(:scrub!).with(:method)
     Loofah.scrub_document(:string_or_io, :method)
   end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: loofah
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Mike Dalessio
@@ -31,7 +31,7 @@ cert_chain:
   FlqnTjy13J3nD30uxy9a1g==
   -----END CERTIFICATE-----
-date: 2009-08-11 00:00:00 -04:00
+date: 2009-08-19 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -88,6 +88,7 @@ files:
 - TODO.rdoc
 - benchmark/benchmark.rb
 - benchmark/fragment.html
+- benchmark/helper.rb
 - benchmark/www.slashdot.com.html
 - init.rb
 - lib/loofah.rb
@@ -109,7 +110,7 @@ files:
 - test/test_scrubber.rb
 - test/test_strip_tags.rb
 has_rdoc: true
-homepage: http://rubyforge.org/projects/loofah
+homepage: http://loofah.rubyforge.org/
 licenses: []
 post_install_message:

metadata.gz.sig CHANGED

Binary file