loofah 0.4.1 → 0.4.2

data/CHANGELOG.rdoc

@@ -1,12 +1,30 @@
 = Changelog
 
-== 0.4.1
+== 0.4.2 (2010-01-22)
+
+Enhancements:
+
+  * Implemented Node#scrub! for scrubbing subtrees.
+  * Implemented NodeSet#scrub! for scrubbing a set of subtrees.
+  * Document.text now only serializes <body> contents (ignores <head>)
+  * <head>, <html> and <body> added to the HTML5lib whitelist.
+
+Bug fixes:
+
+  * Supporting Rails apps that aren't loading ActiveRecord. GH #10
+
+Miscellaneous:
+
+  * Mailing list is now loofah@librelist.com / http://librelist.com
+  * IRC channel is now \#loofah on freenode.
+
+== 0.4.1 (2009-11-23)
 
 Bugfix:
 
   * Manifest fixed. Whoops.
 
-== 0.4.0
+== 0.4.0 (2009-11-21)
 
 Enhancements:
 

data/README.rdoc

@@ -33,13 +33,14 @@ not been evaluated by Netexperts.)
 
 == Compare and Contrast
 
-Loofah is the only Ruby XSS/sanitization solution that guarantees
-well-formed and valid markup.
+Loofah is one of two known Ruby XSS/sanitization solutions that
+guarantees well-formed and valid markup (the other is Sanitize, which
+also uses Nokogiri).
 
 Loofah works fine on XML, XHTML and HTML documents.
 
 Also, it's pretty fast. Here is a benchmark comparing Loofah to other
-commonly-used libraries (ActionView, Sanitize and HTML5lib):
+commonly-used libraries (ActionView, Sanitize, HTML5lib and HTMLfilter):
 
 * http://gist.github.com/170193
 
@@ -131,6 +132,20 @@ parse an XML document and an XML fragment, respectively.
   Loofah.xml_document(bad_xml).is_a?(Nokogiri::XML::Document)         # => true
   Loofah.xml_fragment(bad_xml).is_a?(Nokogiri::XML::DocumentFragment) # => true
 
+=== Nodes and NodeSets
+
+Nokogiri::XML::Node and Nokogiri::XML::NodeSet also get a +scrub!+
+method, which makes it easy to scrub subtrees.
+
+The following code will apply the +employee_scrubber+ only to the
++employee+ nodes (and their subtrees) in the document:
+
+  Loofah.xml_document(bad_xml).xpath("//employee").scrub!(employee_scrubber)
+
+And this code will only scrub the first +employee+ node and its subtree:
+
+  Loofah.xml_document(bad_xml).at_xpath("//employee").scrub!(employee_scrubber)
+
 === Loofah::Scrubber
 
 A Scrubber wraps up a block (or method) that is run on a document node:
@@ -256,11 +271,11 @@ The bug tracker is available here:
 
 * http://github.com/flavorjones/loofah/issues
 
-For now, we're piggybacking on the Nokogiri mailing list:
+And the mailing list is on librelist:
 
-* http://groups.google.com/group/nokogiri-talk
+* loofah@librelist.com / http://librelist.com
 
-And the IRC channel is #nokogiri on freenode.
+And the IRC channel is \#loofah on freenode.
 
 == Related Links
 

data/Rakefile

@@ -35,29 +35,27 @@ task :redocs => :fix_css
 task :docs => :fix_css
 task :fix_css do
   better_css = <<-EOT
-.method-description pre {
-  margin: 1em 0 ;
-}
-
-.method-description ul {
-  padding: .5em 0 .5em 2em ;
-}
-
-.method-description p {
-  margin-top: .5em ;
-}
-
-#main ul, div#documentation ul {
-  list-style-type: disc ! IMPORTANT ;
-  list-style-position: inside ! IMPORTANT ;
-}
-
-h2 + ul {
-  margin-top: 1em;
-}
-
-EOT
+    .method-description pre {
+      margin                    : 1em 0 ;
+    }
+
+    .method-description ul {
+      padding                   : .5em 0 .5em 2em ;
+    }
+
+    .method-description p {
+      margin-top                : .5em ;
+    }
+
+    #main ul, div#documentation ul {
+      list-style-type           : disc ! IMPORTANT ;
+      list-style-position       : inside ! IMPORTANT ;
+    }
+
+    h2 + ul {
+      margin-top                : 1em;
+    }
+  EOT
   puts "* fixing css"
   File.open("doc/rdoc.css", "a") { |f| f.write better_css }
 end
-

data/benchmark/benchmark.rb

@@ -3,7 +3,7 @@ require "#{File.dirname(__FILE__)}/helper.rb"
 
 def compare_scrub_methods
   snip = "<div>foo</div><foo>fuxx <b>quux</b></foo><script>i have a chair</script>"
-  puts "starting with: #{snip}"
+  puts "starting with:\n#{snip}"
   puts
   puts RailsSanitize.new.sanitize(snip) # => Rails.sanitize / scrub!(:prune).to_s
   puts Loofah::Helpers.sanitize(snip)
@@ -17,6 +17,9 @@ def compare_scrub_methods
   puts HTML5libSanitize.new.sanitize(snip) # => scrub!(:escape).to_s
   puts Loofah.scrub_fragment(snip, :escape).to_s
   puts "--"
+  puts HTMLFilter.new.filter(snip)
+  puts Loofah.scrub_fragment(snip, :strip).to_s
+  puts
 end
 
 module TestSet
@@ -115,6 +118,22 @@ class HeadToHeadHtml5LibSanitize < Measure
   end
 end
 
+class HeadToHeadHTMLFilter < Measure
+  include TestSet
+  def bench(content, ntimes, fragment_p)
+    clear_measure
+
+    measure "Loofah::Helpers.sanitize", ntimes do
+      Loofah::Helpers.sanitize content
+    end
+
+    sanitizer = HTMLFilter.new
+    measure "HTMLFilter.filter", ntimes do
+      sanitizer.filter(content)
+    end
+  end
+end
+
 puts "Nokogiri version: #{Nokogiri::VERSION_INFO.inspect}"
 puts "Loofah version: #{Loofah::VERSION.inspect}"
 
@@ -123,6 +142,7 @@ benches << HeadToHeadRailsSanitize.new
 benches << HeadToHeadRailsStripTags.new
 benches << HeadToHeadSanitizerSanitize.new
 benches << HeadToHeadHtml5LibSanitize.new
+benches << HeadToHeadHTMLFilter.new
 puts "---------- rehearsal ----------"
 benches.each { |bench| bench.test_set :rehearse => true }
 puts "---------- realsies ----------"

data/benchmark/helper.rb

@@ -7,6 +7,11 @@ require "action_view"
 require "action_controller/vendor/html-scanner"
 require "sanitize"
 require 'hitimes'
+require 'htmlfilter'
+
+unless defined?(HTMLFilter)
+  HTMLFilter = HtmlFilter
+end
 
 class RailsSanitize
   include ActionView::Helpers::SanitizeHelper

data/lib/loofah.rb

@@ -26,7 +26,7 @@ require 'loofah/helpers'
 #
 module Loofah
   # The version of Loofah you are using
-  VERSION = '0.4.1'
+  VERSION = '0.4.2'
 
   # The minimum required version of Nokogiri
   REQUIRED_NOKOGIRI_VERSION = '1.3.3'
@@ -83,7 +83,7 @@ if Nokogiri::VERSION < Loofah::REQUIRED_NOKOGIRI_VERSION
   raise RuntimeError, "Loofah requires Nokogiri #{Loofah::REQUIRED_NOKOGIRI_VERSION} or later (currently #{Nokogiri::VERSION})"
 end
 
-if defined? Rails.configuration # rails 2.1 and later
+if defined? Rails.configuration and Rails.configuration.frameworks.include?([:active_record]) # rails 2.1 and later
   Rails.configuration.after_initialize do
     require 'loofah/active_record'
     require 'loofah/xss_foliate'

data/lib/loofah/active_record.rb

@@ -26,7 +26,7 @@ module Loofah
     #  Scrub an ActiveRecord attribute +attribute+ as an HTML *fragment*
     #  using the method specified by +scrubber_specification+.
     #
-    #  +scrubber_specification+ must be an argument acceptable to Loofah::InstanceMethods.scrub!, namely:
+    #  +scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
     #
     #  * a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
     #  * or a Scrubber instance. (see Loofah::Scrubber for help on implementing a custom scrubber)
@@ -45,7 +45,7 @@ module Loofah
     #  Scrub an ActiveRecord attribute +attribute+ as an HTML *document*
     #  using the method specified by +scrubber_specification+.
     #
-    #  +scrubber_specification+ must be an argument acceptable to Loofah::InstanceMethods.scrub!, namely:
+    #  +scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
     #
     #  * a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
     #  * or a Scrubber instance.

data/lib/loofah/html/document.rb

@@ -3,17 +3,20 @@ module Loofah
     #
     #  Subclass of Nokogiri::HTML::Document.
     #
-    #  See Loofah::InstanceMethods for additional methods.
+    #  See Loofah::ScrubBehavior and Loofah::DocumentDecorator for additional methods.
     #
     class Document < Nokogiri::HTML::Document
-      include Loofah::InstanceMethods
+      include Loofah::ScrubBehavior::Node
+      include Loofah::DocumentDecorator
 
-      private
-
-      def sanitize_roots # :nodoc:
-        xpath("/html/head","/html/body")
+      #
+      #  Returns a plain-text version of the markup contained by the document
+      #
+      def text
+        xpath("/html/body").inner_text
       end
-
+      alias :inner_text :text
+      alias :to_str     :text
     end
   end
 end

data/lib/loofah/html/document_fragment.rb

@@ -1,12 +1,12 @@
 module Loofah
   module HTML # :nodoc:
     #
-    #  Subclass of Nokogiri::HTML::DocumentFragment. Also includes Loofah::ScrubberInstanceMethods.
+    #  Subclass of Nokogiri::HTML::DocumentFragment.
     #
-    #  See Loofah::InstanceMethods for additional methods.
+    #  See Loofah::ScrubBehavior for additional methods.
     #
     class DocumentFragment < Nokogiri::HTML::DocumentFragment
-      include Loofah::InstanceMethods
+      include Loofah::ScrubBehavior::Node
 
       class << self
         #
@@ -20,19 +20,27 @@ module Loofah
       end
 
       #
-      #  Returns the HTML markup contained by the fragment or document
+      #  Returns the HTML markup contained by the fragment
       #
       def to_s
-        sanitize_roots.children.to_s
+        serialize_roots.children.to_s
       end
       alias :serialize :to_s
 
+      #
+      #  Returns a plain-text version of the markup contained by the fragment
+      #
+      def text
+        serialize_roots.children.inner_text
+      end
+      alias :inner_text :text
+      alias :to_str     :text
+
       private
 
-      def sanitize_roots # :nodoc:
+      def serialize_roots # :nodoc:
         xpath("./body").first || self
       end
-
     end
   end
 end

data/lib/loofah/html5/whitelist.rb

@@ -152,6 +152,10 @@ module Loofah
         col
         input
       ]
+
+      # additional tags we should consider safe since we have libxml2 fixing up our documents.
+      TAGS_SAFE_WITH_LIBXML2 = %w[html head body]
+      ALLOWED_ELEMENTS_WITH_LIBXML2 = ALLOWED_ELEMENTS + TAGS_SAFE_WITH_LIBXML2
     end      
 
     #

data/lib/loofah/instance_methods.rb

@@ -1,47 +1,77 @@
 module Loofah
   #
-  #  Methods that are mixed into Loofah::HTML::Document and Loofah::HTML::DocumentFragment.
-  #
-  module InstanceMethods
-    #
-    #  Traverse the document or fragment, invoking the +scrubber+ on
-    #  each node.
-    #
-    #  +scrubber+ must either be one of the symbols representing the
-    #  built-in scrubbers (see Scrubbers), or a Scrubber instance.
-    #
-    #    span2div = Loofah::Scrubber.new do |node|
-    #      node.name = "div" if node.name == "span"
-    #    end
-    #    Loofah.fragment("<span>foo</span><p>bar</p>").scrub!(span2div).to_s
-    #    # => "<div>foo</div><p>bar</p>"
-    #
-    #  or
-    #
-    #    unsafe_html = "ohai! <div>div is safe</div> <script>but script is not</script>"
-    #    Loofah.fragment(unsafe_html).scrub!(:strip).to_s
-    #    # => "ohai! <div>div is safe</div> "
-    #
-    #  Note that this method is called implicitly from
-    #  Loofah.scrub_fragment and Loofah.scrub_document.
-    #
-    #  Please see Scrubber for more information on implementation and traversal, and
-    #  README.rdoc for more example usage.
-    #
-    def scrub!(scrubber)
+  #  Mixes +scrub!+ into Document, DocumentFragment, Node and NodeSet.
+  #
+  #  Traverse the document or fragment, invoking the +scrubber+ on
+  #  each node.
+  #
+  #  +scrubber+ must either be one of the symbols representing the
+  #  built-in scrubbers (see Scrubbers), or a Scrubber instance.
+  #
+  #    span2div = Loofah::Scrubber.new do |node|
+  #      node.name = "div" if node.name == "span"
+  #    end
+  #    Loofah.fragment("<span>foo</span><p>bar</p>").scrub!(span2div).to_s
+  #    # => "<div>foo</div><p>bar</p>"
+  #
+  #  or
+  #
+  #    unsafe_html = "ohai! <div>div is safe</div> <script>but script is not</script>"
+  #    Loofah.fragment(unsafe_html).scrub!(:strip).to_s
+  #    # => "ohai! <div>div is safe</div> "
+  #
+  #  Note that this method is called implicitly from
+  #  Loofah.scrub_fragment and Loofah.scrub_document.
+  #
+  #  Please see Scrubber for more information on implementation and traversal, and
+  #  README.rdoc for more example usage.
+  #
+  module ScrubBehavior
+    # see Loofah::ScrubBehavior
+    module Node
+      def scrub!(scrubber)
+        #
+        #  yes. this should be three separate methods. but nokogiri
+        #  decorates (or not) based on whether the module name has
+        #  already been included. and since documents get decorated
+        #  just like their constituent nodes, we need to jam all the
+        #  logic into a single module.
+        #
+        scrubber = ScrubBehavior.resolve_scrubber(scrubber)
+        case self
+        when Nokogiri::XML::Document
+          scrubber.traverse(root) if root
+        when Nokogiri::XML::DocumentFragment
+          children.each { |node| node.scrub!(scrubber) } # TODO: children.scrub! once Nokogiri 1.4.2 is out
+        else
+          scrubber.traverse(self)
+        end
+        self
+      end
+    end
+
+    # see Loofah::ScrubBehavior
+    module NodeSet
+      def scrub!(scrubber)
+        each { |node| node.scrub!(scrubber) }
+        self
+      end
+    end
+
+    def ScrubBehavior.resolve_scrubber(scrubber) # :nodoc:
       scrubber = Scrubbers::MAP[scrubber].new if Scrubbers::MAP[scrubber]
-      raise Loofah::ScrubberNotFound, "not a Scrubber or a scrubber name: #{scrubber.inspect}" unless scrubber.is_a?(Loofah::Scrubber)
-      sanitize_roots.children.each { |node| scrubber.traverse(node) }
-      self
+      unless scrubber.is_a?(Loofah::Scrubber)
+        raise Loofah::ScrubberNotFound, "not a Scrubber or a scrubber name: #{scrubber.inspect}"
+      end
+      scrubber
     end
+  end
 
-    #
-    #  Returns a plain-text version of the markup contained by the fragment or document
-    #
-    def text
-      sanitize_roots.children.inner_text
+  module DocumentDecorator # :nodoc:
+    def initialize(*args, &block)
+      super
+      self.decorators(Nokogiri::XML::Node) << ScrubBehavior::Node
+      self.decorators(Nokogiri::XML::NodeSet) << ScrubBehavior::NodeSet
     end
-    alias :inner_text :text
-    alias :to_str     :text
   end
 end

data/lib/loofah/scrubber.rb

@@ -91,7 +91,7 @@ module Loofah
     def html5lib_sanitize(node)
       case node.type
       when Nokogiri::XML::Node::ELEMENT_NODE
-        if HTML5::HashedWhiteList::ALLOWED_ELEMENTS[node.name]
+        if HTML5::HashedWhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2[node.name]
           HTML5::Scrub.scrub_attributes node
           return Scrubber::CONTINUE
         end

data/lib/loofah/scrubbers.rb

@@ -152,7 +152,7 @@ module Loofah
       def scrub(node)
         case node.type
         when Nokogiri::XML::Node::ELEMENT_NODE
-          if HTML5::HashedWhiteList::ALLOWED_ELEMENTS[node.name]
+          if HTML5::HashedWhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2[node.name]
             node.attributes.each { |attr| node.remove_attribute(attr.first) }
             return CONTINUE if node.namespaces.empty?
           end

data/lib/loofah/xml/document.rb

@@ -3,17 +3,11 @@ module Loofah
     #
     #  Subclass of Nokogiri::XML::Document.
     #
-    #  See Loofah::InstanceMethods for additional methods.
+    #  See Loofah::ScrubBehavior and Loofah::DocumentDecorator for additional methods.
     #
     class Document < Nokogiri::XML::Document
-      include Loofah::InstanceMethods
-
-      private
-
-      def sanitize_roots # :nodoc:
-        self
-      end
-
+      include Loofah::ScrubBehavior::Node
+      include Loofah::DocumentDecorator
     end
   end
 end

data/lib/loofah/xml/document_fragment.rb

@@ -1,12 +1,12 @@
 module Loofah
   module XML # :nodoc:
     #
-    #  Subclass of Nokogiri::XML::DocumentFragment. Also includes Loofah::ScrubberInstanceMethods.
+    #  Subclass of Nokogiri::XML::DocumentFragment.
     #
-    #  See Loofah::InstanceMethods for additional methods.
+    #  See Loofah::ScrubBehavior for additional methods.
     #
     class DocumentFragment < Nokogiri::XML::DocumentFragment
-      include Loofah::InstanceMethods
+      include Loofah::ScrubBehavior::Node
 
       class << self
         #
@@ -18,13 +18,6 @@ module Loofah
           self.new(Loofah::XML::Document.new, tags)
         end
       end
-
-      private
-
-      def sanitize_roots # :nodoc:
-        self
-      end
-
     end
   end
 end

data/test/html5/test_sanitizer.rb

@@ -28,7 +28,7 @@ class Html5TestSanitizer < Test::Unit::TestCase
     assert((htmloutput == sane) || (rexmloutput == sane) || (xhtmloutput == sane), input)
   end
 
-  HTML5::WhiteList::ALLOWED_ELEMENTS.each do |tag_name|
+  (HTML5::WhiteList::ALLOWED_ELEMENTS).each do |tag_name|
     define_method "test_should_allow_#{tag_name}_tag" do
       input       = "<#{tag_name} title='1'>foo <bad>bar</bad> baz</#{tag_name}>"
       htmloutput  = "<#{tag_name.downcase} title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</#{tag_name.downcase}>"

data/test/test_ad_hoc.rb

@@ -52,6 +52,60 @@ class TestAdHoc < Test::Unit::TestCase
     assert_equal "Abe Vigoda", employees.first.inner_text
   end
 
+  def test_html_fragment_to_s_should_not_include_head_tags
+    html = Loofah.fragment "<style>foo</style><div>bar</div>"
+    assert_equal "<div>bar</div>", html.to_s
+  end
+
+  def test_html_fragment_text_should_not_include_head_tags
+    html = Loofah.fragment "<style>foo</style><div>bar</div>"
+    assert_equal "bar", html.text
+  end
+
+  def test_html_document_text_should_not_include_head_tags
+    html = Loofah.document "<style>foo</style><div>bar</div>"
+    assert_equal "bar", html.text
+  end
+
+  def test_node_scrub_should_only_scrub_subtree
+    xml = Loofah.document <<-EOHTML
+    <html><body>
+      <div class='scrub'>
+        <script>I should be removed</script>
+      </div>
+      <div class='noscrub'>
+        <script>I should remain</script>
+      </div>
+    </body></html>
+    EOHTML
+    node = xml.at_css "div.scrub"
+    node.scrub!(:prune)
+    assert_contains         xml.to_s, /I should remain/
+    assert_does_not_contain xml.to_s, /I should be removed/
+  end
+
+  def test_nodeset_scrub_should_only_scrub_subtrees
+    xml = Loofah.document <<-EOHTML
+    <html><body>
+      <div class='scrub'>
+        <script>I should be removed</script>
+      </div>
+      <div class='noscrub'>
+        <script>I should remain</script>
+      </div>
+      <div class='scrub'>
+        <script>I should also be removed</script>
+      </div>
+    </body></html>
+    EOHTML
+    node_set = xml.css "div.scrub"
+    assert_equal 2, node_set.length
+    node_set.scrub!(:prune)
+    assert_contains         xml.to_s, /I should remain/
+    assert_does_not_contain xml.to_s, /I should be removed/
+    assert_does_not_contain xml.to_s, /I should also be removed/
+  end
+
   def test_removal_of_illegal_tag
     html = <<-HTML
       following this there should be no jim tag

data/test/test_api.rb

@@ -68,6 +68,37 @@ class TestApi < Test::Unit::TestCase
     assert_xml_fragmentish doc
   end
 
+  def test_loofah_html_document_node_scrub!
+    doc = Loofah.document(HTML)
+    assert(node = doc.at_css("div"))
+    node.scrub!(:strip)
+  end
+
+  def test_loofah_html_fragment_node_scrub!
+    doc = Loofah.fragment(HTML)
+    assert(node = doc.at_css("div"))
+    node.scrub!(:strip)
+  end
+
+  def test_loofah_xml_document_node_scrub!
+    doc = Loofah.document(XML)
+    assert(node = doc.at_css("div"))
+    node.scrub!(:strip)
+  end
+
+  def test_loofah_xml_fragment_node_scrub!
+    doc = Loofah.fragment(XML)
+    assert(node = doc.at_css("div"))
+    node.scrub!(:strip)
+  end
+
+  def test_loofah_nodeset_scrub!
+    doc = Loofah.document(HTML)
+    assert(node_set = doc.css("div"))
+    assert_instance_of Nokogiri::XML::NodeSet, node_set
+    node_set.scrub!(:strip)
+  end
+
   private
 
   def assert_html_documentish(doc)

data/test/test_scrubber.rb

@@ -6,8 +6,8 @@ class TestScrubber < Test::Unit::TestCase
   FRAGMENT_NODE_COUNT         = 4 # span, text, span, text
   FRAGMENT_NODE_STOP_TOP_DOWN = 2 # span, span
   DOCUMENT = "<html><head><link></link></head><body><span>hello</span><span>goodbye</span></body></html>"
-  DOCUMENT_NODE_COUNT         = 5 # span, text, span, text
-  DOCUMENT_NODE_STOP_TOP_DOWN = 3 # link, span, span
+  DOCUMENT_NODE_COUNT         = 8 # html, head, link, body, span, text, span, text
+  DOCUMENT_NODE_STOP_TOP_DOWN = 1 # html
 
   context "receiving a block" do
     setup do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: loofah
 version: !ruby/object:Gem::Version 
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors: 
 - Mike Dalessio
@@ -31,7 +31,7 @@ cert_chain:
   FlqnTjy13J3nD30uxy9a1g==
   -----END CERTIFICATE-----
 
-date: 2009-11-23 00:00:00 -05:00
+date: 2010-01-23 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency