lotus-helpers 0.0.0 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c456e9b7dddb756479d01c3884c5b05a7f110cad
4
- data.tar.gz: 7c9135f6175e001b453b322537b963d6cd4b5c79
3
+ metadata.gz: 97a8fa23a2691afc98472ad1155025367148d2ca
4
+ data.tar.gz: 731d5dca8b9da7d4177ca6e8f51c260e88055f53
5
5
  SHA512:
6
- metadata.gz: a70509dbdb1a17017afe2ba74be5e37408a9cc243bd7593f502f2ddc4e13f73add4502fb2cc86e41a639d65a1ab8f3db154d9536df8d79678e5aa87b60ced121
7
- data.tar.gz: f67132c0dbeb0f476998deac8d4b567a1985ae5e3ae0a0bbf4c047957265343b4b5da7f8c55d73e9f8bddd2dd4755fbb96b27aca9d7a463757702a40d8a0b276
6
+ metadata.gz: 7298684737de0d27f28beaf7d1ba969ee37f0cc7de543c0e81d6063d2b915bf39a12e1794ad7d479956ba6c8854d49b439b4c4cab614ae1e1f959de5fca11c61
7
+ data.tar.gz: 142c218a581680c85c7d6f207988d787436d85467fdacfd9a0a7d54a29c74d3adb77960fabb5a1f0a18d030f25f26e4bbe2058dda57b184276a89877fc5dca48
File without changes
data/README.md CHANGED
@@ -1,29 +1,221 @@
1
1
  # Lotus::Helpers
2
2
 
3
- TODO: Write a gem description
3
+ View helpers for Ruby applications
4
+
5
+ ## Status
6
+
7
+ [![Gem Version](http://img.shields.io/gem/v/lotus-helpers.svg)](https://badge.fury.io/rb/lotus-helpers)
8
+ [![Build Status](http://img.shields.io/travis/lotus/helpers/master.svg)](https://travis-ci.org/lotus/helpers?branch=master)
9
+ [![Coverage](http://img.shields.io/coveralls/lotus/helpers/master.svg)](https://coveralls.io/r/lotus/helpers)
10
+ [![Code Climate](http://img.shields.io/codeclimate/github/lotus/helpers.svg)](https://codeclimate.com/github/lotus/helpers)
11
+ [![Dependencies](http://img.shields.io/gemnasium/lotus/helpers.svg)](https://gemnasium.com/lotus/helpers)
12
+ [![Inline Docs](http://inch-ci.org/github/lotus/helpers.svg)](http://inch-ci.org/github/lotus/helpers)
13
+
14
+ ## Contact
15
+
16
+ * Home page: http://lotusrb.org
17
+ * Mailing List: http://lotusrb.org/mailing-list
18
+ * API Doc: http://rdoc.info/gems/lotus-helpers
19
+ * Bugs/Issues: https://github.com/lotus/helpers/issues
20
+ * Support: http://stackoverflow.com/questions/tagged/lotus-ruby
21
+ * Chat: https://gitter.im/lotus/chat
22
+
23
+ ## Rubies
24
+
25
+ __Lotus::Helpers__ supports Ruby (MRI) 2+ and JRuby 1.7 (with 2.0 mode).
4
26
 
5
27
  ## Installation
6
28
 
7
29
  Add this line to your application's Gemfile:
8
30
 
9
- gem 'lotus-helpers'
31
+ ```ruby
32
+ gem 'lotus-helpers'
33
+ ```
10
34
 
11
35
  And then execute:
12
36
 
13
- $ bundle
37
+ ```shell
38
+ $ bundle
39
+ ```
14
40
 
15
41
  Or install it yourself as:
16
42
 
17
- $ gem install lotus-helpers
43
+ ```shell
44
+ $ gem install lotus-helpers
45
+ ```
18
46
 
19
47
  ## Usage
20
48
 
21
- TODO: Write usage instructions here
49
+ `Lotus::Helpers` offers a set of utilities to enrich web views.
50
+
51
+ ### HTML helper
52
+
53
+ HTML5 markup generator (`#html`).
54
+
55
+ View:
56
+
57
+ ```ruby
58
+ module Users
59
+ class Show
60
+ include Lotus::Helpers
61
+
62
+ def sidebar
63
+ html.aside(id: 'sidebar') do
64
+ p "Languages", class: 'title'
65
+
66
+ ul do
67
+ li "Italian"
68
+ li "English"
69
+ end
70
+ end
71
+ end
72
+ end
73
+ end
74
+ ```
75
+
76
+ Template:
77
+
78
+ ```erb
79
+ <%= sidebar %>
80
+ ```
81
+
82
+ Output:
83
+
84
+ ```html
85
+ <aside id="sidebar">
86
+ <p class="title">Languages</p>
87
+
88
+ <ul>
89
+ <li>Italian</li>
90
+ <li>English</li>
91
+ </ul>
92
+ </aside>
93
+ ```
94
+
95
+ ### Escape helper
96
+
97
+ HTML (`#h`), HTML attribute (`#ha`) and URL (`#hu`) escape helpers.
98
+
99
+ View:
100
+
101
+ ```ruby
102
+ module Users
103
+ class Show
104
+ include Lotus::Helpers
105
+
106
+ def home_page_link
107
+ %(<a href="#{ hu(user.home_page_url) }" title="#{ ha(user.name} }'s website">#{ h(user.website_name) }</a>)
108
+ end
109
+
110
+ def code_snippet
111
+ raw user.code_snippet
112
+ end
113
+ end
114
+ end
115
+ ```
116
+
117
+ Template:
118
+
119
+ ```erb
120
+ <%= home_page_link %>
121
+ <%= code_snippet %>
122
+ ```
123
+
124
+ Output:
125
+
126
+ ```html
127
+ <a href="https://example.org" title="Maria's website">My Blog</a>
128
+ <code>puts "Hello, World!"</code>
129
+ ```
130
+
131
+ ### Routing helper
132
+
133
+ Lotus and Lotus::Router integration (`#routes`).
134
+
135
+ View:
136
+
137
+ ```ruby
138
+ module Home
139
+ class Index
140
+ include Lotus::Helpers
141
+
142
+ def link_to_home
143
+ %(<a href="#{ routes.home_path }">Home</a>)
144
+ end
145
+ end
146
+ end
147
+ ```
148
+
149
+ Template:
150
+
151
+ ```erb
152
+ <%= link_to_home %>
153
+ ```
154
+
155
+ Output:
156
+
157
+ ```html
158
+ <a href="/">Home</a>
159
+ ```
160
+
161
+ ## Philosophy
162
+
163
+ All the Lotus helpers are modules to include.
164
+
165
+ Most of the time they inject **private** methods.
166
+ This restriction prevents helper methods to be used on the outside (eg. in a template).
167
+
168
+ We want to encourage developers to use **meaningful** and **simple APIs** in their templates.
169
+
170
+ ### Bad style example
171
+
172
+ ```ruby
173
+ module Users
174
+ class Show
175
+ include Lotus::Helpers
176
+ end
177
+ end
178
+ ```
179
+
180
+ ```erb
181
+ <%= format_number user.followers_count %>
182
+ ```
183
+
184
+ This style increases the complexity of the template and it makes testing hard.
185
+
186
+ ### Good style example
187
+
188
+ ```ruby
189
+ module Users
190
+ class Show
191
+ include Lotus::Helpers
192
+
193
+ def followers_count
194
+ format_number user.followers_count
195
+ end
196
+ end
197
+ end
198
+ ```
199
+
200
+ ```erb
201
+ <%= followers_count %>
202
+ ```
203
+
204
+ This simplifies the markup.
205
+ In order to test the value that will be printed becomes easier: `Users::Show#followers_count`.
206
+
207
+ ## Versioning
208
+
209
+ __Lotus::Helpers__ uses [Semantic Versioning 2.0.0](http://semver.org)
22
210
 
23
211
  ## Contributing
24
212
 
25
- 1. Fork it ( https://github.com/[my-github-username]/lotus-helpers/fork )
213
+ 1. Fork it ( https://github.com/lotus/helpers/fork )
26
214
  2. Create your feature branch (`git checkout -b my-new-feature`)
27
215
  3. Commit your changes (`git commit -am 'Add some feature'`)
28
216
  4. Push to the branch (`git push origin my-new-feature`)
29
217
  5. Create a new Pull Request
218
+
219
+ ## Copyright
220
+
221
+ Copyright © 2014-2015 Luca Guidi – Released under MIT License
@@ -1,7 +1,27 @@
1
- require "lotus/helpers/version"
1
+ require 'lotus/helpers/version'
2
+ require 'lotus/helpers/html_helper'
3
+ require 'lotus/helpers/escape_helper'
4
+ require 'lotus/helpers/routing_helper'
2
5
 
3
6
  module Lotus
7
+ # View helpers for Ruby applications
8
+ #
9
+ # @since 0.1.0
4
10
  module Helpers
5
- # Your code goes here...
11
+ # Override for Module.included
12
+ #
13
+ # It injects all the available helpers.
14
+ #
15
+ # @since 0.1.0
16
+ # @api private
17
+ #
18
+ # @see http://www.ruby-doc.org/core/Module.html#method-i-included
19
+ def self.included(base)
20
+ base.class_eval do
21
+ include Lotus::Helpers::HtmlHelper
22
+ include Lotus::Helpers::EscapeHelper
23
+ include Lotus::Helpers::RoutingHelper
24
+ end
25
+ end
6
26
  end
7
27
  end
@@ -0,0 +1,271 @@
1
+ require 'lotus/utils/escape'
2
+
3
+ module Lotus
4
+ module Helpers
5
+ # Escape helpers
6
+ #
7
+ # You can include this module inside your view and
8
+ # the view will have access all methods.
9
+ #
10
+ # By including <tt>Lotus::Helpers::EscapeHelper</tt> it will inject private
11
+ # methods as markup escape utilities.
12
+ #
13
+ # @since 0.1.0
14
+ module EscapeHelper
15
+ private
16
+ # Escape the given HTML tag content.
17
+ #
18
+ # This should be used only for untrusted contents: user input.
19
+ #
20
+ # This should be used only for tag contents.
21
+ # To escape tag attributes please use <tt>Lotus::Helpers::EscapeHelper#escape_html_attribute</tt>.
22
+ #
23
+ # @param input [String] the input
24
+ #
25
+ # @return [String] the escaped string
26
+ #
27
+ # @since 0.1.0
28
+ #
29
+ # @see Lotus::Helpers::EscapeHelper#escape_html_attribute
30
+ #
31
+ # @example Basic usage
32
+ # require 'lotus/helpers/escape_helper'
33
+ #
34
+ # class MyView
35
+ # include Lotus::Helpers::EscapeHelper
36
+ #
37
+ # def good_content
38
+ # h "hello"
39
+ # end
40
+ #
41
+ # def evil_content
42
+ # h "<script>alert('xss')</script>"
43
+ # end
44
+ # end
45
+ #
46
+ # view = MyView.new
47
+ #
48
+ # view.good_content
49
+ # # => "hello"
50
+ #
51
+ # view.evil_content
52
+ # # => "&lt;script&gt;alert(&apos;xss&apos;)&lt;&#x2F;script&gt;"
53
+ #
54
+ # @example With HTML builder
55
+ # #
56
+ # # CONTENTS ARE AUTOMATICALLY ESCAPED
57
+ # #
58
+ # require 'lotus/helpers'
59
+ #
60
+ # class MyView
61
+ # include Lotus::Helpers
62
+ #
63
+ # def evil_content
64
+ # html.div do
65
+ # "<script>alert('xss')</script>"
66
+ # end
67
+ # end
68
+ # end
69
+ #
70
+ # view = MyView.new
71
+ # view.evil_content
72
+ # # => "<div>\n&lt;script&gt;alert(&apos;xss&apos;)&lt;&#x2F;script&gt;</div>"
73
+ def escape_html(input)
74
+ Utils::Escape.html(input)
75
+ end
76
+
77
+ # @since 0.1.0
78
+ alias_method :h, :escape_html
79
+
80
+ # Escape the given HTML tag attribute.
81
+ #
82
+ # This MUST be used for escaping HTML tag attributes.
83
+ #
84
+ # This should be used only for untrusted contents: user input.
85
+ #
86
+ # This can also be used to escape tag contents, but it's slower.
87
+ # For this purpose use <tt>Lotus::Helpers::EscapeHelper#escape_html</tt>.
88
+ #
89
+ # @param input [String] the input
90
+ #
91
+ # @return [String] the escaped string
92
+ #
93
+ # @since 0.1.0
94
+ #
95
+ # @see Lotus::Helpers::EscapeHelper#escape_html
96
+ #
97
+ # @example Basic usage
98
+ # require 'lotus/helpers/escape_helper'
99
+ #
100
+ # class MyView
101
+ # include Lotus::Helpers::EscapeHelper
102
+ #
103
+ # def good_attribute
104
+ # attribute = "small"
105
+ #
106
+ # %(<span class="#{ ha(attribute) }">hello</span>
107
+ # end
108
+ #
109
+ # def evil_attribute
110
+ # attribute = %(" onclick="javascript:alert('xss')" id=")
111
+ #
112
+ # %(<span class="#{ ha(attribute) }">hello</span>
113
+ # end
114
+ # end
115
+ #
116
+ # view = MyView.new
117
+ #
118
+ # view.good_attribute
119
+ # # => %(<span class="small">hello</span>)
120
+ #
121
+ # view.evil_attribute
122
+ # # => %(<span class="&quot;&#x20;onclick&#x3d;&quot;javascript&#x3a;alert&#x28;&#x27;xss&#x27;&#x29;&quot;&#x20;id&#x3d;&quot;">hello</span>
123
+ #
124
+ # @example With HTML builder
125
+ # #
126
+ # # ATTRIBUTES AREN'T AUTOMATICALLY ESCAPED
127
+ # #
128
+ # require 'lotus/helpers'
129
+ #
130
+ # class MyView
131
+ # include Lotus::Helpers
132
+ #
133
+ # def evil_attribute
134
+ # user_input_attribute = %(" onclick="javascript:alert('xss')" id=")
135
+ #
136
+ # html.span id: 'greet', class: ha(user_input_attribute) do
137
+ # "hello"
138
+ # end
139
+ # end
140
+ # end
141
+ #
142
+ # view = MyView.new
143
+ # view.evil_attribute
144
+ # # => %(<span class="&quot;&#x20;onclick&#x3d;&quot;javascript&#x3a;alert&#x28;&#x27;xss&#x27;&#x29;&quot;&#x20;id&#x3d;&quot;">hello</span>
145
+ def escape_html_attribute(input)
146
+ Utils::Escape.html_attribute(input)
147
+ end
148
+
149
+ # @since 0.1.0
150
+ alias_method :ha, :escape_html_attribute
151
+
152
+ # Escape an URL to be used in HTML attributes
153
+ #
154
+ # This allows only URLs with whitelisted schemes to pass the filter.
155
+ # Everything else is stripped.
156
+ #
157
+ # Default schemes are:
158
+ #
159
+ # * http
160
+ # * https
161
+ # * mailto
162
+ #
163
+ # If you want to allow a different set of schemes, you should pass it as
164
+ # second argument.
165
+ #
166
+ # This should be used only for untrusted contents: user input.
167
+ #
168
+ # @param input [String] the input
169
+ # @param schemes [Array<String>] an optional array of whitelisted schemes
170
+ #
171
+ # @return [String] the escaped string
172
+ #
173
+ # @since 0.1.0
174
+ #
175
+ # @see Lotus::Utils::Escape.url
176
+ # @see Lotus::Utils::Escape::DEFAULT_URL_SCHEMES
177
+ #
178
+ # @example Basic usage
179
+ # require 'lotus/helpers/escape_helper'
180
+ #
181
+ # class MyView
182
+ # include Lotus::Helpers::EscapeHelper
183
+ #
184
+ # def good_url
185
+ # url = "http://lotusrb.org"
186
+ #
187
+ # %(<a href="#{ hu(url) }">Lotus</a>
188
+ # end
189
+ #
190
+ # def evil_url
191
+ # url = "javascript:alert('xss')"
192
+ #
193
+ # %(<a href="#{ hu(url) }">Evil</a>
194
+ # end
195
+ # end
196
+ #
197
+ # view = MyView.new
198
+ #
199
+ # view.good_url
200
+ # # => %(<a href="http://lotusrb.org">Lotus</a>)
201
+ #
202
+ # view.evil_url
203
+ # # => %(<a href="">Evil</a>)
204
+ #
205
+ # @example Custom schemes
206
+ # require 'lotus/helpers/escape_helper'
207
+ #
208
+ # class MyView
209
+ # include Lotus::Helpers::EscapeHelper
210
+ #
211
+ # def ftp_link
212
+ # schemes = ['ftp', 'ftps']
213
+ # url = 'ftps://ftp.example.org'
214
+ #
215
+ # %(<a href="#{ hu(url, schemes) }">FTP</a>
216
+ # end
217
+ # end
218
+ #
219
+ # view = MyView.new
220
+ #
221
+ # view.ftp_link
222
+ # # => %(<a href="ftps://ftp.example.org">FTP</a>)
223
+ def escape_url(input, schemes = Utils::Escape::DEFAULT_URL_SCHEMES)
224
+ Utils::Escape.url(input, schemes)
225
+ end
226
+
227
+ # @since 0.1.0
228
+ alias_method :hu, :escape_url
229
+
230
+ # Bypass escape.
231
+ #
232
+ # Please notice that this can be really dangerous.
233
+ # Use at your own peril.
234
+ #
235
+ # @param input [String] the input
236
+ #
237
+ # @return [Lotus::Utils::Escape::SafeString] the string marked as safe string
238
+ #
239
+ # @since 0.1.0
240
+ #
241
+ # @example
242
+ # require 'lotus/helpers/escape_helper'
243
+ #
244
+ # class MyView
245
+ # include Lotus::Helpers::EscapeHelper
246
+ #
247
+ # def good_content
248
+ # raw "<p>hello</p>"
249
+ # end
250
+ #
251
+ # def evil_content
252
+ # raw "<script>alert('xss')</script>"
253
+ # end
254
+ # end
255
+ #
256
+ # view = MyView.new
257
+ #
258
+ # view.good_content
259
+ # # => "<p>hello</p>"
260
+ #
261
+ # #
262
+ # # !!! WE HAVE OPENED OUR APPLICATION TO AN XSS ATTACK !!!
263
+ # #
264
+ # view.evil_content
265
+ # # => "<script>alert('xss')</script>"
266
+ def raw(input)
267
+ Utils::Escape::SafeString.new(input)
268
+ end
269
+ end
270
+ end
271
+ end