mdalessio-dryopteris 0.1.0 → 0.1.1

data/README.markdown

@@ -51,6 +51,19 @@ The returned string will contain exactly one (1) well-formed HTML document, with
 
 Coolness: <tt>dangerous\_html\_document</tt> can be a string OR an IO object (a file, or a socket, or ...). Which makes it particularly easy to sanitize large numbers of docs.
 
+### Whitewashing HTML
+
+Other times, you may want to allow a user to submit HTML, and remove all styling, attributes and invalid HTML tags. I like to call this "whitewashing", since it's putting a new layer of paint on top of the user's HTML input to make it look nice.
+
+One use case for this feature is to clean up HTML that was cut-and-pasted from Microsoft(tm) Word into a WYSIWYG editor/textarea. Microsoft's editor is famous for injecting all kinds of cruft into its HTML output. Who needs that? Certainly not me.
+
+    whitewashed_html = Dryopteris.whitewash(ugly_microsoft_html_snippet)
+
+Please note that whitewashing implicitly also sanitizes your HTML, as it uses the same HTML tag whitelist as <tt>sanitize()</tt>. It's implementation is:
+
+ 1. unless the tag is on the whitelist, remove it from the document
+ 2. if the tag has an XML namespace on it, remove it from the document
+ 2. remove all attributes from the node
 
 Standing on the Shoulders of Giants
 -----

data/lib/dryopteris/sanitize.rb

@@ -18,6 +18,19 @@ module Dryopteris
       body_element.inner_text
     end
     
+    def whitewash(string_or_io, encoding=nil)
+      return nil if string_or_io.nil?
+      return "" if string_or_io.strip.size == 0
+
+      doc = Nokogiri::HTML.parse(string_or_io, nil, encoding)
+      body = doc.xpath("/html/body").first
+      return "" if body.nil?
+      body.children.each do |node|
+        traverse_conditionally_top_down(node, :whitewash_node)
+      end
+      body.children.map { |x| x.to_xml }.join
+    end
+
     def sanitize(string, encoding=nil)
       return nil if string.nil?
       return "" if string.strip.size == 0
@@ -46,6 +59,7 @@ module Dryopteris
     end
 
     private
+
     def traverse_conditionally_top_down(node, method_name)
       return if send(method_name, node)
       node.children.each {|j| traverse_conditionally_top_down(j, method_name)}
@@ -91,6 +105,32 @@ module Dryopteris
     end
 
 
+    def whitewash_node(node)
+      case node.type
+      when 1 # Nokogiri::XML::Node::ELEMENT_NODE
+        if HashedWhiteList::ALLOWED_ELEMENTS[node.name]
+          node.attributes.each { |attr| node.remove_attribute(attr.first) }
+          has_no_namespaces = true
+          begin
+            has_no_namespaces = node.namespaces.empty?
+          rescue
+            # older versions of nokogiri raise an exception when there
+            # is a namespace on the node that is not declared with an href.
+            # see http://github.com/tenderlove/nokogiri/commit/395d7971304e1489e92c494b9c50609f4b4c4ab0
+            has_no_namespaces = false
+          end
+          return false if has_no_namespaces
+        end
+      when 3 # Nokogiri::XML::Node::TEXT_NODE
+        return false
+      when 4 # Nokogiri::XML::Node::CDATA_SECTION_NODE
+        return false
+      end
+      node.remove
+      return true
+    end
+
+
     #  this liftend nearly verbatim from html5
     def sanitize_css(style)
       # disallow urls

data/test/test_basic.rb

@@ -62,5 +62,85 @@ class TestBasic < Test::Unit::TestCase
   def test_fragment_in_p_tag_plus_stuff
     assert_equal "<p>This fragment is in a p.</p>foo<strong>bar</strong>", Dryopteris.sanitize("<p>This fragment is in a p.</p>foo<strong>bar</strong>")
   end
+
+  def test_fragment_with_text_nodes_leading_and_trailing
+    assert_equal "text<p>fragment</p>text", Dryopteris.sanitize("text<p>fragment</p>text")
+  end
   
+  def test_fragment_with_body_tags
+    # ignore second open body tag, use first close body tag, ignore everything after that
+    assert_equal "textfragment", Dryopteris.sanitize("text<body>fragment</body>text")
+  end
+
+  def test_whitewash_on_microsofty_markup
+    html = <<-EOHTML
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CNICOLE%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml>
+<w:WordDocument>
+ <w:View>Normal</w:View>
+ <w:Zoom>0</w:Zoom>
+ <w:PunctuationKerning/>
+ <w:ValidateAgainstSchemas/>
+ <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+ <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+ <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+ <w:Compatibility>
+  <w:BreakWrappedTables/>
+  <w:SnapToGridInCell/>
+  <w:WrapTextWithPunct/>
+  <w:UseAsianBreakRules/>
+  <w:DontGrowAutofit/>
+ </w:Compatibility>
+ <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+</w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
+</w:LatentStyles>
+</xml><![endif]--><style>
+<!--
+/* Style Definitions */
+p.MsoNormal, li.MsoNormal, div.MsoNormal
+{mso-style-parent:"";
+margin:0in;
+margin-bottom:.0001pt;
+mso-pagination:widow-orphan;
+font-size:12.0pt;
+font-family:"Times New Roman";
+mso-fareast-font-family:"Times New Roman";}
+@page Section1
+{size:8.5in 11.0in;
+margin:1.0in 1.25in 1.0in 1.25in;
+mso-header-margin:.5in;
+mso-footer-margin:.5in;
+mso-paper-source:0;}
+div.Section1
+{page:Section1;}
+-->
+</style><!--[if gte mso 10]>
+<style>
+/* Style Definitions */
+table.MsoNormalTable
+{mso-style-name:"Table Normal";
+mso-tstyle-rowband-size:0;
+mso-tstyle-colband-size:0;
+mso-style-noshow:yes;
+mso-style-parent:"";
+mso-padding-alt:0in 5.4pt 0in 5.4pt;
+mso-para-margin:0in;
+mso-para-margin-bottom:.0001pt;
+mso-pagination:widow-orphan;
+font-size:10.0pt;
+font-family:"Times New Roman";
+mso-ansi-language:#0400;
+mso-fareast-language:#0400;
+mso-bidi-language:#0400;}
+</style>
+<![endif]-->
+
+<p class="MsoNormal">Foo <b style="">BOLD<o:p></o:p></b></p>
+    EOHTML
+
+    whitewashed = Dryopteris.whitewash(html)
+    assert_equal "<p>Foo <b>BOLD</b></p>", whitewashed
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: mdalessio-dryopteris
 version: !ruby/object:Gem::Version 
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors: 
 - Bryan Helmkamp
@@ -15,6 +15,7 @@ default_executable:
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: nokogiri
+  type: :runtime
   version_requirement: 
   version_requirements: !ruby/object:Gem::Requirement 
     requirements: