phlex 1.0.0.rc1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d4cbcb774d4dca95d1cb9740c0a002fd394c6887dec1e1cabe543c87f94308b
-  data.tar.gz: 1df41572816aefd255defc3ceace6e4c5eaeb5f462d26e2605fc751a4ea3d3d0
+  metadata.gz: e074c926f013d613e2523b41c8dd604758d087c64d377b50a343c651b0164c0d
+  data.tar.gz: 56019e811dff06ef053adfeb20160fe29c247ee2e2f37848eba1580d240c41fd
 SHA512:
-  metadata.gz: 589006a44bc566ce1e1dfc90f1e05e9b3f6c7871c9686ba3670fd36b68b1318449b05cc2268c865b89779126092065a7d69cde793d753ea8d7dcaf268d8e1e9e
-  data.tar.gz: c7a960b66cd78bb9605cb37408bc6a044167ec912a249b40e46e58dd07e398e5a122737a28246e3eac2945a65156b72e57fb35096069719be3c4faa72b007ef7
+  metadata.gz: 24489ae7f67415aa23ce258d6a121fe37418ce32e543888410b730821feeafd5fda6f164dd6f390f9dd4a0ec7a8a92ae5c50deb53376f95f987203ad4da2acf2
+  data.tar.gz: 1ddfa0b6dff09c597cec5f77f521faf89344981e4f3ddd3237722d94cb4d4faeec0d385a7ef4a0a18acec770d7f22811ac489ae94dfdfc3fc92fbf1cbb676f20

data/.rubocop.yml

@@ -24,3 +24,7 @@ Style/MethodCallWithoutArgsParentheses:
 
 Style/MixinUsage:
   Enabled: false
+
+Style/AccessModifierDeclarations:
+  Enabled: true
+  EnforcedStyle: inline

data/Gemfile

@@ -10,6 +10,7 @@ gem "sus"
 gem "syntax_suggest"
 gem "zeitwerk"
 gem "benchmark-ips"
+gem "erb"
 
 group :test do
 	gem "i18n"

data/SECURITY.md

@@ -1,5 +1,13 @@
 # Security Policy
 
-## Reporting a Vulnerability
+## Reporting a vulnerability
 
-If you found a possible security vulnerability in Phlex, please email security@phlex.fun.
+If you find a possible security vulnerability, please email security@phlex.fun. Do not create an issue or pull request either demonstrating or fixing the vulnerability.
+
+## Bug bounty
+
+[The Gem Foundation](https://ryanbigg.com/2022/11/the-gem-foundation) has kindly sponsored a $1 bug bounty to discover security vulnerabilities in Phlex.
+
+## Sponsoring a bug bounty
+
+If you wish to sponsor a bug bounty for Phlex, please get in touch with Joel at joel@drapper.me.

data/lib/phlex/collection.rb

@@ -17,9 +17,7 @@ module Phlex
 			@item ? item_template : collection_template { yield_items }
 		end
 
-		private
-
-		def yield_items
+		private def yield_items
 			if @item
 				raise ArgumentError, "You can only yield_items when rendering a collection. You are currently rendering an item."
 			end

data/lib/phlex/configuration.rb

@@ -2,6 +2,12 @@
 
 module Phlex
 	class Configuration
-		# Config coming soon.
+		attr_writer :experimental_warnings
+
+		def experimental_warnings
+			return @experimental_warnings if defined? @experimental_warnings
+
+			true
+		end
 	end
 end

data/lib/phlex/experimental.rb

@@ -3,7 +3,10 @@
 module Phlex
 	module Experimental
 		def before_template
-			puts "Warning: #{self.class.name} is experimental and subject to change."
+			if Phlex.configuration.experimental_warnings
+				puts "Warning: #{self.class.name} is experimental and subject to change."
+			end
+
 			super
 		end
 	end

data/lib/phlex/helpers.rb

@@ -5,30 +5,41 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.0")
 end
 
 module Phlex::Helpers
-	private
-
-	def tokens(*tokens, **conditional_tokens)
+	private def tokens(*tokens, **conditional_tokens)
 		conditional_tokens.each do |condition, token|
-			case condition
-			when Symbol then next unless send(condition)
-			when Proc then next unless condition.call
-			else raise ArgumentError,
-				"The class condition must be a Symbol or a Proc."
+			truthy = case condition
+				when Symbol then send(condition)
+				when Proc then condition.call
+				else raise ArgumentError, "The class condition must be a Symbol or a Proc."
 			end
 
-			case token
-			when Symbol then tokens << token.name
+			if truthy
+				case token
+					when Hash then _append_token(tokens, token[:then])
+					else _append_token(tokens, token)
+				end
+			else
+				case token
+					when Hash then _append_token(tokens, token[:else])
+				end
+			end
+		end
+
+		tokens.join(" ")
+	end
+
+	private def _append_token(tokens, token)
+		case token
+			when nil then nil
 			when String then tokens << token
+			when Symbol then tokens << token.name
 			when Array then tokens.concat(token)
 			else raise ArgumentError,
 				"Conditional classes must be Symbols, Strings, or Arrays of Symbols or Strings."
-			end
 		end
-
-		tokens.compact.join(" ")
 	end
 
-	def classes(*tokens, **conditional_tokens)
+	private def classes(*tokens, **conditional_tokens)
 		tokens = self.tokens(*tokens, **conditional_tokens)
 
 		if tokens.empty?
@@ -38,7 +49,7 @@ module Phlex::Helpers
 		end
 	end
 
-	def mix(*args)
+	private def mix(*args)
 		args.each_with_object({}) do |object, result|
 			result.merge!(object) do |_key, old, new|
 				case new

data/lib/phlex/html.rb

@@ -136,14 +136,23 @@ module Phlex
 		def call(buffer = +"", view_context: nil, parent: nil, &block)
 			return buffer unless render?
 
-			raise "The same view instance shouldn't be rendered twice" if rendered?
-
-			@_rendered = true
 			@_target = buffer
 			@_view_context = view_context
 			@_parent = parent
 
-			around_template { template { yield_content(&block) } }
+			around_template do
+				if block_given?
+					template do |*args|
+						if args.length > 0
+							yield_content_with_args(*args, &block)
+						else
+							yield_content(&block)
+						end
+					end
+				else
+					template
+				end
+			end
 
 			self.class.rendered_at_least_once ||= true
 
@@ -151,10 +160,13 @@ module Phlex
 		end
 
 		def render(renderable, *args, **kwargs, &block)
-			if renderable.is_a?(Phlex::HTML)
+			case renderable
+			when Phlex::HTML
 				renderable.call(@_target, view_context: @_view_context, parent: self, &block)
-			elsif renderable.is_a?(Class) && renderable < Phlex::HTML
-				raise ArgumentError, "You tried to render the Phlex view class: #{renderable.name} but you probably meant to render an instance of that class instead."
+			when Class
+				if renderable < Phlex::HTML
+					renderable.new.call(@_target, view_context: @_view_context, parent: self, &block)
+				end
 			else
 				raise ArgumentError, "You can't render a #{renderable}."
 			end
@@ -166,14 +178,6 @@ module Phlex
 			:html
 		end
 
-		def rendered?
-			@_rendered ||= false
-		end
-
-		def render?
-			true
-		end
-
 		STANDARD_ELEMENTS.each do |method_name, tag|
 			register_element(method_name, tag: tag)
 		end
@@ -183,14 +187,14 @@ module Phlex
 		end
 
 		def text(content)
-			case content
-			when String
-				@_target << CGI.escape_html(content)
-			when Symbol
-				@_target << CGI.escape_html(content.name)
-			when Integer, Float
-				@_target << CGI.escape_html(content.to_s)
-			end
+			@_target << ERB::Util.html_escape(
+				case content
+					when String then content
+					when Symbol then content.name
+					when Integer, Float then content.to_s
+					else format_object(content) || content.to_s
+				end
+			)
 
 			nil
 		end
@@ -238,23 +242,30 @@ module Phlex
 			new_buffer
 		end
 
-		private
+		# Default render predicate can be overridden to prevent rendering
+		private def render?
+			true
+		end
+
+		private def format_object(oject)
+			nil
+		end
 
-		def around_template
+		private def around_template
 			before_template
 			yield
 			after_template
 		end
 
-		def before_template
+		private def before_template
 			nil
 		end
 
-		def after_template
+		private def after_template
 			nil
 		end
 
-		def yield_content(&block)
+		private def yield_content(&block)
 			return unless block_given?
 
 			original_length = @_target.length
@@ -264,18 +275,47 @@ module Phlex
 			if unchanged
 				case content
 				when String
-					@_target << CGI.escape_html(content)
+					@_target << ERB::Util.html_escape(content)
 				when Symbol
-					@_target << CGI.escape_html(content.name)
+					@_target << ERB::Util.html_escape(content.name)
 				when Integer, Float
-					@_target << CGI.escape_html(content.to_s)
+					@_target << ERB::Util.html_escape(content.to_s)
+				else
+					if (formatted_object = format_object(content))
+						@_target << ERB::Util.html_escape(formatted_object)
+					end
+				end
+			end
+
+			nil
+		end
+
+		private def yield_content_with_args(*args, &block)
+			return unless block_given?
+
+			original_length = @_target.length
+			content = yield(*args)
+			unchanged = (original_length == @_target.length)
+
+			if unchanged
+				case content
+				when String
+					@_target << ERB::Util.html_escape(content)
+				when Symbol
+					@_target << ERB::Util.html_escape(content.name)
+				when Integer, Float
+					@_target << ERB::Util.html_escape(content.to_s)
+				else
+					if (formatted_object = format_object(content))
+						@_target << ERB::Util.html_escape(formatted_object)
+					end
 				end
 			end
 
 			nil
 		end
 
-		def _attributes(**attributes)
+		private def _attributes(**attributes)
 			if attributes[:href]&.start_with?(/\s*javascript/)
 				attributes[:href] = attributes[:href].sub(/^\s*(javascript:)+/, "")
 			end
@@ -290,7 +330,7 @@ module Phlex
 			buffer
 		end
 
-		def _build_attributes(attributes, buffer:)
+		private def _build_attributes(attributes, buffer:)
 			attributes.each do |k, v|
 				next unless v
 
@@ -309,13 +349,13 @@ module Phlex
 				when true
 					buffer << " " << name
 				when String
-					buffer << " " << name << '="' << CGI.escape_html(v) << '"'
+					buffer << " " << name << '="' << ERB::Util.html_escape(v) << '"'
 				when Symbol
-					buffer << " " << name << '="' << CGI.escape_html(v.name) << '"'
+					buffer << " " << name << '="' << ERB::Util.html_escape(v.name) << '"'
 				when Hash
 					_build_attributes(v.transform_keys { "#{k}-#{_1.name.tr('_', '-')}" }, buffer: buffer)
 				else
-					buffer << " " << name << '="' << CGI.escape_html(v.to_s) << '"'
+					buffer << " " << name << '="' << ERB::Util.html_escape(v.to_s) << '"'
 				end
 			end
 

data/lib/phlex/table.rb

@@ -50,13 +50,11 @@ module Phlex
 			child.alias_method :foot_cell, :cell
 		end
 
-		private
-
-		def properties
+		private def properties
 			self.class.properties
 		end
 
-		def collection_template(&block)
+		private def collection_template(&block)
 			table do
 				head_template
 				body_template(&block)
@@ -64,11 +62,11 @@ module Phlex
 			end
 		end
 
-		def item_template
+		private def item_template
 			row_template
 		end
 
-		def head_template
+		private def head_template
 			if self.class.properties.any? { |p| p[:header] }
 				head do
 					head_row do
@@ -85,14 +83,14 @@ module Phlex
 			end
 		end
 
-		def body_template
+		private def body_template
 			body { yield_items }
 		end
 
-		def foot_template
+		private def foot_template
 		end
 
-		def row_template
+		private def row_template
 			body_row do
 				self.class.properties.each do |property|
 					body_cell(**property[:attributes]) do

data/lib/phlex/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Phlex
-	VERSION = "1.0.0.rc1"
+	VERSION = "1.0.0"
 end

data/lib/phlex.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "cgi"
+require "erb"
 require "zeitwerk"
 
 module Phlex

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: phlex
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc1
+  version: 1.0.0
 platform: ruby
 authors:
 - Joel Drapper
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-11-25 00:00:00.000000000 Z
+date: 2022-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: zeitwerk
@@ -81,9 +81,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.3.25
 signing_key: