rails_autolink 1.0.5 → 1.0.6

data/CHANGELOG.rdoc

@@ -1,3 +1,7 @@
+=== 1.0.6 / 2012-03-12
+
+* Added sanitize_options arg
+
 === 1.0.5 / 2012-01-27
 
 * Update dependency to include rails 3.2.X

data/lib/rails_autolink.rb

@@ -1,5 +1,5 @@
 module RailsAutolink
-  VERSION = '1.0.5'
+  VERSION = '1.0.6'
 
   class Railtie < ::Rails::Railtie
     initializer 'rails_autolink' do |app|

data/lib/rails_autolink/helpers.rb

@@ -13,7 +13,8 @@ module RailsAutolink
         # <tt>:email_addresses</tt>, and <tt>:urls</tt>. If a block is given, each URL and
         # e-mail address is yielded and the result is used as the link text. By default the
         # text given is sanitized, you can override this behaviour setting the
-        # <tt>:sanitize</tt> option to false.
+        # <tt>:sanitize</tt> option to false, or you can add options to the sanitization of 
+        # the text using the <tt>:sanitize_options</tt> option hash.
         #
         # ==== Examples
         #   auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com")
@@ -55,8 +56,9 @@ module RailsAutolink
             options[:html] = args[1] || {}
           end
           options.reverse_merge!(:link => :all, :html => {})
-          sanitize = (options[:sanitize] != false)        
-          text = conditional_sanitize(text, sanitize).to_str
+          sanitize = (options[:sanitize] != false)
+          sanitize_options = options[:sanitize_options] || {}
+          text = conditional_sanitize(text, sanitize, sanitize_options).to_str
           case options[:link].to_sym
             when :all             then conditional_html_safe(auto_link_email_addresses(auto_link_urls(text, options[:html], options, &block), options[:html], &block), sanitize)
             when :email_addresses then conditional_html_safe(auto_link_email_addresses(text, options[:html], &block), sanitize)
@@ -137,8 +139,8 @@ module RailsAutolink
               (left.rindex(AUTO_LINK_CRE[2]) and $' !~ AUTO_LINK_CRE[3])
           end
 
-          def conditional_sanitize(target, condition)
-            condition ? sanitize(target) : target
+          def conditional_sanitize(target, condition, sanitize_options = {})
+            condition ? sanitize(target, sanitize_options) : target
           end
 
           def conditional_html_safe(target, condition)

data/test/test_loco.rb

@@ -0,0 +1,64 @@
+# encoding: utf-8
+
+require "minitest/autorun"
+require "rails"
+require "rails_autolink/helpers"
+require 'erb'
+require 'cgi'
+require 'active_support/core_ext/class/attribute_accessors'
+require 'action_pack'
+require 'action_view/helpers/capture_helper'
+require 'action_view/helpers/sanitize_helper'
+require 'action_view/helpers/url_helper'
+require 'action_view/helpers/tag_helper'
+require 'active_support/core_ext/module/attribute_accessors'
+require 'active_support/core_ext/string/encoding'
+require 'action_dispatch/testing/assertions'
+require 'action_view/helpers/text_helper'
+require 'action_view/helpers/output_safety_helper'
+
+class TestRailsAutolink < MiniTest::Unit::TestCase
+  include ActionView::Helpers::CaptureHelper
+  include ActionView::Helpers::TextHelper
+  include ActionView::Helpers::SanitizeHelper
+  include ActionView::Helpers::TagHelper
+  include ActionView::Helpers::UrlHelper
+  include ActionView::Helpers::OutputSafetyHelper
+  include ActionDispatch::Assertions::DomAssertions
+  
+  
+  def test_loco
+    t = "OOOOOOOOOOOOOOOOOOOOOOO     <h1>textile<a  href=\"http://ruby-lang.org\" class='asdasd' target='_blank' >Ruby</a>\n</h1> otro link: www.hola.com"
+    assert_equal "loco", auto_link(t, :link=> 'urls', :sanitize_options => {:attributes => ["target", "class"], :tags=>[]}, :html=> {:target => '_blank', :mememe=> 'MEM'})
+  end
+
+  private
+  def generate_result(link_text, href = nil, escape = false)
+    href ||= link_text
+    if escape
+      %{<a href="#{CGI::escapeHTML href}">#{CGI::escapeHTML link_text}</a>}
+    else
+      %{<a href="#{href}">#{link_text}</a>}
+    end
+  end
+
+  # from ruby core
+  def build_message(head, template=nil, *arguments)
+    template &&= template.chomp
+    template.gsub(/\?/) { mu_pp(arguments.shift) }
+  end
+
+  # Temporarily replaces KCODE for the block
+  def with_kcode(kcode)
+    if RUBY_VERSION < '1.9'
+      old_kcode, $KCODE = $KCODE, kcode
+      begin
+        yield
+      ensure
+        $KCODE = old_kcode
+      end
+    else
+      yield
+    end
+  end
+end

data/test/test_rails_autolink.rb

@@ -88,6 +88,21 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link("#{link_raw}#{malicious_script}")
     assert auto_link("#{link_raw}#{malicious_script}").html_safe?
   end
+  
+  def test_auto_link_should_sanitize_input_with_sanitize_options
+    link_raw     = %{http://www.rubyonrails.com?id=1&num=2}
+    malicious_script  = '<script>alert("malicious!")</script>'
+    text_with_attributes = %{<a href="http://ruby-lang-org" target="_blank" data-malicious="inject">Ruby</a>}
+    
+    text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a><a href="http://ruby-lang-org" target="_blank">Ruby</a>}
+    assert_equal text_result, auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
+                                        :sanitize_options => {:attributes => ["target", "href"]},
+                                        :html => {:class => 'big'})
+    
+    assert auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
+                     :sanitize_options => {:attributes => ["target", "href"]},
+                     :html => {:class => 'big'}).html_safe?
+  end
 
   def test_auto_link_should_not_sanitize_input_when_sanitize_option_is_false
     link_raw     = %{http://www.rubyonrails.com?id=1&num=2}
@@ -117,11 +132,13 @@ class TestRailsAutolink < MiniTest::Unit::TestCase
     linked3 = %('<a href="http://www.example.com" rel="nofollow">www.example.com</a>')
     linked4 = %('<a href="http://www.example.com"><b>www.example.com</b></a>')
     linked5 = %('<a href="#close">close</a> <a href="http://www.example.com"><b>www.example.com</b></a>')
+    linked6 = %('<a href="#close">close</a> <a href="http://www.example.com" target="_blank" data-ruby="ror"><b>www.example.com</b></a>')
     assert_equal linked1, auto_link(linked1)
     assert_equal linked2, auto_link(linked2)
     assert_equal linked3, auto_link(linked3, :sanitize => false)
     assert_equal linked4, auto_link(linked4)
     assert_equal linked5, auto_link(linked5)
+    assert_equal linked6, auto_link(linked6, :sanitize_options => {:attributes => ["href", "target", "data-ruby"]})
 
     linked_email = %Q(<a href="mailto:david@loudthinking.com">Mail me</a>)
     assert_equal linked_email, auto_link(linked_email)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_autolink
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.0.6
   prerelease: 
 platform: ruby
 authors:
@@ -11,11 +11,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-01-27 00:00:00.000000000Z
+date: 2012-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &2157959100 !ruby/object:Gem::Requirement
+  requirement: &2152957660 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -23,10 +23,10 @@ dependencies:
         version: '3.1'
   type: :runtime
   prerelease: false
-  version_requirements: *2157959100
+  version_requirements: *2152957660
 - !ruby/object:Gem::Dependency
   name: minitest
-  requirement: &2157958620 !ruby/object:Gem::Requirement
+  requirement: &2152956620 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -34,10 +34,10 @@ dependencies:
         version: '2.11'
   type: :development
   prerelease: false
-  version_requirements: *2157958620
+  version_requirements: *2152956620
 - !ruby/object:Gem::Dependency
   name: rdoc
-  requirement: &2157958080 !ruby/object:Gem::Requirement
+  requirement: &2152955520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -45,10 +45,10 @@ dependencies:
         version: '3.10'
   type: :development
   prerelease: false
-  version_requirements: *2157958080
+  version_requirements: *2152955520
 - !ruby/object:Gem::Dependency
   name: hoe
-  requirement: &2157957660 !ruby/object:Gem::Requirement
+  requirement: &2152954180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -56,7 +56,7 @@ dependencies:
         version: '2.13'
   type: :development
   prerelease: false
-  version_requirements: *2157957660
+  version_requirements: *2152954180
 description: ! 'This is an extraction of the `auto_link` method from rails.  The `auto_link`
 
   method was removed from Rails in version Rails 3.1.  This gem is meant to
@@ -82,6 +82,7 @@ files:
 - lib/rails_autolink.rb
 - lib/rails_autolink/helpers.rb
 - test/test_rails_autolink.rb
+- test/test_loco.rb
 - .gemtest
 homepage: http://github.com/tenderlove/rails_autolink
 licenses: []
@@ -105,9 +106,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: rails_autolink
-rubygems_version: 1.8.12
+rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
 summary: This is an extraction of the `auto_link` method from rails
 test_files:
+- test/test_loco.rb
 - test/test_rails_autolink.rb