rails_autolink 1.1.7 → 1.1.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8151243f8627232813288a4ec8e6e7c9ff2df1b9bab1d8d093534fc09359a866
4
- data.tar.gz: 6ee3e115c0e7400fc0f1aebd68ef5e727db8b0d08b46c3daff87788d5ff7f52a
3
+ metadata.gz: 8bf2169b4960f71dd2073dc7619d51430ef02358020e98469e4e6ddb6d21b9b5
4
+ data.tar.gz: 85df2a9ad1b2078d5713a7bbc7e726748330033ef34ae933400f21a4803f278a
5
5
  SHA512:
6
- metadata.gz: 98f03447600e361b2061cb12ccab3e215d56eff9e3ffacf9a70507873fea8e3a92882446959d307f787206aed77f8d5f28a248c3dbcea56e274335592ae04028
7
- data.tar.gz: 10228d699f37f4a8d08e7d430e3eb9516387ced3b3dc964e95b1a4717deda33121a0670ee4b6cccb042f08ff0b53a7f783c50a63b73de0a0c592fe6f81144ab2
6
+ metadata.gz: 8c023026577a9528ad920cdf5f4cdc3edb328a4cf991812c06a4238af2c44fd5c22a5f5f28fb059100a2453c02c222bd341f1988594c177265427f123c1840dc
7
+ data.tar.gz: f19f52d05f2b04964e939ad7b07427e5a2b5cc1bb82122488862528950e041a8035383c2588cd849b7d28293b92033edd9e0bde7fe1e7cd6ba134b950bfdc6d3
data/CHANGELOG.md ADDED
@@ -0,0 +1,61 @@
1
+ ### 1.1.8 / 2023-02-15
2
+
3
+ - Don’t include trailing > in auto linked URL #81
4
+ - Remove unneeded files from the gem package #80
5
+ - Reduce Rails dependencies #79
6
+
7
+
8
+ ### 1.1.6 / 2014-06-08
9
+
10
+ - Fixed a potential XSS vulnerability #47
11
+ - Hold onto trailing `=` and `&` characters as part of urls #45
12
+ - Ensure test compatibility with Rails `3.2.x/4.0.x/4.1.x` #44
13
+ - Readme typo #41
14
+ - require timeout in tests #40
15
+
16
+
17
+ ### 1.1.5 / 2013-10-23
18
+
19
+ - Improved performance of email regex
20
+ - Protocol regex is case insensitive
21
+
22
+
23
+ ### 1.1.3 / 2013-09-12
24
+
25
+ - Updates gemspec to work with latest rubygems
26
+
27
+
28
+ ### 1.1.1 / 2013-09-12
29
+
30
+ - Improved email regex to allow especial chars: !#$%&'*+-/=?^_`{|}~
31
+
32
+
33
+ ### 1.1.0 / 2013-05-02
34
+
35
+ - Ready for Rails 4.
36
+
37
+
38
+ ### 1.0.7 / 2012-04-27
39
+
40
+ - Added support for non-latin characters in autolinked urls
41
+
42
+
43
+ ### 1.0.6 / 2012-03-12
44
+
45
+ - Added sanitize_options arg
46
+
47
+
48
+ ### 1.0.5 / 2012-01-27
49
+
50
+ - Update dependency to include rails 3.2.X
51
+
52
+
53
+ ### 1.0.2 / 2011-06-18
54
+
55
+ - Compatibility with rails 3.1.0.rc4
56
+
57
+
58
+ ### 1.0.0 / 2011-05-02
59
+
60
+ - 1 major enhancement
61
+ - Birthday!
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2011 DHH
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the 'Software'), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,64 @@
1
+ # rails_autolink
2
+
3
+ - http://github.com/tenderlove/rails_autolink
4
+
5
+
6
+ ## Description
7
+
8
+ This is an extraction of the `auto_link` method from rails. The `auto_link`
9
+ method was removed from Rails in version Rails 3.1. This gem is meant to
10
+ bridge the gap for people migrating.
11
+
12
+ ## Features
13
+
14
+ By default auto_link returns sanitized html_safe strings. This behaviour can
15
+ be overridden by setting the `:sanitize` option to false (thus making it
16
+ insecure if you don't have the content under control).
17
+
18
+ ## Install
19
+
20
+ Add this line to your application's Gemfile:
21
+
22
+ ```ruby
23
+ gem 'rails_autolink'
24
+ ```
25
+
26
+ And then execute:
27
+
28
+ ```bash
29
+ $ bundle install
30
+ ```
31
+
32
+
33
+ ## Synopsis
34
+
35
+ ```ruby
36
+ require 'rails_autolink'
37
+
38
+ auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com")
39
+ # => "Go to <a href=\"http://www.rubyonrails.org\">http://www.rubyonrails.org</a> and
40
+ # say hello to <a href=\"mailto:david@loudthinking.com\">david@loudthinking.com</a>"
41
+
42
+ auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :urls)
43
+ # => "Visit <a href=\"http://www.loudthinking.com/\">http://www.loudthinking.com/</a>
44
+ # or e-mail david@loudthinking.com"
45
+
46
+ auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :email_addresses)
47
+ # => "Visit http://www.loudthinking.com/ or e-mail <a href=\"mailto:david@loudthinking.com\">david@loudthinking.com</a>"
48
+
49
+ auto_link("Go to http://www.rubyonrails.org <script>Malicious code!</script>")
50
+ # => "Go to <a href=\"http://www.rubyonrails.org\">http://www.rubyonrails.org</a> "
51
+
52
+ auto_link("Go to http://www.rubyonrails.org <script>alert('Script!')</script>", :sanitize => false)
53
+ # => "Go to <a href=\"http://www.rubyonrails.org\">http://www.rubyonrails.org</a> <script>alert('Script!')</script>"
54
+
55
+ post_body = "Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com."
56
+ auto_link(post_body, :html => { :target => '_blank' }) do |text|
57
+ truncate(text, :length => 15)
58
+ end
59
+ # => "Welcome to my new blog at <a href=\"http://www.myblog.com/\" target=\"_blank\">http://www.m...</a>.
60
+ ```
61
+
62
+ ## Requirements
63
+
64
+ - `rails` > `3.1`
@@ -92,6 +92,7 @@ module RailsAutolink
92
92
  text.gsub(AUTO_LINK_RE) do
93
93
  scheme, href = $1, $&
94
94
  punctuation = []
95
+ trailing_gt = ""
95
96
 
96
97
  if auto_linked?($`, $')
97
98
  # do not change string; URL is already linked
@@ -106,6 +107,9 @@ module RailsAutolink
106
107
  end
107
108
  end
108
109
 
110
+ # don't include trailing &gt; entities as part of the URL
111
+ trailing_gt = $& if href.sub!(/&gt;$/, '')
112
+
109
113
  link_text = block_given?? yield(href) : href
110
114
  href = 'http://' + href unless scheme
111
115
 
@@ -113,7 +117,7 @@ module RailsAutolink
113
117
  link_text = sanitize(link_text)
114
118
  href = sanitize(href)
115
119
  end
116
- content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('')
120
+ content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('') + trailing_gt.html_safe
117
121
  end
118
122
  end
119
123
  end
@@ -1,3 +1,3 @@
1
1
  module RailsAutolink
2
- VERSION = '1.1.7'
2
+ VERSION = '1.1.8'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_autolink
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.7
4
+ version: 1.1.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Patterson
@@ -10,10 +10,38 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2022-11-02 00:00:00.000000000 Z
13
+ date: 2023-02-15 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
- name: rails
16
+ name: actionview
17
+ requirement: !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ">"
20
+ - !ruby/object:Gem::Version
21
+ version: '3.1'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ requirements:
26
+ - - ">"
27
+ - !ruby/object:Gem::Version
28
+ version: '3.1'
29
+ - !ruby/object:Gem::Dependency
30
+ name: activesupport
31
+ requirement: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - ">"
34
+ - !ruby/object:Gem::Version
35
+ version: '3.1'
36
+ type: :runtime
37
+ prerelease: false
38
+ version_requirements: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - ">"
41
+ - !ruby/object:Gem::Version
42
+ version: '3.1'
43
+ - !ruby/object:Gem::Dependency
44
+ name: railties
17
45
  requirement: !ruby/object:Gem::Requirement
18
46
  requirements:
19
47
  - - ">"
@@ -34,17 +62,12 @@ executables: []
34
62
  extensions: []
35
63
  extra_rdoc_files: []
36
64
  files:
37
- - ".autotest"
38
- - ".gitignore"
39
- - CHANGELOG.rdoc
40
- - Gemfile
41
- - README.rdoc
42
- - Rakefile
65
+ - CHANGELOG.md
66
+ - LICENSE
67
+ - README.md
43
68
  - lib/rails_autolink.rb
44
69
  - lib/rails_autolink/helpers.rb
45
70
  - lib/rails_autolink/version.rb
46
- - rails_autolink.gemspec
47
- - test/test_rails_autolink.rb
48
71
  homepage: https://github.com/tenderlove/rails_autolink
49
72
  licenses:
50
73
  - MIT
data/.autotest DELETED
@@ -1,8 +0,0 @@
1
- # -*- ruby -*-
2
-
3
- require 'autotest/restart'
4
-
5
- Autotest.add_hook :initialize do |at|
6
- at.testlib = 'minitest/autorun'
7
- at.find_directories = ARGV unless ARGV.empty?
8
- end
data/.gitignore DELETED
@@ -1,15 +0,0 @@
1
- Gemfile.lock
2
- *.gem
3
- *.rbc
4
- .bundle
5
- .config
6
- coverage
7
- InstalledFiles
8
- lib/bundler/man
9
- pkg
10
- rdoc
11
- test/tmp
12
- test/version_tmp
13
- tmp
14
- .rvmrc
15
- .ruby-*
data/CHANGELOG.rdoc DELETED
@@ -1,56 +0,0 @@
1
- === 1.1.7 / 2022-11-02
2
-
3
- * Require a word part after “www.” when auto linking #75
4
- * Include trailing hyphens in URL #74
5
- * Make test suite work under Rails 7 #72
6
- * Optimize email address parsing #63
7
- * Switch to MiniTest 5 #48
8
-
9
- === 1.1.6 / 2014-06-08
10
-
11
- * Fixed a potential XSS vulnerability #47
12
- * Hold onto trailing = and & characters as part of urls #45
13
- * Ensure test compatibility with Rails 3.2.x/4.0.x/4.1.x #44
14
- * Readme typo #41
15
- * require timeout in tests #40
16
-
17
- === 1.1.5 / 2013-10-23
18
-
19
- * Improved performance of email regex
20
-
21
- * Protocol regex is case insensitive
22
-
23
- === 1.1.3 / 2013-09-12
24
-
25
- * Updates gemspec to work with latest rubygems
26
-
27
- === 1.1.1 / 2013-09-12
28
-
29
- * Improved email regex to allow especial chars: !#$%&'*+-/=?^_`{|}~
30
-
31
- === 1.1.0 / 2013-05-02
32
-
33
- * Ready for Rails 4.
34
-
35
- === 1.0.7 / 2012-04-27
36
-
37
- * Added support for non-latin characters in autolinked urls
38
-
39
- === 1.0.6 / 2012-03-12
40
-
41
- * Added sanitize_options arg
42
-
43
- === 1.0.5 / 2012-01-27
44
-
45
- * Update dependency to include rails 3.2.X
46
-
47
- === 1.0.2 / 2011-06-18
48
-
49
- * Compatibility with rails 3.1.0.rc4
50
-
51
- === 1.0.0 / 2011-05-02
52
-
53
- * 1 major enhancement
54
-
55
- * Birthday!
56
-
data/Gemfile DELETED
@@ -1,13 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- # To test on latest Rails release, use the following:
4
- gem 'rails'
5
- gem 'minitest'
6
-
7
- # To test on Rails 4.0.x release, use the following e.g. for 4.0.1:
8
- # gem 'rails', '= 4.0.1'
9
- # gem 'minitest'
10
-
11
- # To test on Rails 3.2.x, use the following e.g. for 3.2.17:
12
- # gem 'rails', '= 3.2.17'
13
- # gem 'minitest', '= 4.2'
data/README.rdoc DELETED
@@ -1,75 +0,0 @@
1
- = rails_autolink
2
-
3
- * http://github.com/tenderlove/rails_autolink
4
-
5
- == DESCRIPTION:
6
-
7
- This is an extraction of the `auto_link` method from rails. The `auto_link`
8
- method was removed from Rails in version Rails 3.1. This gem is meant to
9
- bridge the gap for people migrating.
10
-
11
- == FEATURES:
12
-
13
- By default auto_link returns sanitized html_safe strings.
14
- This behaviour can be overridden by setting the <tt>:sanitize</tt> option to false
15
- (thus making it insecure if you don't have the content under control).
16
-
17
- == SYNOPSIS:
18
-
19
- require 'rails_autolink'
20
-
21
- auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com")
22
- # => "Go to <a href=\"http://www.rubyonrails.org\">http://www.rubyonrails.org</a> and
23
- # say hello to <a href=\"mailto:david@loudthinking.com\">david@loudthinking.com</a>"
24
-
25
- auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :urls)
26
- # => "Visit <a href=\"http://www.loudthinking.com/\">http://www.loudthinking.com/</a>
27
- # or e-mail david@loudthinking.com"
28
-
29
- auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :email_addresses)
30
- # => "Visit http://www.loudthinking.com/ or e-mail <a href=\"mailto:david@loudthinking.com\">david@loudthinking.com</a>"
31
-
32
- auto_link("Go to http://www.rubyonrails.org <script>Malicious code!</script>")
33
- # => "Go to <a href=\"http://www.rubyonrails.org\">http://www.rubyonrails.org</a> "
34
-
35
- auto_link("Go to http://www.rubyonrails.org <script>alert('Script!')</script>", :sanitize => false)
36
- # => "Go to <a href=\"http://www.rubyonrails.org\">http://www.rubyonrails.org</a> <script>alert('Script!')</script>"
37
-
38
- post_body = "Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com."
39
- auto_link(post_body, :html => { :target => '_blank' }) do |text|
40
- truncate(text, :length => 15)
41
- end
42
- # => "Welcome to my new blog at <a href=\"http://www.myblog.com/\" target=\"_blank\">http://www.m...</a>.
43
-
44
- == REQUIREMENTS:
45
-
46
- * rails > 3.1
47
-
48
- == INSTALL:
49
-
50
- * gem install rails_autolink
51
-
52
- == LICENSE:
53
-
54
- (The MIT License)
55
-
56
- Copyright (c) 2011 DHH
57
-
58
- Permission is hereby granted, free of charge, to any person obtaining
59
- a copy of this software and associated documentation files (the
60
- 'Software'), to deal in the Software without restriction, including
61
- without limitation the rights to use, copy, modify, merge, publish,
62
- distribute, sublicense, and/or sell copies of the Software, and to
63
- permit persons to whom the Software is furnished to do so, subject to
64
- the following conditions:
65
-
66
- The above copyright notice and this permission notice shall be
67
- included in all copies or substantial portions of the Software.
68
-
69
- THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
70
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
71
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
72
- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
73
- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
74
- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
75
- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/Rakefile DELETED
@@ -1,10 +0,0 @@
1
- # Setup some testing
2
- require 'rake'
3
- require 'rake/testtask'
4
-
5
- Rake::TestTask.new do |t|
6
- t.libs << 'test'
7
- t.pattern = 'test/test_*.rb'
8
- end
9
-
10
- task :default => :test
@@ -1,18 +0,0 @@
1
- require File.expand_path "#{File.dirname(__FILE__)}/lib/rails_autolink/version"
2
-
3
- Gem::Specification.new do |s|
4
- s.name = 'rails_autolink'
5
- s.version = RailsAutolink::VERSION
6
- s.date = Time.now.strftime('%Y-%m-%d')
7
- s.authors = ['Aaron Patterson', 'Juanjo Bazan', 'Akira Matsuda']
8
- s.email = 'aaron@tenderlovemaking.com'
9
- s.homepage = 'https://github.com/tenderlove/rails_autolink'
10
- s.summary = 'Automatic generation of html links in texts'
11
- s.description = 'This is an extraction of the `auto_link` method from rails. The `auto_link` method was removed from Rails in version Rails 3.1. This gem is meant to bridge the gap for people migrating.'
12
-
13
- s.add_dependency 'rails', '> 3.1'
14
- s.required_ruby_version = '>= 1.9.3'
15
- s.license = 'MIT'
16
-
17
- s.files = Dir.glob("{test,lib/**/*}") + `git ls-files -z`.split("\0")
18
- end
@@ -1,404 +0,0 @@
1
- # encoding: utf-8
2
-
3
- require "minitest/autorun"
4
- require "rails"
5
- require 'erb'
6
- require 'cgi'
7
- require 'active_support'
8
- require 'active_support/core_ext'
9
- require 'action_pack'
10
- require 'action_view'
11
- require 'action_view/helpers'
12
- require 'action_dispatch/testing/assertions'
13
- require 'timeout'
14
- require "rails_autolink/helpers"
15
-
16
- class TestRailsAutolink < Minitest::Test
17
- include ActionView::Helpers::CaptureHelper
18
- include ActionView::Helpers::TextHelper
19
- include ActionView::Helpers::SanitizeHelper
20
- include ActionView::Helpers::TagHelper
21
- include ActionView::Helpers::UrlHelper
22
- include ActionView::Helpers::OutputSafetyHelper
23
- include ActionDispatch::Assertions::DomAssertions
24
-
25
- def test_auto_link_within_tags
26
- link_raw = 'http://www.rubyonrails.org/images/rails.png'
27
- link_result = %Q(<img src="#{link_raw}">)
28
- assert_equal link_result, auto_link(link_result)
29
- end
30
-
31
- def test_auto_link_with_brackets
32
- link1_raw = 'http://en.wikipedia.org/wiki/Sprite_(computer_graphics)'
33
- link1_result = generate_result(link1_raw)
34
- assert_equal link1_result, auto_link(link1_raw)
35
- assert_equal "(link: #{link1_result})", auto_link("(link: #{link1_raw})")
36
-
37
- link2_raw = 'http://en.wikipedia.org/wiki/Sprite_[computer_graphics]'
38
- link2_result = generate_result(link2_raw)
39
- assert_equal link2_result, auto_link(link2_raw)
40
- assert_equal "[link: #{link2_result}]", auto_link("[link: #{link2_raw}]")
41
-
42
- link3_raw = 'http://en.wikipedia.org/wiki/Sprite_{computer_graphics}'
43
- link3_result = generate_result(link3_raw)
44
- assert_equal link3_result, auto_link(link3_raw)
45
- assert_equal "{link: #{link3_result}}", auto_link("{link: #{link3_raw}}")
46
- end
47
-
48
- def test_auto_link_with_options_hash
49
- assert_dom_equal 'Welcome to my new blog at <a href="http://www.myblog.com/" class="menu" target="_blank">http://www.myblog.com/</a>. Please e-mail me at <a href="mailto:me@email.com" class="menu" target="_blank">me@email.com</a>.',
50
- auto_link("Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com.",
51
- :link => :all, :html => { :class => "menu", :target => "_blank" })
52
- end
53
-
54
- def test_auto_link_with_multiple_trailing_punctuations
55
- url = "http://youtube.com"
56
- url_result = generate_result(url)
57
- assert_equal url_result, auto_link(url)
58
- assert_equal "(link: #{url_result}).", auto_link("(link: #{url}).")
59
- end
60
-
61
- def test_auto_link_with_block
62
- url = "http://api.rubyonrails.com/Foo.html"
63
- email = "fantabulous@shiznadel.ic"
64
-
65
- assert_equal %(<p><a href="#{url}">#{url[0...7]}...</a><br><a href="mailto:#{email}">#{email[0...7]}...</a><br></p>), auto_link("<p>#{url}<br>#{email}<br></p>") { |_url| truncate(_url, :length => 10) }
66
- end
67
-
68
- def test_auto_link_with_block_with_html
69
- pic = "http://example.com/pic.png"
70
- url = "http://example.com/album?a&b=c"
71
-
72
- assert_equal %(My pic: <a href="#{pic}"><img src="#{pic}" width="160px"></a> -- full album here #{generate_result(url)}), auto_link("My pic: #{pic} -- full album here #{url}") { |link|
73
- if link =~ /\.(jpg|gif|png|bmp|tif)$/i
74
- raw %(<img src="#{link}" width="160px">)
75
- else
76
- link
77
- end
78
- }
79
- end
80
-
81
- def test_auto_link_should_sanitize_input_when_sanitize_option_is_not_false
82
- link_raw = %{http://www.rubyonrails.com?id=1&num=2}
83
- malicious_script = '<script>alert("malicious!")</script>'
84
- assert_equal %{<a href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")}, auto_link("#{link_raw}#{malicious_script}")
85
- assert auto_link("#{link_raw}#{malicious_script}").html_safe?
86
- end
87
-
88
- def test_auto_link_should_sanitize_input_with_sanitize_options
89
- link_raw = %{http://www.rubyonrails.com?id=1&num=2}
90
- malicious_script = '<script>alert("malicious!")</script>'
91
- text_with_attributes = %{<a href="http://ruby-lang-org" target="_blank" data-malicious="inject">Ruby</a>}
92
-
93
- text_result = %{<a class="big" href="http://www.rubyonrails.com?id=1&amp;num=2alert">http://www.rubyonrails.com?id=1&amp;num=2alert</a>("malicious!")<a href="http://ruby-lang-org" target="_blank">Ruby</a>}
94
- assert_equal text_result, auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
95
- :sanitize_options => {:attributes => ["target", "href"]},
96
- :html => {:class => 'big'})
97
-
98
- assert auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}",
99
- :sanitize_options => {:attributes => ["target", "href"]},
100
- :html => {:class => 'big'}).html_safe?
101
- end
102
-
103
- def test_auto_link_should_not_sanitize_input_when_sanitize_option_is_false
104
- link_raw = %{http://www.rubyonrails.com?id=1&num=2}
105
- malicious_script = '<script>alert("malicious!")</script>'
106
-
107
- assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a><script>alert("malicious!")</script>}, auto_link("#{link_raw}#{malicious_script}", :sanitize => false)
108
- assert !auto_link("#{link_raw}#{malicious_script}", :sanitize => false).html_safe?
109
- end
110
-
111
- def test_auto_link_other_protocols
112
- ftp_raw = 'ftp://example.com/file.txt'
113
- assert_equal %(Download #{generate_result(ftp_raw)}), auto_link("Download #{ftp_raw}")
114
-
115
- file_scheme = 'file:///home/username/RomeoAndJuliet.pdf'
116
- assert_equal generate_result(file_scheme), auto_link(file_scheme)
117
- end
118
-
119
- def test_auto_link_already_linked
120
- linked1 = generate_result('Ruby On Rails', 'http://www.rubyonrails.com')
121
- linked2 = %('<a href="http://www.example.com">www.example.com</a>')
122
- linked3 = %('<a href="http://www.example.com" rel="nofollow">www.example.com</a>')
123
- linked4 = %('<a href="http://www.example.com"><b>www.example.com</b></a>')
124
- linked5 = %('<a href="#close">close</a> <a href="http://www.example.com"><b>www.example.com</b></a>')
125
- linked6 = %('<a href="#close">close</a> <a href="http://www.example.com" target="_blank" data-ruby="ror"><b>www.example.com</b></a>')
126
- assert_equal linked1, auto_link(linked1)
127
- assert_equal linked2, auto_link(linked2)
128
- assert_equal linked3, auto_link(linked3, :sanitize => false)
129
- assert_equal linked4, auto_link(linked4)
130
- assert_equal linked5, auto_link(linked5)
131
- assert_equal linked6, auto_link(linked6, :sanitize_options => {:attributes => ["href", "target", "data-ruby"]})
132
-
133
- linked_email = %Q(<a href="mailto:david@loudthinking.com">Mail me</a>)
134
- assert_equal linked_email, auto_link(linked_email)
135
- end
136
-
137
- def test_auto_link_with_malicious_attr
138
- url1 = "http://api.rubyonrails.com/Foo.html"
139
- malicious = "\"onmousemove=\"prompt()"
140
- combination = "#{url1}#{malicious}"
141
-
142
- assert_equal %(<p><a href="#{url1}">#{url1}</a>#{malicious}</p>), auto_link("<p>#{combination}</p>")
143
- end
144
-
145
- def test_auto_link_at_eol
146
- url1 = "http://api.rubyonrails.com/Foo.html"
147
- url2 = "http://www.ruby-doc.org/core/Bar.html"
148
-
149
- assert_equal %(<p><a href="#{url1}">#{url1}</a><br><a href="#{url2}">#{url2}</a><br></p>), auto_link("<p>#{url1}<br>#{url2}<br></p>")
150
- end
151
-
152
- def test_auto_link_should_be_html_safe
153
- email_raw = 'santiago@wyeworks.com'
154
- link_raw = 'http://www.rubyonrails.org'
155
- malicious_script = '<script>alert("malicious!")</script>'
156
-
157
- assert auto_link(nil).html_safe?, 'should be html safe'
158
- assert auto_link('').html_safe?, 'should be html safe'
159
- assert auto_link("#{link_raw} #{link_raw} #{link_raw}").html_safe?, 'should be html safe'
160
- assert auto_link("hello #{email_raw}").html_safe?, 'should be html safe'
161
- assert auto_link("hello #{email_raw} #{malicious_script}").html_safe?, 'should be html safe'
162
- end
163
-
164
- def test_auto_link_should_not_be_html_safe_when_sanitize_option_false
165
- email_raw = 'santiago@wyeworks.com'
166
- link_raw = 'http://www.rubyonrails.org'
167
-
168
- assert !auto_link("hello", :sanitize => false).html_safe?, 'should not be html safe'
169
- assert !auto_link("#{link_raw} #{link_raw} #{link_raw}", :sanitize => false).html_safe?, 'should not be html safe'
170
- assert !auto_link("hello #{email_raw}", :sanitize => false).html_safe?, 'should not be html safe'
171
- end
172
-
173
- def test_auto_link_email_address
174
- email_raw = 'aaron@tenderlovemaking.com'
175
- email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>}
176
- assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
177
- end
178
-
179
- def test_auto_link_email_addres_with_especial_chars
180
- email_raw = "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com"
181
- email_raw_encoded = ERB::Util.url_encode("andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com").gsub("%40", "@")
182
- email_sanitized = if Rails.version =~ /^3/
183
- # mail_to changed the number base it rendered HTML encoded characters at some point
184
- "andre$la*+r-a.o&#x27;rea=l~ly@tenderlovemaking.com"
185
- else
186
- "andre$la*+r-a.o&#39;rea=l~ly@tenderlovemaking.com"
187
- end
188
- email_result = %{<a href="mailto:#{email_raw_encoded}">#{email_sanitized}</a>}
189
-
190
- assert_equal email_result, auto_link(email_raw)
191
- assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
192
- end
193
-
194
- def test_auto_link
195
- email_raw = 'david@loudthinking.com'
196
- email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>}
197
- link_raw = 'http://www.rubyonrails.com'
198
- link_result = generate_result(link_raw)
199
- link_result_with_options = %{<a target="_blank" href="#{link_raw}">#{link_raw}</a>}
200
-
201
- assert_equal '', auto_link(nil)
202
- assert_equal '', auto_link('')
203
- assert_equal "#{link_result} #{link_result} #{link_result}", auto_link("#{link_raw} #{link_raw} #{link_raw}")
204
-
205
- assert_equal %(hello #{email_result}), auto_link("hello #{email_raw}", :email_addresses)
206
- assert_equal %(Go to #{link_result}), auto_link("Go to #{link_raw}", :urls)
207
- assert_equal %(Go to #{link_raw}), auto_link("Go to #{link_raw}", :email_addresses)
208
- assert_equal %(Go to #{link_result} and say hello to #{email_result}), auto_link("Go to #{link_raw} and say hello to #{email_raw}")
209
- assert_equal %(<p>Link #{link_result}</p>), auto_link("<p>Link #{link_raw}</p>")
210
- assert_equal %(<p>#{link_result} Link</p>), auto_link("<p>#{link_raw} Link</p>")
211
- assert_equal %(<p>Link #{link_result_with_options}</p>), auto_link("<p>Link #{link_raw}</p>", :all, {:target => "_blank"})
212
- assert_equal %(Go to #{link_result}.), auto_link(%(Go to #{link_raw}.))
213
- assert_equal %(<p>Go to #{link_result}, then say hello to #{email_result}.</p>), auto_link(%(<p>Go to #{link_raw}, then say hello to #{email_raw}.</p>))
214
- assert_equal %(#{link_result} #{link_result}), auto_link(%(#{link_result} #{link_raw}))
215
-
216
- email2_raw = '+david@loudthinking.com'
217
- email2_result = %{<a href="mailto:%2Bdavid@loudthinking.com">#{email2_raw}</a>}
218
- assert_equal email2_result, auto_link(email2_raw)
219
- assert_equal email2_result, auto_link(email2_raw, :all)
220
- assert_equal email2_result, auto_link(email2_raw, :email_addresses)
221
-
222
- link2_raw = 'www.rubyonrails.com'
223
- link2_result = generate_result(link2_raw, "http://#{link2_raw}")
224
- assert_equal %(Go to #{link2_result}), auto_link("Go to #{link2_raw}", :urls)
225
- assert_equal %(Go to #{link2_raw}), auto_link("Go to #{link2_raw}", :email_addresses)
226
- assert_equal %(<p>Link #{link2_result}</p>), auto_link("<p>Link #{link2_raw}</p>")
227
- assert_equal %(<p>#{link2_result} Link</p>), auto_link("<p>#{link2_raw} Link</p>")
228
- assert_equal %(Go to #{link2_result}.), auto_link(%(Go to #{link2_raw}.))
229
- assert_equal %(<p>Say hello to #{email_result}, then go to #{link2_result}.</p>), auto_link(%(<p>Say hello to #{email_raw}, then go to #{link2_raw}.</p>))
230
-
231
- link3_raw = 'http://manuals.ruby-on-rails.com/read/chapter.need_a-period/103#page281'
232
- link3_result = generate_result(link3_raw)
233
- assert_equal %(Go to #{link3_result}), auto_link("Go to #{link3_raw}", :urls)
234
- assert_equal %(Go to #{link3_raw}), auto_link("Go to #{link3_raw}", :email_addresses)
235
- assert_equal %(<p>Link #{link3_result}</p>), auto_link("<p>Link #{link3_raw}</p>")
236
- assert_equal %(<p>#{link3_result} Link</p>), auto_link("<p>#{link3_raw} Link</p>")
237
- assert_equal %(Go to #{link3_result}.), auto_link(%(Go to #{link3_raw}.))
238
- assert_equal %(<p>Go to #{link3_result}. Seriously, #{link3_result}? I think I'll say hello to #{email_result}. Instead.</p>),
239
- auto_link(%(<p>Go to #{link3_raw}. Seriously, #{link3_raw}? I think I'll say hello to #{email_raw}. Instead.</p>))
240
-
241
- link4_raw = 'http://foo.example.com/controller/action?parm=value&p2=v2#anchor123'
242
- link4_result = generate_result(link4_raw)
243
- assert_equal %(<p>Link #{link4_result}</p>), auto_link("<p>Link #{link4_raw}</p>")
244
- assert_equal %(<p>#{link4_result} Link</p>), auto_link("<p>#{link4_raw} Link</p>")
245
-
246
- link5_raw = 'http://foo.example.com:3000/controller/action'
247
- link5_result = generate_result(link5_raw)
248
- assert_equal %(<p>#{link5_result} Link</p>), auto_link("<p>#{link5_raw} Link</p>")
249
-
250
- link6_raw = 'http://foo.example.com:3000/controller/action+pack'
251
- link6_result = generate_result(link6_raw)
252
- assert_equal %(<p>#{link6_result} Link</p>), auto_link("<p>#{link6_raw} Link</p>")
253
-
254
- link7_raw = 'http://foo.example.com/controller/action?parm=value&p2=v2#anchor-123'
255
- link7_result = generate_result(link7_raw)
256
- assert_equal %(<p>#{link7_result} Link</p>), auto_link("<p>#{link7_raw} Link</p>")
257
-
258
- link8_raw = 'http://foo.example.com:3000/controller/action.html'
259
- link8_result = generate_result(link8_raw)
260
- assert_equal %(Go to #{link8_result}), auto_link("Go to #{link8_raw}", :urls)
261
- assert_equal %(Go to #{link8_raw}), auto_link("Go to #{link8_raw}", :email_addresses)
262
- assert_equal %(<p>Link #{link8_result}</p>), auto_link("<p>Link #{link8_raw}</p>")
263
- assert_equal %(<p>#{link8_result} Link</p>), auto_link("<p>#{link8_raw} Link</p>")
264
- assert_equal %(Go to #{link8_result}.), auto_link(%(Go to #{link8_raw}.))
265
- assert_equal %(<p>Go to #{link8_result}. Seriously, #{link8_result}? I think I'll say hello to #{email_result}. Instead.</p>),
266
- auto_link(%(<p>Go to #{link8_raw}. Seriously, #{link8_raw}? I think I'll say hello to #{email_raw}. Instead.</p>))
267
-
268
- link9_raw = 'http://business.timesonline.co.uk/article/0,,9065-2473189,00.html'
269
- link9_result = generate_result(link9_raw)
270
- assert_equal %(Go to #{link9_result}), auto_link("Go to #{link9_raw}", :urls)
271
- assert_equal %(Go to #{link9_raw}), auto_link("Go to #{link9_raw}", :email_addresses)
272
- assert_equal %(<p>Link #{link9_result}</p>), auto_link("<p>Link #{link9_raw}</p>")
273
- assert_equal %(<p>#{link9_result} Link</p>), auto_link("<p>#{link9_raw} Link</p>")
274
- assert_equal %(Go to #{link9_result}.), auto_link(%(Go to #{link9_raw}.))
275
- assert_equal %(<p>Go to #{link9_result}. Seriously, #{link9_result}? I think I'll say hello to #{email_result}. Instead.</p>),
276
- auto_link(%(<p>Go to #{link9_raw}. Seriously, #{link9_raw}? I think I'll say hello to #{email_raw}. Instead.</p>))
277
-
278
- link10_raw = 'http://www.mail-archive.com/ruby-talk@ruby-lang.org/'
279
- link10_result = generate_result(link10_raw)
280
- assert_equal %(<p>#{link10_result} Link</p>), auto_link("<p>#{link10_raw} Link</p>")
281
-
282
- link11_raw = 'http://asakusa.rubyist.net/'
283
- link11_result = generate_result(link11_raw)
284
- with_kcode 'u' do
285
- assert_equal %(浅草.rbの公式サイトはこちら#{link11_result}), auto_link("浅草.rbの公式サイトはこちら#{link11_raw}")
286
- end
287
-
288
- link12_raw = 'http://tools.ietf.org/html/rfc3986'
289
- link12_result = generate_result(link12_raw)
290
- assert_equal %(<p>#{link12_result} text-after-nonbreaking-space</p>), auto_link("<p>#{link12_raw} text-after-nonbreaking-space</p>")
291
-
292
- link13_raw = 'HTtP://www.rubyonrails.com'
293
- assert_equal generate_result(link13_raw), auto_link(link13_raw)
294
- end
295
-
296
- def test_auto_link_parsing
297
- urls = %w(
298
- http://www.rubyonrails.com
299
- http://www.rubyonrails.com:80
300
- http://www.rubyonrails.com/~minam
301
- https://www.rubyonrails.com/~minam
302
- http://www.rubyonrails.com/~minam/url%20with%20spaces
303
- http://www.rubyonrails.com/foo.cgi?something=here
304
- http://www.rubyonrails.com/foo.cgi?something=here&and=here
305
- http://www.rubyonrails.com/contact;new
306
- http://www.rubyonrails.com/contact;new%20with%20spaces
307
- http://www.rubyonrails.com/contact;new?with=query&string=params
308
- http://www.rubyonrails.com/~minam/contact;new?with=query&string=params
309
- http://en.wikipedia.org/wiki/Wikipedia:Today%27s_featured_picture_%28animation%29/January_20%2C_2007
310
- http://www.mail-archive.com/rails@lists.rubyonrails.org/
311
- http://www.amazon.com/Testing-Equal-Sign-In-Path/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1198861734&sr=8-1
312
- http://en.wikipedia.org/wiki/Texas_hold'em
313
- https://www.google.com/doku.php?id=gps:resource:scs:start
314
- http://connect.oraclecorp.com/search?search[q]=green+france&search[type]=Group
315
- http://of.openfoundry.org/projects/492/download#4th.Release.3
316
- http://maps.google.co.uk/maps?f=q&q=the+london+eye&ie=UTF8&ll=51.503373,-0.11939&spn=0.007052,0.012767&z=16&iwloc=A
317
- http://около.кола/колокола
318
- https://123domain.com https://123.com https://123.domain.com https://www.123.domain.com
319
- )
320
-
321
- urls.each do |url|
322
- assert_equal generate_result(url), auto_link(url)
323
- end
324
- end
325
-
326
- def test_autolink_with_trailing_equals_on_link
327
- url = "http://www.rubyonrails.com/foo.cgi?trailing_equals="
328
- assert_equal generate_result(url), auto_link(url)
329
- end
330
-
331
- def test_autolink_with_trailing_amp_on_link
332
- url = "http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value&"
333
- assert_equal generate_result(url), auto_link(url)
334
- end
335
-
336
- def test_autolink_with_trailing_colon_on_link
337
- url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value:"
338
- expected_url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value"
339
-
340
- assert_equal "#{generate_result(expected_url)}:", auto_link(url)
341
- end
342
-
343
- def test_autolink_with_trailing_hyphen_on_link
344
- url = "http://www.rubyonrails.com/foo.cgi?trailing_hyphen=value-"
345
- assert_equal generate_result(url), auto_link(url)
346
- end
347
-
348
- def test_autolink_with_trailing_forward_slash_on_link
349
- url = "http://www.rubyonrails.com/foo.cgi?trailing_forward_slash=value/"
350
- assert_equal generate_result(url), auto_link(url)
351
- end
352
-
353
- def test_autolink_with_trailing_number_on_link
354
- url = "http://www.rubyonrails.com/foo.cgi?trailing_number=value3"
355
- assert_equal generate_result(url), auto_link(url)
356
- end
357
-
358
- def test_auto_link_does_not_timeout_when_parsing_odd_email_input
359
- inputs = %W(
360
- foo@...................................
361
- foo@........................................
362
- foo@.............................................
363
-
364
- #{'foo' * 20000}@
365
- )
366
-
367
- inputs.each do |input|
368
- Timeout.timeout(0.2) do
369
- assert_equal input, auto_link(input)
370
- end
371
- end
372
- end
373
-
374
- def test_auto_link_with_www_in_non_url_string
375
- assert_equal "awww.", auto_link("awww.")
376
- end
377
-
378
- private
379
- def generate_result(link_text, href = nil)
380
- text = sanitize(link_text)
381
- href = sanitize(href) || text
382
- %{<a href="#{href}">#{text}</a>}.gsub("&#39;", "'") # ActionView does not escape '
383
- end
384
-
385
- # from ruby core
386
- def build_message(head, template=nil, *arguments)
387
- template &&= template.chomp
388
- template.gsub(/\?/) { mu_pp(arguments.shift) }
389
- end
390
-
391
- # Temporarily replaces KCODE for the block
392
- def with_kcode(kcode)
393
- if RUBY_VERSION < '1.9'
394
- old_kcode, $KCODE = $KCODE, kcode
395
- begin
396
- yield
397
- ensure
398
- $KCODE = old_kcode
399
- end
400
- else
401
- yield
402
- end
403
- end
404
- end