rbbcode 0.1.4 → 0.1.5

data/README.markdown

@@ -12,13 +12,13 @@ RbbCode validates and cleans input. It supports customizable schemas so you can
 
 Example usage:
 
-  require 'rubygems'
-  require 'rbbcode'
-  
-  bb_code = 'This is [b]bold[/b] text'
-  parser = RbbCode::Parser.new
-  html = parser.parse(bb_code)
-  # => '<p>This is <strong>bold</strong> text</p>'
+	require 'rubygems'
+	require 'rbbcode'
+
+	bb_code = 'This is [b]bold[/b] text'
+	parser = RbbCode::Parser.new
+	html = parser.parse(bb_code)
+	# => '<p>This is <strong>bold</strong> text</p>'
 
 Customizing
 ===========
@@ -27,26 +27,26 @@ You can customize RbbCode by subclassing HtmlMaker and/or by passing configurati
 
 HtmlMaker can be extended by adding methods like this:
 
-  class MyHtmlMaker < RbbCode::HtmlMaker
-    def html_from_TAGNAME_tag(node)
-      # ...
-    end
-  end
+	class MyHtmlMaker < RbbCode::HtmlMaker
+		def html_from_TAGNAME_tag(node)
+			# ...
+		end
+	end
 
 ...where TAGNAME should be replaced with the name of the tag. The method should accept an RbbCode::TagNode and return HTML as a string. (See tree_maker.rb for the definition of RbbCode::TagNode.) Anytime the parser encounters the specified tag, it will call your method and insert the returned HTML into the output.
 
 Now you just have to tell the Parser object to use an instance of your custom subclass instead of the default HtmlMaker:
 
-  my_html_maker = MyHtmlMaker.new
-  parser = RbbCode::Parser.new(:html_maker => my_html_maker)
+	my_html_maker = MyHtmlMaker.new
+	parser = RbbCode::Parser.new(:html_maker => my_html_maker)
 
 RbbCode removes invalid markup by comparing the input against a Schema object. The Schema is much like a DTD in XML. You can set your own rules and change the default ones by calling configuration methods on a Schema instance. Look at Schema#use_defaults in schema.rb for examples.
 
 Normally, RbbCode instantiates Schema behind the scenes, but if you want to customize it, you'll have to instantiate it yourself and pass the instance to the Parser object:
 
-  schema = RbbCode::Schema.new
-  schema.tag('quote').may_not_be_nested # Or whatever other configuration methods you want to call
-  parser = RbbCode::Parser.new(:schema => schema)
+	schema = RbbCode::Schema.new
+	schema.tag('quote').may_not_be_nested # Or whatever other configuration methods you want to call
+	parser = RbbCode::Parser.new(:schema => schema)
 
 Unicode Support
 ===============
@@ -64,12 +64,12 @@ http://en.wikipedia.org/wiki/BBCode
 
 From that, I extracted some rules for "common" BBCode syntax. Here are the rules.
 
-Text gets wrapped in <p> tags unless it's marked up as some other block-level element such as a list. A single line break becomes a <br/>. Two line breaks mark the end of a paragraph, thus a closing </p> and possibly an opening <p>.
+Text gets wrapped in `<p>` tags unless it's marked up as some other block-level element such as a list. A single line break becomes a `<br/>`. Two line breaks mark the end of a paragraph, thus a closing `</p>` and possibly an opening `<p>`.
 
 Tags must be in one of the following forms:
 
-  [tagname]Text[/tagname]
-  [tagname=value]Text[/tagname]
+	[tagname]Text[/tagname]
+	[tagname=value]Text[/tagname]
 
 As you can infer from the second example, RbbCode does not support attributes like in HTML and XML. Rather, a tag can have a single "value," which is similar to an anonymous attribute. This is how [url] and [img] tags work, for example.
 
@@ -97,6 +97,7 @@ Feature Requests vs Bugs
 ========================
 
 Examples of bugs:
+
 - Executable JavaScript appears in the output
 - The output is not a valid XHTML fragment
 - RbbCode fails to support common BBCode syntax, as exemplified in http://en.wikipedia.org/wiki/BBCode
@@ -104,6 +105,7 @@ Examples of bugs:
 - Any of the specs fail
 
 Example of feature requests:
+
 - You want support for more tags. RbbCode lets you define your own tags. So the absence of, say, the "color" tag in the default parser is not a bug
 - You want to support uncommon BBCode syntax, i.e. something you wouldn't see on http://en.wikipedia.org/wiki/BBCode
 
@@ -112,9 +114,9 @@ Do not open an issue for a feature request. Just send a message on Github.
 Installation
 ============
 
-  gem install rbbcode
+	gem install rbbcode
 
 If that doesn't work, it's probably because RbbCode is hosted on Gemcutter, and your computer doesn't know about Gemcutter yet. To fix that:
 
-  gem install gemcutter
-  gem tumble
+	gem install gemcutter
+	gem tumble

data/lib/rbbcode/html_maker.rb

@@ -1,6 +1,5 @@
-# TODO: Lists must be surrounded by </p> and <p>
-
 require 'cgi'
+require 'sanitize-url'
 
 module RbbCode
 	DEFAULT_TAG_MAPPINGS = {
@@ -16,6 +15,8 @@ module RbbCode
 	}
 	
 	class HtmlMaker
+		include SanitizeUrl
+		
 		def make_html(node)
 			output = ''
 			case node.class.to_s
@@ -80,17 +81,5 @@ module RbbCode
 			end
 			DEFAULT_TAG_MAPPINGS[tag_name]
 		end
-		
-		def sanitize_url(url)
-			# Prepend a protocol if there isn't one
-			unless url.match(/^[a-zA-Z]+:\/\//)
-				url = 'http://' + url
-			end
-			# Replace all functional permutations of "javascript:" with a hex-encoded version of the same
-			url.gsub!(/(\s*j\s*\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*):/i) do |match_str|
-				'%' + $1.unpack('H2' * $1.length).join('%').upcase + '%3A'
-			end
-			url.gsub('"', '%22')
-		end
 	end
 end

data/spec/html_maker_spec.rb

@@ -35,18 +35,18 @@ describe RbbCode::HtmlMaker do
 		end
 
 		it 'should not allow JavaScript in URLs' do
-			urls = {
-				'javascript:alert("1");' => 'http://%6A%61%76%61%73%63%72%69%70%74%3Aalert(%221%22);',
-				'j a v a script:alert("2");' => 'http://%6A%20%61%20%76%20%61%20%73%63%72%69%70%74%3Aalert(%222%22);',
-				' javascript:alert("3");' => 'http://%20%6A%61%76%61%73%63%72%69%70%74%3Aalert(%223%22);',
-				'JavaScript:alert("4");' => 'http://%4A%61%76%61%53%63%72%69%70%74%3Aalert(%224%22);',
-				"java\nscript:alert(\"5\");" => 'http://%6A%61%76%61%0A%73%63%72%69%70%74%3Aalert(%225%22);',
-				"java\rscript:alert(\"6\");" => 'http://%6A%61%76%61%0D%73%63%72%69%70%74%3Aalert(%226%22);'
-			}
+			urls = [
+				'javascript:alert("1");',
+				'j a v a script:alert("2");',
+				' javascript:alert("3");',
+				'JavaScript:alert("4");',
+				"java\nscript:alert(\"5\");",
+				"java\rscript:alert(\"6\");"
+			]
 			
 			# url tag
-			urls.each do |evil_url, clean_url|
-				expect_html("<p><a href=\"#{clean_url}\">foo</a></p>") do
+			urls.each do |evil_url|
+				expect_html('<p><a href="">foo</a></p>') do
 					tag('p') do
 						tag('url', evil_url) do
 							text 'foo'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: rbbcode
 version: !ruby/object:Gem::Version 
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors: 
 - Jarrett Colby
@@ -9,10 +9,29 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-02-17 00:00:00 -06:00
+date: 2010-02-26 00:00:00 -06:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.3.0
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: sanitize-url
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.1.3
+    version: 
 description: RbbCode is a customizable Ruby library for parsing BB Code. RbbCode validates and cleans input. It supports customizable schemas so you can set rules about what tags are allowed where. The default rules are designed to ensure valid HTML output.
 email: jarrett@jarrettcolby.com
 executables: []