rubocop-bridgetown 0.3.2 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -7
- data/lib/rubocop/cop/bridgetown/html_escaped_heredoc.rb +26 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c1c55c379762ea7310036dd92c1c6133257af4b161e3ad41d722e2acded33082
|
|
4
|
+
data.tar.gz: 464b333e864028797b1975bbc21edb685043faf6449536190f05f163910a1bf4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '094a43e9ab0e00667fe83e775bf9bc85a487df3308bcdc1692dbded1c3fe94599c9a278f0d6a283e4a4cc8da7db7af0fe2e1a688196b3816071b777330400ac9'
|
|
7
|
+
data.tar.gz: 2870d7b4a58f7ab628978dcc3ed4e4ecebb1f37ca0e003e670d69764fd61ba3161224234e9312c5c1527b20226723fee958fa65609c084b422aaecb86abf1186
|
data/README.md
CHANGED
|
@@ -1,10 +1,9 @@
|
|
|
1
|
-
# RuboCop Bridgetown
|
|
1
|
+
# RuboCop: Bridgetown
|
|
2
2
|
|
|
3
|
-
A RuboCop extension to enforce a common code style in the Bridgetown ecosystem and beyond.
|
|
3
|
+
A [RuboCop](https://rubocop.org/) extension to enforce a common code style in the Bridgetown ecosystem and beyond.
|
|
4
4
|
|
|
5
5
|
|
|
6
|
-
|
|
8
7
|
|
|
9
8
|
## Installation
|
|
10
9
|
|
|
@@ -13,13 +12,17 @@ Just add the `rubocop-bridgetown` gem to your Gemfile.
|
|
|
13
12
|
```ruby
|
|
14
13
|
# Gemfile
|
|
15
14
|
|
|
16
|
-
gem "rubocop-bridgetown", "~> 0.
|
|
15
|
+
gem "rubocop-bridgetown", "~> 0.4"
|
|
17
16
|
```
|
|
17
|
+
|
|
18
|
+
or if you're developing another gem:
|
|
19
|
+
|
|
18
20
|
```ruby
|
|
19
21
|
# <plugin>.gemspec
|
|
20
22
|
|
|
21
|
-
spec.add_development_dependency "rubocop-bridgetown", "~> 0.
|
|
23
|
+
spec.add_development_dependency "rubocop-bridgetown", "~> 0.4"
|
|
22
24
|
```
|
|
25
|
+
|
|
23
26
|
and run `bundle install`
|
|
24
27
|
|
|
25
28
|
## Usage
|
|
@@ -65,4 +68,12 @@ AllCops:
|
|
|
65
68
|
|
|
66
69
|
## Customization
|
|
67
70
|
|
|
68
|
-
You can override any settings inherited from the extension by
|
|
71
|
+
You can override any settings inherited from the extension by configuring cops in your `.rubocop.yml`.
|
|
72
|
+
|
|
73
|
+
Besides cops which are provided directly by RuboCop and `rubocop-performance`, there are a few additional cops provided by this plugin:
|
|
74
|
+
|
|
75
|
+
* `Bridgetown/HTMLEscapedHeredoc`: this will monitor any heredocs in your code for potential XSS issues inside of any string interpolations. To avoid linting errors, you will need to wrap any interpolated code inside of one of the following method names: `html`, `html_map`, `html_attributes`, `text`, or `render`. These methods are provided by the [Streamlined](https://github.com/bridgetownrb/streamlined) gem, bundled in Bridgetown 1.4 by default (but you can use them in any Ruby application including Rails).
|
|
76
|
+
* `Bridgetown/NoPAllowed`: this encourages using your framework's logger rather than `p` to output debugging information.
|
|
77
|
+
* `Bridgetown/NoPutsAllowed`: this encourages using your framework's logger rather than `puts` to output debugging information.
|
|
78
|
+
|
|
79
|
+
You can disable any of these cops in specific parts of your codebase as needed, or by setting `Enabled: false` for any particular cop in your `.rubocop.yml`.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module RuboCop
|
|
4
|
+
module Cop
|
|
5
|
+
module Bridgetown
|
|
6
|
+
class HTMLEscapedHeredoc < Cop
|
|
7
|
+
include Heredoc
|
|
8
|
+
|
|
9
|
+
MSG = "Insecure heredoc detected. Use `html`, `html_map`, `html_attributes`, `text`, or `render` inside interpolations."
|
|
10
|
+
|
|
11
|
+
def on_heredoc(node)
|
|
12
|
+
return unless node.source.match?(%r!(HTML|MARKDOWN)$!) &&
|
|
13
|
+
heredoc_body(node).match?(%r%[^\\]#\{(?!\s*?(html|html_map|html_attributes|text|render)[ \-\(])%)
|
|
14
|
+
|
|
15
|
+
add_offense(node, message: MSG)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
private
|
|
19
|
+
|
|
20
|
+
def heredoc_body(node)
|
|
21
|
+
node.loc.heredoc_body.source
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubocop-bridgetown
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bridgetown Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-11-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rubocop
|
|
@@ -78,6 +78,7 @@ files:
|
|
|
78
78
|
- LICENSE
|
|
79
79
|
- README.md
|
|
80
80
|
- lib/rubocop-bridgetown.rb
|
|
81
|
+
- lib/rubocop/cop/bridgetown/html_escaped_heredoc.rb
|
|
81
82
|
- lib/rubocop/cop/bridgetown/no_p_allowed.rb
|
|
82
83
|
- lib/rubocop/cop/bridgetown/no_puts_allowed.rb
|
|
83
84
|
homepage: https://github.com/bridgetownrb/rubocop-bridgetown
|
|
@@ -99,7 +100,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
99
100
|
- !ruby/object:Gem::Version
|
|
100
101
|
version: '0'
|
|
101
102
|
requirements: []
|
|
102
|
-
rubygems_version: 3.
|
|
103
|
+
rubygems_version: 3.3.3
|
|
103
104
|
signing_key:
|
|
104
105
|
specification_version: 4
|
|
105
106
|
summary: Code style check for Bridgetown projects
|