ruby-exclaim 0.0.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23b0cbf8949adc14eff900789bf6e6e099179e8c06ddb36fd83092397466b653
-  data.tar.gz: d51958364005213af769660afa6d71a210203832b16fda5ee167164e0c080464
+  metadata.gz: 1c108c1900809559c4fbcd3b1488636b56190630bba66f5cdcaf620170c8d8e2
+  data.tar.gz: 61ec43e7d945f0e474bcd8778edc0c2b3119f3afcceaa30549f601f936c2bac0
 SHA512:
-  metadata.gz: 3bb5dee1daa8a139f034c0e08cb52cf32d3844a60f0d2f2761ae73bb0b031615e0ff28f35e9bb48577f7ddb11c96ecf340a6fd0937009291b0d33b9c7e40b4a0
-  data.tar.gz: f18f08e66dbf47ac312ec3958bce96bd25ab65045524f4d1b509de1b373381b3a4c06600edde85afddf46bba4a942c3ac7ef1c94be32ea6b76e40e8839346d18
+  metadata.gz: 470364f3b893180ece919ab1ab315ad12315d6a6673e6cb98f42ac03f836caadf6a50431af5dd2046bf527ce2f42ff62129f9462ecd3a51b3d6ec5f7dccb67a2
+  data.tar.gz: e12ff894c269e62ff479ad1c31f404a5da049a2273d290ac2f132585731b9bc2167c0893e74a18c9ebad11619b9925790c8991de2546ed78a1e95ac0e03eb5b4

data/.circleci/config.yml

@@ -1,4 +1,5 @@
 version: 2.1
+
 workflows:
   version: 2
   ruby-exclaim:
@@ -8,18 +9,19 @@ workflows:
 jobs:
   build:
     docker:
-      - image: salsify/ruby_ci:2.7.2
+      - image: $SALSIFY_ECR_REPO/ruby_ci:3.3.5
+        aws_auth:
+          aws_access_key_id: $ECR_AWS_ACCESS_KEY_ID
+          aws_secret_access_key: $ECR_AWS_SECRET_ACCESS_KEY
     environment:
-      RACK_ENV: "test"
-      RAILS_ENV: "test"
       CIRCLE_TEST_REPORTS: "test-results"
     working_directory: ~/ruby-exclaim
     steps:
       - checkout
       - restore_cache:
           keys:
-            - v1-gems-ruby-2.7.2-{{ checksum "ruby-exclaim.gemspec" }}-{{ checksum "Gemfile" }}
-            - v1-gems-ruby-2.7.2-
+            - v1-gems-ruby-3.3.5-{{ checksum "ruby-exclaim.gemspec" }}-{{ checksum "Gemfile" }}
+            - v1-gems-ruby-3.3.5-
       - run:
           name: Install Gems
           command: |
@@ -28,7 +30,7 @@ jobs:
               bundle clean
             fi
       - save_cache:
-          key: v1-gems-ruby-2.7.2-{{ checksum "ruby-exclaim.gemspec" }}-{{ checksum "Gemfile" }}
+          key: v1-gems-ruby-3.3.5-{{ checksum "ruby-exclaim.gemspec" }}-{{ checksum "Gemfile" }}
           paths:
             - "vendor/bundle"
             - "gemfiles/vendor/bundle"

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @skarger

data/CHANGELOG.md

@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
+## 0.1.1 - 2024-11-18
+### Fixed
+- Fix various issues related to path segments that appear to be numbers.
+
+## 0.1.0 - 2021-05-06
+### Added
+- Ability to disable all HTML escaping by setting the `should_escape_html` flag to `false` when instantiating
+  `Exclaim::Ui`, e.g. `Exclaim::Ui.new(implementation_map: my_implementation_map, should_escape_html: false)`
+
 ## 0.0.0 - 2021-02-12
 ### Added
 - Initial version

data/README.md

@@ -17,6 +17,7 @@
     + [Shorthand Properties and Configuration Defaults](#shorthand-properties-and-configuration-defaults)
     + [Security Considerations](#security-considerations)
       - [Script Injection](#script-injection)
+      - [Disable HTML escaping](#disable-html-escaping)
       - [Unintended Tracking/HTTP Requests](#unintended-trackinghttp-requests)
   * [Querying the Parsed UI](#querying-the-parsed-ui)
   * [Utilities](#utilities)
@@ -219,10 +220,8 @@ exclaim_ui.render(env: my_environment)
 
 Dot-separated `$bind` paths dig into nested `env` values: `a.b.c` refers to `{ "a" => { "b" => { "c" => "value" } } }`
 
-If a `$bind` path segment is an Integer,
-the library will attempt to treat it as an Array index when resolving the value at render time:
-
-`"my_array.1"` refers to array index 1 in an `env` like `{ "my_array: ["zero", "one", ...] }`
+If the field a `$bind` subpath refers is an Array, the next segment is assumed to be an integer. For example,
+`"my_array.1"` refers to array index 1, value "zero" in an `env` like `{ "my_array: ["zero", "one", ...] }`.
 
 ### Implementing Components and Helpers
 
@@ -633,6 +632,19 @@ your implementation can call `CGI.unescape_html` or `CGI.unescape_element`.
 See [CGI::Util](https://ruby-doc.org/stdlib-3.0.0/libdoc/cgi/rdoc/CGI/Util.html)
 in the Ruby standard library for details.
 
+##### Disable HTML escaping
+
+You can disable HTML escaping altogether by setting the `should_escape_html` flag to `false` when instantiating
+`Exclaim::Ui`. You generally should only do this when the output will not be rendered directly to HTML as this could
+potentially allow script injection and other hazards of unescaped rendering of untrusted user input. If you use this
+flag and the output is ultimately destined for a browser, make sure something downstream between `Exclaim::Ui#render`
+and the browser will escape characters that have special meaning in HTML: `<` `>` `&` `"` `'`
+
+```
+exclaim_ui = Exclaim::Ui.new(implementation_map: my_implementation_map, should_escape_html: false)
+exclaim_ui.render(env: my_environment) # HTML characters will not be escaped
+```
+
 ##### Unintended Tracking/HTTP Requests
 
 If you don't need to implement components with configurable URLs, just avoid it completely.
@@ -786,7 +798,7 @@ After checking out the repo, run `bin/setup` to install dependencies. Then,
 run `rake spec` to run the tests. You can also run `bin/console` for an
 interactive prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. 
+To install this gem onto your local machine, run `bundle exec rake install`.
 
 To release a new version, update the version number in `version.rb`. When merged
 to the default branch, [a GitHub action](.github/workflows/release.yml) will

data/lib/exclaim/bind.rb

@@ -14,15 +14,27 @@ module Exclaim
     def path=(value)
       @path = value
       @path_keys = @path.split('.')
-      @path_keys_for_arrays = @path_keys.map do |string|
-        Integer(string)
-      rescue ArgumentError, TypeError
-        string
-      end
     end
 
     def evaluate(env)
-      env.dig(*@path_keys_for_arrays) || env.dig(*@path_keys)
+      obj = env
+
+      @path_keys.each do |key|
+        return nil if !obj.is_a?(Hash) && !obj.is_a?(Array)
+
+        if obj.is_a?(Array)
+          key = begin
+            Integer(key)
+          rescue ArgumentError, TypeError
+            return nil
+          end
+        end
+
+        obj = obj[key]
+        return nil if obj.nil?
+      end
+
+      obj
     end
   end
 end

data/lib/exclaim/implementations/example_implementation_map.rb

@@ -14,8 +14,7 @@ module Exclaim
     extend self
 
     def example_implementation_map
-      @example_implementation_map ||= begin
-        {
+      @example_implementation_map ||= {
           'each' => EACH_COMPONENT,
           'image' => IMAGE_COMPONENT,
           'if' => IF_HELPER,
@@ -25,7 +24,7 @@ module Exclaim
           'text' => TEXT_COMPONENT,
           'vbox' => VBOX_COMPONENT
         }
-      end
+
     end
   end
 end

data/lib/exclaim/renderer.rb

@@ -2,8 +2,9 @@
 
 module Exclaim
   class Renderer
-    def initialize(parsed_ui)
+    def initialize(parsed_ui, should_escape_html = true)
       @parsed_ui = parsed_ui
+      @should_escape_html = should_escape_html
     end
 
     def call(env: {})
@@ -25,7 +26,7 @@ module Exclaim
     end
 
     def resolve_component_config(component, env)
-      resolve(component.config, env).transform_values! { |value| escape_html!(value) }
+      resolve(component.config, env).transform_values! { |value| @should_escape_html ? escape_html!(value) : value }
     end
 
     def escape_html!(value)

data/lib/exclaim/ui.rb

@@ -4,8 +4,9 @@ module Exclaim
   class Ui
     attr_reader :implementation_map, :parsed_ui, :renderer
 
-    def initialize(implementation_map: Exclaim::Implementations.example_implementation_map)
+    def initialize(implementation_map: Exclaim::Implementations.example_implementation_map, should_escape_html: true)
       @implementation_map = Exclaim::ImplementationMap.parse!(implementation_map)
+      @should_escape_html = should_escape_html
     rescue Exclaim::Error
       raise
     rescue StandardError => e
@@ -66,7 +67,7 @@ module Exclaim
 
     def parsed_ui=(value)
       @parsed_ui = value
-      @renderer = Exclaim::Renderer.new(@parsed_ui)
+      @renderer = Exclaim::Renderer.new(@parsed_ui, @should_escape_html)
     end
 
     def bind_paths(config_value, accumulator)

data/lib/exclaim/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Exclaim
-  VERSION = '0.0.0'
+  VERSION = '0.1.1'
 end

data/ruby-exclaim.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   # Set 'allowed_push_post' to control where this gem can be published.
   if spec.respond_to?(:metadata)
     spec.metadata['allowed_push_host'] = 'https://rubygems.org'
-
+    spec.metadata['rubygems_mfa_required'] = 'true'
   else
     raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-exclaim
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Salsify, Inc
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-26 00:00:00.000000000 Z
+date: 2024-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -104,7 +104,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
-- ".github/workflows/release.yml"
+- ".github/CODEOWNERS"
 - ".gitignore"
 - ".overcommit.yml"
 - ".rspec"
@@ -144,7 +144,8 @@ licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
+  rubygems_mfa_required: 'true'
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -159,8 +160,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.11
-signing_key:
+rubygems_version: 3.3.26
+signing_key: 
 specification_version: 4
 summary: Ruby utilities for Exclaim UIs
 test_files: []

data/.github/workflows/release.yml

@@ -1,29 +0,0 @@
-name: Release
-
-on:
-  check_suite:
-    types: [completed]
-
-jobs:
-  release:
-    name: Check and Release New Version
-    runs-on: ubuntu-latest
-    # `github.ref` from the `check_suite` trigger is always the default branch
-    if: format('refs/heads/{0}', github.event.check_suite.head_branch) == github.ref && github.event.check_suite.conclusion == 'success'
-    steps:
-    - name: Checkout Code
-      uses: actions/checkout@v2
-      with:
-        fetch-depth: 2
-
-    - name: Setup Ruby
-      uses: actions/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Release Gem
-      id: release-gem
-      uses: salsify/action-release-gem@v1.1.0
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}