sanitize-rails 0.8.1 → 0.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fe1b33404aa8e997aba5fdf6101b25c3b5dde7a5
-  data.tar.gz: d74c48a669484082ed497713dc198e2ead6ab310
+  metadata.gz: 92119626e5ebb931fe890e757c3c2fc9b287a351
+  data.tar.gz: 315002fac67c6275c2b6ef6eafeef4f946cf3f52
 SHA512:
-  metadata.gz: 4a44d6ac9ae62f3c1aa68bf7569e289b9264afd2311d338c8a1bd8cd87bfa572b254727e0bdaf8b20ffe011120e687e3ef35e41fc9abb528243ffe79ca57ba23
-  data.tar.gz: 46ab3c9d6ac847044d1d8e5101890d717a1e981408b734a19b8c957aab348f95b3809dd62a61f231eb49658fef57ee6cd61838963f4bbcbec701ffb604d8612a
+  metadata.gz: 452ec0f4ac318d174ed4625646ad62e9f3524faa926eaff28726d2fb1e57127ac9db389bf1aadbd1f312da30c760ea12beed184e4d69cb739d50070ccd710aae
+  data.tar.gz: 44077d2a5c5a330f61c2903649b0ef71e246af81d6323047713d69d21292c0893af6883cf41168b2cac25547ee5397c89c47ae4bf647a2d1015d9c11400a60ad

data/.gitignore

@@ -1,6 +1,8 @@
 .*.sw?
 .DS_Store
 *.sublime-*
+.ruby-version
+.bundle
 Gemfile.lock
 html
 pkg

data/.travis.yml

@@ -1,5 +1,6 @@
 language: ruby
 cache: bundler
 rvm:
-- 2.0.0
-- 1.9.3
+  - 2.1.2
+  - 2.0.0
+  - 1.9.3

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2011-2014 Marcello Barnaba <vjt@openssl.it>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -1,64 +1,94 @@
-Sanitize-Rails - sanitize .. on Rails. [![Build Status](https://travis-ci.org/vjt/sanitize-rails.png)](https://travis-ci.org/vjt/sanitize-rails)
-======================================
+# Sanitize-Rails - sanitize .. on Rails. [![Build Status](https://travis-ci.org/vjt/sanitize-rails.png)](https://travis-ci.org/vjt/sanitize-rails)
 
-Installation
-------------
+An easy bridge to integrate Ryan Grove's [HTML Whitelist Sanitizer][sanitize]
+in your Rails application.
 
-Gemfile:
+## Installation
 
-    gem 'sanitize-rails', :require => 'sanitize/rails'
+`Gemfile`:
 
-Configuration
--------------
+    gem 'sanitize-rails', require: 'sanitize/rails'
 
-config/initializers/sanitizer.rb:
+## Configuration
+
+Pass the configuration to `Sanitize` calling `Sanitize::Rails.configure` in
+an initializer, say `config/initializers/sanitizer.rb`:
 
     Sanitize::Rails.configure(
-      :elements    => [ ... ],
-      :attribiutes => { ... },
+      elements:   [ ... ],
+      attributes: { ... },
       ...
     )
 
-There's an example in the `example/` directory.
+Check out the [example][] in the `example/` directory.
+
+## Usage
+
+ActionView `sanitize` helper is transparently overriden to use the `Sanitize`
+gem.
+
+A `sanitize` helper is added to `ActiveRecord`, that installs on create/save
+callbacks that sanitize the given attributes before persisting them to the
+database. Example:
+
+`app/models/foo.rb`:
+
+    class Foo < ActiveRecord::Base
+      sanitizes :description # on save by default
+
+      sanitizes :body,    on: :create
+      sanitizes :remarks, on: :save
+    end
+
+## Testing
+
+### RSpec
+
+`spec/spec_helper.rb`:
+
+    require 'sanitize/rails/matchers'
+
+in spec code:
 
-Usage
------
+    describe Post do
+      # Simplest variant, single field and default values
+      it { should sanitize_field :title }
 
-app/models/foo.rb:
+      # Multiple fields
+      it { should sanitize_fields :title, :body }
 
-    sanitizes :field
-    sanitizes :some_other_field,  :on => :create
-    sanitizes :yet_another_field, :on => :save
+      # Specifing both text to sanitize and expected result
+      it { should sanitize_field(:title).replacing('&copy;').with('©') }
+    end
 
-ActionView `sanitize` helper is overriden to use
-the Sanitize gem - transparently.
+You should pass field names to matcher in the same way as you do with the
+`sanitize` call in the model, otherwise sanitize method won't be found in
+model.
 
-Testing
--------
+### Test::Unit
 
-Only Test::Unit for now - please write matchers
-and send a pull request :-)
+`test/test_helper.rb:`
 
-test/test\_helper:
+    require 'sanitize/rails/test_helpers'
 
     Sanitize::Rails::TestHelpers.setup(self,
-      :invalid => 'some <a>string',
-      :valid   => 'some <a>string</a>'
+      invalid: 'some <a>string',
+      valid:   'some <a>string</a>'
     )
 
 your test:
 
-    assert_sanitizes(Model, :field, :some_other_field)
+    assert_sanitizes Model, :field, :some_other_field
 
-Compatibility
--------------
+## Compatibility
 
-Tested with Rails 3.0 ~ 4.0 under Ruby 1.9 and 2.0.
+Tested with Rails 3.0 and :up: under Ruby 1.9.3 and :up:.
 
-License
--------
+## License
 
 MIT
 
+## :smiley: Have fun!
 
-Have fun!
+[sanitize]: https://github.com/rgrove/sanitize
+[example]: https://github.com/vjt/sanitize-rails/blob/master/example/sanitizer.rb

data/example/sanitizer.rb

@@ -1,3 +1,11 @@
+# Sanitize::Rails example configuration
+#
+# https://github.com/vjt/sanitize-rails
+#
+# Enjoy, Share and Love <3
+#
+#   -- vjt@openssl.it
+#
 HTML::WhiteListSanitizer.allowed_css_properties   = %w(text-align background-color)
 HTML::WhiteListSanitizer.shorthand_css_properties = %w()
 HTML::WhiteListSanitizer.allowed_css_keywords     = %w(left center right justify rgb)

data/lib/sanitize/rails/action_view.rb

@@ -0,0 +1,20 @@
+module Sanitize::Rails
+
+  module ActionView # :nodoc:
+    def self.included(base)
+      base.class_eval do
+        # To make sure we're called *after* the method is defined
+        undef_method :sanitize
+
+        # Overrides ActionView's sanitize() helper to use +Engine#clean+
+        #
+        # FIXME: Options are currently ignored.
+        #
+        def sanitize(string, options = {})
+          Engine.clean(string)
+        end
+      end
+    end
+  end
+
+end

data/lib/sanitize/rails/active_record.rb

@@ -0,0 +1,38 @@
+module Sanitize::Rails
+
+  # Adds the +sanitizes+ method to ActiveRecord children classes
+  #
+  module ActiveRecord
+    # Generates before_save/before_create filters that implement
+    # sanitization on the given fields, in the given callback
+    # point.
+    #
+    # Usage:
+    #
+    #   sanitizes :some_field, :some_other_field #, :on => :save
+    #
+    # Valid callback points are :save and :create, callbacks are installed "before_"
+    # by default. Generated callbacks are named with the "sanitize_" prefix follwed
+    # by the field names separated by an underscore.
+    #
+    def sanitizes(*fields)
+      options   = fields.extract_options!
+      callback  = Engine.callback_for(options)
+      sanitizer = Engine.method_for(fields)
+
+      define_method(sanitizer) do                  # # Unrolled version
+        fields.each do |field|                     #
+          value = send(field)
+          unless value.blank?                      # def sanitize_fieldA_fieldB
+            sanitized = Engine.clean(value)        #   self.fieldA = Engine.clean(self.fieldA) unless fieldA.blank?
+            send("#{field}=", sanitized)           #   self.fieldB = Engine.clean(self.fieldB) unless fieldB.blank?
+          end                                      # end
+        end                                        #
+      end                                          # end
+
+      protected sanitizer                          # protected :sanitize_fieldA_fieldB
+      send callback, sanitizer                     # before_save :sanitize_fieldA_fieldB
+    end
+  end
+
+end

data/lib/sanitize/rails/engine.rb

@@ -0,0 +1,58 @@
+module Sanitize::Rails
+
+  module Engine
+    extend self
+
+    def configure(config)
+      @@config = config.freeze
+    end
+
+    # Returns a memoized instance of the Engine with the
+    # configuration passed to the +configure+ method or with
+    # the ActionView's default config
+    #
+    def cleaner
+      @@config ||= begin
+        {
+          :elements   => ::ActionView::Base.sanitized_allowed_tags.to_a,
+          :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a},
+          :protocols  => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }
+        }
+      rescue
+        warn "ActionView not available, falling back to Sanitize's BASIC config"
+        ::Sanitize::Config::BASIC
+      end
+      @sanitizer ||= ::Sanitize.new(@@config)
+    end
+
+    # Returns a copy of the given `string` after sanitizing it and marking it
+    # as `html_safe`
+    #
+    # Ensuring this methods return instances of ActiveSupport::SafeBuffer
+    # means that text passed through `Sanitize::Rails::Engine.clean`
+    # will not be escaped by ActionView's XSS filtering utilities.
+    def clean(string)
+      ::ActiveSupport::SafeBuffer.new string.to_s.dup.tap { |s| clean!(s) }
+    end
+
+    # Sanitizes the given `string` in place and does NOT mark it as `html_safe`
+    #
+    def clean!(string)
+      cleaner.clean!(string.to_s).to_s
+    end
+
+    def callback_for(options) #:nodoc:
+      point = (options[:on] || 'save').to_s
+
+      unless %w( save create ).include?(point)
+        raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create"
+      end
+
+      "before_#{point}".intern
+    end
+
+    def method_for(fields) #:nodoc:
+      "sanitize_#{fields.join('_')}".intern
+    end
+  end
+end

data/lib/sanitize/rails/matchers.rb

@@ -0,0 +1,112 @@
+module Sanitize::Rails::Matchers
+
+  # RSpec custom matcher to check for field sanitization
+  #
+  # Verifies that the matcher subject sanitizes the given `fields`, by
+  # checking that the sanitize callback works as expected.
+  #
+  # Matcher can be used in the following variants:
+  #
+  #   describe Post do
+  #     # Simplest variant, single field and default values
+  #     it { should sanitize_field :title }
+  #     # Multiple fields
+  #     it { should sanitize_fields :title, :body }
+  #     # Specifing both text to sanitize and expected result
+  #     it { should sanitize_field(:title).replacing('©').with('©') }
+  #   end
+  #
+  def sanitize_field(*fields)
+    if fields.empty?
+      raise ArgumentError, 'need at least one argument'
+    else
+      SanitizeFieldsMatcher.new(*fields)
+    end
+  end
+
+  # Sintactic sugar
+  alias_method :sanitize_fields, :sanitize_field
+
+  # Add matchers module to rspec configuration
+  RSpec.configure { |c| c.include(self) } if defined? RSpec and RSpec.respond_to?(:configure)
+
+  # Actual matcher class
+  class SanitizeFieldsMatcher
+
+    # Take an array of fields to check, they must respect the same order given in model `sanitize` call
+    def initialize(*fields)
+      self.options = fields.extract_options!
+      self.sanitizer = ::Sanitize::Rails::Engine.method_for(fields)
+      self.fields = fields
+    end
+
+    # Used to specify invalid text assigned to fields
+    def replacing(invalid)
+      @invalid_changed = true
+      @invalid = invalid
+      self
+    end
+
+    # Used to specify expected output for the invalid text
+    def with(valid)
+      @valid_changed = true
+      @valid = valid
+      self
+    end
+
+    # Actual match code
+    def matches?(instance)
+      self.instance = instance
+      # assign invalid value to each field
+      fields.each { |field| instance.send("#{field}=", invalid_value) }
+      # sanitize the object calling the method
+      instance.send(sanitizer) rescue nil
+      # check expectation on results
+      fields.all? { |field| valid_value == instance.send(field) }
+    end
+
+    def failure_message_for_should
+      "Expected #{should_helper} to return sanitized value '#{valid_value}', got '#{attribute_values}'"
+    end
+
+    def failure_message_for_should_not
+      "Expected #{field_helper} not to be sanitized"
+    end
+
+    def description
+      "sanitize #{should_helper}"
+    end
+
+    private
+
+    attr_accessor :options, :sanitizer, :instance, :fields
+
+    def invalid_value
+      @invalid ||= '<b>valid<br>'
+    end
+
+    def valid_value
+      @valid ||= '<b>valid<br></b>'
+    end
+
+    def custom_values?
+      @invalid_changed && @invalid_changed
+    end
+
+    def field_helper
+      "#{'field'.pluralize(fields.count)} #{fields.to_sentence}"
+    end
+
+    def should_helper
+      field_helper.tap do |desc|
+        desc << " by replacing '#{invalid_value}' with '#{valid_value}'" if custom_values?
+      end
+    end
+
+    def attribute_values
+      instance.attributes.slice(*fields.map(&:to_s))
+    end
+
+  end
+
+end

data/lib/sanitize/rails/railtie.rb

@@ -0,0 +1,21 @@
+module Sanitize::Rails
+
+  class Railtie < ::Rails::Railtie
+    initializer 'sanitize-rails.insert_into_action_view' do
+      ::ActiveSupport.on_load :action_view do
+        ::ActionView::Helpers::SanitizeHelper.instance_eval { include Sanitize::Rails::ActionView }
+      end
+    end
+
+    initializer 'sanitize-rails.insert_into_active_record' do
+      ::ActiveSupport.on_load :active_record do
+        ::ActiveRecord::Base.extend Sanitize::Rails::ActiveRecord
+      end
+    end
+
+    initializer 'sanitize-rails.insert_into_string' do
+      ::String.instance_eval { include Sanitize::Rails::String }
+    end
+  end
+
+end

data/lib/sanitize/rails/string.rb

@@ -0,0 +1,20 @@
+module Sanitize::Rails
+
+  # Adds two `sanitize_as_html{,!}` helpers to String itself,
+  # that call +Engine#clean+ or +Engine#clean!+ in turn
+  #
+  module String
+    # Calls +Engine#clean+ on this String instance
+    #
+    def sanitize_as_html
+      Engine.clean(self)
+    end
+
+    # Calls +Engine#clean!+ on this String instance
+    #
+    def sanitize_as_html!
+      Engine.clean!(self)
+    end
+  end
+
+end

data/lib/sanitize/rails/test_helpers.rb

@@ -0,0 +1,63 @@
+module Sanitize::Rails
+
+  # Test instrumentation
+  #
+  module TestHelpers
+    class << self
+      # Instruments the given base class with the +assert_sanitizes+
+      # helper, and memoizes the given options, accessible from the
+      # helper itself via the +valid+ and +invalid+ methods.
+      #
+      # Those methods contains two HTML strings, one assumed to be
+      # "invalid" and the other, well, "valid".
+      #
+      # In your ActiveSupport::Testcase:
+      #
+      #   Sanitize::Rails::TestHelpers.setup(self,
+      #     :invalid => 'some <a>string',
+      #     :valid   => 'some <a>string</a>'
+      #   )
+      #
+      def setup(base, options = {})
+        base.instance_eval { include TestHelpers }
+        @@options = options
+      end
+
+      def valid;   @@options[:valid]   rescue nil end
+      def invalid; @@options[:invalid] rescue nil end
+    end
+
+    # Verifies that the given `klass` sanitizes the given `fields`, by
+    # checking both the presence of the sanitize callback and that it
+    # works as expected, by setting the +invalid+ string first, invoking
+    # the callback and then checking that the string has been changed
+    # into the +valid+ one.
+    #
+    # If you pass an Hash as the last argument, it can contain `:valid`,
+    # `:invalid` and `:object` keys. The first two ones override the
+    # configured defaults, while the third executes assertions on the
+    # specified object. If no :object is given, a new object is instantiated
+    # by the given `klass` with no arguments.
+    #
+    # If neither `:valid`/`:invalid` strings are configured nor are passed
+    # via the options, the two default strings in the method source are
+    # used.
+    #
+    def assert_sanitizes(klass, *fields)
+      options   = fields.extract_options!
+      sanitizer = Engine.method_for(fields)
+
+      # Verify the callback works
+      invalid = options[:invalid] || TestHelpers.invalid || '<b>ntani<br>'
+      valid   = options[:valid]   || TestHelpers.valid   || '<b>ntani<br /></b>'
+      object  = options[:object]  || klass.new
+
+      fields.each {|field| object.send("#{field}=", invalid)       }
+
+      object.send sanitizer
+
+      fields.each {|field| assert_equal(valid, object.send(field)) }
+    end
+  end
+
+end

data/lib/sanitize/rails/version.rb

@@ -1,5 +1,5 @@
 class Sanitize
   module Rails
-    VERSION = '0.8.1'
+    VERSION = '0.9.1'
   end
 end

data/lib/sanitize/rails.rb

@@ -1,9 +1,21 @@
-# Sanitize gem bridge and helpers
+#
+# Sanitize Gem Bridge and Helpers for Rails
+#
+# https://github.com/vjt/sanitize-rails
+#
+# (C) 2011-2014 vjt@openssl.it
+#
+# MIT License
 #
 require 'sanitize'
-require 'sanitize/railtie' if defined? Rails
+require 'sanitize/rails/railtie' if defined? Rails
 
 module Sanitize::Rails
+  autoload :Engine,       'sanitize/rails/engine'
+  autoload :ActionView,   'sanitize/rails/action_view'
+  autoload :ActiveRecord, 'sanitize/rails/active_record'
+  autoload :String,       'sanitize/rails/string'
+  autoload :VERSION,      'sanitize/rails/version'
 
   # Configures the sanitizer with the given `config` hash.
   #
@@ -18,190 +30,4 @@ module Sanitize::Rails
   def self.configure(config)
     Engine.configure(config)
   end
-
-  module Engine
-    extend self
-
-    def configure(config)
-      @@config = config.freeze
-    end
-
-    # Returns a memoized instance of the Engine with the
-    # configuration passed to the +configure+ method or with
-    # the ActionView's default config
-    #
-    def cleaner
-      @@config ||= begin
-        {
-          :elements   => ::ActionView::Base.sanitized_allowed_tags.to_a,
-          :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a},
-          :protocols  => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }
-        }
-      rescue
-        warn "ActionView not available, falling back to Sanitize's BASIC config"
-        ::Sanitize::Config::BASIC
-      end
-      @sanitizer ||= ::Sanitize.new(@@config)
-    end
-
-    # Returns a copy of the given `string` after sanitizing it and marking it
-    # as `html_safe`
-    #
-    # Ensuring this methods return instances of ActiveSupport::SafeBuffer
-    # means that text passed through `Sanitize::Rails::Engine.clean`
-    # will not be escaped by ActionView's XSS filtering utilities.
-    def clean(string)
-      ::ActiveSupport::SafeBuffer.new string.to_s.dup.tap { |s| clean!(s) }
-    end
-
-    # Sanitizes the given `string` in place and does NOT mark it as `html_safe`
-    #
-    def clean!(string)
-      cleaner.clean!(string.to_s).to_s
-    end
-
-    def callback_for(options) #:nodoc:
-      point = (options[:on] || 'save').to_s
-
-      unless %w( save create ).include?(point)
-        raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create"
-      end
-
-      "before_#{point}".intern
-    end
-
-    def method_for(fields) #:nodoc:
-      "sanitize_#{fields.join('_')}".intern
-    end
-  end
-
-  module ActionView
-    def self.included(base)
-      base.class_eval do
-        # To make sure we're called *after* the method is defined
-        undef_method :sanitize
-
-        # Overrides ActionView's sanitize() helper to use +Engine#clean+
-        #
-        # FIXME: Options are currently ignored.
-        #
-        def sanitize(string, options = {})
-          Engine.clean(string)
-        end
-      end
-    end
-
-  end
-
-  # Adds the +sanitizes+ method to ActiveRecord children classes
-  #
-  module ActiveRecord
-    # Generates before_save/before_create filters that implement
-    # sanitization on the given fields, in the given callback
-    # point.
-    #
-    # Usage:
-    #
-    #   sanitizes :some_field, :some_other_field #, :on => :save
-    #
-    # Valid callback points are :save and :create, callbacks are installed "before_"
-    # by default. Generated callbacks are named with the "sanitize_" prefix follwed
-    # by the field names separated by an underscore.
-    #
-    def sanitizes(*fields)
-      options   = fields.extract_options!
-      callback  = Engine.callback_for(options)
-      sanitizer = Engine.method_for(fields)
-
-      define_method(sanitizer) do                  # # Unrolled version
-        fields.each do |field|                     #
-          value = send(field)
-          unless value.blank?                      # def sanitize_fieldA_fieldB
-            sanitized = Engine.clean(value)        #   self.fieldA = Engine.clean(self.fieldA) unless fieldA.blank?
-            send("#{field}=", sanitized)           #   self.fieldB = Engine.clean(self.fieldB) unless fieldB.blank?
-          end                                      # end
-        end                                        #
-      end                                          # end
-
-      protected sanitizer                          # protected :sanitize_fieldA_fieldB
-      send callback, sanitizer                     # before_save :sanitize_fieldA_fieldB
-    end
-  end
-
-  # Adds two `sanitize_as_html{,!}` helpers to String itself,
-  # that call +Engine#clean+ or +Engine#clean!+ in turn
-  #
-  module String
-    # Calls +Engine#clean+ on this String instance
-    #
-    def sanitize_as_html
-      Engine.clean(self)
-    end
-
-    # Calls +Engine#clean!+ on this String instance
-    #
-    def sanitize_as_html!
-      Engine.clean!(self)
-    end
-  end
-
-  # Test instrumentation
-  #
-  module TestHelpers
-    class << self
-      # Instruments the given base class with the +assert_sanitizes+
-      # helper, and memoizes the given options, accessible from the
-      # helper itself via the +valid+ and +invalid+ methods.
-      #
-      # Those methods contains two HTML strings, one assumed to be
-      # "invalid" and the other, well, "valid".
-      #
-      # In your ActiveSupport::Testcase:
-      #
-      #   Sanitize::Rails::TestHelpers.setup(self,
-      #     :invalid => 'some <a>string',
-      #     :valid   => 'some <a>string</a>'
-      #   )
-      #
-      def setup(base, options = {})
-        base.instance_eval { include TestHelpers }
-        @@options = options
-      end
-
-      def valid;   @@options[:valid]   rescue nil end
-      def invalid; @@options[:invalid] rescue nil end
-    end
-
-    # Verifies that the given `klass` sanitizes the given `fields`, by
-    # checking both the presence of the sanitize callback and that it
-    # works as expected, by setting the +invalid+ string first, invoking
-    # the callback and then checking that the string has been changed
-    # into the +valid+ one.
-    #
-    # If you pass an Hash as the last argument, it can contain `:valid`,
-    # `:invalid` and `:object` keys. The first two ones override the
-    # configured defaults, while the third executes assertions on the
-    # specified object. If no :object is given, a new object is instantiated
-    # by the given `klass` with no arguments.
-    #
-    # If neither `:valid`/`:invalid` strings are configured nor are passed
-    # via the options, the two default strings in the method source are
-    # used.
-    #
-    def assert_sanitizes(klass, *fields)
-      options   = fields.extract_options!
-      sanitizer = Engine.method_for(fields)
-
-      # Verify the callback works
-      invalid = options[:invalid] || TestHelpers.invalid || '<b>ntani<br>'
-      valid   = options[:valid]   || TestHelpers.valid   || '<b>ntani<br /></b>'
-      object  = options[:object]  || klass.new
-
-      fields.each {|field| object.send("#{field}=", invalid)       }
-
-      object.send sanitizer
-
-      fields.each {|field| assert_equal(valid, object.send(field)) }
-    end
-  end
 end

data/sanitize-rails.gemspec

@@ -7,9 +7,9 @@ require 'sanitize/rails/version'
 Gem::Specification.new do |s|
   s.name          = "sanitize-rails"
   s.version       = Sanitize::Rails::VERSION
-  s.date          = "2014-03-14"
-  s.authors       = ["Marcello Barnaba", "Damien Wilson"]
-  s.email         = ["vjt@openssl.it", "damien@mindglob.com"]
+  s.date          = "2014-06-05"
+  s.authors       = ["Marcello Barnaba", "Damien Wilson", "Fabio Napoleoni"]
+  s.email         = ["vjt@openssl.it", "damien@mindglob.com", "f.napoleoni@gmail.com"]
   s.homepage      = "http://github.com/vjt/sanitize-rails"
   s.summary       = "A sanitizer bridge for Rails applications"
   s.license       = "MIT"

data/test/sanitize_rails_engine_test.rb

@@ -1,9 +1,5 @@
 require 'test_helper'
 
-require 'action_view'
-require 'sanitize'
-require 'sanitize/rails'
-
 # Test suite for Sanitize::Rails::Engine
 class SanitizeRailsEngineTest < Minitest::Test
   def setup

data/test/sanitize_rails_string_extension_test.rb

@@ -1,9 +1,5 @@
 require 'test_helper'
 
-require 'action_view'
-require 'sanitize'
-require 'sanitize/rails'
-
 # Test suite for Sanitize::Rails::Engine
 class SanitizeRailsStringExtensionTest < Minitest::Test
   SanitizableString = Class.new(String) { include Sanitize::Rails::String }

data/test/test_helper.rb

@@ -1 +1,5 @@
 require 'minitest/autorun'
+
+require 'action_view'
+
+require 'sanitize/rails'

metadata

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: sanitize-rails
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.9.1
 platform: ruby
 authors:
 - Marcello Barnaba
 - Damien Wilson
+- Fabio Napoleoni
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-14 00:00:00.000000000 Z
+date: 2014-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -43,6 +44,7 @@ description:
 email:
 - vjt@openssl.it
 - damien@mindglob.com
+- f.napoleoni@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -50,12 +52,19 @@ files:
 - ".gitignore"
 - ".travis.yml"
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - example/sanitizer.rb
 - lib/sanitize/rails.rb
+- lib/sanitize/rails/action_view.rb
+- lib/sanitize/rails/active_record.rb
+- lib/sanitize/rails/engine.rb
+- lib/sanitize/rails/matchers.rb
+- lib/sanitize/rails/railtie.rb
+- lib/sanitize/rails/string.rb
+- lib/sanitize/rails/test_helpers.rb
 - lib/sanitize/rails/version.rb
-- lib/sanitize/railtie.rb
 - sanitize-rails.gemspec
 - test/sanitize_rails_engine_test.rb
 - test/sanitize_rails_string_extension_test.rb

data/lib/sanitize/railtie.rb

@@ -1,19 +0,0 @@
-require 'sanitize/rails'
-
-class Sanitize::Railtie < ::Rails::Railtie
-  initializer 'sanitize-rails.insert_into_action_view' do
-    ActiveSupport.on_load :action_view do
-      ActionView::Helpers::SanitizeHelper.instance_eval { include Sanitize::Rails::ActionView }
-    end
-  end
-
-  initializer 'sanitize-rails.insert_into_active_record' do
-    ActiveSupport.on_load :active_record do
-      ActiveRecord::Base.extend Sanitize::Rails::ActiveRecord
-    end
-  end
-
-  initializer 'sanitie-rails.insert_into_string' do
-    ::String.instance_eval { include Sanitize::Rails::String }
-  end
-end