sanitize-rails 0.5.0

data/README.md

@@ -0,0 +1,54 @@
+Sanitize-Rails - sanitize .. on Rails.
+======================================
+
+Installation
+------------
+
+    gem install sanitize-rails
+
+Configuration
+-------------
+
+config/initializers/sanitizer.rb:
+
+    Sanitize::Rails.configure(
+      :elements    => [ ... ],
+      :attribiutes => { ... },
+      ...
+    )
+
+Usage
+-----
+
+app/models/foo.rb:
+
+    sanitizes :field
+    sanitizes :some_other_field,  :on => :create
+    sanitizes :yet_another_field, :on => :save
+
+ActionView `sanitize` helper is overriden to use
+the Sanitize gem - transparently.
+
+Testing
+-------
+
+Only Test::Unit for now - please write matchers
+and send a pull request :-)
+
+test/test\_helper:
+
+    Sanitize::Rails::TestHelpers.setup(self,
+      :invalid => 'some <a>string',
+      :valid   => 'some <a>string</a>'
+    )
+
+your test:
+
+    assert_sanitizes(Model, :field, :some_other_field)
+
+Compatibility
+-------------
+
+Tested with Rails 3.0.x under Ruby 1.8 and 1.9.
+
+Have fun.

data/Rakefile

@@ -0,0 +1,43 @@
+require 'rake'
+require 'rake/rdoctask'
+
+require 'lib/sanitize/rails'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name             = 'sanitize-rails'
+
+    gemspec.summary          = 'A sanitizer bridge for Rails applications'
+    gemspec.authors          = ['Marcello Barnaba']
+    gemspec.email            = 'vjt@openssl.it'
+    gemspec.homepage         = 'http://github.com/vjt/sanitize-rails'
+
+    gemspec.files            = %w( README.md Rakefile rails/init.rb ) + Dir['lib/**/*']
+    gemspec.extra_rdoc_files = %w( README.md )
+    gemspec.has_rdoc         = true
+
+    gemspec.version          = Sanitize::Rails::Version
+    gemspec.require_path     = 'lib'
+
+    gemspec.add_dependency('rails', '~> 3.0')
+    gemspec.add_dependency('sanitize')
+  end
+rescue LoadError
+  puts 'Jeweler not available. Install it with: gem install jeweler'
+end
+
+desc 'Generate the rdoc'
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_files.add %w( README.md lib/**/*.rb )
+
+  rdoc.main  = 'README.md'
+  rdoc.title = 'Sanitizer-Rails'
+end
+
+desc 'Will someone help write tests?'
+task :default do
+  puts
+  puts 'Can you help in writing tests? Please do :-)'
+  puts
+end

data/lib/sanitize/rails.rb

@@ -0,0 +1,188 @@
+# Sanitize gem bridge and helpers
+#
+require 'sanitize'
+require 'sanitize/railtie' if defined? Rails
+
+module Sanitize::Rails
+  Version = '0.5.0'
+
+  # Configures the sanitizer with the given `config` hash.
+  #
+  # In your environment.rb, in the after_initialize block:
+  #
+  #   Sanitize::Rails.configure(
+  #     :elements => [ ... ],
+  #     :attributes => [ ... ],
+  #     ...
+  #   )
+  #
+  def self.configure(config)
+    Engine.configure(config)
+  end
+
+  module Engine
+    extend self
+
+    def configure(config)
+      @@config = config.freeze
+    end
+
+    # Returns a memoized instance of the Engine with the
+    # configuration passed to the +configure+ method or with
+    # the Gem default configuration.
+    #
+    def cleaner
+      @sanitizer ||= ::Sanitize.new(@@config || {})
+    end
+
+    # Returns a copy of the given `string` after sanitizing it
+    #
+    def clean(string)
+      string.dup.tap {|s| clean!(s)} unless string.blank?
+    end
+
+    # Sanitizes the given string in place, forcing UTF-8 encoding on it.
+    #
+    def clean!(string)
+      cleaner.clean!(string) unless string.blank?
+    end
+
+    def callback_for(options) #:nodoc:
+      point = (options[:on] || 'save').to_s
+
+      unless %w( save create ).include?(point)
+        raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create"
+      end
+
+      "before_#{point}".intern
+    end
+
+    def method_for(fields) #:nodoc:
+      "sanitize_#{fields.join('_')}".intern
+    end
+  end
+
+  module ActionView
+    def self.included(base)
+      base.class_eval do
+        # To make sure we're called *after* the method is defined
+        undef_method :sanitize
+
+        # Overrides ActionView's sanitize() helper to use +Engine#clean+
+        def sanitize(string)
+          Engine.clean(string)
+        end
+      end
+    end
+
+  end
+
+  # Adds the +sanitizes+ method to ActiveRecord children classes
+  #
+  module ActiveRecord
+    # Generates before_save/before_create filters that implement
+    # sanitization on the given fields, in the given callback
+    # point.
+    #
+    # Usage:
+    #
+    #   sanitizes :some_field, :some_other_field #, :on => :save
+    #
+    # Valid callback points are :save and :create, callbacks are installed "before_"
+    # by default. Generated callbacks are named with the "sanitize_" prefix follwed
+    # by the field names separated by an underscore.
+    #
+    def sanitizes(*fields)
+      options   = fields.extract_options!
+      callback  = Engine.callback_for(options)
+      sanitizer = Engine.method_for(fields)
+
+      define_method(sanitizer) do                  # def sanitize_fieldA_fieldB
+        fields.each do |field|                     #   # Unrolled version
+          sanitized = Engine.clean(send(field)) #   self.fieldA = Engine.clean(self.fieldA)
+          send("#{field}=", sanitized)             #   self.fieldB = Engine.clean(self.fieldB)
+        end                                        #   # For clarity :-)
+      end                                          # end
+
+      protected sanitizer                          # protected :sanitize_fieldA_fieldB
+      send callback, sanitizer                     # before_save :sanitize_fieldA_fieldB
+    end
+  end
+
+  # Adds two `sanitize_as_html{,!}` helpers to String itself,
+  # that call +Engine#clean+ or +Engine#clean!+ in turn
+  #
+  module String
+    # Calls +Engine#clean+ on this String instance
+    #
+    def sanitize_as_html
+      Engine.clean(self)
+    end
+
+    # Calls +Engine#clean!+ on this String instance
+    #
+    def sanitize_as_html!
+      Engine.clean!(self)
+    end
+  end
+
+  # Test instrumentation
+  #
+  module TestHelpers
+    class << self
+      # Instruments the given base class with the +assert_sanitizes+
+      # helper, and memoizes the given options, accessible from the
+      # helper itself via the +valid+ and +invalid+ methods.
+      #
+      # Those methods contains two HTML strings, one assumed to be
+      # "invalid" and the other, well, "valid".
+      #
+      # In your ActiveSupport::Testcase:
+      #
+      #   Sanitize::Rails::TestHelpers.setup(self,
+      #     :invalid => 'some <a>string',
+      #     :valid   => 'some <a>string</a>'
+      #   )
+      #
+      def setup(base, options = {})
+        base.instance_eval { include TestHelpers }
+        @@options = options
+      end
+
+      def valid;   @@options[:valid]   rescue nil end
+      def invalid; @@options[:invalid] rescue nil end
+    end
+
+    # Verifies that the given `klass` sanitizes the given `fields`, by
+    # checking both the presence of the sanitize callback and that it
+    # works as expected, by setting the +invalid+ string first, invoking
+    # the callback and then checking that the string has been changed
+    # into the +valid+ one.
+    #
+    # If you pass an Hash as the last argument, it can contain `:valid`,
+    # `:invalid` and `:object` keys. The first two ones override the
+    # configured defaults, while the third executes assertions on the
+    # specified object. If no :object is given, a new object is instantiated
+    # by the given `klass` with no arguments.
+    #
+    # If neither `:valid`/`:invalid` strings are configured nor are passed
+    # via the options, the two default strings in the method source are
+    # used.
+    #
+    def assert_sanitizes(klass, *fields)
+      options   = fields.extract_options!
+      sanitizer = Engine.method_for(fields)
+
+      # Verify the callback works
+      invalid = options[:invalid] || TestHelpers.invalid || '<b>ntani<br>'
+      valid   = options[:valid]   || TestHelpers.valid   || '<b>ntani<br /></b>'
+      object  = options[:object]  || klass.new
+
+      fields.each {|field| object.send("#{field}=", invalid)       }
+
+      object.send sanitizer
+
+      fields.each {|field| assert_equal(valid, object.send(field)) }
+    end
+  end
+end

data/lib/sanitize/railtie.rb

@@ -0,0 +1,19 @@
+require 'sanitize/rails'
+
+class Sanitize::Railtie < ::Rails::Railtie
+  initializer 'sanitize-rails.insert_into_action_view' do
+    ActiveSupport.on_load :action_view do
+      ActionView::Helpers::SanitizeHelper.instance_eval { include Sanitize::Rails::ActionView }
+    end
+  end
+
+  initializer 'sanitize-rails.insert_into_active_record' do
+    ActiveSupport.on_load :active_record do
+      ActiveRecord::Base.extend Sanitize::Rails::ActiveRecord
+    end
+  end
+
+  initializer 'sanitie-rails.insert_into_string' do
+    ::String.instance_eval { include Sanitize::Rails::String }
+  end
+end

metadata

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification 
+name: sanitize-rails
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 5
+  - 0
+  version: 0.5.0
+platform: ruby
+authors: 
+- Marcello Barnaba
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-03-29 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 3
+        - 0
+        version: "3.0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: sanitize
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+description: 
+email: vjt@openssl.it
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- README.md
+- Rakefile
+- lib/sanitize/rails.rb
+- lib/sanitize/railtie.rb
+has_rdoc: true
+homepage: http://github.com/vjt/sanitize-rails
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A sanitizer bridge for Rails applications
+test_files: []
+