sanitize_model_attributes 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 75eb387490b5f093275db37d0a93246fc9521e67
-  data.tar.gz: 2136438a78bf9c3505712ad6782f0f4639a0787a
+  metadata.gz: 72b389d9de73b761b3d3ffa1f6dacfa7536e718a
+  data.tar.gz: 947cceddcc3b8396671a194e144ba27a0c6fba32
 SHA512:
-  metadata.gz: 03afd16138a392b3a8c6de7ab0300cfebcd3e383f5d1798e340ca735e6d719e0f34c01dff7d241f207f5ad418997923daf10807ee961dc230636d817af59b6cf
-  data.tar.gz: 0991d808fccac688f835079a7d5fd46d977c7111c7edf39971711e43646158e014df68fabc595b2e419c333be99efbe782b102c270c601e4009e52198b82d564
+  metadata.gz: 9b157582ce0f78c0faf60e42c046f7c41030f0da6ff00b3223e7930d08151b00d73018bb2b93063929af054c5bab7a24a4b704b46962dac821164f9c4c764814
+  data.tar.gz: 51721deca3896a974e51189dfce731c3d1e6529601f1616cbd9eafb0ed45363e8f1aeb5e722f62f14ab35c3cb2a3f43e0e1e4d83ba0e03228fb0f646ba57d043

data/lib/sanitize_model_attributes.rb

@@ -1,10 +1,21 @@
 require 'sanitize_model_attributes/version'
-require 'sanitize'
+require 'sanitize_model_attributes/configuration'
+require 'loofah'
 
 module SanitizeModelAttributes
-  def self.included(base)
-    class << base
-      include ClassMethods
+  class << self
+    def included(base)
+      class << base
+        include ClassMethods
+      end
+    end
+
+    def configure
+      yield(configuration)
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
     end
   end
 
@@ -13,7 +24,14 @@ module SanitizeModelAttributes
       args.each do |attribute_name|
         self.class_eval do
           define_method "#{attribute_name}=".to_sym do |attribute_value|
-            attribute_value = Sanitize.fragment(attribute_value) unless attribute_value.frozen?
+            unless attribute_value.frozen?
+              attribute_value = Loofah.fragment(attribute_value).scrub!(:strip).text
+
+              SanitizeModelAttributes.configuration.white_character_maps.each do |k, v|
+                attribute_value = attribute_value.gsub(/#{k}/, v)
+              end
+            end
+
             write_attribute attribute_name.to_sym, attribute_value
           end
         end

data/lib/sanitize_model_attributes/configuration.rb

@@ -0,0 +1,7 @@
+class SanitizeModelAttributes::Configuration
+  attr_accessor :white_character_maps
+
+  def initialize
+    @white_character_maps = {}
+  end
+end

data/lib/sanitize_model_attributes/version.rb

@@ -1,3 +1,3 @@
 module SanitizeModelAttributes
-  VERSION = "0.0.6"
+  VERSION = "0.0.7"
 end

data/sanitize_model_attributes.gemspec

@@ -18,6 +18,6 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "sanitize", "~> 3"
+  spec.add_dependency "loofah", "~> 2"
   spec.add_development_dependency 'minitest'
 end

data/test/test_sanitize_model_attributes.rb

@@ -21,6 +21,38 @@ class TestString < Minitest::Test
     assert instance.respond_to? :model_name=
   end
 
+  def test_to_escape
+    instance = @klass.new
+
+    def instance.write_attribute(name, value)
+      instance_variable_set("@#{name}".to_sym, value)
+    end
+
+    instance.name = '&&&'
+    assert_equal '&amp;&amp;&amp;', instance.instance_variable_get(:@name)
+  end
+
+  def test_to_escape_with_whitelist
+    instance = @klass.new
+
+    def instance.write_attribute(name, value)
+      instance_variable_set("@#{name}".to_sym, value)
+    end
+
+    SanitizeModelAttributes.configure do |config|
+      config.white_character_maps = {
+        '&amp;' => '&'
+      }
+    end
+
+    instance.name = '&&&'
+    assert_equal '&&&', instance.instance_variable_get(:@name)
+
+    SanitizeModelAttributes.configure do |config|
+      config.white_character_maps = {}
+    end
+  end
+
   def test_to_run
     instance = @klass.new
 
@@ -28,7 +60,7 @@ class TestString < Minitest::Test
       instance_variable_set("@#{name}".to_sym, value)
     end
 
-    instance.name = '<strong>hogehoge</strong>'
+    instance.name = '<div></div><p><strong>hoge</strong></p><div>hoge</div>'
     assert_equal 'hogehoge', instance.instance_variable_get(:@name)
   end
 

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: sanitize_model_attributes
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Takashi CHIBA
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-23 00:00:00.000000000 Z
+date: 2015-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: sanitize
+  name: loofah
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -51,6 +51,7 @@ files:
 - README.md
 - Rakefile
 - lib/sanitize_model_attributes.rb
+- lib/sanitize_model_attributes/configuration.rb
 - lib/sanitize_model_attributes/version.rb
 - sanitize_model_attributes.gemspec
 - test/test_sanitize_model_attributes.rb
@@ -74,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Sanitize ActiveRecord attributes.