RubyGems - sanitized_attributes - Versions diffs - 1.1.0 → 1.1.1 - Mend

sanitized_attributes 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/.document +5 -0
data/Rakefile +46 -0
data/VERSION +1 -0
data/lib/sanitized_attributes.rb +90 -0
data/lib/sanitized_attributes/sanitized_attribute.rb +48 -0
data/sanitized_attributes.gemspec +57 -0
data/spec/sanitized_attributes_spec.rb +67 -0
data/spec/spec.opts +1 -0
data/spec/spec_helper.rb +9 -0
metadata +15 -5

data/.document ADDED Viewed

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/Rakefile ADDED Viewed

@@ -0,0 +1,46 @@
+require 'rubygems'
+require 'rake'
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "sanitized_attributes"
+    gem.summary = %Q{HTML-sanitizing attribute accessors for Ruby and Rails}
+    gem.description = %Q{A wrapper to make automatic sanitization of incoming data easier. Uses the sanitize gem and works in both plain Ruby and Rails projects.}
+    gem.email = "matthew.boeh@gmail.com"
+    gem.homepage = "http://github.com/mboeh/sanitized_attributes"
+    gem.authors = ["Matthew Boeh", "CrowdCompass, Inc."]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    gem.add_dependency "sanitize", "> 0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+  spec.rcov_opts = ['--exclude', File.expand_path("~/.rvm"), "--exclude", "spec"]
+end
+task :spec => :check_dependencies
+task :default => :spec
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "sanitized_attributes #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 1.1.1

data/lib/sanitized_attributes.rb ADDED Viewed

@@ -0,0 +1,90 @@
+require 'rubygems'
+require 'sanitize'
+require 'sanitized_attributes/sanitized_attribute'
+module SanitizedAttributes
+  def self.included(into)
+    into.extend(ClassMethods)
+  end
+  class << self
+    def add_option(name, &blk)
+      @option_transforms = nil
+      @options ||= {}
+      @options[name] = blk
+    end
+    def add_profile(name, options = {})
+      @profiles ||= {}
+      @profiles[name] = options
+    end
+    def profile(name)
+      @profiles ||= {}
+      @profiles[name] || {}
+    end
+    def sanitize_options(options)
+      pr =
+        if options.kind_of?(Symbol)
+          profile(options)
+        else
+          options
+        end
+      o = merge_options(default_profile, pr)
+      o
+    end
+    protected
+      def default_profile
+        merge_options(profile(:default), obligatory_options)
+      end
+      def merge_options(ops, new_ops)
+        final_ops = ops.dup
+        new_ops.each do |key,val|
+          old = final_ops[key]
+          if key == :transformers
+            final_ops[key] ||= []
+            final_ops[key] = ([old] + [val]).flatten.uniq.compact
+          else
+            final_ops[key] = val
+          end
+          final_ops.delete(key) if final_ops[key].nil?
+        end
+        return final_ops
+      end
+      def obligatory_options
+        { :transformers => option_transforms }
+      end
+      def option_transforms
+        @option_transforms ||=
+          begin
+            if @options
+              @options.map do |name, tproc|
+                lambda do |env|
+                  tproc.call(env, env[:config][name]) if env[:config][name]
+                end
+              end
+            else
+              []
+            end
+          end
+      end
+  end
+  module ClassMethods
+    def sanitize_attribute(attr_name, options = {})
+      SanitizedAttribute.add(self, attr_name, options)
+    end
+  end
+end

data/lib/sanitized_attributes/sanitized_attribute.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module SanitizedAttributes; class SanitizedAttribute
+  def initialize(attr_name, options = {})
+    @attr_name = attr_name
+    @options = options
+  end
+  def sanitize(content)
+    Sanitize.clean("<SPURIOUS-TOPLEVEL>" + content + "</SPURIOUS-TOPLEVEL>", sanitize_config).gsub(%r{</?SPURIOUS-TOPLEVEL>}, "")
+  end
+  def define_ar_writer_method(klass)
+    this = self
+    attr_name = @attr_name
+    klass.send(:define_method, "#{@attr_name}=") {|value|
+      send(:write_attribute, attr_name, this.sanitize(value))
+    }
+  end
+  def define_writer_method(klass)
+    this = self
+    attr_name = @attr_name
+    klass.send(:define_method, "#{@attr_name}_with_sanitization=") {|value|
+      send("#{attr_name}_without_sanitization=", this.sanitize(value))
+    }
+  end
+  protected
+    def sanitize_config
+      SanitizedAttributes.sanitize_options(@options)
+    end
+  class << self
+    def add(klass, attr_name, options = {})
+      attrib = new(attr_name, options)
+      if klass.respond_to?(:alias_method_chain)
+        attrib.define_ar_writer_method(klass)
+      else
+        attrib.define_writer_method(klass)
+        klass.send(:alias_method, "#{attr_name}_without_sanitization=", "#{attr_name}=")
+        klass.send(:alias_method, "#{attr_name}=", "#{attr_name}_with_sanitization=")
+      end
+    end
+  end
+end; end

data/sanitized_attributes.gemspec ADDED Viewed

@@ -0,0 +1,57 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{sanitized_attributes}
+  s.version = "1.1.1"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Matthew Boeh", "CrowdCompass, Inc."]
+  s.date = %q{2011-01-27}
+  s.description = %q{A wrapper to make automatic sanitization of incoming data easier. Uses the sanitize gem and works in both plain Ruby and Rails projects.}
+  s.email = %q{matthew.boeh@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/sanitized_attributes.rb",
+    "lib/sanitized_attributes/sanitized_attribute.rb",
+    "sanitized_attributes.gemspec",
+    "spec/sanitized_attributes_spec.rb",
+    "spec/spec.opts",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/mboeh/sanitized_attributes}
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{HTML-sanitizing attribute accessors for Ruby and Rails}
+  s.test_files = [
+    "spec/sanitized_attributes_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_runtime_dependency(%q<sanitize>, ["> 0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_dependency(%q<sanitize>, ["> 0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    s.add_dependency(%q<sanitize>, ["> 0"])
+  end
+end

data/spec/sanitized_attributes_spec.rb ADDED Viewed

@@ -0,0 +1,67 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+describe "SanitizedAttributes" do
+  before do
+    @klass = Class.new do
+      include SanitizedAttributes
+      attr_accessor :orz
+      attr_accessor :vux
+    end
+    SanitizedAttributes.add_option(:no_empties) do |env, forbidden_empties|
+      if env[:node].content.empty?
+        if forbidden_empties.include?(env[:node_name])
+          {:node => Nokogiri::XML::Text.new("", env[:node].document)}
+        end
+      end
+    end
+    SanitizedAttributes.add_option(:gsub) do |env, substitutions|
+      env[:node].children.each do |node|
+        if node.kind_of?(Nokogiri::XML::Text)
+          text = node.content
+          substitutions.each do |regex, subst|
+            text.gsub!(regex, subst)
+          end
+          node.content = text
+        end
+      end
+      nil
+    end
+    SanitizedAttributes.add_profile(:default, :gsub => { "\r" => "" })
+    SanitizedAttributes.add_profile(:quotes_only, :elements => %w[blockquote])
+  end
+  it "removes all HTML by default" do
+    @klass.module_eval do
+      sanitize_attribute :orz
+    end
+    obj = @klass.new
+    obj.orz = "<a>Orz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "Orz are not *many bubbles* like *campers*. Orz are just Orz. - Orz"
+  end
+  it "allows a default sanitizing profile to be set up" do
+    SanitizedAttributes.add_profile(:default, Sanitize::Config::BASIC)
+    @klass.module_eval do
+      sanitize_attribute :orz
+    end
+    obj = @klass.new
+    obj.orz = "<a>Orz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "<a rel=\"nofollow\">Orz are not *many bubbles* like <p></p>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p></a>"
+    SanitizedAttributes.add_profile(:default, Sanitize::Config::BASIC.merge(:no_empties => %w[p]))
+    obj.orz = "<a>Orz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "<a rel=\"nofollow\">Orz are not *many bubbles* like *campers*. Orz <b>are just</b> Orz. <p>- Orz</p></a>"
+  end
+  it "sanitizes attributes with custom options and profiles" do
+    @klass.module_eval do
+      sanitize_attribute :orz, :elements => %w[p], :no_empties => %w[p]
+      sanitize_attribute :vux, :quotes_only
+    end
+    obj = @klass.new
+    obj.vux = "<blockquote>Our special today is <b>particle fragmentation!</b></blockquote> - VUX"
+    obj.vux.should == "<blockquote>Our special today is particle fragmentation!</blockquote> - VUX"
+    obj.orz = "\r\nOrz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>\r\nare just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "\nOrz are not *many bubbles* like *campers*. Orz \nare just Orz. <p>- Orz</p>"
+  end
+end

data/spec/spec.opts ADDED Viewed

	@@ -0,0 +1 @@
1	+ --color

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'sanitized_attributes'
+require 'spec'
+require 'spec/autorun'
+Spec::Runner.configure do |config|
+end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: sanitized_attributes
 version: !ruby/object:Gem::Version
-  hash: 19
+  hash: 17
   prerelease: false
   segments:
   - 1
   - 1
-  - 0
-  version: 1.1.0
+  - 1
+  version: 1.1.1
 platform: ruby
 authors:
 - Matthew Boeh
@@ -59,8 +59,17 @@ extra_rdoc_files:
 - LICENSE
 - README.rdoc
 files:
+- .document
 - LICENSE
 - README.rdoc
+- Rakefile
+- VERSION
+- lib/sanitized_attributes.rb
+- lib/sanitized_attributes/sanitized_attribute.rb
+- sanitized_attributes.gemspec
+- spec/sanitized_attributes_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
 has_rdoc: true
 homepage: http://github.com/mboeh/sanitized_attributes
 licenses: []
@@ -95,5 +104,6 @@ rubygems_version: 1.3.7
 signing_key:
 specification_version: 3
 summary: HTML-sanitizing attribute accessors for Ruby and Rails
-test_files: []
+test_files:
+- spec/sanitized_attributes_spec.rb
+- spec/spec_helper.rb