RubyGems - sanitized_attributes - Versions diffs - 1.1.0 → 1.1.1 - Mend

sanitized_attributes 1.1.0 → 1.1.1

Files changed (10) hide show

data/.document +5 -0
data/Rakefile +46 -0
data/VERSION +1 -0
data/lib/sanitized_attributes.rb +90 -0
data/lib/sanitized_attributes/sanitized_attribute.rb +48 -0
data/sanitized_attributes.gemspec +57 -0
data/spec/sanitized_attributes_spec.rb +67 -0
data/spec/spec.opts +1 -0
data/spec/spec_helper.rb +9 -0
metadata +15 -5

data/.document ADDED Viewed

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/Rakefile ADDED Viewed

@@ -0,0 +1,46 @@
+require 'rubygems'
+require 'rake'
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "sanitized_attributes"
+    gem.summary = %Q{HTML-sanitizing attribute accessors for Ruby and Rails}
+    gem.description = %Q{A wrapper to make automatic sanitization of incoming data easier. Uses the sanitize gem and works in both plain Ruby and Rails projects.}
+    gem.email = "matthew.boeh@gmail.com"
+    gem.homepage = "http://github.com/mboeh/sanitized_attributes"
+    gem.authors = ["Matthew Boeh", "CrowdCompass, Inc."]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    gem.add_dependency "sanitize", "> 0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+  spec.rcov_opts = ['--exclude', File.expand_path("~/.rvm"), "--exclude", "spec"]
+end
+task :spec => :check_dependencies
+task :default => :spec
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "sanitized_attributes #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 1.1.1

data/lib/sanitized_attributes.rb ADDED Viewed

@@ -0,0 +1,90 @@
+require 'rubygems'
+require 'sanitize'
+require 'sanitized_attributes/sanitized_attribute'
+module SanitizedAttributes
+  def self.included(into)
+    into.extend(ClassMethods)
+  end
+  class << self
+    def add_option(name, &blk)
+      @option_transforms = nil
+      @options ||= {}
+      @options[name] = blk
+    end
+    def add_profile(name, options = {})
+      @profiles ||= {}
+      @profiles[name] = options
+    end
+    def profile(name)
+      @profiles ||= {}
+      @profiles[name] || {}
+    end
+    def sanitize_options(options)
+      pr =
+        if options.kind_of?(Symbol)
+          profile(options)
+        else
+          options
+        end
+      o = merge_options(default_profile, pr)
+      o
+    end
+    protected
+      def default_profile
+        merge_options(profile(:default), obligatory_options)
+      end
+      def merge_options(ops, new_ops)
+        final_ops = ops.dup
+        new_ops.each do |key,val|
+          old = final_ops[key]
+          if key == :transformers
+            final_ops[key] ||= []
+            final_ops[key] = ([old] + [val]).flatten.uniq.compact
+          else
+            final_ops[key] = val
+          end
+          final_ops.delete(key) if final_ops[key].nil?
+        end
+        return final_ops
+      end
+      def obligatory_options
+        { :transformers => option_transforms }
+      end
+      def option_transforms
+        @option_transforms ||=
+          begin
+            if @options
+              @options.map do |name, tproc|
+                lambda do |env|
+                  tproc.call(env, env[:config][name]) if env[:config][name]
+                end
+              end
+            else
+              []
+            end
+          end
+      end
+  end
+  module ClassMethods
+    def sanitize_attribute(attr_name, options = {})
+      SanitizedAttribute.add(self, attr_name, options)
+    end
+  end
+end

data/lib/sanitized_attributes/sanitized_attribute.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module SanitizedAttributes; class SanitizedAttribute
+  def initialize(attr_name, options = {})
+    @attr_name = attr_name
+    @options = options
+  end
+  def sanitize(content)
+    Sanitize.clean("<SPURIOUS-TOPLEVEL>" + content + "</SPURIOUS-TOPLEVEL>", sanitize_config).gsub(%r{</?SPURIOUS-TOPLEVEL>}, "")
+  end
+  def define_ar_writer_method(klass)
+    this = self
+    attr_name = @attr_name
+    klass.send(:define_method, "#{@attr_name}=") {|value|
+      send(:write_attribute, attr_name, this.sanitize(value))
+    }
+  end
+  def define_writer_method(klass)
+    this = self
+    attr_name = @attr_name
+    klass.send(:define_method, "#{@attr_name}_with_sanitization=") {|value|
+      send("#{attr_name}_without_sanitization=", this.sanitize(value))
+    }
+  end
+  protected
+    def sanitize_config
+      SanitizedAttributes.sanitize_options(@options)
+    end
+  class << self
+    def add(klass, attr_name, options = {})
+      attrib = new(attr_name, options)
+      if klass.respond_to?(:alias_method_chain)
+        attrib.define_ar_writer_method(klass)
+      else
+        attrib.define_writer_method(klass)
+        klass.send(:alias_method, "#{attr_name}_without_sanitization=", "#{attr_name}=")
+        klass.send(:alias_method, "#{attr_name}=", "#{attr_name}_with_sanitization=")
+      end
+    end
+  end
+end; end

data/sanitized_attributes.gemspec ADDED Viewed

@@ -0,0 +1,57 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{sanitized_attributes}
+  s.version = "1.1.1"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Matthew Boeh", "CrowdCompass, Inc."]
+  s.date = %q{2011-01-27}
+  s.description = %q{A wrapper to make automatic sanitization of incoming data easier. Uses the sanitize gem and works in both plain Ruby and Rails projects.}
+  s.email = %q{matthew.boeh@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/sanitized_attributes.rb",
+    "lib/sanitized_attributes/sanitized_attribute.rb",
+    "sanitized_attributes.gemspec",
+    "spec/sanitized_attributes_spec.rb",
+    "spec/spec.opts",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/mboeh/sanitized_attributes}
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{HTML-sanitizing attribute accessors for Ruby and Rails}
+  s.test_files = [
+    "spec/sanitized_attributes_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_runtime_dependency(%q<sanitize>, ["> 0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_dependency(%q<sanitize>, ["> 0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    s.add_dependency(%q<sanitize>, ["> 0"])
+  end
+end

data/spec/sanitized_attributes_spec.rb ADDED Viewed

@@ -0,0 +1,67 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+describe "SanitizedAttributes" do
+  before do
+    @klass = Class.new do
+      include SanitizedAttributes
+      attr_accessor :orz
+      attr_accessor :vux
+    end
+    SanitizedAttributes.add_option(:no_empties) do |env, forbidden_empties|
+      if env[:node].content.empty?
+        if forbidden_empties.include?(env[:node_name])
+          {:node => Nokogiri::XML::Text.new("", env[:node].document)}
+        end
+      end
+    end
+    SanitizedAttributes.add_option(:gsub) do |env, substitutions|
+      env[:node].children.each do |node|
+        if node.kind_of?(Nokogiri::XML::Text)
+          text = node.content
+          substitutions.each do |regex, subst|
+            text.gsub!(regex, subst)
+          end
+          node.content = text
+        end
+      end
+      nil
+    end
+    SanitizedAttributes.add_profile(:default, :gsub => { "\r" => "" })
+    SanitizedAttributes.add_profile(:quotes_only, :elements => %w[blockquote])
+  end
+  it "removes all HTML by default" do
+    @klass.module_eval do
+      sanitize_attribute :orz
+    end
+    obj = @klass.new
+    obj.orz = "<a>Orz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "Orz are not *many bubbles* like *campers*. Orz are just Orz. - Orz"
+  end
+  it "allows a default sanitizing profile to be set up" do
+    SanitizedAttributes.add_profile(:default, Sanitize::Config::BASIC)
+    @klass.module_eval do
+      sanitize_attribute :orz
+    end
+    obj = @klass.new
+    obj.orz = "<a>Orz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "<a rel=\"nofollow\">Orz are not *many bubbles* like <p></p>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p></a>"
+    SanitizedAttributes.add_profile(:default, Sanitize::Config::BASIC.merge(:no_empties => %w[p]))
+    obj.orz = "<a>Orz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>are just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "<a rel=\"nofollow\">Orz are not *many bubbles* like *campers*. Orz <b>are just</b> Orz. <p>- Orz</p></a>"
+  end
+  it "sanitizes attributes with custom options and profiles" do
+    @klass.module_eval do
+      sanitize_attribute :orz, :elements => %w[p], :no_empties => %w[p]
+      sanitize_attribute :vux, :quotes_only
+    end
+    obj = @klass.new
+    obj.vux = "<blockquote>Our special today is <b>particle fragmentation!</b></blockquote> - VUX"
+    obj.vux.should == "<blockquote>Our special today is particle fragmentation!</blockquote> - VUX"
+    obj.orz = "\r\nOrz are not *many bubbles* like <p/>*campers*. <p></p>Orz <b>\r\nare just</b> Orz. <p>- Orz</p>"
+    obj.orz.should == "\nOrz are not *many bubbles* like *campers*. Orz \nare just Orz. <p>- Orz</p>"
+  end
+end

data/spec/spec.opts ADDED Viewed

	@@ -0,0 +1 @@
1	+ --color

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'sanitized_attributes'
+require 'spec'
+require 'spec/autorun'
+Spec::Runner.configure do |config|
+end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: sanitized_attributes
 version: !ruby/object:Gem::Version
-  hash: 19
+  hash: 17
   prerelease: false
   segments:
   - 1
   - 1
-  - 0
-  version: 1.1.0
+  - 1
+  version: 1.1.1
 platform: ruby
 authors:
 - Matthew Boeh
@@ -59,8 +59,17 @@ extra_rdoc_files:
 - LICENSE
 - README.rdoc
 files:
+- .document
 - LICENSE
 - README.rdoc
+- Rakefile
+- VERSION
+- lib/sanitized_attributes.rb
+- lib/sanitized_attributes/sanitized_attribute.rb
+- sanitized_attributes.gemspec
+- spec/sanitized_attributes_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
 has_rdoc: true
 homepage: http://github.com/mboeh/sanitized_attributes
 licenses: []
@@ -95,5 +104,6 @@ rubygems_version: 1.3.7
 signing_key:
 specification_version: 3
 summary: HTML-sanitizing attribute accessors for Ruby and Rails
-test_files: []
+test_files:
+- spec/sanitized_attributes_spec.rb
+- spec/spec_helper.rb