schwabsauce-merb_dm_xss_terminate 0.6.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Mike Schwab
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,89 @@
+this fork is for the purpose of hooking into DataMapper::Resource instead of ActiveRecord::Base.
+
+what's the merb/dm equivalent of ENV['MODELS']? (in rake task). apart from that I think the port is complete.
+
+= merb_dm_xss_terminate
+
+  Plugin that auto-sanitizes data before it is saved in your DataMapper models.
+  
+  merb_dm_xss_terminate is a port of merb_xss_terminate by Ben Chiu, which is
+  a port of xss_terminate by Luke Francl. The white list sanitizer and full
+  sanitizer were lifted from Rails so you don't have to install ActionPack.
+
+  merb_dm_xss_terminate makes stripping and sanitizing HTML automatic. Install 
+  and forget. And forget about remembering to escape your output, because you 
+  won't need to anymore.  Just remember the cases where html is allowed.
+
+  *By default, it will strip all HTML tags from user input.* But merb_dm_xss_terminate
+  is also flexible. When you need users to be able to enter HTML, the plugin
+  allows you remove bad HTML with your choice of two whitelist-based sanitizers, 
+  or to skip HTML sanitization entirely on a per-field basis.
+
+== Installation
+
+  git clone git://github.com/schwabsauce/merb_xss_terminate.git
+  cd merb_xss_terminate
+  rake install
+  add: dependency 'merb_dm_xss_terminate' to init.rb
+
+== HTML sanitization
+
+  * Full-sanitizer: removes all HTML by stripping all the tags. Tags are 
+    removed, but their content is not.
+  * White-list sanitizer: removes bad HTML with Rails' HTML sanitizer methods.
+    Bad tags are removed completely, including their content.
+  * HTML5lib sanitization: removes bad HTML after parsing it with 
+    {HTML5lib}[http://code.google.com/p/html5lib/], a library that parses HTML 
+    like browsers do. It should be very tolerant of invalid HTML. Bad tags are 
+    escaped, not removed.
+  * Do nothing. You can chose not to process given fields.
+
+== Usage
+
+  Installing the plugin creates a +before :save+ hook that will strip HTML tags 
+  from all string and text fields. No further configuration is necessary if this
+  is what you want. To customize the behavior, you use the xss_terminate 
+  class method in your models.
+  
+  To exempt some fields from sanitization, use the <tt>:except</tt> option 
+  with a list of fields not to process. Note: Merb uses :exclude but use :except here.
+  
+    class Comment
+      xss_terminate :except => [ :body ]
+    end
+  
+  To sanitize HTML with Rails' sanitization, use the <tt>:sanitize</tt> option:
+  
+    class Review
+      xss_terminate :sanitize => [ :body, :author_name]
+    end
+
+  To sanitize HTML with {HTML5Lib}[http://code.google.com/p/html5lib/] 
+  use the <tt>:html5lib_sanitize</tt> option with a list of fields to sanitize:
+
+    class Entry
+      xss_terminate :html5lib_sanitize => [ :body, :author_name ]
+    end
+   
+  You can combine multiple options if you have some fields you would like skipped
+  and others sanitized. Fields not listed in the option arrays will be stripped.
+  
+    class Message
+      xss_terminate :except => [ :body ], :sanitize => [ :title ]
+    end
+
+== Sanitizing existing records
+
+  After installing merb_xss_terminate and configuring it to your liking, you can 
+  run <tt>rake merb_xss_terminate:db:sanitize MODELS=Foo,Bar,Baz</tt> to execute 
+  it against your existing records. This will load each model found and save it 
+  again to invoke the before_save hook.
+
+== Credits
+
+  merb_xss_terminate by {Ben Chiu}
+
+  xss_terminate by {Luke Francl}[http://railspikes.com] and acts_as_sanitized by 
+  {Alex Payne}[http://www.al3x.net].
+  
+  HTML5Lib sanitization by {Jacques Distler}[http://golem.ph.utexas.edu/~distler].

data/Rakefile

@@ -0,0 +1,64 @@
+require 'rubygems'
+require 'rubygems/specification'
+require 'rake/gempackagetask'
+require 'spec/rake/spectask'
+require 'merb-core/test/tasks/spectasks'
+require 'date'
+require 'merb_rake_helper'
+
+PLUGIN = "merb_dm_xss_terminate"
+NAME = "merb_dm_xss_terminate"
+GEM_VERSION = "0.5.3"
+AUTHOR = "Mike Schwab"
+EMAIL = "mike.schwab@gmail.com"
+HOMEPAGE = "http://github.com/schwabsauce/merb_xss_terminate"
+SUMMARY = "Plugin that auto-sanitizes data before it is saved in your DataMapper models"
+
+spec = Gem::Specification.new do |s|
+  s.name = NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb-core', '>= 0.9.0')
+  s.add_dependency('html5', '>= 0.10.0')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the plugin locally"
+task :install => [:package] do
+  sh %{#{sudo} #{gemx} install pkg/#{NAME}-#{GEM_VERSION} --local --no-update-sources}
+end
+
+desc "install frozen (source must be located somewhere inside main frozen gems folder)"
+task :install_frozen => [:package] do
+  if !path = gems_path
+    puts "source must be located somewhere inside main frozen gems folder"
+  else
+    sh %{#{sudo} #{gemx} install pkg/#{NAME}-#{GEM_VERSION} -i #{path} --local --no-update-sources}
+  end
+end
+
+desc "create a gemspec file"
+task :make_spec do
+  File.open("#{NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end
+
+namespace :jruby do
+  desc "Run :package and install the resulting .gem with jruby"
+  task :install => :package do
+    sh %{#{sudo} jruby -S gem install pkg/#{NAME}-#{GEM_VERSION}.gem --no-rdoc --no-ri}
+  end
+end

data/TODO

@@ -0,0 +1 @@
+TODO:

data/lib/merb_dm_xss_terminate.rb

@@ -0,0 +1,12 @@
+if defined?(Merb::Plugins)
+  require 'merb_dm_xss_terminate/xss_terminate'
+  require 'merb_dm_xss_terminate/rails_sanitize'
+  require 'merb_dm_xss_terminate/html5lib_sanitize'
+
+  Merb::BootLoader.before_app_loads do
+    DataMapper::Resource.append_inclusions XssTerminate
+    DataMapper::Model.append_extensions XssTerminate::ClassMethods
+  end
+
+  Merb::Plugins.add_rakefiles "merb_dm_xss_terminate/merbtasks"
+end

data/lib/merb_dm_xss_terminate/html/document.rb

@@ -0,0 +1,68 @@
+require File.dirname(__FILE__) + '/tokenizer'
+require File.dirname(__FILE__) + '/node'
+require File.dirname(__FILE__) + '/selector'
+require File.dirname(__FILE__) + '/sanitizer'
+
+module HTML #:nodoc:
+  # A top-level HTMl document. You give it a body of text, and it will parse that
+  # text into a tree of nodes.
+  class Document #:nodoc:
+
+    # The root of the parsed document.
+    attr_reader :root
+
+    # Create a new Document from the given text.
+    def initialize(text, strict=false, xml=false)
+      tokenizer = Tokenizer.new(text)
+      @root = Node.new(nil)
+      node_stack = [ @root ]
+      while token = tokenizer.next
+        node = Node.parse(node_stack.last, tokenizer.line, tokenizer.position, token)
+
+        node_stack.last.children << node unless node.tag? && node.closing == :close
+        if node.tag?
+          if node_stack.length > 1 && node.closing == :close
+            if node_stack.last.name == node.name
+              if node_stack.last.children.empty?
+                node_stack.last.children << Text.new(node_stack.last, node.line, node.position, "")
+              end
+              node_stack.pop
+            else
+              open_start = node_stack.last.position - 20
+              open_start = 0 if open_start < 0
+              close_start = node.position - 20
+              close_start = 0 if close_start < 0
+              msg = <<EOF.strip
+ignoring attempt to close #{node_stack.last.name} with #{node.name}
+  opened at byte #{node_stack.last.position}, line #{node_stack.last.line}
+  closed at byte #{node.position}, line #{node.line}
+  attributes at open: #{node_stack.last.attributes.inspect}
+  text around open: #{text[open_start,40].inspect}
+  text around close: #{text[close_start,40].inspect}
+EOF
+              strict ? raise(msg) : warn(msg)
+            end
+          elsif !node.childless?(xml) && node.closing != :close
+            node_stack.push node
+          end
+        end
+      end
+    end
+  
+    # Search the tree for (and return) the first node that matches the given
+    # conditions. The conditions are interpreted differently for different node
+    # types, see HTML::Text#find and HTML::Tag#find.
+    def find(conditions)
+      @root.find(conditions)
+    end
+
+    # Search the tree for (and return) all nodes that match the given
+    # conditions. The conditions are interpreted differently for different node
+    # types, see HTML::Text#find and HTML::Tag#find.
+    def find_all(conditions)
+      @root.find_all(conditions)
+    end
+    
+  end
+
+end

data/lib/merb_dm_xss_terminate/html/node.rb

@@ -0,0 +1,530 @@
+require 'strscan'
+
+module HTML #:nodoc:
+  
+  class Conditions < Hash #:nodoc:
+    def initialize(hash)
+      super()
+      hash = { :content => hash } unless Hash === hash
+      hash = keys_to_symbols(hash)
+      hash.each do |k,v|
+        case k
+          when :tag, :content then
+            # keys are valid, and require no further processing
+          when :attributes then
+            hash[k] = keys_to_strings(v)
+          when :parent, :child, :ancestor, :descendant, :sibling, :before,
+                  :after
+            hash[k] = Conditions.new(v)
+          when :children
+            hash[k] = v = keys_to_symbols(v)
+            v.each do |k,v2|
+              case k
+                when :count, :greater_than, :less_than
+                  # keys are valid, and require no further processing
+                when :only
+                  v[k] = Conditions.new(v2)
+                else
+                  raise "illegal key #{k.inspect} => #{v2.inspect}"
+              end
+            end
+          else
+            raise "illegal key #{k.inspect} => #{v.inspect}"
+        end
+      end
+      update hash
+    end
+
+    private
+
+      def keys_to_strings(hash)
+        hash.keys.inject({}) do |h,k|
+          h[k.to_s] = hash[k]
+          h
+        end
+      end
+
+      def keys_to_symbols(hash)
+        hash.keys.inject({}) do |h,k|
+          raise "illegal key #{k.inspect}" unless k.respond_to?(:to_sym)
+          h[k.to_sym] = hash[k]
+          h
+        end
+      end
+  end
+
+  # The base class of all nodes, textual and otherwise, in an HTML document.
+  class Node #:nodoc:
+    # The array of children of this node. Not all nodes have children.
+    attr_reader :children
+    
+    # The parent node of this node. All nodes have a parent, except for the
+    # root node.
+    attr_reader :parent
+    
+    # The line number of the input where this node was begun
+    attr_reader :line
+    
+    # The byte position in the input where this node was begun
+    attr_reader :position
+    
+    # Create a new node as a child of the given parent.
+    def initialize(parent, line=0, pos=0)
+      @parent = parent
+      @children = []
+      @line, @position = line, pos
+    end
+
+    # Return a textual representation of the node.
+    def to_s
+      s = ""
+      @children.each { |child| s << child.to_s }
+      s
+    end
+
+    # Return false (subclasses must override this to provide specific matching
+    # behavior.) +conditions+ may be of any type.
+    def match(conditions)
+      false
+    end
+
+    # Search the children of this node for the first node for which #find
+    # returns non +nil+. Returns the result of the #find call that succeeded.
+    def find(conditions)
+      conditions = validate_conditions(conditions)
+      @children.each do |child|        
+        node = child.find(conditions)
+        return node if node
+      end
+      nil
+    end
+
+    # Search for all nodes that match the given conditions, and return them
+    # as an array.
+    def find_all(conditions)
+      conditions = validate_conditions(conditions)
+
+      matches = []
+      matches << self if match(conditions)
+      @children.each do |child|
+        matches.concat child.find_all(conditions)
+      end
+      matches
+    end
+
+    # Returns +false+. Subclasses may override this if they define a kind of
+    # tag.
+    def tag?
+      false
+    end
+
+    def validate_conditions(conditions)
+      Conditions === conditions ? conditions : Conditions.new(conditions)
+    end
+
+    def ==(node)
+      return false unless self.class == node.class && children.size == node.children.size
+
+      equivalent = true
+
+      children.size.times do |i|
+        equivalent &&= children[i] == node.children[i]
+      end
+
+      equivalent
+    end
+    
+    class <<self
+      def parse(parent, line, pos, content, strict=true)
+        if content !~ /^<\S/
+          Text.new(parent, line, pos, content)
+        else
+          scanner = StringScanner.new(content)
+
+          unless scanner.skip(/</)
+            if strict
+              raise "expected <"
+            else
+              return Text.new(parent, line, pos, content)
+            end
+          end
+
+          if scanner.skip(/!\[CDATA\[/)
+            scanner.scan_until(/\]\]>/)
+            return CDATA.new(parent, line, pos, scanner.pre_match.gsub(/<!\[CDATA\[/, ''))
+          end
+          
+          closing = ( scanner.scan(/\//) ? :close : nil )
+          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+          name.downcase!
+  
+          unless closing
+            scanner.skip(/\s*/)
+            attributes = {}
+            while attr = scanner.scan(/[-\w:]+/)
+              value = true
+              if scanner.scan(/\s*=\s*/)
+                if delim = scanner.scan(/['"]/)
+                  value = ""
+                  while text = scanner.scan(/[^#{delim}\\]+|./)
+                    case text
+                      when "\\" then
+                        value << text
+                        value << scanner.getch
+                      when delim
+                        break
+                      else value << text
+                    end
+                  end
+                else
+                  value = scanner.scan(/[^\s>\/]+/)
+                end
+              end
+              attributes[attr.downcase] = value
+              scanner.skip(/\s*/)
+            end
+    
+            closing = ( scanner.scan(/\//) ? :self : nil )
+          end
+          
+          unless scanner.scan(/\s*>/)
+            if strict
+              raise "expected > (got #{scanner.rest.inspect} for #{content}, #{attributes.inspect})" 
+            else
+              # throw away all text until we find what we're looking for
+              scanner.skip_until(/>/) or scanner.terminate
+            end
+          end
+
+          Tag.new(parent, line, pos, name, attributes, closing)
+        end
+      end
+    end
+  end
+
+  # A node that represents text, rather than markup.
+  class Text < Node #:nodoc:
+    
+    attr_reader :content
+    
+    # Creates a new text node as a child of the given parent, with the given
+    # content.
+    def initialize(parent, line, pos, content)
+      super(parent, line, pos)
+      @content = content
+    end
+
+    # Returns the content of this node.
+    def to_s
+      @content
+    end
+
+    # Returns +self+ if this node meets the given conditions. Text nodes support
+    # conditions of the following kinds:
+    #
+    # * if +conditions+ is a string, it must be a substring of the node's
+    #   content
+    # * if +conditions+ is a regular expression, it must match the node's
+    #   content
+    # * if +conditions+ is a hash, it must contain a <tt>:content</tt> key that
+    #   is either a string or a regexp, and which is interpreted as described
+    #   above.
+    def find(conditions)
+      match(conditions) && self
+    end
+    
+    # Returns non-+nil+ if this node meets the given conditions, or +nil+
+    # otherwise. See the discussion of #find for the valid conditions.
+    def match(conditions)
+      case conditions
+        when String
+          @content == conditions
+        when Regexp
+          @content =~ conditions
+        when Hash
+          conditions = validate_conditions(conditions)
+
+          # Text nodes only have :content, :parent, :ancestor
+          unless (conditions.keys - [:content, :parent, :ancestor]).empty?
+            return false
+          end
+
+          match(conditions[:content])
+        else
+          nil
+      end
+    end
+
+    def ==(node)
+      return false unless super
+      content == node.content
+    end
+  end
+  
+  # A CDATA node is simply a text node with a specialized way of displaying
+  # itself.
+  class CDATA < Text #:nodoc:
+    def to_s
+      "<![CDATA[#{super}]>"
+    end
+  end
+
+  # A Tag is any node that represents markup. It may be an opening tag, a
+  # closing tag, or a self-closing tag. It has a name, and may have a hash of
+  # attributes.
+  class Tag < Node #:nodoc:
+    
+    # Either +nil+, <tt>:close</tt>, or <tt>:self</tt>
+    attr_reader :closing
+    
+    # Either +nil+, or a hash of attributes for this node.
+    attr_reader :attributes
+
+    # The name of this tag.
+    attr_reader :name
+        
+    # Create a new node as a child of the given parent, using the given content
+    # to describe the node. It will be parsed and the node name, attributes and
+    # closing status extracted.
+    def initialize(parent, line, pos, name, attributes, closing)
+      super(parent, line, pos)
+      @name = name
+      @attributes = attributes
+      @closing = closing
+    end
+
+    # A convenience for obtaining an attribute of the node. Returns +nil+ if
+    # the node has no attributes.
+    def [](attr)
+      @attributes ? @attributes[attr] : nil
+    end
+
+    # Returns non-+nil+ if this tag can contain child nodes.
+    def childless?(xml = false)
+      return false if xml && @closing.nil?
+      !@closing.nil? ||
+        @name =~ /^(img|br|hr|link|meta|area|base|basefont|
+                    col|frame|input|isindex|param)$/ox
+    end
+
+    # Returns a textual representation of the node
+    def to_s
+      if @closing == :close
+        "</#{@name}>"
+      else
+        s = "<#{@name}"
+        @attributes.each do |k,v|
+          s << " #{k}"
+          s << "=\"#{v}\"" if String === v
+        end
+        s << " /" if @closing == :self
+        s << ">"
+        @children.each { |child| s << child.to_s }
+        s << "</#{@name}>" if @closing != :self && !@children.empty?
+        s
+      end
+    end
+
+    # If either the node or any of its children meet the given conditions, the
+    # matching node is returned. Otherwise, +nil+ is returned. (See the
+    # description of the valid conditions in the +match+ method.)
+    def find(conditions)
+      match(conditions) && self || super
+    end
+
+    # Returns +true+, indicating that this node represents an HTML tag.
+    def tag?
+      true
+    end
+    
+    # Returns +true+ if the node meets any of the given conditions. The
+    # +conditions+ parameter must be a hash of any of the following keys
+    # (all are optional):
+    #
+    # * <tt>:tag</tt>: the node name must match the corresponding value
+    # * <tt>:attributes</tt>: a hash. The node's values must match the
+    #   corresponding values in the hash.
+    # * <tt>:parent</tt>: a hash. The node's parent must match the
+    #   corresponding hash.
+    # * <tt>:child</tt>: a hash. At least one of the node's immediate children
+    #   must meet the criteria described by the hash.
+    # * <tt>:ancestor</tt>: a hash. At least one of the node's ancestors must
+    #   meet the criteria described by the hash.
+    # * <tt>:descendant</tt>: a hash. At least one of the node's descendants
+    #   must meet the criteria described by the hash.
+    # * <tt>:sibling</tt>: a hash. At least one of the node's siblings must
+    #   meet the criteria described by the hash.
+    # * <tt>:after</tt>: a hash. The node must be after any sibling meeting
+    #   the criteria described by the hash, and at least one sibling must match.
+    # * <tt>:before</tt>: a hash. The node must be before any sibling meeting
+    #   the criteria described by the hash, and at least one sibling must match.
+    # * <tt>:children</tt>: a hash, for counting children of a node. Accepts the
+    #   keys:
+    # ** <tt>:count</tt>: either a number or a range which must equal (or
+    #    include) the number of children that match.
+    # ** <tt>:less_than</tt>: the number of matching children must be less than
+    #    this number.
+    # ** <tt>:greater_than</tt>: the number of matching children must be
+    #    greater than this number.
+    # ** <tt>:only</tt>: another hash consisting of the keys to use
+    #    to match on the children, and only matching children will be
+    #    counted.
+    #
+    # Conditions are matched using the following algorithm:
+    #
+    # * if the condition is a string, it must be a substring of the value.
+    # * if the condition is a regexp, it must match the value.
+    # * if the condition is a number, the value must match number.to_s.
+    # * if the condition is +true+, the value must not be +nil+.
+    # * if the condition is +false+ or +nil+, the value must be +nil+.
+    #
+    # Usage:
+    #
+    #   # test if the node is a "span" tag
+    #   node.match :tag => "span"
+    #
+    #   # test if the node's parent is a "div"
+    #   node.match :parent => { :tag => "div" }
+    #
+    #   # test if any of the node's ancestors are "table" tags
+    #   node.match :ancestor => { :tag => "table" }
+    #
+    #   # test if any of the node's immediate children are "em" tags
+    #   node.match :child => { :tag => "em" }
+    #
+    #   # test if any of the node's descendants are "strong" tags
+    #   node.match :descendant => { :tag => "strong" }
+    #
+    #   # test if the node has between 2 and 4 span tags as immediate children
+    #   node.match :children => { :count => 2..4, :only => { :tag => "span" } } 
+    #
+    #   # get funky: test to see if the node is a "div", has a "ul" ancestor
+    #   # and an "li" parent (with "class" = "enum"), and whether or not it has
+    #   # a "span" descendant that contains # text matching /hello world/:
+    #   node.match :tag => "div",
+    #              :ancestor => { :tag => "ul" },
+    #              :parent => { :tag => "li",
+    #                           :attributes => { :class => "enum" } },
+    #              :descendant => { :tag => "span",
+    #                               :child => /hello world/ }
+    def match(conditions)
+      conditions = validate_conditions(conditions)
+      # check content of child nodes
+      if conditions[:content]
+        if children.empty?
+          return false unless match_condition("", conditions[:content])
+        else
+          return false unless children.find { |child| child.match(conditions[:content]) }
+        end
+      end
+
+      # test the name
+      return false unless match_condition(@name, conditions[:tag]) if conditions[:tag]
+
+      # test attributes
+      (conditions[:attributes] || {}).each do |key, value|
+        return false unless match_condition(self[key], value)
+      end
+
+      # test parent
+      return false unless parent.match(conditions[:parent]) if conditions[:parent]
+
+      # test children
+      return false unless children.find { |child| child.match(conditions[:child]) } if conditions[:child]
+   
+      # test ancestors
+      if conditions[:ancestor]
+        return false unless catch :found do
+          p = self
+          throw :found, true if p.match(conditions[:ancestor]) while p = p.parent
+        end
+      end
+
+      # test descendants
+      if conditions[:descendant]
+        return false unless children.find do |child|
+          # test the child
+          child.match(conditions[:descendant]) ||
+          # test the child's descendants
+          child.match(:descendant => conditions[:descendant])
+        end
+      end
+      
+      # count children
+      if opts = conditions[:children]
+        matches = children.select do |c|
+          (c.kind_of?(HTML::Tag) and (c.closing == :self or ! c.childless?))
+        end
+        
+        matches = matches.select { |c| c.match(opts[:only]) } if opts[:only]
+        opts.each do |key, value|
+          next if key == :only
+          case key
+            when :count
+              if Integer === value
+                return false if matches.length != value
+              else
+                return false unless value.include?(matches.length)
+              end
+            when :less_than
+              return false unless matches.length < value
+            when :greater_than
+              return false unless matches.length > value
+            else raise "unknown count condition #{key}"
+          end
+        end
+      end
+
+      # test siblings
+      if conditions[:sibling] || conditions[:before] || conditions[:after]
+        siblings = parent ? parent.children : []
+        self_index = siblings.index(self)
+
+        if conditions[:sibling]
+          return false unless siblings.detect do |s| 
+            s != self && s.match(conditions[:sibling])
+          end
+        end
+
+        if conditions[:before]
+          return false unless siblings[self_index+1..-1].detect do |s| 
+            s != self && s.match(conditions[:before])
+          end
+        end
+
+        if conditions[:after]
+          return false unless siblings[0,self_index].detect do |s| 
+            s != self && s.match(conditions[:after])
+          end
+        end
+      end
+  
+      true
+    end
+
+    def ==(node)
+      return false unless super
+      return false unless closing == node.closing && self.name == node.name
+      attributes == node.attributes
+    end
+    
+    private
+      # Match the given value to the given condition.
+      def match_condition(value, condition)
+        case condition
+          when String
+            value && value == condition
+          when Regexp
+            value && value.match(condition)
+          when Numeric
+            value == condition.to_s
+          when true
+            !value.nil?
+          when false, nil
+            value.nil?
+          else
+            false
+        end
+      end
+  end
+end