selma 0.0.2-x86_64-linux → 0.0.4-x86_64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76a748290e61c06cf1aa8b4df13ad2bcf77e9e87fcbd575968854acd2dd9e55b
-  data.tar.gz: 3aa85c75fd95e90b3f991883460033f885279c75b607c0043fe3fc23957f6755
+  metadata.gz: e3b9b090cd0f742bd24d8bd1d065b45d0b142b690141cce378258c8bd231501d
+  data.tar.gz: '08eaf21b2ab2161bb5daadf451175cb3e37a4c4ab9212c294450a73291f06460'
 SHA512:
-  metadata.gz: a5de62db9d9c2a9994a34b527c4a218417228bf716848c97785cf4d1db66148defe243614c89a4e96985b32e0bec1796991a0a72a1d9ec95e34469f2eb9141ec
-  data.tar.gz: a8d2c7c951ea57c31f2b482f017a093f0062f34f9f6ef2009e8e5e39a765ed8e3665cd7575b32b6be12ba9d8b911a9863438edf6aad7d258da83ff3f6e322792
+  metadata.gz: 8be8197fb86053ae0aa6e957a2694812be266a5d3903d15c59ede3768811b11639002d92f21217428fb89e023022544cfcd930191dec20b3d7d12934d6337a0f
+  data.tar.gz: 9e059e1e25bc52ad38ea64dd0d8b9654caaf4ce67aaa33bd6e1d1187ac534d92dc4c9631bff7457d76f7d685100d93b69e18e335dc4f6b69d8dcc053c36e0179

data/README.md

@@ -56,6 +56,10 @@ allow_comments: false,
 # "<!DOCTYPE html>" when sanitizing a document.
 allow_doctype: false,
 
+# HTML elements to allow. By default, no elements are allowed (which means
+# that all HTML will be stripped).
+elements: ["a", "b", "img", ],
+
 # HTML attributes to allow in specific elements. The key is the name of the element,
 # and the value is an array of allowed attributes. By default, no attributes
 # are allowed.
@@ -64,14 +68,10 @@ attributes: {
     "img" => ["src"],
 },
 
-# HTML elements to allow. By default, no elements are allowed (which means
-# that all HTML will be stripped).
-elements: ["a", "b", "img", ],
-
 # URL handling protocols to allow in specific attributes. By default, no
 # protocols are allowed. Use :relative in place of a protocol if you want
 # to allow relative URLs sans protocol.
- protocols: {
+protocols: {
     "a" => { "href" => ["http", "https", "mailto", :relative] },
     "img" => { "href" => ["http", "https"] },
 },
@@ -91,7 +91,7 @@ The real power in Selma comes in its use of handlers. A handler is simply an obj
 
 - `selector`, a method which MUST return instance of `Selma::Selector` which defines the CSS classes to match
 - `handle_element`, a method that's call on each matched element
-- `handle_text`, a method that's called on each matched text node; this MUST return a string
+- `handle_text_chunk`, a method that's called on each matched text node; this MUST return a string
 
 Here's an example which rewrites the `href` attribute on `a` and the `src` attribute on `img` to be `https` rather than `http`.
 
@@ -118,7 +118,7 @@ rewriter = Selma::Rewriter.new(handlers: [MatchAttribute.new])
 The `Selma::Selector` object has three possible kwargs:
 
 - `match_element`: any element which matches this CSS rule will be passed on to `handle_element`
-- `match_text_within`: any element which matches this CSS rule will be passed on to `handle_text`
+- `match_text_within`: any element which matches this CSS rule will be passed on to `handle_text_chunk`
 - `ignore_text_within`: this is an array of element names whose text contents will be ignored
 
 You've seen an example of `match_element`; here's one for `match_text` which changes strings in various elements which are _not_ `pre` or `code`:
@@ -132,7 +132,7 @@ class MatchText
     SELECTOR
   end
 
-  def handle_text(text)
+  def handle_text_chunk(text)
     string.sub(/@.+/, "<a href=\"www.yetto.app/#{Regexp.last_match}\">")
   end
 end
@@ -150,8 +150,9 @@ The `element` argument in `handle_element` has the following methods:
 - `remove_attribute`: remove an attribute
 - `attributes`: list all the attributes
 - `ancestors`: list all the ancestors
-- `append(content, content_type)`: appends `content` to the element's inner content, i.e. inserts content right before the element's end tag. `content_type` is either `:text` or `:html` and determines how the content will be applied.
-- `wrap(start_text, end_text, content_type)`: adds `start_text` before an element and `end_text` after an element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `append(content, as: content_type)`: appends `content` to the element's inner content, i.e. inserts content right before the element's end tag. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `before(content, as: content_type)`: Inserts `content` before the element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `after(content, as: content_type)`: Inserts `content` after the element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 - `set_inner_content`: replaces inner content of the element with `content`. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 
 ## Benchmarks

data/ext/selma/Cargo.toml

@@ -5,9 +5,9 @@ edition = "2021"
 
 [dependencies]
 enum-iterator = "1.2"
-escapist = "0.0.1"
-magnus = "0.4"
-lol_html = { git = "https://github.com/cloudflare/lol-html", rev = "b09b7afbbcecb944f4bf338b0e669c430d91061e" }
+escapist = "0.0.2"
+magnus = { git = "https://github.com/matsadler/magnus", rev = "23160f7229ac74c42da1b5096a65ccbc40962697" }
+lol_html = "0.3"
 
 [lib]
 name = "selma"

data/ext/selma/src/html/element.rs

@@ -1,8 +1,6 @@
-use std::borrow::Cow;
-
 use crate::native_ref_wrap::NativeRefWrap;
-use lol_html::html_content::{ContentType, Element};
-use magnus::{exception, method, Error, Module, RArray, RClass, RHash, RString, Symbol};
+use lol_html::html_content::Element;
+use magnus::{exception, method, Error, Module, RArray, RClass, RHash, RString, Value};
 
 struct HTMLElement {
     element: NativeRefWrap<Element<'static, 'static>>,
@@ -51,7 +49,7 @@ impl SelmaHTMLElement {
                 Ok(_) => Ok(value),
                 Err(err) => Err(Error::new(
                     exception::runtime_error(),
-                    format!("AttributeNameError: {}", err),
+                    format!("AttributeNameError: {err:?}"),
                 )),
             }
         } else {
@@ -81,7 +79,7 @@ impl SelmaHTMLElement {
                     Ok(_) => {}
                     Err(err) => Err(Error::new(
                         exception::runtime_error(),
-                        format!("AttributeNameError: {}", err),
+                        format!("AttributeNameError: {err:?}"),
                     ))
                     .unwrap(),
                 });
@@ -99,80 +97,74 @@ impl SelmaHTMLElement {
             .for_each(|ancestor| match array.push(RString::new(ancestor)) {
                 Ok(_) => {}
                 Err(err) => {
-                    Err(Error::new(exception::runtime_error(), format!("{}", err))).unwrap()
+                    Err(Error::new(exception::runtime_error(), format!("{err:?}"))).unwrap()
                 }
             });
 
         Ok(array)
     }
 
-    fn append(&self, text_to_append: String, content_type: Symbol) -> Result<(), Error> {
+    fn before(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
 
-        let text_str = text_to_append.as_str();
-
-        let content_type = Self::find_content_type(content_type);
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
 
-        element.append(text_str, content_type);
+        element.before(&text_str, content_type);
 
         Ok(())
     }
 
-    fn wrap(
-        &self,
-        start_text: String,
-        end_text: String,
-        content_type: Symbol,
-    ) -> Result<(), Error> {
+    fn after(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
 
-        let before_content_type = Self::find_content_type(content_type);
-        let after_content_type = Self::find_content_type(content_type);
-        element.before(&start_text, before_content_type);
-        element.after(&end_text, after_content_type);
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+
+        element.after(&text_str, content_type);
 
         Ok(())
     }
 
-    fn set_inner_content(&self, text_to_set: String, content_type: Symbol) -> Result<(), Error> {
+    fn append(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
 
-        let text_str = text_to_set.as_str();
-
-        let content_type = Self::find_content_type(content_type);
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
 
-        element.set_inner_content(text_str, content_type);
+        element.append(&text_str, content_type);
 
         Ok(())
     }
 
-    fn find_content_type(content_type: Symbol) -> ContentType {
-        match content_type.name() {
-            Ok(name) => match (name) {
-                Cow::Borrowed("as_text") => ContentType::Text,
-                Cow::Borrowed("as_html") => ContentType::Html,
-                _ => Err(Error::new(
-                    exception::runtime_error(),
-                    format!("unknown symbol `{}`", name),
-                ))
-                .unwrap(),
-            },
-            Err(err) => Err(Error::new(
-                exception::runtime_error(),
-                format!("Could not unwrap symbol"),
-            ))
-            .unwrap(),
-        }
+    fn set_inner_content(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let element = binding.element.get_mut().unwrap();
+
+        let (inner_content, content_type) = match crate::scan_text_args(args) {
+            Ok((inner_content, content_type)) => (inner_content, content_type),
+            Err(err) => return Err(err),
+        };
+
+        element.set_inner_content(&inner_content, content_type);
+
+        Ok(())
     }
 }
 
 pub fn init(c_html: RClass) -> Result<(), Error> {
     let c_element = c_html
         .define_class("Element", Default::default())
-        .expect("cannot find class Selma::Element");
+        .expect("cannot find class Selma::HTML::Element");
 
     c_element.define_method("tag_name", method!(SelmaHTMLElement::tag_name, 0))?;
     c_element.define_method("[]", method!(SelmaHTMLElement::get_attribute, 1))?;
@@ -184,11 +176,12 @@ pub fn init(c_html: RClass) -> Result<(), Error> {
     c_element.define_method("attributes", method!(SelmaHTMLElement::get_attributes, 0))?;
     c_element.define_method("ancestors", method!(SelmaHTMLElement::get_ancestors, 0))?;
 
-    c_element.define_method("append", method!(SelmaHTMLElement::append, 2))?;
-    c_element.define_method("wrap", method!(SelmaHTMLElement::wrap, 3))?;
+    c_element.define_method("before", method!(SelmaHTMLElement::before, -1))?;
+    c_element.define_method("after", method!(SelmaHTMLElement::after, -1))?;
+    c_element.define_method("append", method!(SelmaHTMLElement::append, -1))?;
     c_element.define_method(
         "set_inner_content",
-        method!(SelmaHTMLElement::set_inner_content, 2),
+        method!(SelmaHTMLElement::set_inner_content, -1),
     )?;
 
     Ok(())

data/ext/selma/src/html/end_tag.rs

@@ -6,7 +6,7 @@ struct HTMLEndTag {
     end_tag: NativeRefWrap<EndTag<'static>>,
 }
 
-#[magnus::wrap(class = "Selma::HTML::Element")]
+#[magnus::wrap(class = "Selma::HTML::EndTag")]
 pub struct SelmaHTMLEndTag(std::cell::RefCell<HTMLEndTag>);
 
 /// SAFETY: This is safe because we only access this data when the GVL is held.
@@ -27,7 +27,7 @@ impl SelmaHTMLEndTag {
 pub fn init(c_html: RClass) -> Result<(), Error> {
     let c_end_tag = c_html
         .define_class("EndTag", Default::default())
-        .expect("cannot find class Selma::EndTag");
+        .expect("cannot find class Selma::HTML::EndTag");
 
     c_end_tag.define_method("tag_name", method!(SelmaHTMLEndTag::tag_name, 0))?;
 

data/ext/selma/src/html/text_chunk.rs

@@ -0,0 +1,83 @@
+use crate::native_ref_wrap::NativeRefWrap;
+use lol_html::html_content::{TextChunk, TextType};
+use magnus::{exception, method, Error, Module, RClass, Symbol, Value};
+
+struct HTMLTextChunk {
+    text_chunk: NativeRefWrap<TextChunk<'static>>,
+}
+
+#[magnus::wrap(class = "Selma::HTML::TextChunk")]
+pub struct SelmaHTMLTextChunk(std::cell::RefCell<HTMLTextChunk>);
+
+/// SAFETY: This is safe because we only access this data when the GVL is held.
+unsafe impl Send for SelmaHTMLTextChunk {}
+
+impl SelmaHTMLTextChunk {
+    pub fn new(text_chunk: &mut TextChunk) -> Self {
+        let (ref_wrap, _anchor) = NativeRefWrap::wrap_mut(text_chunk);
+
+        Self(std::cell::RefCell::new(HTMLTextChunk {
+            text_chunk: ref_wrap,
+        }))
+    }
+
+    fn to_s(&self) -> Result<String, Error> {
+        let binding = self.0.borrow();
+
+        if let Ok(tc) = binding.text_chunk.get() {
+            Ok(tc.as_str().to_string())
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`to_s` is not available",
+            ))
+        }
+    }
+
+    fn text_type(&self) -> Result<Symbol, Error> {
+        let binding = self.0.borrow();
+
+        if let Ok(tc) = binding.text_chunk.get() {
+            match tc.text_type() {
+                TextType::Data => Ok(Symbol::from("data")),
+                TextType::PlainText => Ok(Symbol::from("plain_text")),
+                TextType::RawText => Ok(Symbol::from("raw_text")),
+                TextType::ScriptData => Ok(Symbol::from("script")),
+                TextType::RCData => Ok(Symbol::from("rc_data")),
+                TextType::CDataSection => Ok(Symbol::from("cdata_section")),
+            }
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`text_type` is not available",
+            ))
+        }
+    }
+
+    fn replace(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+
+        text_chunk.replace(&text_str, content_type);
+
+        Ok(())
+    }
+}
+
+pub fn init(c_html: RClass) -> Result<(), Error> {
+    let c_text_chunk = c_html
+        .define_class("TextChunk", Default::default())
+        .expect("cannot find class Selma::HTML::TextChunk");
+
+    c_text_chunk.define_method("to_s", method!(SelmaHTMLTextChunk::to_s, 0))?;
+    c_text_chunk.define_method("content", method!(SelmaHTMLTextChunk::to_s, 0))?;
+    c_text_chunk.define_method("text_type", method!(SelmaHTMLTextChunk::text_type, 0))?;
+    c_text_chunk.define_method("replace", method!(SelmaHTMLTextChunk::replace, -1))?;
+
+    Ok(())
+}

data/ext/selma/src/html.rs

@@ -9,9 +9,11 @@ pub fn init(m_selma: RModule) -> Result<(), Error> {
 
     element::init(c_html).expect("cannot define Selma::HTML::Element class");
     end_tag::init(c_html).expect("cannot define Selma::HTML::EndTag class");
+    text_chunk::init(c_html).expect("cannot define Selma::HTML::TextChunk class");
 
     Ok(())
 }
 
 pub mod element;
 pub mod end_tag;
+pub mod text_chunk;

data/ext/selma/src/lib.rs

@@ -1,6 +1,7 @@
 extern crate core;
 
-use magnus::{define_module, Error};
+use lol_html::html_content::ContentType;
+use magnus::{define_module, exception, scan_args, Error, Symbol, Value};
 
 pub mod html;
 pub mod native_ref_wrap;
@@ -10,6 +11,32 @@ pub mod selector;
 pub mod tags;
 pub mod wrapped_struct;
 
+#[allow(clippy::let_unit_value)]
+fn scan_text_args(args: &[Value]) -> Result<(String, ContentType), magnus::Error> {
+    let args = scan_args::scan_args(args)?;
+    let (text,): (String,) = args.required;
+    let _: () = args.optional;
+    let _: () = args.splat;
+    let _: () = args.trailing;
+    let _: () = args.block;
+
+    let kwargs = scan_args::get_kwargs::<_, (Symbol,), (), ()>(args.keywords, &["as"], &[])?;
+    let as_sym = kwargs.required.0;
+    let as_sym_str = as_sym.name().unwrap();
+    let content_type = if as_sym_str == "text" {
+        ContentType::Text
+    } else if as_sym_str == "html" {
+        ContentType::Html
+    } else {
+        return Err(Error::new(
+            exception::runtime_error(),
+            format!("unknown symbol `{as_sym_str:?}`"),
+        ));
+    };
+
+    Ok((text, content_type))
+}
+
 #[magnus::init]
 fn init() -> Result<(), Error> {
     let m_selma = define_module("Selma").expect("cannot define ::Selma module");

data/ext/selma/src/native_ref_wrap.rs

@@ -1,4 +1,4 @@
-use std::{cell::Cell, marker::PhantomData, mem, rc::Rc};
+use std::{cell::Cell, marker::PhantomData, rc::Rc};
 
 // NOTE: My Rust isn't good enough to know what any of this does,
 // but it was taken from https://github.com/cloudflare/lol-html/blob/1a1ab2e2bf896f815fe8888ed78ccdf46d7c6b85/js-api/src/lib.rs#LL38
@@ -37,7 +37,7 @@ pub struct NativeRefWrap<R> {
 impl<R> NativeRefWrap<R> {
     pub fn wrap<I>(inner: &I) -> (Self, Anchor) {
         let wrap = NativeRefWrap {
-            inner_ptr: unsafe { mem::transmute(inner) },
+            inner_ptr: inner as *const I as *mut R,
             poisoned: Rc::new(Cell::new(false)),
         };
 
@@ -48,7 +48,7 @@ impl<R> NativeRefWrap<R> {
 
     pub fn wrap_mut<I>(inner: &mut I) -> (Self, Anchor) {
         let wrap = NativeRefWrap {
-            inner_ptr: unsafe { mem::transmute(inner) },
+            inner_ptr: inner as *mut I as *mut R,
             poisoned: Rc::new(Cell::new(false)),
         };
 

data/ext/selma/src/rewriter.rs

@@ -1,14 +1,14 @@
-use std::{borrow::Cow, cell::RefCell, rc::Rc};
-
 use lol_html::{
     doc_comments, doctype, element,
-    html_content::{ContentType, Element, EndTag, TextChunk},
+    html_content::{Element, EndTag, TextChunk},
     text, DocumentContentHandlers, ElementContentHandlers, HtmlRewriter, Selector, Settings,
 };
 use magnus::{exception, function, method, scan_args, Module, Object, RArray, RModule, Value};
 
+use std::{borrow::Cow, cell::RefCell, primitive::str, rc::Rc};
+
 use crate::{
-    html::{element::SelmaHTMLElement, end_tag::SelmaHTMLEndTag},
+    html::{element::SelmaHTMLElement, end_tag::SelmaHTMLEndTag, text_chunk::SelmaHTMLTextChunk},
     sanitizer::SelmaSanitizer,
     selector::SelmaSelector,
     tags::Tag,
@@ -43,7 +43,7 @@ unsafe impl Send for SelmaRewriter {}
 impl SelmaRewriter {
     const SELMA_ON_END_TAG: &str = "on_end_tag";
     const SELMA_HANDLE_ELEMENT: &str = "handle_element";
-    const SELMA_HANDLE_TEXT: &str = "handle_text";
+    const SELMA_HANDLE_TEXT_CHUNK: &str = "handle_text_chunk";
 
     /// @yard
     /// @def new(sanitizer: Selma::Sanitizer.new(Selma::Sanitizer::Config::DEFAULT), handlers: [])
@@ -83,18 +83,18 @@ impl SelmaRewriter {
                         return Err(magnus::Error::new(
                             exception::no_method_error(),
                             format!(
-                                "Could not call #selector on {:?}; is this an object that defines it?",
-                                classname
+                                "Could not call #selector on {classname:?}; is this an object that defines it?",
+
                             ),
                         ));
                     }
 
                     let rb_selector: WrappedStruct<SelmaSelector> =
                         match rb_handler.funcall("selector", ()) {
-                            Err(e) => {
+                            Err(err) => {
                                 return Err(magnus::Error::new(
                                     exception::type_error(),
-                                    format!("Error instantiating selector: {}", e),
+                                    format!("Error instantiating selector: {err:?}"),
                                 ));
                             }
                             Ok(rb_selector) => rb_selector,
@@ -145,7 +145,7 @@ impl SelmaRewriter {
         let _: () = args.trailing;
         let _: () = args.block;
 
-        let kw = scan_args::get_kwargs::<
+        let kwargs = scan_args::get_kwargs::<
             _,
             (),
             (
@@ -154,7 +154,7 @@ impl SelmaRewriter {
             ),
             (),
         >(args.keywords, &[], &["sanitizer", "handlers"])?;
-        let (rb_sanitizer, rb_handlers) = kw.optional;
+        let (rb_sanitizer, rb_handlers) = kwargs.optional;
 
         Ok((rb_sanitizer, rb_handlers))
     }
@@ -162,28 +162,22 @@ impl SelmaRewriter {
     /// Perform HTML rewrite sequence.
     fn rewrite(&self, html: String) -> Result<String, magnus::Error> {
         let sanitized_html = match &self.0.borrow().sanitizer {
-            None => html,
+            None => Ok(html),
             Some(sanitizer) => {
-                // let first_pass_html = Self::perform_initial_sanitization(sanitizer, &html).unwrap();
-
-                // due to malicious html crafting
-                // (e.g. <<foo>script>...</script>, or <div <!-- comment -->> as in tests),
-                // we need to run sanitization several times to truly remove unwanted tags,
-                // because lol-html happily accepts this garbage (by design?)
-                let sanitized_html = Self::perform_sanitization(sanitizer, &html).unwrap();
+                let sanitized_html = match Self::perform_sanitization(sanitizer, &html) {
+                    Ok(sanitized_html) => sanitized_html,
+                    Err(err) => return Err(err),
+                };
 
-                String::from_utf8(sanitized_html).unwrap()
+                String::from_utf8(sanitized_html)
             }
         };
         let binding = self.0.borrow_mut();
         let handlers = &binding.handlers;
 
-        match Self::perform_handler_rewrite(self, handlers, sanitized_html) {
+        match Self::perform_handler_rewrite(self, handlers, sanitized_html.unwrap()) {
             Ok(rewritten_html) => Ok(String::from_utf8(rewritten_html).unwrap()),
-            Err(err) => Err(magnus::Error::new(
-                exception::runtime_error(),
-                format!("{}", err),
-            )),
+            Err(err) => Err(err),
         }
     }
 
@@ -214,10 +208,12 @@ impl SelmaRewriter {
                         if el.removed() {
                             return Ok(());
                         }
-                        sanitizer.sanitize_attributes(el);
-
-                        Ok(())
+                        match sanitizer.sanitize_attributes(el) {
+                            Ok(_) => Ok(()),
+                            Err(err) => Err(err.to_string().into()),
+                        }
                     })],
+                    // TODO: allow for MemorySettings to be defined
                     ..Settings::default()
                 },
                 |c: &[u8]| first_pass_html.extend_from_slice(c),
@@ -342,7 +338,7 @@ impl SelmaRewriter {
                     let mut stack = closure_element_stack.as_ref().borrow_mut();
                     stack.pop();
                     Ok(())
-                });
+                })?;
                 Ok(())
             }));
         });
@@ -361,7 +357,7 @@ impl SelmaRewriter {
                 Err(err) => {
                     return Err(magnus::Error::new(
                         exception::runtime_error(),
-                        format!("{}", err),
+                        format!("{err:?}"),
                     ));
                 }
             }
@@ -372,17 +368,18 @@ impl SelmaRewriter {
     fn process_element_handlers(
         rb_handler: Value,
         element: &mut Element,
-        ancestors: &Vec<String>,
+        ancestors: &[String],
     ) -> Result<(), magnus::Error> {
         // if `on_end_tag` function is defined, call it
         if rb_handler.respond_to(Self::SELMA_ON_END_TAG, true).unwrap() {
+            // TODO: error here is an "EndTagError"
             element.on_end_tag(move |end_tag| {
                 let rb_end_tag = SelmaHTMLEndTag::new(end_tag);
 
-                rb_handler
-                    .funcall::<_, _, Value>(Self::SELMA_ON_END_TAG, (rb_end_tag,))
-                    .unwrap();
-                Ok(())
+                match rb_handler.funcall::<_, _, Value>(Self::SELMA_ON_END_TAG, (rb_end_tag,)) {
+                    Ok(_) => Ok(()),
+                    Err(err) => Err(err.to_string().into()),
+                }
             });
         }
 
@@ -391,39 +388,30 @@ impl SelmaRewriter {
             rb_handler.funcall::<_, _, Value>(Self::SELMA_HANDLE_ELEMENT, (rb_element,));
         match rb_result {
             Ok(_) => Ok(()),
-            Err(err) => Err(magnus::Error::new(
-                exception::runtime_error(),
-                format!("{}", err),
-            )),
+            Err(err) => Err(err),
         }
     }
 
-    fn process_text_handlers(rb_handler: Value, text: &mut TextChunk) -> Result<(), magnus::Error> {
-        // prevents missing `handle_text` function
-        let content = text.as_str();
+    fn process_text_handlers(
+        rb_handler: Value,
+        text_chunk: &mut TextChunk,
+    ) -> Result<(), magnus::Error> {
+        // prevents missing `handle_text_chunk` function
+        let content = text_chunk.as_str();
 
-        // FIXME: why does this happen?
+        // seems that sometimes lol-html returns blank text / EOLs?
         if content.is_empty() {
             return Ok(());
         }
-        let rb_result = rb_handler.funcall(Self::SELMA_HANDLE_TEXT, (content,));
 
-        if rb_result.is_err() {
-            return Err(magnus::Error::new(
-                exception::type_error(),
-                format!(
-                    "Expected #{:?} to return a string: {:?}",
-                    Self::SELMA_HANDLE_TEXT,
-                    rb_result.err().unwrap()
-                ),
-            ));
+        let rb_text_chunk = SelmaHTMLTextChunk::new(text_chunk);
+        match rb_handler.funcall::<_, _, Value>(Self::SELMA_HANDLE_TEXT_CHUNK, (rb_text_chunk,)) {
+            Ok(_) => Ok(()),
+            Err(err) => Err(magnus::Error::new(
+                exception::runtime_error(),
+                format!("{err:?}"),
+            )),
         }
-
-        let new_content: String = rb_result.unwrap();
-        // TODO: can this be an option?
-        text.replace(&new_content, ContentType::Html);
-
-        Ok(())
     }
 }
 

data/ext/selma/src/sanitizer.rs

@@ -1,12 +1,10 @@
 use std::{borrow::BorrowMut, cell::RefMut, collections::HashMap};
 
-use lol_html::html_content::{Comment, ContentType, Doctype, Element, EndTag};
-use magnus::{
-    class, exception, function, method, scan_args, Error, Module, Object, RArray, RHash, RModule,
-    Value,
+use lol_html::{
+    errors::AttributeNameError,
+    html_content::{Comment, ContentType, Doctype, Element, EndTag},
 };
-
-use crate::tags::Tag;
+use magnus::{class, function, method, scan_args, Module, Object, RArray, RHash, RModule, Value};
 
 #[derive(Clone, Debug)]
 struct ElementSanitizer {
@@ -18,7 +16,7 @@ struct ElementSanitizer {
 
 #[derive(Clone, Debug)]
 pub struct Sanitizer {
-    flags: [u8; Tag::TAG_COUNT],
+    flags: [u8; crate::tags::Tag::TAG_COUNT],
     allowed_attrs: Vec<String>,
     allowed_classes: Vec<String>,
     element_sanitizers: HashMap<String, ElementSanitizer>,
@@ -35,11 +33,11 @@ pub struct SelmaSanitizer(std::cell::RefCell<Sanitizer>);
 
 impl SelmaSanitizer {
     const SELMA_SANITIZER_ALLOW: u8 = (1 << 0);
-    const SELMA_SANITIZER_ESCAPE_TAGFILTER: u8 = (1 << 1);
+    // const SELMA_SANITIZER_ESCAPE_TAGFILTER: u8 = (1 << 1);
     const SELMA_SANITIZER_REMOVE_CONTENTS: u8 = (1 << 2);
     const SELMA_SANITIZER_WRAP_WHITESPACE: u8 = (1 << 3);
 
-    pub fn new(arguments: &[Value]) -> Result<Self, Error> {
+    pub fn new(arguments: &[Value]) -> Result<Self, magnus::Error> {
         let args = scan_args::scan_args::<(), (Option<RHash>,), (), (), (), ()>(arguments)?;
         let (opt_config,): (Option<RHash>,) = args.optional;
 
@@ -50,7 +48,7 @@ impl SelmaSanitizer {
         };
 
         let mut element_sanitizers = HashMap::new();
-        Tag::html_tags().iter().for_each(|html_tag| {
+        crate::tags::Tag::html_tags().iter().for_each(|html_tag| {
             let es = ElementSanitizer {
                 allowed_attrs: vec![],
                 allowed_classes: vec![],
@@ -58,11 +56,14 @@ impl SelmaSanitizer {
 
                 protocol_sanitizers: HashMap::new(),
             };
-            element_sanitizers.insert(Tag::element_name_from_enum(html_tag).to_string(), es);
+            element_sanitizers.insert(
+                crate::tags::Tag::element_name_from_enum(html_tag).to_string(),
+                es,
+            );
         });
 
         Ok(Self(std::cell::RefCell::new(Sanitizer {
-            flags: [0; Tag::TAG_COUNT],
+            flags: [0; crate::tags::Tag::TAG_COUNT],
             allowed_attrs: vec![],
             allowed_classes: vec![],
             element_sanitizers,
@@ -74,7 +75,7 @@ impl SelmaSanitizer {
         })))
     }
 
-    fn get_config(&self) -> Result<RHash, Error> {
+    fn get_config(&self) -> Result<RHash, magnus::Error> {
         let binding = self.0.borrow();
 
         Ok(binding.config)
@@ -82,7 +83,7 @@ impl SelmaSanitizer {
 
     /// Toggle a sanitizer option on or off.
     fn set_flag(&self, tag_name: String, flag: u8, set: bool) {
-        let tag = Tag::tag_from_tag_name(tag_name.as_str());
+        let tag = crate::tags::Tag::tag_from_tag_name(tag_name.as_str());
         if set {
             self.0.borrow_mut().flags[tag.index] |= flag;
         } else {
@@ -93,13 +94,19 @@ impl SelmaSanitizer {
     /// Toggles all sanitization options on or off.
     fn set_all_flags(&self, flag: u8, set: bool) {
         if set {
-            Tag::html_tags().iter().enumerate().for_each(|(iter, _)| {
-                self.0.borrow_mut().flags[iter] |= flag;
-            });
+            crate::tags::Tag::html_tags()
+                .iter()
+                .enumerate()
+                .for_each(|(iter, _)| {
+                    self.0.borrow_mut().flags[iter] |= flag;
+                });
         } else {
-            Tag::html_tags().iter().enumerate().for_each(|(iter, _)| {
-                self.0.borrow_mut().flags[iter] &= flag;
-            });
+            crate::tags::Tag::html_tags()
+                .iter()
+                .enumerate()
+                .for_each(|(iter, _)| {
+                    self.0.borrow_mut().flags[iter] &= flag;
+                });
         }
     }
 
@@ -111,8 +118,8 @@ impl SelmaSanitizer {
 
     pub fn escape_tagfilter(&self, e: &mut Element) -> bool {
         if self.0.borrow().escape_tagfilter {
-            let tag = Tag::tag_from_element(e);
-            if Tag::is_tag_escapeworthy(tag) {
+            let tag = crate::tags::Tag::tag_from_element(e);
+            if crate::tags::Tag::is_tag_escapeworthy(tag) {
                 e.remove();
                 return true;
             }
@@ -229,9 +236,9 @@ impl SelmaSanitizer {
         }
     }
 
-    pub fn sanitize_attributes(&self, element: &mut Element) {
+    pub fn sanitize_attributes(&self, element: &mut Element) -> Result<(), AttributeNameError> {
         let binding = self.0.borrow_mut();
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let element_sanitizer = Self::get_element_sanitizer(&binding, &element.tag_name());
 
         // FIXME: This is a hack to get around the fact that we can't borrow
@@ -247,7 +254,7 @@ impl SelmaSanitizer {
             // encountered, remove the entire element to be safe.
             if attr_name.starts_with("<!--") {
                 Self::force_remove_element(self, element);
-                return;
+                return Ok(());
             }
 
             // first, trim leading spaces and unescape any encodings
@@ -255,46 +262,64 @@ impl SelmaSanitizer {
             let x = escapist::unescape_html(trimmed.as_bytes());
             let unescaped_attr_val = String::from_utf8_lossy(&x).to_string();
 
-            if !Self::should_keep_attribute(
+            let should_keep_attrubute = match Self::should_keep_attribute(
                 &binding,
                 element,
                 element_sanitizer,
                 attr_name,
                 &unescaped_attr_val,
             ) {
+                Ok(should_keep) => should_keep,
+                Err(e) => {
+                    return Err(e);
+                }
+            };
+
+            if !should_keep_attrubute {
                 element.remove_attribute(attr_name);
             } else {
                 // Prevent the use of `<meta>` elements that set a charset other than UTF-8,
                 // since output is always UTF-8.
-                if Tag::is_meta(tag) {
+                if crate::tags::Tag::is_meta(tag) {
                     if attr_name == "charset" && unescaped_attr_val != "utf-8" {
-                        element.set_attribute(attr_name, "utf-8");
+                        match element.set_attribute(attr_name, "utf-8") {
+                            Ok(_) => {}
+                            Err(err) => {
+                                return Err(err);
+                            }
+                        }
                     }
                 } else if !unescaped_attr_val.is_empty() {
                     let mut buf = String::new();
                     // ...then, escape any special characters, for security
                     if attr_name == "href" {
-                        // FIXME: gross--------------vvvv
-                        escapist::escape_href(&mut buf, unescaped_attr_val.to_string().as_str());
+                        escapist::escape_href(&mut buf, unescaped_attr_val.as_str());
                     } else {
-                        escapist::escape_html(&mut buf, unescaped_attr_val.to_string().as_str());
+                        escapist::escape_html(&mut buf, unescaped_attr_val.as_str());
                     };
 
-                    element.set_attribute(attr_name, &buf);
+                    match element.set_attribute(attr_name, &buf) {
+                        Ok(_) => {}
+                        Err(err) => {
+                            return Err(err);
+                        }
+                    }
                 }
             }
         }
 
         let required = &element_sanitizer.required_attrs;
         if required.contains(&"*".to_string()) {
-            return;
+            return Ok(());
         }
         for attr in element.attributes().iter() {
             let attr_name = &attr.name();
             if required.contains(attr_name) {
-                return;
+                return Ok(());
             }
         }
+
+        Ok(())
     }
 
     fn should_keep_attribute(
@@ -303,7 +328,7 @@ impl SelmaSanitizer {
         element_sanitizer: &ElementSanitizer,
         attr_name: &String,
         attr_val: &String,
-    ) -> bool {
+    ) -> Result<bool, AttributeNameError> {
         let mut allowed: bool = false;
         let element_allowed_attrs = element_sanitizer.allowed_attrs.contains(attr_name);
         let sanitizer_allowed_attrs = binding.allowed_attrs.contains(attr_name);
@@ -317,7 +342,7 @@ impl SelmaSanitizer {
         }
 
         if !allowed {
-            return false;
+            return Ok(false);
         }
 
         let protocol_sanitizer_values = element_sanitizer.protocol_sanitizers.get(attr_name);
@@ -325,32 +350,29 @@ impl SelmaSanitizer {
             None => {
                 // has a protocol, but no sanitization list
                 if !attr_val.is_empty() && Self::has_protocol(attr_val) {
-                    return false;
+                    return Ok(false);
                 }
             }
             Some(protocol_sanitizer_values) => {
                 if !attr_val.is_empty()
                     && !Self::has_allowed_protocol(protocol_sanitizer_values, attr_val)
                 {
-                    return false;
+                    return Ok(false);
                 }
             }
         }
 
-        if attr_name == "class"
-            && !Self::sanitize_class_attribute(
+        if attr_name == "class" {
+            return Self::sanitize_class_attribute(
                 binding,
                 element,
                 element_sanitizer,
                 attr_name,
                 attr_val,
-            )
-            .unwrap()
-        {
-            return false;
+            );
         }
 
-        true
+        Ok(true)
     }
 
     fn has_protocol(attr_val: &str) -> bool {
@@ -393,7 +415,7 @@ impl SelmaSanitizer {
         element_sanitizer: &ElementSanitizer,
         attr_name: &str,
         attr_val: &str,
-    ) -> Result<bool, Error> {
+    ) -> Result<bool, lol_html::errors::AttributeNameError> {
         let allowed_global = &binding.allowed_classes;
 
         let mut valid_classes: Vec<String> = vec![];
@@ -421,28 +443,25 @@ impl SelmaSanitizer {
 
         match element.set_attribute(attr_name, valid_classes.join(" ").as_str()) {
             Ok(_) => Ok(true),
-            Err(err) => Err(Error::new(
-                exception::runtime_error(),
-                format!("AttributeNameError: {}", err),
-            )),
+            Err(err) => Err(err),
         }
     }
 
     pub fn allow_element(&self, element: &mut Element) -> bool {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let flags: u8 = self.0.borrow().flags[tag.index];
 
         (flags & Self::SELMA_SANITIZER_ALLOW) == 0
     }
 
     pub fn try_remove_element(&self, element: &mut Element) -> bool {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let flags: u8 = self.0.borrow().flags[tag.index];
 
         let should_remove = !element.removed() && self.allow_element(element);
 
         if should_remove {
-            if Tag::has_text_content(tag) {
+            if crate::tags::Tag::has_text_content(tag) {
                 Self::remove_element(
                     element,
                     tag.self_closing,
@@ -455,7 +474,7 @@ impl SelmaSanitizer {
             Self::check_if_end_tag_needs_removal(element);
         } else {
             // anything in <iframe> must be removed, if it's kept
-            if Tag::is_iframe(tag) {
+            if crate::tags::Tag::is_iframe(tag) {
                 if self.0.borrow().flags[tag.index] != 0 {
                     element.set_inner_content(" ", ContentType::Text);
                 } else {
@@ -487,14 +506,14 @@ impl SelmaSanitizer {
     }
 
     pub fn force_remove_element(&self, element: &mut Element) {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let self_closing = tag.self_closing;
         Self::remove_element(element, self_closing, Self::SELMA_SANITIZER_REMOVE_CONTENTS);
         Self::check_if_end_tag_needs_removal(element);
     }
 
     fn check_if_end_tag_needs_removal(element: &mut Element) {
-        if element.removed() && !Tag::tag_from_element(element).self_closing {
+        if element.removed() && !crate::tags::Tag::tag_from_element(element).self_closing {
             element
                 .on_end_tag(move |end| {
                     Self::remove_end_tag(end);
@@ -523,7 +542,7 @@ impl SelmaSanitizer {
     }
 }
 
-pub fn init(m_selma: RModule) -> Result<(), Error> {
+pub fn init(m_selma: RModule) -> Result<(), magnus::Error> {
     let c_sanitizer = m_selma.define_class("Sanitizer", Default::default())?;
 
     c_sanitizer.define_singleton_method("new", function!(SelmaSanitizer::new, -1))?;

data/ext/selma/src/selector.rs

@@ -27,7 +27,7 @@ impl SelmaSelector {
             if css.parse::<lol_html::Selector>().is_err() {
                 return Err(Error::new(
                     exception::arg_error(),
-                    format!("Could not parse `match_element` (`{}`) as valid CSS", css),
+                    format!("Could not parse `match_element` (`{css:?}`) as valid CSS"),
                 ));
             }
         }
@@ -37,10 +37,7 @@ impl SelmaSelector {
             if css.parse::<lol_html::Selector>().is_err() {
                 return Err(Error::new(
                     exception::arg_error(),
-                    format!(
-                        "Could not parse `match_text_within` (`{}`) as valid CSS",
-                        css
-                    ),
+                    format!("Could not parse `match_text_within` (`{css:?}`) as valid CSS",),
                 ));
             }
         }

data/ext/selma/src/tags.rs

@@ -192,14 +192,17 @@ impl Tag {
     /// Is this tag something which needs to be removed?
     pub fn is_tag_escapeworthy(tag: Tag) -> bool {
         tag.index == HTMLTag::TITLE as usize
-            || tag.index == HTMLTag::TEXTAREA as usize
-            || tag.index == HTMLTag::STYLE as usize
-            || tag.index == HTMLTag::XMP as usize
             || tag.index == HTMLTag::IFRAME as usize
+            || tag.index == HTMLTag::MATH as usize
             || tag.index == HTMLTag::NOEMBED as usize
             || tag.index == HTMLTag::NOFRAMES as usize
-            || tag.index == HTMLTag::SCRIPT as usize
+            || tag.index == HTMLTag::NOSCRIPT as usize
             || tag.index == HTMLTag::PLAINTEXT as usize
+            || tag.index == HTMLTag::SCRIPT as usize
+            || tag.index == HTMLTag::STYLE as usize
+            || tag.index == HTMLTag::SVG as usize
+            || tag.index == HTMLTag::TEXTAREA as usize
+            || tag.index == HTMLTag::XMP as usize
     }
 
     pub const ESCAPEWORTHY_TAGS_CSS: &str =

data/lib/selma/sanitizer/config/default.rb

@@ -3,6 +3,10 @@
 module Selma
   class Sanitizer
     module Config
+      # although there are many more protocol types, eg., ftp, xmpp, etc.,
+      # these are the only ones that are allowed by default
+      VALID_PROTOCOLS = ["http", "https", "mailto", :relative]
+
       DEFAULT = freeze_config(
         # Whether or not to allow HTML comments. Allowing comments is strongly
         # discouraged, since IE allows script execution within conditional

data/lib/selma/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Selma
-  VERSION = "0.0.2"
+  VERSION = "0.0.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: selma
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.4
 platform: x86_64-linux
 authors:
 - Garen J. Torikian
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-21 00:00:00.000000000 Z
+date: 2022-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rb_sys
@@ -81,6 +81,7 @@ files:
 - ext/selma/src/html.rs
 - ext/selma/src/html/element.rs
 - ext/selma/src/html/end_tag.rs
+- ext/selma/src/html/text_chunk.rs
 - ext/selma/src/lib.rs
 - ext/selma/src/native_ref_wrap.rs
 - ext/selma/src/rewriter.rs