RubyGems - selma - Versions diffs - 0.0.3-aarch64-linux → 0.0.5-aarch64-linux - Mend

selma 0.0.3-aarch64-linux → 0.0.5-aarch64-linux

Files changed (15) hide show

checksums.yaml +4 -4
data/README.md +11 -10
data/ext/selma/Cargo.toml +1 -1
data/ext/selma/src/html/element.rs +103 -44
data/ext/selma/src/html/end_tag.rs +2 -2
data/ext/selma/src/html/text_chunk.rs +113 -0
data/ext/selma/src/html.rs +2 -0
data/ext/selma/src/lib.rs +28 -1
data/ext/selma/src/rewriter.rs +37 -49
data/ext/selma/src/sanitizer.rs +102 -83
data/ext/selma/src/tags.rs +7 -4
data/lib/selma/3.1/selma.so +0 -0
data/lib/selma/sanitizer/config/default.rb +4 -0
data/lib/selma/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce81cc62ed12675d4362d65bc2983ef707664f4cd161a3af6bab496de99ee929
-  data.tar.gz: fdf0b59a4bbc06e9967389c8c069d7da49c835a0ca92080c7fb9bfe73f5d324f
+  metadata.gz: 1cc01b8b795db9625ed5104ae6266d3147955def7b1729f91944bb254d5d2fbb
+  data.tar.gz: 3d2006ada6dc72d43d5eeb8070a368420863a4839ad3132416f4262004f3c9e8
 SHA512:
-  metadata.gz: 4b089a159b06035dfe0a46df235a65f448110908b94092d75bf749a7c7bd590296a128a43ada24258eff411953f57686df8970646dd5b517ce8c2a3a67a66e5c
-  data.tar.gz: 7312a40c011c715536b91ebe27c1b08707cceffe89f8f81e3dba9457a04c3db07d981351c916c0c2a4340e8389c64ea325f78efdcf0cebfe31e9dcf88ba7a960
+  metadata.gz: 345c650c379049924fd084a07047875ddf3982a442208e08fcf67128c590c9e9ac1f851429a759a63cd7ca901b16f82dc81527ae54f9792077db6326cc0c4633
+  data.tar.gz: 7506ae8bcd4a854c549b2b2e0664b9a5d6971ecf8eb54b4e4aad5cb0fa329815ab9ee6f9bcefd27725880518f8752338e24dbf4b08a2c579a6893c6f68f82e3c

data/README.md CHANGED Viewed

@@ -56,6 +56,10 @@ allow_comments: false,
 # "<!DOCTYPE html>" when sanitizing a document.
 allow_doctype: false,
+# HTML elements to allow. By default, no elements are allowed (which means
+# that all HTML will be stripped).
+elements: ["a", "b", "img", ],
 # HTML attributes to allow in specific elements. The key is the name of the element,
 # and the value is an array of allowed attributes. By default, no attributes
 # are allowed.
@@ -64,14 +68,10 @@ attributes: {
     "img" => ["src"],
 },
-# HTML elements to allow. By default, no elements are allowed (which means
-# that all HTML will be stripped).
-elements: ["a", "b", "img", ],
 # URL handling protocols to allow in specific attributes. By default, no
 # protocols are allowed. Use :relative in place of a protocol if you want
 # to allow relative URLs sans protocol.
- protocols: {
+protocols: {
     "a" => { "href" => ["http", "https", "mailto", :relative] },
     "img" => { "href" => ["http", "https"] },
 },
@@ -91,7 +91,7 @@ The real power in Selma comes in its use of handlers. A handler is simply an obj
 - `selector`, a method which MUST return instance of `Selma::Selector` which defines the CSS classes to match
 - `handle_element`, a method that's call on each matched element
-- `handle_text`, a method that's called on each matched text node; this MUST return a string
+- `handle_text_chunk`, a method that's called on each matched text node; this MUST return a string
 Here's an example which rewrites the `href` attribute on `a` and the `src` attribute on `img` to be `https` rather than `http`.
@@ -118,7 +118,7 @@ rewriter = Selma::Rewriter.new(handlers: [MatchAttribute.new])
 The `Selma::Selector` object has three possible kwargs:
 - `match_element`: any element which matches this CSS rule will be passed on to `handle_element`
-- `match_text_within`: any element which matches this CSS rule will be passed on to `handle_text`
+- `match_text_within`: any element which matches this CSS rule will be passed on to `handle_text_chunk`
 - `ignore_text_within`: this is an array of element names whose text contents will be ignored
 You've seen an example of `match_element`; here's one for `match_text` which changes strings in various elements which are _not_ `pre` or `code`:
@@ -132,7 +132,7 @@ class MatchText
     SELECTOR
   end
-  def handle_text(text)
+  def handle_text_chunk(text)
     string.sub(/@.+/, "<a href=\"www.yetto.app/#{Regexp.last_match}\">")
   end
 end
@@ -150,8 +150,9 @@ The `element` argument in `handle_element` has the following methods:
 - `remove_attribute`: remove an attribute
 - `attributes`: list all the attributes
 - `ancestors`: list all the ancestors
-- `append(content, content_type)`: appends `content` to the element's inner content, i.e. inserts content right before the element's end tag. `content_type` is either `:text` or `:html` and determines how the content will be applied.
-- `wrap(start_text, end_text, content_type)`: adds `start_text` before an element and `end_text` after an element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `append(content, as: content_type)`: appends `content` to the element's inner content, i.e. inserts content right before the element's end tag. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `before(content, as: content_type)`: Inserts `content` before the element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `after(content, as: content_type)`: Inserts `content` after the element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 - `set_inner_content`: replaces inner content of the element with `content`. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 ## Benchmarks

data/ext/selma/Cargo.toml CHANGED Viewed

@@ -5,7 +5,7 @@ edition = "2021"
 [dependencies]
 enum-iterator = "1.2"
-escapist = "0.0.1"
+escapist = "0.0.2"
 magnus = { git = "https://github.com/matsadler/magnus", rev = "23160f7229ac74c42da1b5096a65ccbc40962697" }
 lol_html = "0.3"

data/ext/selma/src/html/element.rs CHANGED Viewed

@@ -1,8 +1,6 @@
-use std::borrow::Cow;
 use crate::native_ref_wrap::NativeRefWrap;
-use lol_html::html_content::{ContentType, Element};
-use magnus::{exception, method, Error, Module, RArray, RClass, RHash, RString, Symbol};
+use lol_html::html_content::Element;
+use magnus::{exception, method, Error, Module, RArray, RClass, RHash, RString, Value};
 struct HTMLElement {
     element: NativeRefWrap<Element<'static, 'static>>,
@@ -38,6 +36,48 @@ impl SelmaHTMLElement {
         }
     }
+    fn set_tag_name(&self, name: String) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        if let Ok(element) = binding.element.get_mut() {
+            match element.set_tag_name(&name) {
+                Ok(_) => Ok(()),
+                Err(err) => Err(Error::new(exception::runtime_error(), format!("{err:?}"))),
+            }
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`set_tag_name` is not available",
+            ))
+        }
+    }
+    fn is_self_closing(&self) -> Result<bool, Error> {
+        let binding = self.0.borrow();
+        if let Ok(e) = binding.element.get() {
+            Ok(e.is_self_closing())
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`is_self_closing` is not available",
+            ))
+        }
+    }
+    fn has_attribute(&self, attr: String) -> Result<bool, Error> {
+        let binding = self.0.borrow();
+        if let Ok(e) = binding.element.get() {
+            Ok(e.has_attribute(&attr))
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`is_self_closing` is not available",
+            ))
+        }
+    }
     fn get_attribute(&self, attr: String) -> Option<String> {
         let binding = self.0.borrow();
         let element = binding.element.get();
@@ -106,89 +146,108 @@ impl SelmaHTMLElement {
         Ok(array)
     }
-    fn append(&self, text_to_append: String, content_type: Symbol) -> Result<(), Error> {
+    fn before(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
-        let text_str = text_to_append.as_str();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
-        let content_type = Self::find_content_type(content_type);
-        element.append(text_str, content_type);
+        element.before(&text_str, content_type);
         Ok(())
     }
-    fn wrap(
-        &self,
-        start_text: String,
-        end_text: String,
-        content_type: Symbol,
-    ) -> Result<(), Error> {
+    fn after(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
-        let before_content_type = Self::find_content_type(content_type);
-        let after_content_type = Self::find_content_type(content_type);
-        element.before(&start_text, before_content_type);
-        element.after(&end_text, after_content_type);
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        element.after(&text_str, content_type);
         Ok(())
     }
-    fn set_inner_content(&self, text_to_set: String, content_type: Symbol) -> Result<(), Error> {
+    fn prepend(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
-        let text_str = text_to_set.as_str();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        element.prepend(&text_str, content_type);
-        let content_type = Self::find_content_type(content_type);
+        Ok(())
+    }
-        element.set_inner_content(text_str, content_type);
+    fn append(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let element = binding.element.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        element.append(&text_str, content_type);
         Ok(())
     }
-    fn find_content_type(content_type: Symbol) -> ContentType {
-        match content_type.name() {
-            Ok(name) => match name {
-                Cow::Borrowed("as_text") => ContentType::Text,
-                Cow::Borrowed("as_html") => ContentType::Html,
-                _ => Err(Error::new(
-                    exception::runtime_error(),
-                    format!("unknown symbol `{name:?}`"),
-                ))
-                .unwrap(),
-            },
-            Err(err) => Err(Error::new(
-                exception::runtime_error(),
-                format!("Could not unwrap symbol: {err:?}"),
-            ))
-            .unwrap(),
-        }
+    fn set_inner_content(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let element = binding.element.get_mut().unwrap();
+        let (inner_content, content_type) = match crate::scan_text_args(args) {
+            Ok((inner_content, content_type)) => (inner_content, content_type),
+            Err(err) => return Err(err),
+        };
+        element.set_inner_content(&inner_content, content_type);
+        Ok(())
     }
 }
 pub fn init(c_html: RClass) -> Result<(), Error> {
     let c_element = c_html
         .define_class("Element", Default::default())
-        .expect("cannot find class Selma::Element");
+        .expect("cannot find class Selma::HTML::Element");
     c_element.define_method("tag_name", method!(SelmaHTMLElement::tag_name, 0))?;
+    c_element.define_method("tag_name=", method!(SelmaHTMLElement::set_tag_name, 1))?;
+    c_element.define_method(
+        "self_closing?",
+        method!(SelmaHTMLElement::is_self_closing, 0),
+    )?;
     c_element.define_method("[]", method!(SelmaHTMLElement::get_attribute, 1))?;
     c_element.define_method("[]=", method!(SelmaHTMLElement::set_attribute, 2))?;
     c_element.define_method(
         "remove_attribute",
         method!(SelmaHTMLElement::remove_attribute, 1),
     )?;
+    c_element.define_method(
+        "has_attribute?",
+        method!(SelmaHTMLElement::has_attribute, 1),
+    )?;
     c_element.define_method("attributes", method!(SelmaHTMLElement::get_attributes, 0))?;
     c_element.define_method("ancestors", method!(SelmaHTMLElement::get_ancestors, 0))?;
-    c_element.define_method("append", method!(SelmaHTMLElement::append, 2))?;
-    c_element.define_method("wrap", method!(SelmaHTMLElement::wrap, 3))?;
+    c_element.define_method("before", method!(SelmaHTMLElement::before, -1))?;
+    c_element.define_method("after", method!(SelmaHTMLElement::after, -1))?;
+    c_element.define_method("prepend", method!(SelmaHTMLElement::prepend, -1))?;
+    c_element.define_method("append", method!(SelmaHTMLElement::append, -1))?;
     c_element.define_method(
         "set_inner_content",
-        method!(SelmaHTMLElement::set_inner_content, 2),
+        method!(SelmaHTMLElement::set_inner_content, -1),
     )?;
     Ok(())

data/ext/selma/src/html/end_tag.rs CHANGED Viewed

@@ -6,7 +6,7 @@ struct HTMLEndTag {
     end_tag: NativeRefWrap<EndTag<'static>>,
 }
-#[magnus::wrap(class = "Selma::HTML::Element")]
+#[magnus::wrap(class = "Selma::HTML::EndTag")]
 pub struct SelmaHTMLEndTag(std::cell::RefCell<HTMLEndTag>);
 /// SAFETY: This is safe because we only access this data when the GVL is held.
@@ -27,7 +27,7 @@ impl SelmaHTMLEndTag {
 pub fn init(c_html: RClass) -> Result<(), Error> {
     let c_end_tag = c_html
         .define_class("EndTag", Default::default())
-        .expect("cannot find class Selma::EndTag");
+        .expect("cannot find class Selma::HTML::EndTag");
     c_end_tag.define_method("tag_name", method!(SelmaHTMLEndTag::tag_name, 0))?;

data/ext/selma/src/html/text_chunk.rs ADDED Viewed

@@ -0,0 +1,113 @@
+use crate::native_ref_wrap::NativeRefWrap;
+use lol_html::html_content::{TextChunk, TextType};
+use magnus::{exception, method, Error, Module, RClass, Symbol, Value};
+struct HTMLTextChunk {
+    text_chunk: NativeRefWrap<TextChunk<'static>>,
+}
+#[magnus::wrap(class = "Selma::HTML::TextChunk")]
+pub struct SelmaHTMLTextChunk(std::cell::RefCell<HTMLTextChunk>);
+/// SAFETY: This is safe because we only access this data when the GVL is held.
+unsafe impl Send for SelmaHTMLTextChunk {}
+impl SelmaHTMLTextChunk {
+    pub fn new(text_chunk: &mut TextChunk) -> Self {
+        let (ref_wrap, _anchor) = NativeRefWrap::wrap_mut(text_chunk);
+        Self(std::cell::RefCell::new(HTMLTextChunk {
+            text_chunk: ref_wrap,
+        }))
+    }
+    fn to_s(&self) -> Result<String, Error> {
+        let binding = self.0.borrow();
+        if let Ok(tc) = binding.text_chunk.get() {
+            Ok(tc.as_str().to_string())
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`to_s` is not available",
+            ))
+        }
+    }
+    fn text_type(&self) -> Result<Symbol, Error> {
+        let binding = self.0.borrow();
+        if let Ok(tc) = binding.text_chunk.get() {
+            match tc.text_type() {
+                TextType::Data => Ok(Symbol::from("data")),
+                TextType::PlainText => Ok(Symbol::from("plain_text")),
+                TextType::RawText => Ok(Symbol::from("raw_text")),
+                TextType::ScriptData => Ok(Symbol::from("script")),
+                TextType::RCData => Ok(Symbol::from("rc_data")),
+                TextType::CDataSection => Ok(Symbol::from("cdata_section")),
+            }
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`text_type` is not available",
+            ))
+        }
+    }
+    fn before(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        text_chunk.before(&text_str, content_type);
+        Ok(())
+    }
+    fn after(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        text_chunk.after(&text_str, content_type);
+        Ok(())
+    }
+    fn replace(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        text_chunk.replace(&text_str, content_type);
+        Ok(())
+    }
+}
+pub fn init(c_html: RClass) -> Result<(), Error> {
+    let c_text_chunk = c_html
+        .define_class("TextChunk", Default::default())
+        .expect("cannot find class Selma::HTML::TextChunk");
+    c_text_chunk.define_method("to_s", method!(SelmaHTMLTextChunk::to_s, 0))?;
+    c_text_chunk.define_method("content", method!(SelmaHTMLTextChunk::to_s, 0))?;
+    c_text_chunk.define_method("text_type", method!(SelmaHTMLTextChunk::text_type, 0))?;
+    c_text_chunk.define_method("before", method!(SelmaHTMLTextChunk::before, -1))?;
+    c_text_chunk.define_method("after", method!(SelmaHTMLTextChunk::after, -1))?;
+    c_text_chunk.define_method("replace", method!(SelmaHTMLTextChunk::replace, -1))?;
+    Ok(())
+}

data/ext/selma/src/html.rs CHANGED Viewed

@@ -9,9 +9,11 @@ pub fn init(m_selma: RModule) -> Result<(), Error> {
     element::init(c_html).expect("cannot define Selma::HTML::Element class");
     end_tag::init(c_html).expect("cannot define Selma::HTML::EndTag class");
+    text_chunk::init(c_html).expect("cannot define Selma::HTML::TextChunk class");
     Ok(())
 }
 pub mod element;
 pub mod end_tag;
+pub mod text_chunk;

data/ext/selma/src/lib.rs CHANGED Viewed

@@ -1,6 +1,7 @@
 extern crate core;
-use magnus::{define_module, Error};
+use lol_html::html_content::ContentType;
+use magnus::{define_module, exception, scan_args, Error, Symbol, Value};
 pub mod html;
 pub mod native_ref_wrap;
@@ -10,6 +11,32 @@ pub mod selector;
 pub mod tags;
 pub mod wrapped_struct;
+#[allow(clippy::let_unit_value)]
+fn scan_text_args(args: &[Value]) -> Result<(String, ContentType), magnus::Error> {
+    let args = scan_args::scan_args(args)?;
+    let (text,): (String,) = args.required;
+    let _: () = args.optional;
+    let _: () = args.splat;
+    let _: () = args.trailing;
+    let _: () = args.block;
+    let kwargs = scan_args::get_kwargs::<_, (Symbol,), (), ()>(args.keywords, &["as"], &[])?;
+    let as_sym = kwargs.required.0;
+    let as_sym_str = as_sym.name().unwrap();
+    let content_type = if as_sym_str == "text" {
+        ContentType::Text
+    } else if as_sym_str == "html" {
+        ContentType::Html
+    } else {
+        return Err(Error::new(
+            exception::runtime_error(),
+            format!("unknown symbol `{as_sym_str:?}`"),
+        ));
+    };
+    Ok((text, content_type))
+}
 #[magnus::init]
 fn init() -> Result<(), Error> {
     let m_selma = define_module("Selma").expect("cannot define ::Selma module");

data/ext/selma/src/rewriter.rs CHANGED Viewed

@@ -1,6 +1,6 @@
 use lol_html::{
     doc_comments, doctype, element,
-    html_content::{ContentType, Element, EndTag, TextChunk},
+    html_content::{Element, EndTag, TextChunk},
     text, DocumentContentHandlers, ElementContentHandlers, HtmlRewriter, Selector, Settings,
 };
 use magnus::{exception, function, method, scan_args, Module, Object, RArray, RModule, Value};
@@ -8,7 +8,7 @@ use magnus::{exception, function, method, scan_args, Module, Object, RArray, RMo
 use std::{borrow::Cow, cell::RefCell, primitive::str, rc::Rc};
 use crate::{
-    html::{element::SelmaHTMLElement, end_tag::SelmaHTMLEndTag},
+    html::{element::SelmaHTMLElement, end_tag::SelmaHTMLEndTag, text_chunk::SelmaHTMLTextChunk},
     sanitizer::SelmaSanitizer,
     selector::SelmaSelector,
     tags::Tag,
@@ -43,7 +43,7 @@ unsafe impl Send for SelmaRewriter {}
 impl SelmaRewriter {
     const SELMA_ON_END_TAG: &str = "on_end_tag";
     const SELMA_HANDLE_ELEMENT: &str = "handle_element";
-    const SELMA_HANDLE_TEXT: &str = "handle_text";
+    const SELMA_HANDLE_TEXT_CHUNK: &str = "handle_text_chunk";
     /// @yard
     /// @def new(sanitizer: Selma::Sanitizer.new(Selma::Sanitizer::Config::DEFAULT), handlers: [])
@@ -145,7 +145,7 @@ impl SelmaRewriter {
         let _: () = args.trailing;
         let _: () = args.block;
-        let kw = scan_args::get_kwargs::<
+        let kwargs = scan_args::get_kwargs::<
             _,
             (),
             (
@@ -154,7 +154,7 @@ impl SelmaRewriter {
             ),
             (),
         >(args.keywords, &[], &["sanitizer", "handlers"])?;
-        let (rb_sanitizer, rb_handlers) = kw.optional;
+        let (rb_sanitizer, rb_handlers) = kwargs.optional;
         Ok((rb_sanitizer, rb_handlers))
     }
@@ -162,26 +162,22 @@ impl SelmaRewriter {
     /// Perform HTML rewrite sequence.
     fn rewrite(&self, html: String) -> Result<String, magnus::Error> {
         let sanitized_html = match &self.0.borrow().sanitizer {
-            None => html,
+            None => Ok(html),
             Some(sanitizer) => {
-                // due to malicious html crafting
-                // (e.g. <<foo>script>...</script>, or <div <!-- comment -->> as in tests),
-                // we need to run sanitization several times to truly remove unwanted tags,
-                // because lol-html happily accepts this garbage (by design?)
-                let sanitized_html = Self::perform_sanitization(sanitizer, &html).unwrap();
+                let sanitized_html = match Self::perform_sanitization(sanitizer, &html) {
+                    Ok(sanitized_html) => sanitized_html,
+                    Err(err) => return Err(err),
+                };
-                String::from_utf8(sanitized_html).unwrap()
+                String::from_utf8(sanitized_html)
             }
         };
         let binding = self.0.borrow_mut();
         let handlers = &binding.handlers;
-        match Self::perform_handler_rewrite(self, handlers, sanitized_html) {
+        match Self::perform_handler_rewrite(self, handlers, sanitized_html.unwrap()) {
             Ok(rewritten_html) => Ok(String::from_utf8(rewritten_html).unwrap()),
-            Err(err) => Err(magnus::Error::new(
-                exception::runtime_error(),
-                format!("{err:?}"),
-            )),
+            Err(err) => Err(err),
         }
     }
@@ -212,9 +208,10 @@ impl SelmaRewriter {
                         if el.removed() {
                             return Ok(());
                         }
-                        sanitizer.sanitize_attributes(el);
-                        Ok(())
+                        match sanitizer.sanitize_attributes(el) {
+                            Ok(_) => Ok(()),
+                            Err(err) => Err(err.to_string().into()),
+                        }
                     })],
                     // TODO: allow for MemorySettings to be defined
                     ..Settings::default()
@@ -341,7 +338,7 @@ impl SelmaRewriter {
                     let mut stack = closure_element_stack.as_ref().borrow_mut();
                     stack.pop();
                     Ok(())
-                });
+                })?;
                 Ok(())
             }));
         });
@@ -375,13 +372,14 @@ impl SelmaRewriter {
     ) -> Result<(), magnus::Error> {
         // if `on_end_tag` function is defined, call it
         if rb_handler.respond_to(Self::SELMA_ON_END_TAG, true).unwrap() {
+            // TODO: error here is an "EndTagError"
             element.on_end_tag(move |end_tag| {
                 let rb_end_tag = SelmaHTMLEndTag::new(end_tag);
-                rb_handler
-                    .funcall::<_, _, Value>(Self::SELMA_ON_END_TAG, (rb_end_tag,))
-                    .unwrap();
-                Ok(())
+                match rb_handler.funcall::<_, _, Value>(Self::SELMA_ON_END_TAG, (rb_end_tag,)) {
+                    Ok(_) => Ok(()),
+                    Err(err) => Err(err.to_string().into()),
+                }
             });
         }
@@ -390,40 +388,30 @@ impl SelmaRewriter {
             rb_handler.funcall::<_, _, Value>(Self::SELMA_HANDLE_ELEMENT, (rb_element,));
         match rb_result {
             Ok(_) => Ok(()),
-            Err(err) => Err(magnus::Error::new(
-                exception::runtime_error(),
-                format!("{err:?}"),
-            )),
+            Err(err) => Err(err),
         }
     }
-    fn process_text_handlers(rb_handler: Value, text: &mut TextChunk) -> Result<(), magnus::Error> {
-        // prevents missing `handle_text` function
-        let content = text.as_str();
+    fn process_text_handlers(
+        rb_handler: Value,
+        text_chunk: &mut TextChunk,
+    ) -> Result<(), magnus::Error> {
+        // prevents missing `handle_text_chunk` function
+        let content = text_chunk.as_str();
         // seems that sometimes lol-html returns blank text / EOLs?
         if content.is_empty() {
             return Ok(());
         }
-        let rb_result = rb_handler.funcall::<_, _, String>(Self::SELMA_HANDLE_TEXT, (content,));
-        if rb_result.is_err() {
-            return Err(magnus::Error::new(
-                exception::type_error(),
-                format!(
-                    "Expected #{:?} to return a string: {:?}",
-                    Self::SELMA_HANDLE_TEXT,
-                    rb_result.err().unwrap()
-                ),
-            ));
+        let rb_text_chunk = SelmaHTMLTextChunk::new(text_chunk);
+        match rb_handler.funcall::<_, _, Value>(Self::SELMA_HANDLE_TEXT_CHUNK, (rb_text_chunk,)) {
+            Ok(_) => Ok(()),
+            Err(err) => Err(magnus::Error::new(
+                exception::runtime_error(),
+                format!("{err:?}"),
+            )),
         }
-        let new_content = rb_result.unwrap();
-        // TODO: can this be an option?
-        text.replace(&new_content, ContentType::Html);
-        Ok(())
     }
 }

data/ext/selma/src/sanitizer.rs CHANGED Viewed

@@ -1,12 +1,10 @@
-use std::{borrow::BorrowMut, cell::RefMut, collections::HashMap};
+use std::{borrow::BorrowMut, collections::HashMap};
-use lol_html::html_content::{Comment, ContentType, Doctype, Element, EndTag};
-use magnus::{
-    class, exception, function, method, scan_args, Error, Module, Object, RArray, RHash, RModule,
-    Value,
+use lol_html::{
+    errors::AttributeNameError,
+    html_content::{Comment, ContentType, Doctype, Element, EndTag},
 };
-use crate::tags::Tag;
+use magnus::{class, function, method, scan_args, Module, Object, RArray, RHash, RModule, Value};
 #[derive(Clone, Debug)]
 struct ElementSanitizer {
@@ -16,9 +14,21 @@ struct ElementSanitizer {
     protocol_sanitizers: HashMap<String, Vec<String>>,
 }
+impl Default for ElementSanitizer {
+    fn default() -> Self {
+        ElementSanitizer {
+            allowed_attrs: vec![],
+            allowed_classes: vec![],
+            required_attrs: vec![],
+            protocol_sanitizers: HashMap::new(),
+        }
+    }
+}
 #[derive(Clone, Debug)]
 pub struct Sanitizer {
-    flags: [u8; Tag::TAG_COUNT],
+    flags: [u8; crate::tags::Tag::TAG_COUNT],
     allowed_attrs: Vec<String>,
     allowed_classes: Vec<String>,
     element_sanitizers: HashMap<String, ElementSanitizer>,
@@ -39,7 +49,7 @@ impl SelmaSanitizer {
     const SELMA_SANITIZER_REMOVE_CONTENTS: u8 = (1 << 2);
     const SELMA_SANITIZER_WRAP_WHITESPACE: u8 = (1 << 3);
-    pub fn new(arguments: &[Value]) -> Result<Self, Error> {
+    pub fn new(arguments: &[Value]) -> Result<Self, magnus::Error> {
         let args = scan_args::scan_args::<(), (Option<RHash>,), (), (), (), ()>(arguments)?;
         let (opt_config,): (Option<RHash>,) = args.optional;
@@ -50,19 +60,16 @@ impl SelmaSanitizer {
         };
         let mut element_sanitizers = HashMap::new();
-        Tag::html_tags().iter().for_each(|html_tag| {
-            let es = ElementSanitizer {
-                allowed_attrs: vec![],
-                allowed_classes: vec![],
-                required_attrs: vec![],
-                protocol_sanitizers: HashMap::new(),
-            };
-            element_sanitizers.insert(Tag::element_name_from_enum(html_tag).to_string(), es);
+        crate::tags::Tag::html_tags().iter().for_each(|html_tag| {
+            let es = ElementSanitizer::default();
+            element_sanitizers.insert(
+                crate::tags::Tag::element_name_from_enum(html_tag).to_string(),
+                es,
+            );
         });
         Ok(Self(std::cell::RefCell::new(Sanitizer {
-            flags: [0; Tag::TAG_COUNT],
+            flags: [0; crate::tags::Tag::TAG_COUNT],
             allowed_attrs: vec![],
             allowed_classes: vec![],
             element_sanitizers,
@@ -74,7 +81,7 @@ impl SelmaSanitizer {
         })))
     }
-    fn get_config(&self) -> Result<RHash, Error> {
+    fn get_config(&self) -> Result<RHash, magnus::Error> {
         let binding = self.0.borrow();
         Ok(binding.config)
@@ -82,7 +89,7 @@ impl SelmaSanitizer {
     /// Toggle a sanitizer option on or off.
     fn set_flag(&self, tag_name: String, flag: u8, set: bool) {
-        let tag = Tag::tag_from_tag_name(tag_name.as_str());
+        let tag = crate::tags::Tag::tag_from_tag_name(tag_name.as_str());
         if set {
             self.0.borrow_mut().flags[tag.index] |= flag;
         } else {
@@ -93,13 +100,19 @@ impl SelmaSanitizer {
     /// Toggles all sanitization options on or off.
     fn set_all_flags(&self, flag: u8, set: bool) {
         if set {
-            Tag::html_tags().iter().enumerate().for_each(|(iter, _)| {
-                self.0.borrow_mut().flags[iter] |= flag;
-            });
+            crate::tags::Tag::html_tags()
+                .iter()
+                .enumerate()
+                .for_each(|(iter, _)| {
+                    self.0.borrow_mut().flags[iter] |= flag;
+                });
         } else {
-            Tag::html_tags().iter().enumerate().for_each(|(iter, _)| {
-                self.0.borrow_mut().flags[iter] &= flag;
-            });
+            crate::tags::Tag::html_tags()
+                .iter()
+                .enumerate()
+                .for_each(|(iter, _)| {
+                    self.0.borrow_mut().flags[iter] &= flag;
+                });
         }
     }
@@ -111,8 +124,8 @@ impl SelmaSanitizer {
     pub fn escape_tagfilter(&self, e: &mut Element) -> bool {
         if self.0.borrow().escape_tagfilter {
-            let tag = Tag::tag_from_element(e);
-            if Tag::is_tag_escapeworthy(tag) {
+            let tag = crate::tags::Tag::tag_from_element(e);
+            if crate::tags::Tag::is_tag_escapeworthy(tag) {
                 e.remove();
                 return true;
             }
@@ -162,7 +175,8 @@ impl SelmaSanitizer {
             let allowed_attrs = &mut binding.allowed_attrs;
             Self::set_allowed(allowed_attrs, &attr_name, allow);
         } else {
-            let element_sanitizer = Self::get_mut_element_sanitizer(&mut binding, &element_name);
+            let element_sanitizers = &mut binding.element_sanitizers;
+            let element_sanitizer = Self::get_element_sanitizer(element_sanitizers, &element_name);
             element_sanitizer.allowed_attrs.push(attr_name);
         }
@@ -176,7 +190,8 @@ impl SelmaSanitizer {
             let allowed_classes = &mut binding.allowed_classes;
             Self::set_allowed(allowed_classes, &class_name, allow);
         } else {
-            let element_sanitizer = Self::get_mut_element_sanitizer(&mut binding, &element_name);
+            let element_sanitizers = &mut binding.element_sanitizers;
+            let element_sanitizer = Self::get_element_sanitizer(element_sanitizers, &element_name);
             let allowed_classes = element_sanitizer.allowed_classes.borrow_mut();
             Self::set_allowed(allowed_classes, &class_name, allow)
@@ -187,9 +202,10 @@ impl SelmaSanitizer {
     fn set_allowed_protocols(&self, element_name: String, attr_name: String, allow_list: RArray) {
         let mut binding = self.0.borrow_mut();
-        let element_sanitizer = Self::get_mut_element_sanitizer(&mut binding, &element_name);
+        let element_sanitizers = &mut binding.element_sanitizers;
+        let element_sanitizer = Self::get_element_sanitizer(element_sanitizers, &element_name);
-        let protocol_sanitizers = element_sanitizer.protocol_sanitizers.borrow_mut();
+        let protocol_sanitizers = &mut element_sanitizer.protocol_sanitizers.borrow_mut();
         for opt_allowed_protocol in allow_list.each() {
             let allowed_protocol = opt_allowed_protocol.unwrap();
@@ -229,10 +245,16 @@ impl SelmaSanitizer {
         }
     }
-    pub fn sanitize_attributes(&self, element: &mut Element) -> Result<(), magnus::Error> {
-        let binding = self.0.borrow_mut();
-        let tag = Tag::tag_from_element(element);
-        let element_sanitizer = Self::get_element_sanitizer(&binding, &element.tag_name());
+    pub fn sanitize_attributes(&self, element: &mut Element) -> Result<(), AttributeNameError> {
+        let tag = crate::tags::Tag::tag_from_element(element);
+        let tag_name = &element.tag_name();
+        let element_sanitizer = {
+            let mut binding = self.0.borrow_mut();
+            let element_sanitizers = &mut binding.element_sanitizers;
+            Self::get_element_sanitizer(element_sanitizers, tag_name).clone()
+        };
+        let binding = self.0.borrow();
         // FIXME: This is a hack to get around the fact that we can't borrow
         let attribute_map: HashMap<String, String> = element
@@ -255,26 +277,30 @@ impl SelmaSanitizer {
             let x = escapist::unescape_html(trimmed.as_bytes());
             let unescaped_attr_val = String::from_utf8_lossy(&x).to_string();
-            if !Self::should_keep_attribute(
+            let should_keep_attrubute = match Self::should_keep_attribute(
                 &binding,
                 element,
-                element_sanitizer,
+                &element_sanitizer,
                 attr_name,
                 &unescaped_attr_val,
             ) {
+                Ok(should_keep) => should_keep,
+                Err(e) => {
+                    return Err(e);
+                }
+            };
+            if !should_keep_attrubute {
                 element.remove_attribute(attr_name);
             } else {
                 // Prevent the use of `<meta>` elements that set a charset other than UTF-8,
                 // since output is always UTF-8.
-                if Tag::is_meta(tag) {
+                if crate::tags::Tag::is_meta(tag) {
                     if attr_name == "charset" && unescaped_attr_val != "utf-8" {
                         match element.set_attribute(attr_name, "utf-8") {
                             Ok(_) => {}
-                            Err(_) => {
-                                return Err(magnus::Error::new(
-                                    exception::runtime_error(),
-                                    format!("Unable to change {attr_name:?}"),
-                                ));
+                            Err(err) => {
+                                return Err(err);
                             }
                         }
                     }
@@ -282,13 +308,17 @@ impl SelmaSanitizer {
                     let mut buf = String::new();
                     // ...then, escape any special characters, for security
                     if attr_name == "href" {
-                        // FIXME: gross--------------vvvv
-                        escapist::escape_href(&mut buf, unescaped_attr_val.to_string().as_str());
+                        escapist::escape_href(&mut buf, unescaped_attr_val.as_str());
                     } else {
-                        escapist::escape_html(&mut buf, unescaped_attr_val.to_string().as_str());
+                        escapist::escape_html(&mut buf, unescaped_attr_val.as_str());
                     };
-                    element.set_attribute(attr_name, &buf);
+                    match element.set_attribute(attr_name, &buf) {
+                        Ok(_) => {}
+                        Err(err) => {
+                            return Err(err);
+                        }
+                    }
                 }
             }
         }
@@ -308,12 +338,12 @@ impl SelmaSanitizer {
     }
     fn should_keep_attribute(
-        binding: &RefMut<Sanitizer>,
+        binding: &Sanitizer,
         element: &mut Element,
         element_sanitizer: &ElementSanitizer,
         attr_name: &String,
         attr_val: &String,
-    ) -> bool {
+    ) -> Result<bool, AttributeNameError> {
         let mut allowed: bool = false;
         let element_allowed_attrs = element_sanitizer.allowed_attrs.contains(attr_name);
         let sanitizer_allowed_attrs = binding.allowed_attrs.contains(attr_name);
@@ -327,7 +357,7 @@ impl SelmaSanitizer {
         }
         if !allowed {
-            return false;
+            return Ok(false);
         }
         let protocol_sanitizer_values = element_sanitizer.protocol_sanitizers.get(attr_name);
@@ -335,32 +365,29 @@ impl SelmaSanitizer {
             None => {
                 // has a protocol, but no sanitization list
                 if !attr_val.is_empty() && Self::has_protocol(attr_val) {
-                    return false;
+                    return Ok(false);
                 }
             }
             Some(protocol_sanitizer_values) => {
                 if !attr_val.is_empty()
                     && !Self::has_allowed_protocol(protocol_sanitizer_values, attr_val)
                 {
-                    return false;
+                    return Ok(false);
                 }
             }
         }
-        if attr_name == "class"
-            && !Self::sanitize_class_attribute(
+        if attr_name == "class" {
+            return Self::sanitize_class_attribute(
                 binding,
                 element,
                 element_sanitizer,
                 attr_name,
                 attr_val,
-            )
-            .unwrap()
-        {
-            return false;
+            );
         }
-        true
+        Ok(true)
     }
     fn has_protocol(attr_val: &str) -> bool {
@@ -398,12 +425,12 @@ impl SelmaSanitizer {
     }
     fn sanitize_class_attribute(
-        binding: &RefMut<Sanitizer>,
+        binding: &Sanitizer,
         element: &mut Element,
         element_sanitizer: &ElementSanitizer,
         attr_name: &str,
         attr_val: &str,
-    ) -> Result<bool, Error> {
+    ) -> Result<bool, lol_html::errors::AttributeNameError> {
         let allowed_global = &binding.allowed_classes;
         let mut valid_classes: Vec<String> = vec![];
@@ -431,28 +458,25 @@ impl SelmaSanitizer {
         match element.set_attribute(attr_name, valid_classes.join(" ").as_str()) {
             Ok(_) => Ok(true),
-            Err(err) => Err(Error::new(
-                exception::runtime_error(),
-                format!("AttributeNameError: {err:?}"),
-            )),
+            Err(err) => Err(err),
         }
     }
     pub fn allow_element(&self, element: &mut Element) -> bool {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let flags: u8 = self.0.borrow().flags[tag.index];
         (flags & Self::SELMA_SANITIZER_ALLOW) == 0
     }
     pub fn try_remove_element(&self, element: &mut Element) -> bool {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let flags: u8 = self.0.borrow().flags[tag.index];
         let should_remove = !element.removed() && self.allow_element(element);
         if should_remove {
-            if Tag::has_text_content(tag) {
+            if crate::tags::Tag::has_text_content(tag) {
                 Self::remove_element(
                     element,
                     tag.self_closing,
@@ -465,7 +489,7 @@ impl SelmaSanitizer {
             Self::check_if_end_tag_needs_removal(element);
         } else {
             // anything in <iframe> must be removed, if it's kept
-            if Tag::is_iframe(tag) {
+            if crate::tags::Tag::is_iframe(tag) {
                 if self.0.borrow().flags[tag.index] != 0 {
                     element.set_inner_content(" ", ContentType::Text);
                 } else {
@@ -497,14 +521,14 @@ impl SelmaSanitizer {
     }
     pub fn force_remove_element(&self, element: &mut Element) {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let self_closing = tag.self_closing;
         Self::remove_element(element, self_closing, Self::SELMA_SANITIZER_REMOVE_CONTENTS);
         Self::check_if_end_tag_needs_removal(element);
     }
     fn check_if_end_tag_needs_removal(element: &mut Element) {
-        if element.removed() && !Tag::tag_from_element(element).self_closing {
+        if element.removed() && !crate::tags::Tag::tag_from_element(element).self_closing {
             element
                 .on_end_tag(move |end| {
                     Self::remove_end_tag(end);
@@ -519,21 +543,16 @@ impl SelmaSanitizer {
     }
     fn get_element_sanitizer<'a>(
-        binding: &'a RefMut<Sanitizer>,
-        element_name: &str,
-    ) -> &'a ElementSanitizer {
-        binding.element_sanitizers.get(element_name).unwrap()
-    }
-    fn get_mut_element_sanitizer<'a>(
-        binding: &'a mut Sanitizer,
+        element_sanitizers: &'a mut HashMap<String, ElementSanitizer>,
         element_name: &str,
     ) -> &'a mut ElementSanitizer {
-        binding.element_sanitizers.get_mut(element_name).unwrap()
+        element_sanitizers
+            .entry(element_name.to_string())
+            .or_insert_with(ElementSanitizer::default)
     }
 }
-pub fn init(m_selma: RModule) -> Result<(), Error> {
+pub fn init(m_selma: RModule) -> Result<(), magnus::Error> {
     let c_sanitizer = m_selma.define_class("Sanitizer", Default::default())?;
     c_sanitizer.define_singleton_method("new", function!(SelmaSanitizer::new, -1))?;

data/ext/selma/src/tags.rs CHANGED Viewed

@@ -192,14 +192,17 @@ impl Tag {
     /// Is this tag something which needs to be removed?
     pub fn is_tag_escapeworthy(tag: Tag) -> bool {
         tag.index == HTMLTag::TITLE as usize
-            || tag.index == HTMLTag::TEXTAREA as usize
-            || tag.index == HTMLTag::STYLE as usize
-            || tag.index == HTMLTag::XMP as usize
             || tag.index == HTMLTag::IFRAME as usize
+            || tag.index == HTMLTag::MATH as usize
             || tag.index == HTMLTag::NOEMBED as usize
             || tag.index == HTMLTag::NOFRAMES as usize
-            || tag.index == HTMLTag::SCRIPT as usize
+            || tag.index == HTMLTag::NOSCRIPT as usize
             || tag.index == HTMLTag::PLAINTEXT as usize
+            || tag.index == HTMLTag::SCRIPT as usize
+            || tag.index == HTMLTag::STYLE as usize
+            || tag.index == HTMLTag::SVG as usize
+            || tag.index == HTMLTag::TEXTAREA as usize
+            || tag.index == HTMLTag::XMP as usize
     }
     pub const ESCAPEWORTHY_TAGS_CSS: &str =

data/lib/selma/3.1/selma.so CHANGED Viewed

Binary file

data/lib/selma/sanitizer/config/default.rb CHANGED Viewed

@@ -3,6 +3,10 @@
 module Selma
   class Sanitizer
     module Config
+      # although there are many more protocol types, eg., ftp, xmpp, etc.,
+      # these are the only ones that are allowed by default
+      VALID_PROTOCOLS = ["http", "https", "mailto", :relative]
       DEFAULT = freeze_config(
         # Whether or not to allow HTML comments. Allowing comments is strongly
         # discouraged, since IE allows script execution within conditional

data/lib/selma/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Selma
-  VERSION = "0.0.3"
+  VERSION = "0.0.5"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: selma
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.5
 platform: aarch64-linux
 authors:
 - Garen J. Torikian
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-24 00:00:00.000000000 Z
+date: 2022-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rb_sys
@@ -81,6 +81,7 @@ files:
 - ext/selma/src/html.rs
 - ext/selma/src/html/element.rs
 - ext/selma/src/html/end_tag.rs
+- ext/selma/src/html/text_chunk.rs
 - ext/selma/src/lib.rs
 - ext/selma/src/native_ref_wrap.rs
 - ext/selma/src/rewriter.rs