RubyGems - selma - Versions diffs - 0.0.3-x64-mingw-ucrt → 0.0.5-x64-mingw-ucrt - Mend

selma 0.0.3-x64-mingw-ucrt → 0.0.5-x64-mingw-ucrt

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/README.md +11 -10
data/ext/selma/Cargo.toml +1 -1
data/ext/selma/src/html/element.rs +103 -44
data/ext/selma/src/html/end_tag.rs +2 -2
data/ext/selma/src/html/text_chunk.rs +113 -0
data/ext/selma/src/html.rs +2 -0
data/ext/selma/src/lib.rs +28 -1
data/ext/selma/src/rewriter.rs +37 -49
data/ext/selma/src/sanitizer.rs +102 -83
data/ext/selma/src/tags.rs +7 -4
data/lib/selma/3.1/selma.so +0 -0
data/lib/selma/sanitizer/config/default.rb +4 -0
data/lib/selma/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c778a1189fea09803ab20f414e31b02ebb9502e14b9325e7f4af235526cbba4c
-  data.tar.gz: 3985ee4a86fb0d9dfcb591675569841f59a5adf3f6ce565e839ecb8b3d5493de
+  metadata.gz: 71d2ed6bdc4d48a698b04caaa61d15bbb167d31e9fda1c0d48970cf2dbbd188d
+  data.tar.gz: 0c8a572b488c418aee28fe204053e8f969a9b43b20eb59291b219e14d5a29ad4
 SHA512:
-  metadata.gz: 1809c68d71d5b945fa757ec3b9aab66e935b44106be7e6e4c177822c23cda06fa9e29d05a0c03805eb6404eea5cad2ba7d34255e4f9faf06d8aff28f0902eede
-  data.tar.gz: 32cb02767c6f241970d745b62f7c6b36fc77bf1b19446b2e4170b109a6a36ed4efda7b3f6b33a5e4d7850091c23c0b0b3692c40849c735d786dd199b2c1e7824
+  metadata.gz: 45d724459cbe8b4491a8cf01185edb0443a7890344a95aced77d058d5631c082c26e6ea3f0b4bcdc6e27f5466e6f66f247d3ef3d9b02fa5a76d36fa723d8f3de
+  data.tar.gz: 12e315d7d96c534b7cd318c3e67fcb566ee1c721f0a58836079366d540f6dfd16aa80b20abd0b9f0c03047c04811881dd46a4f33fc48407ab3b687e6b44ebdc0

data/README.md CHANGED Viewed

@@ -56,6 +56,10 @@ allow_comments: false,
 # "<!DOCTYPE html>" when sanitizing a document.
 allow_doctype: false,
+# HTML elements to allow. By default, no elements are allowed (which means
+# that all HTML will be stripped).
+elements: ["a", "b", "img", ],
 # HTML attributes to allow in specific elements. The key is the name of the element,
 # and the value is an array of allowed attributes. By default, no attributes
 # are allowed.
@@ -64,14 +68,10 @@ attributes: {
     "img" => ["src"],
 },
-# HTML elements to allow. By default, no elements are allowed (which means
-# that all HTML will be stripped).
-elements: ["a", "b", "img", ],
 # URL handling protocols to allow in specific attributes. By default, no
 # protocols are allowed. Use :relative in place of a protocol if you want
 # to allow relative URLs sans protocol.
- protocols: {
+protocols: {
     "a" => { "href" => ["http", "https", "mailto", :relative] },
     "img" => { "href" => ["http", "https"] },
 },
@@ -91,7 +91,7 @@ The real power in Selma comes in its use of handlers. A handler is simply an obj
 - `selector`, a method which MUST return instance of `Selma::Selector` which defines the CSS classes to match
 - `handle_element`, a method that's call on each matched element
-- `handle_text`, a method that's called on each matched text node; this MUST return a string
+- `handle_text_chunk`, a method that's called on each matched text node; this MUST return a string
 Here's an example which rewrites the `href` attribute on `a` and the `src` attribute on `img` to be `https` rather than `http`.
@@ -118,7 +118,7 @@ rewriter = Selma::Rewriter.new(handlers: [MatchAttribute.new])
 The `Selma::Selector` object has three possible kwargs:
 - `match_element`: any element which matches this CSS rule will be passed on to `handle_element`
-- `match_text_within`: any element which matches this CSS rule will be passed on to `handle_text`
+- `match_text_within`: any element which matches this CSS rule will be passed on to `handle_text_chunk`
 - `ignore_text_within`: this is an array of element names whose text contents will be ignored
 You've seen an example of `match_element`; here's one for `match_text` which changes strings in various elements which are _not_ `pre` or `code`:
@@ -132,7 +132,7 @@ class MatchText
     SELECTOR
   end
-  def handle_text(text)
+  def handle_text_chunk(text)
     string.sub(/@.+/, "<a href=\"www.yetto.app/#{Regexp.last_match}\">")
   end
 end
@@ -150,8 +150,9 @@ The `element` argument in `handle_element` has the following methods:
 - `remove_attribute`: remove an attribute
 - `attributes`: list all the attributes
 - `ancestors`: list all the ancestors
-- `append(content, content_type)`: appends `content` to the element's inner content, i.e. inserts content right before the element's end tag. `content_type` is either `:text` or `:html` and determines how the content will be applied.
-- `wrap(start_text, end_text, content_type)`: adds `start_text` before an element and `end_text` after an element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `append(content, as: content_type)`: appends `content` to the element's inner content, i.e. inserts content right before the element's end tag. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `before(content, as: content_type)`: Inserts `content` before the element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+- `after(content, as: content_type)`: Inserts `content` after the element. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 - `set_inner_content`: replaces inner content of the element with `content`. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 ## Benchmarks

data/ext/selma/Cargo.toml CHANGED Viewed

@@ -5,7 +5,7 @@ edition = "2021"
 [dependencies]
 enum-iterator = "1.2"
-escapist = "0.0.1"
+escapist = "0.0.2"
 magnus = { git = "https://github.com/matsadler/magnus", rev = "23160f7229ac74c42da1b5096a65ccbc40962697" }
 lol_html = "0.3"

data/ext/selma/src/html/element.rs CHANGED Viewed

@@ -1,8 +1,6 @@
-use std::borrow::Cow;
 use crate::native_ref_wrap::NativeRefWrap;
-use lol_html::html_content::{ContentType, Element};
-use magnus::{exception, method, Error, Module, RArray, RClass, RHash, RString, Symbol};
+use lol_html::html_content::Element;
+use magnus::{exception, method, Error, Module, RArray, RClass, RHash, RString, Value};
 struct HTMLElement {
     element: NativeRefWrap<Element<'static, 'static>>,
@@ -38,6 +36,48 @@ impl SelmaHTMLElement {
         }
     }
+    fn set_tag_name(&self, name: String) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        if let Ok(element) = binding.element.get_mut() {
+            match element.set_tag_name(&name) {
+                Ok(_) => Ok(()),
+                Err(err) => Err(Error::new(exception::runtime_error(), format!("{err:?}"))),
+            }
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`set_tag_name` is not available",
+            ))
+        }
+    }
+    fn is_self_closing(&self) -> Result<bool, Error> {
+        let binding = self.0.borrow();
+        if let Ok(e) = binding.element.get() {
+            Ok(e.is_self_closing())
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`is_self_closing` is not available",
+            ))
+        }
+    }
+    fn has_attribute(&self, attr: String) -> Result<bool, Error> {
+        let binding = self.0.borrow();
+        if let Ok(e) = binding.element.get() {
+            Ok(e.has_attribute(&attr))
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`is_self_closing` is not available",
+            ))
+        }
+    }
     fn get_attribute(&self, attr: String) -> Option<String> {
         let binding = self.0.borrow();
         let element = binding.element.get();
@@ -106,89 +146,108 @@ impl SelmaHTMLElement {
         Ok(array)
     }
-    fn append(&self, text_to_append: String, content_type: Symbol) -> Result<(), Error> {
+    fn before(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
-        let text_str = text_to_append.as_str();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
-        let content_type = Self::find_content_type(content_type);
-        element.append(text_str, content_type);
+        element.before(&text_str, content_type);
         Ok(())
     }
-    fn wrap(
-        &self,
-        start_text: String,
-        end_text: String,
-        content_type: Symbol,
-    ) -> Result<(), Error> {
+    fn after(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
-        let before_content_type = Self::find_content_type(content_type);
-        let after_content_type = Self::find_content_type(content_type);
-        element.before(&start_text, before_content_type);
-        element.after(&end_text, after_content_type);
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        element.after(&text_str, content_type);
         Ok(())
     }
-    fn set_inner_content(&self, text_to_set: String, content_type: Symbol) -> Result<(), Error> {
+    fn prepend(&self, args: &[Value]) -> Result<(), Error> {
         let mut binding = self.0.borrow_mut();
         let element = binding.element.get_mut().unwrap();
-        let text_str = text_to_set.as_str();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        element.prepend(&text_str, content_type);
-        let content_type = Self::find_content_type(content_type);
+        Ok(())
+    }
-        element.set_inner_content(text_str, content_type);
+    fn append(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let element = binding.element.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        element.append(&text_str, content_type);
         Ok(())
     }
-    fn find_content_type(content_type: Symbol) -> ContentType {
-        match content_type.name() {
-            Ok(name) => match name {
-                Cow::Borrowed("as_text") => ContentType::Text,
-                Cow::Borrowed("as_html") => ContentType::Html,
-                _ => Err(Error::new(
-                    exception::runtime_error(),
-                    format!("unknown symbol `{name:?}`"),
-                ))
-                .unwrap(),
-            },
-            Err(err) => Err(Error::new(
-                exception::runtime_error(),
-                format!("Could not unwrap symbol: {err:?}"),
-            ))
-            .unwrap(),
-        }
+    fn set_inner_content(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let element = binding.element.get_mut().unwrap();
+        let (inner_content, content_type) = match crate::scan_text_args(args) {
+            Ok((inner_content, content_type)) => (inner_content, content_type),
+            Err(err) => return Err(err),
+        };
+        element.set_inner_content(&inner_content, content_type);
+        Ok(())
     }
 }
 pub fn init(c_html: RClass) -> Result<(), Error> {
     let c_element = c_html
         .define_class("Element", Default::default())
-        .expect("cannot find class Selma::Element");
+        .expect("cannot find class Selma::HTML::Element");
     c_element.define_method("tag_name", method!(SelmaHTMLElement::tag_name, 0))?;
+    c_element.define_method("tag_name=", method!(SelmaHTMLElement::set_tag_name, 1))?;
+    c_element.define_method(
+        "self_closing?",
+        method!(SelmaHTMLElement::is_self_closing, 0),
+    )?;
     c_element.define_method("[]", method!(SelmaHTMLElement::get_attribute, 1))?;
     c_element.define_method("[]=", method!(SelmaHTMLElement::set_attribute, 2))?;
     c_element.define_method(
         "remove_attribute",
         method!(SelmaHTMLElement::remove_attribute, 1),
     )?;
+    c_element.define_method(
+        "has_attribute?",
+        method!(SelmaHTMLElement::has_attribute, 1),
+    )?;
     c_element.define_method("attributes", method!(SelmaHTMLElement::get_attributes, 0))?;
     c_element.define_method("ancestors", method!(SelmaHTMLElement::get_ancestors, 0))?;
-    c_element.define_method("append", method!(SelmaHTMLElement::append, 2))?;
-    c_element.define_method("wrap", method!(SelmaHTMLElement::wrap, 3))?;
+    c_element.define_method("before", method!(SelmaHTMLElement::before, -1))?;
+    c_element.define_method("after", method!(SelmaHTMLElement::after, -1))?;
+    c_element.define_method("prepend", method!(SelmaHTMLElement::prepend, -1))?;
+    c_element.define_method("append", method!(SelmaHTMLElement::append, -1))?;
     c_element.define_method(
         "set_inner_content",
-        method!(SelmaHTMLElement::set_inner_content, 2),
+        method!(SelmaHTMLElement::set_inner_content, -1),
     )?;
     Ok(())

data/ext/selma/src/html/end_tag.rs CHANGED Viewed

@@ -6,7 +6,7 @@ struct HTMLEndTag {
     end_tag: NativeRefWrap<EndTag<'static>>,
 }
-#[magnus::wrap(class = "Selma::HTML::Element")]
+#[magnus::wrap(class = "Selma::HTML::EndTag")]
 pub struct SelmaHTMLEndTag(std::cell::RefCell<HTMLEndTag>);
 /// SAFETY: This is safe because we only access this data when the GVL is held.
@@ -27,7 +27,7 @@ impl SelmaHTMLEndTag {
 pub fn init(c_html: RClass) -> Result<(), Error> {
     let c_end_tag = c_html
         .define_class("EndTag", Default::default())
-        .expect("cannot find class Selma::EndTag");
+        .expect("cannot find class Selma::HTML::EndTag");
     c_end_tag.define_method("tag_name", method!(SelmaHTMLEndTag::tag_name, 0))?;

data/ext/selma/src/html/text_chunk.rs ADDED Viewed

@@ -0,0 +1,113 @@
+use crate::native_ref_wrap::NativeRefWrap;
+use lol_html::html_content::{TextChunk, TextType};
+use magnus::{exception, method, Error, Module, RClass, Symbol, Value};
+struct HTMLTextChunk {
+    text_chunk: NativeRefWrap<TextChunk<'static>>,
+}
+#[magnus::wrap(class = "Selma::HTML::TextChunk")]
+pub struct SelmaHTMLTextChunk(std::cell::RefCell<HTMLTextChunk>);
+/// SAFETY: This is safe because we only access this data when the GVL is held.
+unsafe impl Send for SelmaHTMLTextChunk {}
+impl SelmaHTMLTextChunk {
+    pub fn new(text_chunk: &mut TextChunk) -> Self {
+        let (ref_wrap, _anchor) = NativeRefWrap::wrap_mut(text_chunk);
+        Self(std::cell::RefCell::new(HTMLTextChunk {
+            text_chunk: ref_wrap,
+        }))
+    }
+    fn to_s(&self) -> Result<String, Error> {
+        let binding = self.0.borrow();
+        if let Ok(tc) = binding.text_chunk.get() {
+            Ok(tc.as_str().to_string())
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`to_s` is not available",
+            ))
+        }
+    }
+    fn text_type(&self) -> Result<Symbol, Error> {
+        let binding = self.0.borrow();
+        if let Ok(tc) = binding.text_chunk.get() {
+            match tc.text_type() {
+                TextType::Data => Ok(Symbol::from("data")),
+                TextType::PlainText => Ok(Symbol::from("plain_text")),
+                TextType::RawText => Ok(Symbol::from("raw_text")),
+                TextType::ScriptData => Ok(Symbol::from("script")),
+                TextType::RCData => Ok(Symbol::from("rc_data")),
+                TextType::CDataSection => Ok(Symbol::from("cdata_section")),
+            }
+        } else {
+            Err(Error::new(
+                exception::runtime_error(),
+                "`text_type` is not available",
+            ))
+        }
+    }
+    fn before(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        text_chunk.before(&text_str, content_type);
+        Ok(())
+    }
+    fn after(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        text_chunk.after(&text_str, content_type);
+        Ok(())
+    }
+    fn replace(&self, args: &[Value]) -> Result<(), Error> {
+        let mut binding = self.0.borrow_mut();
+        let text_chunk = binding.text_chunk.get_mut().unwrap();
+        let (text_str, content_type) = match crate::scan_text_args(args) {
+            Ok((text_str, content_type)) => (text_str, content_type),
+            Err(err) => return Err(err),
+        };
+        text_chunk.replace(&text_str, content_type);
+        Ok(())
+    }
+}
+pub fn init(c_html: RClass) -> Result<(), Error> {
+    let c_text_chunk = c_html
+        .define_class("TextChunk", Default::default())
+        .expect("cannot find class Selma::HTML::TextChunk");
+    c_text_chunk.define_method("to_s", method!(SelmaHTMLTextChunk::to_s, 0))?;
+    c_text_chunk.define_method("content", method!(SelmaHTMLTextChunk::to_s, 0))?;
+    c_text_chunk.define_method("text_type", method!(SelmaHTMLTextChunk::text_type, 0))?;
+    c_text_chunk.define_method("before", method!(SelmaHTMLTextChunk::before, -1))?;
+    c_text_chunk.define_method("after", method!(SelmaHTMLTextChunk::after, -1))?;
+    c_text_chunk.define_method("replace", method!(SelmaHTMLTextChunk::replace, -1))?;
+    Ok(())
+}

data/ext/selma/src/html.rs CHANGED Viewed

@@ -9,9 +9,11 @@ pub fn init(m_selma: RModule) -> Result<(), Error> {
     element::init(c_html).expect("cannot define Selma::HTML::Element class");
     end_tag::init(c_html).expect("cannot define Selma::HTML::EndTag class");
+    text_chunk::init(c_html).expect("cannot define Selma::HTML::TextChunk class");
     Ok(())
 }
 pub mod element;
 pub mod end_tag;
+pub mod text_chunk;

data/ext/selma/src/lib.rs CHANGED Viewed

@@ -1,6 +1,7 @@
 extern crate core;
-use magnus::{define_module, Error};
+use lol_html::html_content::ContentType;
+use magnus::{define_module, exception, scan_args, Error, Symbol, Value};
 pub mod html;
 pub mod native_ref_wrap;
@@ -10,6 +11,32 @@ pub mod selector;
 pub mod tags;
 pub mod wrapped_struct;
+#[allow(clippy::let_unit_value)]
+fn scan_text_args(args: &[Value]) -> Result<(String, ContentType), magnus::Error> {
+    let args = scan_args::scan_args(args)?;
+    let (text,): (String,) = args.required;
+    let _: () = args.optional;
+    let _: () = args.splat;
+    let _: () = args.trailing;
+    let _: () = args.block;
+    let kwargs = scan_args::get_kwargs::<_, (Symbol,), (), ()>(args.keywords, &["as"], &[])?;
+    let as_sym = kwargs.required.0;
+    let as_sym_str = as_sym.name().unwrap();
+    let content_type = if as_sym_str == "text" {
+        ContentType::Text
+    } else if as_sym_str == "html" {
+        ContentType::Html
+    } else {
+        return Err(Error::new(
+            exception::runtime_error(),
+            format!("unknown symbol `{as_sym_str:?}`"),
+        ));
+    };
+    Ok((text, content_type))
+}
 #[magnus::init]
 fn init() -> Result<(), Error> {
     let m_selma = define_module("Selma").expect("cannot define ::Selma module");

data/ext/selma/src/rewriter.rs CHANGED Viewed

@@ -1,6 +1,6 @@
 use lol_html::{
     doc_comments, doctype, element,
-    html_content::{ContentType, Element, EndTag, TextChunk},
+    html_content::{Element, EndTag, TextChunk},
     text, DocumentContentHandlers, ElementContentHandlers, HtmlRewriter, Selector, Settings,
 };
 use magnus::{exception, function, method, scan_args, Module, Object, RArray, RModule, Value};
@@ -8,7 +8,7 @@ use magnus::{exception, function, method, scan_args, Module, Object, RArray, RMo
 use std::{borrow::Cow, cell::RefCell, primitive::str, rc::Rc};
 use crate::{
-    html::{element::SelmaHTMLElement, end_tag::SelmaHTMLEndTag},
+    html::{element::SelmaHTMLElement, end_tag::SelmaHTMLEndTag, text_chunk::SelmaHTMLTextChunk},
     sanitizer::SelmaSanitizer,
     selector::SelmaSelector,
     tags::Tag,
@@ -43,7 +43,7 @@ unsafe impl Send for SelmaRewriter {}
 impl SelmaRewriter {
     const SELMA_ON_END_TAG: &str = "on_end_tag";
     const SELMA_HANDLE_ELEMENT: &str = "handle_element";
-    const SELMA_HANDLE_TEXT: &str = "handle_text";
+    const SELMA_HANDLE_TEXT_CHUNK: &str = "handle_text_chunk";
     /// @yard
     /// @def new(sanitizer: Selma::Sanitizer.new(Selma::Sanitizer::Config::DEFAULT), handlers: [])
@@ -145,7 +145,7 @@ impl SelmaRewriter {
         let _: () = args.trailing;
         let _: () = args.block;
-        let kw = scan_args::get_kwargs::<
+        let kwargs = scan_args::get_kwargs::<
             _,
             (),
             (
@@ -154,7 +154,7 @@ impl SelmaRewriter {
             ),
             (),
         >(args.keywords, &[], &["sanitizer", "handlers"])?;
-        let (rb_sanitizer, rb_handlers) = kw.optional;
+        let (rb_sanitizer, rb_handlers) = kwargs.optional;
         Ok((rb_sanitizer, rb_handlers))
     }
@@ -162,26 +162,22 @@ impl SelmaRewriter {
     /// Perform HTML rewrite sequence.
     fn rewrite(&self, html: String) -> Result<String, magnus::Error> {
         let sanitized_html = match &self.0.borrow().sanitizer {
-            None => html,
+            None => Ok(html),
             Some(sanitizer) => {
-                // due to malicious html crafting
-                // (e.g. <<foo>script>...</script>, or <div <!-- comment -->> as in tests),
-                // we need to run sanitization several times to truly remove unwanted tags,
-                // because lol-html happily accepts this garbage (by design?)
-                let sanitized_html = Self::perform_sanitization(sanitizer, &html).unwrap();
+                let sanitized_html = match Self::perform_sanitization(sanitizer, &html) {
+                    Ok(sanitized_html) => sanitized_html,
+                    Err(err) => return Err(err),
+                };
-                String::from_utf8(sanitized_html).unwrap()
+                String::from_utf8(sanitized_html)
             }
         };
         let binding = self.0.borrow_mut();
         let handlers = &binding.handlers;
-        match Self::perform_handler_rewrite(self, handlers, sanitized_html) {
+        match Self::perform_handler_rewrite(self, handlers, sanitized_html.unwrap()) {
             Ok(rewritten_html) => Ok(String::from_utf8(rewritten_html).unwrap()),
-            Err(err) => Err(magnus::Error::new(
-                exception::runtime_error(),
-                format!("{err:?}"),
-            )),
+            Err(err) => Err(err),
         }
     }
@@ -212,9 +208,10 @@ impl SelmaRewriter {
                         if el.removed() {
                             return Ok(());
                         }
-                        sanitizer.sanitize_attributes(el);
-                        Ok(())
+                        match sanitizer.sanitize_attributes(el) {
+                            Ok(_) => Ok(()),
+                            Err(err) => Err(err.to_string().into()),
+                        }
                     })],
                     // TODO: allow for MemorySettings to be defined
                     ..Settings::default()
@@ -341,7 +338,7 @@ impl SelmaRewriter {
                     let mut stack = closure_element_stack.as_ref().borrow_mut();
                     stack.pop();
                     Ok(())
-                });
+                })?;
                 Ok(())
             }));
         });
@@ -375,13 +372,14 @@ impl SelmaRewriter {
     ) -> Result<(), magnus::Error> {
         // if `on_end_tag` function is defined, call it
         if rb_handler.respond_to(Self::SELMA_ON_END_TAG, true).unwrap() {
+            // TODO: error here is an "EndTagError"
             element.on_end_tag(move |end_tag| {
                 let rb_end_tag = SelmaHTMLEndTag::new(end_tag);
-                rb_handler
-                    .funcall::<_, _, Value>(Self::SELMA_ON_END_TAG, (rb_end_tag,))
-                    .unwrap();
-                Ok(())
+                match rb_handler.funcall::<_, _, Value>(Self::SELMA_ON_END_TAG, (rb_end_tag,)) {
+                    Ok(_) => Ok(()),
+                    Err(err) => Err(err.to_string().into()),
+                }
             });
         }
@@ -390,40 +388,30 @@ impl SelmaRewriter {
             rb_handler.funcall::<_, _, Value>(Self::SELMA_HANDLE_ELEMENT, (rb_element,));
         match rb_result {
             Ok(_) => Ok(()),
-            Err(err) => Err(magnus::Error::new(
-                exception::runtime_error(),
-                format!("{err:?}"),
-            )),
+            Err(err) => Err(err),
         }
     }
-    fn process_text_handlers(rb_handler: Value, text: &mut TextChunk) -> Result<(), magnus::Error> {
-        // prevents missing `handle_text` function
-        let content = text.as_str();
+    fn process_text_handlers(
+        rb_handler: Value,
+        text_chunk: &mut TextChunk,
+    ) -> Result<(), magnus::Error> {
+        // prevents missing `handle_text_chunk` function
+        let content = text_chunk.as_str();
         // seems that sometimes lol-html returns blank text / EOLs?
         if content.is_empty() {
             return Ok(());
         }
-        let rb_result = rb_handler.funcall::<_, _, String>(Self::SELMA_HANDLE_TEXT, (content,));
-        if rb_result.is_err() {
-            return Err(magnus::Error::new(
-                exception::type_error(),
-                format!(
-                    "Expected #{:?} to return a string: {:?}",
-                    Self::SELMA_HANDLE_TEXT,
-                    rb_result.err().unwrap()
-                ),
-            ));
+        let rb_text_chunk = SelmaHTMLTextChunk::new(text_chunk);
+        match rb_handler.funcall::<_, _, Value>(Self::SELMA_HANDLE_TEXT_CHUNK, (rb_text_chunk,)) {
+            Ok(_) => Ok(()),
+            Err(err) => Err(magnus::Error::new(
+                exception::runtime_error(),
+                format!("{err:?}"),
+            )),
         }
-        let new_content = rb_result.unwrap();
-        // TODO: can this be an option?
-        text.replace(&new_content, ContentType::Html);
-        Ok(())
     }
 }

data/ext/selma/src/sanitizer.rs CHANGED Viewed

@@ -1,12 +1,10 @@
-use std::{borrow::BorrowMut, cell::RefMut, collections::HashMap};
+use std::{borrow::BorrowMut, collections::HashMap};
-use lol_html::html_content::{Comment, ContentType, Doctype, Element, EndTag};
-use magnus::{
-    class, exception, function, method, scan_args, Error, Module, Object, RArray, RHash, RModule,
-    Value,
+use lol_html::{
+    errors::AttributeNameError,
+    html_content::{Comment, ContentType, Doctype, Element, EndTag},
 };
-use crate::tags::Tag;
+use magnus::{class, function, method, scan_args, Module, Object, RArray, RHash, RModule, Value};
 #[derive(Clone, Debug)]
 struct ElementSanitizer {
@@ -16,9 +14,21 @@ struct ElementSanitizer {
     protocol_sanitizers: HashMap<String, Vec<String>>,
 }
+impl Default for ElementSanitizer {
+    fn default() -> Self {
+        ElementSanitizer {
+            allowed_attrs: vec![],
+            allowed_classes: vec![],
+            required_attrs: vec![],
+            protocol_sanitizers: HashMap::new(),
+        }
+    }
+}
 #[derive(Clone, Debug)]
 pub struct Sanitizer {
-    flags: [u8; Tag::TAG_COUNT],
+    flags: [u8; crate::tags::Tag::TAG_COUNT],
     allowed_attrs: Vec<String>,
     allowed_classes: Vec<String>,
     element_sanitizers: HashMap<String, ElementSanitizer>,
@@ -39,7 +49,7 @@ impl SelmaSanitizer {
     const SELMA_SANITIZER_REMOVE_CONTENTS: u8 = (1 << 2);
     const SELMA_SANITIZER_WRAP_WHITESPACE: u8 = (1 << 3);
-    pub fn new(arguments: &[Value]) -> Result<Self, Error> {
+    pub fn new(arguments: &[Value]) -> Result<Self, magnus::Error> {
         let args = scan_args::scan_args::<(), (Option<RHash>,), (), (), (), ()>(arguments)?;
         let (opt_config,): (Option<RHash>,) = args.optional;
@@ -50,19 +60,16 @@ impl SelmaSanitizer {
         };
         let mut element_sanitizers = HashMap::new();
-        Tag::html_tags().iter().for_each(|html_tag| {
-            let es = ElementSanitizer {
-                allowed_attrs: vec![],
-                allowed_classes: vec![],
-                required_attrs: vec![],
-                protocol_sanitizers: HashMap::new(),
-            };
-            element_sanitizers.insert(Tag::element_name_from_enum(html_tag).to_string(), es);
+        crate::tags::Tag::html_tags().iter().for_each(|html_tag| {
+            let es = ElementSanitizer::default();
+            element_sanitizers.insert(
+                crate::tags::Tag::element_name_from_enum(html_tag).to_string(),
+                es,
+            );
         });
         Ok(Self(std::cell::RefCell::new(Sanitizer {
-            flags: [0; Tag::TAG_COUNT],
+            flags: [0; crate::tags::Tag::TAG_COUNT],
             allowed_attrs: vec![],
             allowed_classes: vec![],
             element_sanitizers,
@@ -74,7 +81,7 @@ impl SelmaSanitizer {
         })))
     }
-    fn get_config(&self) -> Result<RHash, Error> {
+    fn get_config(&self) -> Result<RHash, magnus::Error> {
         let binding = self.0.borrow();
         Ok(binding.config)
@@ -82,7 +89,7 @@ impl SelmaSanitizer {
     /// Toggle a sanitizer option on or off.
     fn set_flag(&self, tag_name: String, flag: u8, set: bool) {
-        let tag = Tag::tag_from_tag_name(tag_name.as_str());
+        let tag = crate::tags::Tag::tag_from_tag_name(tag_name.as_str());
         if set {
             self.0.borrow_mut().flags[tag.index] |= flag;
         } else {
@@ -93,13 +100,19 @@ impl SelmaSanitizer {
     /// Toggles all sanitization options on or off.
     fn set_all_flags(&self, flag: u8, set: bool) {
         if set {
-            Tag::html_tags().iter().enumerate().for_each(|(iter, _)| {
-                self.0.borrow_mut().flags[iter] |= flag;
-            });
+            crate::tags::Tag::html_tags()
+                .iter()
+                .enumerate()
+                .for_each(|(iter, _)| {
+                    self.0.borrow_mut().flags[iter] |= flag;
+                });
         } else {
-            Tag::html_tags().iter().enumerate().for_each(|(iter, _)| {
-                self.0.borrow_mut().flags[iter] &= flag;
-            });
+            crate::tags::Tag::html_tags()
+                .iter()
+                .enumerate()
+                .for_each(|(iter, _)| {
+                    self.0.borrow_mut().flags[iter] &= flag;
+                });
         }
     }
@@ -111,8 +124,8 @@ impl SelmaSanitizer {
     pub fn escape_tagfilter(&self, e: &mut Element) -> bool {
         if self.0.borrow().escape_tagfilter {
-            let tag = Tag::tag_from_element(e);
-            if Tag::is_tag_escapeworthy(tag) {
+            let tag = crate::tags::Tag::tag_from_element(e);
+            if crate::tags::Tag::is_tag_escapeworthy(tag) {
                 e.remove();
                 return true;
             }
@@ -162,7 +175,8 @@ impl SelmaSanitizer {
             let allowed_attrs = &mut binding.allowed_attrs;
             Self::set_allowed(allowed_attrs, &attr_name, allow);
         } else {
-            let element_sanitizer = Self::get_mut_element_sanitizer(&mut binding, &element_name);
+            let element_sanitizers = &mut binding.element_sanitizers;
+            let element_sanitizer = Self::get_element_sanitizer(element_sanitizers, &element_name);
             element_sanitizer.allowed_attrs.push(attr_name);
         }
@@ -176,7 +190,8 @@ impl SelmaSanitizer {
             let allowed_classes = &mut binding.allowed_classes;
             Self::set_allowed(allowed_classes, &class_name, allow);
         } else {
-            let element_sanitizer = Self::get_mut_element_sanitizer(&mut binding, &element_name);
+            let element_sanitizers = &mut binding.element_sanitizers;
+            let element_sanitizer = Self::get_element_sanitizer(element_sanitizers, &element_name);
             let allowed_classes = element_sanitizer.allowed_classes.borrow_mut();
             Self::set_allowed(allowed_classes, &class_name, allow)
@@ -187,9 +202,10 @@ impl SelmaSanitizer {
     fn set_allowed_protocols(&self, element_name: String, attr_name: String, allow_list: RArray) {
         let mut binding = self.0.borrow_mut();
-        let element_sanitizer = Self::get_mut_element_sanitizer(&mut binding, &element_name);
+        let element_sanitizers = &mut binding.element_sanitizers;
+        let element_sanitizer = Self::get_element_sanitizer(element_sanitizers, &element_name);
-        let protocol_sanitizers = element_sanitizer.protocol_sanitizers.borrow_mut();
+        let protocol_sanitizers = &mut element_sanitizer.protocol_sanitizers.borrow_mut();
         for opt_allowed_protocol in allow_list.each() {
             let allowed_protocol = opt_allowed_protocol.unwrap();
@@ -229,10 +245,16 @@ impl SelmaSanitizer {
         }
     }
-    pub fn sanitize_attributes(&self, element: &mut Element) -> Result<(), magnus::Error> {
-        let binding = self.0.borrow_mut();
-        let tag = Tag::tag_from_element(element);
-        let element_sanitizer = Self::get_element_sanitizer(&binding, &element.tag_name());
+    pub fn sanitize_attributes(&self, element: &mut Element) -> Result<(), AttributeNameError> {
+        let tag = crate::tags::Tag::tag_from_element(element);
+        let tag_name = &element.tag_name();
+        let element_sanitizer = {
+            let mut binding = self.0.borrow_mut();
+            let element_sanitizers = &mut binding.element_sanitizers;
+            Self::get_element_sanitizer(element_sanitizers, tag_name).clone()
+        };
+        let binding = self.0.borrow();
         // FIXME: This is a hack to get around the fact that we can't borrow
         let attribute_map: HashMap<String, String> = element
@@ -255,26 +277,30 @@ impl SelmaSanitizer {
             let x = escapist::unescape_html(trimmed.as_bytes());
             let unescaped_attr_val = String::from_utf8_lossy(&x).to_string();
-            if !Self::should_keep_attribute(
+            let should_keep_attrubute = match Self::should_keep_attribute(
                 &binding,
                 element,
-                element_sanitizer,
+                &element_sanitizer,
                 attr_name,
                 &unescaped_attr_val,
             ) {
+                Ok(should_keep) => should_keep,
+                Err(e) => {
+                    return Err(e);
+                }
+            };
+            if !should_keep_attrubute {
                 element.remove_attribute(attr_name);
             } else {
                 // Prevent the use of `<meta>` elements that set a charset other than UTF-8,
                 // since output is always UTF-8.
-                if Tag::is_meta(tag) {
+                if crate::tags::Tag::is_meta(tag) {
                     if attr_name == "charset" && unescaped_attr_val != "utf-8" {
                         match element.set_attribute(attr_name, "utf-8") {
                             Ok(_) => {}
-                            Err(_) => {
-                                return Err(magnus::Error::new(
-                                    exception::runtime_error(),
-                                    format!("Unable to change {attr_name:?}"),
-                                ));
+                            Err(err) => {
+                                return Err(err);
                             }
                         }
                     }
@@ -282,13 +308,17 @@ impl SelmaSanitizer {
                     let mut buf = String::new();
                     // ...then, escape any special characters, for security
                     if attr_name == "href" {
-                        // FIXME: gross--------------vvvv
-                        escapist::escape_href(&mut buf, unescaped_attr_val.to_string().as_str());
+                        escapist::escape_href(&mut buf, unescaped_attr_val.as_str());
                     } else {
-                        escapist::escape_html(&mut buf, unescaped_attr_val.to_string().as_str());
+                        escapist::escape_html(&mut buf, unescaped_attr_val.as_str());
                     };
-                    element.set_attribute(attr_name, &buf);
+                    match element.set_attribute(attr_name, &buf) {
+                        Ok(_) => {}
+                        Err(err) => {
+                            return Err(err);
+                        }
+                    }
                 }
             }
         }
@@ -308,12 +338,12 @@ impl SelmaSanitizer {
     }
     fn should_keep_attribute(
-        binding: &RefMut<Sanitizer>,
+        binding: &Sanitizer,
         element: &mut Element,
         element_sanitizer: &ElementSanitizer,
         attr_name: &String,
         attr_val: &String,
-    ) -> bool {
+    ) -> Result<bool, AttributeNameError> {
         let mut allowed: bool = false;
         let element_allowed_attrs = element_sanitizer.allowed_attrs.contains(attr_name);
         let sanitizer_allowed_attrs = binding.allowed_attrs.contains(attr_name);
@@ -327,7 +357,7 @@ impl SelmaSanitizer {
         }
         if !allowed {
-            return false;
+            return Ok(false);
         }
         let protocol_sanitizer_values = element_sanitizer.protocol_sanitizers.get(attr_name);
@@ -335,32 +365,29 @@ impl SelmaSanitizer {
             None => {
                 // has a protocol, but no sanitization list
                 if !attr_val.is_empty() && Self::has_protocol(attr_val) {
-                    return false;
+                    return Ok(false);
                 }
             }
             Some(protocol_sanitizer_values) => {
                 if !attr_val.is_empty()
                     && !Self::has_allowed_protocol(protocol_sanitizer_values, attr_val)
                 {
-                    return false;
+                    return Ok(false);
                 }
             }
         }
-        if attr_name == "class"
-            && !Self::sanitize_class_attribute(
+        if attr_name == "class" {
+            return Self::sanitize_class_attribute(
                 binding,
                 element,
                 element_sanitizer,
                 attr_name,
                 attr_val,
-            )
-            .unwrap()
-        {
-            return false;
+            );
         }
-        true
+        Ok(true)
     }
     fn has_protocol(attr_val: &str) -> bool {
@@ -398,12 +425,12 @@ impl SelmaSanitizer {
     }
     fn sanitize_class_attribute(
-        binding: &RefMut<Sanitizer>,
+        binding: &Sanitizer,
         element: &mut Element,
         element_sanitizer: &ElementSanitizer,
         attr_name: &str,
         attr_val: &str,
-    ) -> Result<bool, Error> {
+    ) -> Result<bool, lol_html::errors::AttributeNameError> {
         let allowed_global = &binding.allowed_classes;
         let mut valid_classes: Vec<String> = vec![];
@@ -431,28 +458,25 @@ impl SelmaSanitizer {
         match element.set_attribute(attr_name, valid_classes.join(" ").as_str()) {
             Ok(_) => Ok(true),
-            Err(err) => Err(Error::new(
-                exception::runtime_error(),
-                format!("AttributeNameError: {err:?}"),
-            )),
+            Err(err) => Err(err),
         }
     }
     pub fn allow_element(&self, element: &mut Element) -> bool {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let flags: u8 = self.0.borrow().flags[tag.index];
         (flags & Self::SELMA_SANITIZER_ALLOW) == 0
     }
     pub fn try_remove_element(&self, element: &mut Element) -> bool {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let flags: u8 = self.0.borrow().flags[tag.index];
         let should_remove = !element.removed() && self.allow_element(element);
         if should_remove {
-            if Tag::has_text_content(tag) {
+            if crate::tags::Tag::has_text_content(tag) {
                 Self::remove_element(
                     element,
                     tag.self_closing,
@@ -465,7 +489,7 @@ impl SelmaSanitizer {
             Self::check_if_end_tag_needs_removal(element);
         } else {
             // anything in <iframe> must be removed, if it's kept
-            if Tag::is_iframe(tag) {
+            if crate::tags::Tag::is_iframe(tag) {
                 if self.0.borrow().flags[tag.index] != 0 {
                     element.set_inner_content(" ", ContentType::Text);
                 } else {
@@ -497,14 +521,14 @@ impl SelmaSanitizer {
     }
     pub fn force_remove_element(&self, element: &mut Element) {
-        let tag = Tag::tag_from_element(element);
+        let tag = crate::tags::Tag::tag_from_element(element);
         let self_closing = tag.self_closing;
         Self::remove_element(element, self_closing, Self::SELMA_SANITIZER_REMOVE_CONTENTS);
         Self::check_if_end_tag_needs_removal(element);
     }
     fn check_if_end_tag_needs_removal(element: &mut Element) {
-        if element.removed() && !Tag::tag_from_element(element).self_closing {
+        if element.removed() && !crate::tags::Tag::tag_from_element(element).self_closing {
             element
                 .on_end_tag(move |end| {
                     Self::remove_end_tag(end);
@@ -519,21 +543,16 @@ impl SelmaSanitizer {
     }
     fn get_element_sanitizer<'a>(
-        binding: &'a RefMut<Sanitizer>,
-        element_name: &str,
-    ) -> &'a ElementSanitizer {
-        binding.element_sanitizers.get(element_name).unwrap()
-    }
-    fn get_mut_element_sanitizer<'a>(
-        binding: &'a mut Sanitizer,
+        element_sanitizers: &'a mut HashMap<String, ElementSanitizer>,
         element_name: &str,
     ) -> &'a mut ElementSanitizer {
-        binding.element_sanitizers.get_mut(element_name).unwrap()
+        element_sanitizers
+            .entry(element_name.to_string())
+            .or_insert_with(ElementSanitizer::default)
     }
 }
-pub fn init(m_selma: RModule) -> Result<(), Error> {
+pub fn init(m_selma: RModule) -> Result<(), magnus::Error> {
     let c_sanitizer = m_selma.define_class("Sanitizer", Default::default())?;
     c_sanitizer.define_singleton_method("new", function!(SelmaSanitizer::new, -1))?;

data/ext/selma/src/tags.rs CHANGED Viewed

@@ -192,14 +192,17 @@ impl Tag {
     /// Is this tag something which needs to be removed?
     pub fn is_tag_escapeworthy(tag: Tag) -> bool {
         tag.index == HTMLTag::TITLE as usize
-            || tag.index == HTMLTag::TEXTAREA as usize
-            || tag.index == HTMLTag::STYLE as usize
-            || tag.index == HTMLTag::XMP as usize
             || tag.index == HTMLTag::IFRAME as usize
+            || tag.index == HTMLTag::MATH as usize
             || tag.index == HTMLTag::NOEMBED as usize
             || tag.index == HTMLTag::NOFRAMES as usize
-            || tag.index == HTMLTag::SCRIPT as usize
+            || tag.index == HTMLTag::NOSCRIPT as usize
             || tag.index == HTMLTag::PLAINTEXT as usize
+            || tag.index == HTMLTag::SCRIPT as usize
+            || tag.index == HTMLTag::STYLE as usize
+            || tag.index == HTMLTag::SVG as usize
+            || tag.index == HTMLTag::TEXTAREA as usize
+            || tag.index == HTMLTag::XMP as usize
     }
     pub const ESCAPEWORTHY_TAGS_CSS: &str =

data/lib/selma/3.1/selma.so CHANGED Viewed

Binary file

data/lib/selma/sanitizer/config/default.rb CHANGED Viewed

@@ -3,6 +3,10 @@
 module Selma
   class Sanitizer
     module Config
+      # although there are many more protocol types, eg., ftp, xmpp, etc.,
+      # these are the only ones that are allowed by default
+      VALID_PROTOCOLS = ["http", "https", "mailto", :relative]
       DEFAULT = freeze_config(
         # Whether or not to allow HTML comments. Allowing comments is strongly
         # discouraged, since IE allows script execution within conditional

data/lib/selma/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Selma
-  VERSION = "0.0.3"
+  VERSION = "0.0.5"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: selma
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.5
 platform: x64-mingw-ucrt
 authors:
 - Garen J. Torikian
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-24 00:00:00.000000000 Z
+date: 2022-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rb_sys
@@ -81,6 +81,7 @@ files:
 - ext/selma/src/html.rs
 - ext/selma/src/html/element.rs
 - ext/selma/src/html/end_tag.rs
+- ext/selma/src/html/text_chunk.rs
 - ext/selma/src/lib.rs
 - ext/selma/src/native_ref_wrap.rs
 - ext/selma/src/rewriter.rs