sinatra_more 0.1.9 → 0.1.10

data/README.rdoc

@@ -114,6 +114,7 @@ methods should be very familiar to anyone who has used rails view helpers.
 
 * <tt>form_tag(url, options={}, &block)</tt>
   * Constructs a form without object based on options
+  * Supports form methods 'put' and 'delete' through hidden field
   * <tt>form_tag('/register', :class => 'example') { ... }</tt>
 * <tt>field_set_tag(*args, &block)</tt>
   * Constructs a field_set to group fields with given options
@@ -126,6 +127,9 @@ methods should be very familiar to anyone who has used rails view helpers.
   * Constructs a label tag from the given options
   * <tt>label_tag :username, :class => 'long-label'</tt>
   * <tt>label_tag(:username, :class => 'blocked-label') { ... }</tt>
+* <tt>hidden_field_tag(name, options={})</tt>
+  * Constructs a hidden field input from the given options
+  * <tt>hidden_field_tag :session_key, :value => 'secret'</tt>
 * <tt>text_field_tag(name, options={})</tt>
   * Constructs a text field input from the given options
   * <tt>text_field_tag :username, :class => 'long'</tt>
@@ -144,7 +148,7 @@ methods should be very familiar to anyone who has used rails view helpers.
 
 A form_tag might look like:
 
-  - form_tag '/login', :class => 'login-form' do
+  - form_tag '/destroy', :class => 'destroy-form', :method => 'delete' do
     = flash_tag(:notice)
     - field_set_tag do
       %p
@@ -154,7 +158,7 @@ A form_tag might look like:
         = label_tag :password, :class => 'first'
         = password_field_tag :password, :value => params[:password]
     - field_set_tag(:class => 'buttons') do
-      = submit_tag "Login"
+      = submit_tag "Remove"
     
 ==== FormBuilders
 
@@ -171,6 +175,8 @@ The following are fields provided by AbstractFormBuilder that can be used within
   * <tt>f.label :name, :class => 'long'</tt>
 * <tt>text_field(field, options={})</tt>
   * <tt>f.text_field :username, :class => 'long'</tt>
+* <tt>hidden_field(field, options={})</tt>
+  * <tt>f.hidden_field :session_id, :class => 'hidden'</tt>
 * <tt>text_area(field, options={})</tt>
   * <tt>f.text_area :summary, :class => 'long'</tt>
 * <tt>password_field(field, options={})</tt>
@@ -228,6 +234,8 @@ and would generate this html:
 
 ==== Format Helpers
 
+* <tt>escape_html</tt> (alias <tt>h</tt> and <tt>h!</tt>)
+  * (from RackUtils) Escape ampersands, brackets and quotes to their HTML/XML entities.
 * <tt>relative_time_ago(date)</tt>
   * Returns relative time in words referencing the given date
   * <tt>relative_time_ago(2.days.ago)</tt> => "2 days ago"

data/TODO

@@ -5,21 +5,17 @@
   * Take advantage of shared strategies: http://github.com/hassox/warden_strategies/tree/master/lib/
   * Make warden password strategy support a callback which explains what to do with username, password
   * WardenPlugin.authenticate_callback { |username, password| User.authenticate(username, password) }
-* Remove dependency on activesupport! and enumerate dependencies in rakefile
 * Add support for missing formhelpers/fields (check_box, radio_button, ...)
-* Add support for forms with method => put, delete using hidden field
 * Look into creating sinatra generators using rubigen (http://github.com/drnic/rubigen)
   * http://github.com/quirkey/sinatra-gen
 * Look into adding any missing helpers from:
-  * http://github.com/sbfaulkner/sinatra-helpers/tree/master/lib/sinatra-helpers/haml/
-  * http://github.com/sbfaulkner/sinatra-helpers/blob/master/lib/sinatra-helpers/html/escape.rb
-  * http://github.com/sbfaulkner/sinatra-helpers/blob/master/lib/sinatra-helpers/haml/links.rb
-  * http://github.com/kelredd/sinatra-helpers/tree/master/lib/sinatra_helpers/mailer/
   * http://github.com/kelredd/sinatra-helpers/blob/master/lib/sinatra_helpers/erb/links.rb
   * http://github.com/kelredd/sinatra-helpers/blob/master/lib/sinatra_helpers/erb/forms.rb
 
 = COMPLETED
 
+* Add support for forms with method => put, delete using hidden field
+* Remove dependency on activesupport! and enumerate dependencies in rakefile (as much as possible, need inflectors)
 * Pull from sinatra-helpers and make erb templates work (and credit keldredd)
   * http://github.com/kelredd/sinatra-helpers/tree/master/lib/sinatra_helpers/erb/
 * fix content_block_tag to eliminate need for concat option

data/VERSION

@@ -1 +1 @@
-0.1.9
+0.1.10

data/lib/sinatra_more/markup_plugin/form_builder/abstract_form_builder.rb

@@ -1,83 +1,89 @@
 class AbstractFormBuilder
   attr_accessor :template, :object
-  
+
   def initialize(template, object)
     raise "FormBuilder template must be initialized!" unless template
     raise "FormBuilder object must be initialized!" unless object
     @template = template
     @object   = object
   end
-  
+
   # f.error_messages
   def error_messages(options={})
     @template.error_messages_for(@object, options)
   end
-  
+
   # f.label :username, :caption => "Nickname"
   def label(field, options={})
     options.reverse_merge!(:caption => field.to_s.titleize)
     @template.label_tag(field_id(field), options)
   end
-  
+
+  # f.hidden_field :session_id, :value => "45"
+  def hidden_field(field, options={})
+    options.reverse_merge!(:value => field_value(field), :id => field_id(field))
+    @template.hidden_field_tag field_name(field), options
+  end
+
   # f.text_field :username, :value => "(blank)", :id => 'username'
   def text_field(field, options={})
     options.reverse_merge!(:value => field_value(field), :id => field_id(field))
     @template.text_field_tag field_name(field), options
   end
-  
+
   # f.text_area :summary, :value => "(enter summary)", :id => 'summary'
   def text_area(field, options={})
     options.reverse_merge!(:value => field_value(field), :id => field_id(field))
     @template.text_area_tag field_name(field), options
   end
-  
+
   # f.password_field :password, :id => 'password'
   def password_field(field, options={})
     options.reverse_merge!(:value => field_value(field), :id => field_id(field))
     @template.password_field_tag field_name(field), options
   end
-  
+
   # f.file_field(:photo, :class => 'avatar')
   def file_field(field, options={})
     options.reverse_merge!(:id => field_id(field))
     @template.file_field_tag field_name(field), options
   end
-  
+
   # f.submit "Update", :class => 'large'
   def submit(caption="Submit", options={})
     @template.submit_tag caption, options
   end
-  
+
   protected
-  
+
   # Returns the known field types for a formbuilder
   def self.field_types
-    [:text_field, :text_area, :password_field, :file_field]
+    [:text_field, :text_area, :password_field, :file_field, :hidden_field]
   end
-  
+
   private
-  
+
   # Returns the object's models name
   #   => user_assignment
   def object_name
     object.class.to_s.underscore
   end
-  
+
   # Returns the value for the object's field
   # field_value(:username) => "Joey"
   def field_value(field)
     @object && @object.respond_to?(field) ? @object.send(field) : ""
   end
-  
+
   # Returns the name for the given field
   # field_name(:username) => "user[username]"
   def field_name(field)
     "#{object_name}[#{field}]"
   end
-  
+
   # Returns the id for the given field
   # field_id(:username) => "user_username"
   def field_id(field)
     "#{object_name}_#{field}"
   end
-end
+end

data/lib/sinatra_more/markup_plugin/form_builder/standard_form_builder.rb

@@ -4,7 +4,7 @@ class StandardFormBuilder < AbstractFormBuilder
   # text_area_block(:username, { :class => 'long' }, { :class => 'wide-label' })
   # password_field_block(:username, { :class => 'long' }, { :class => 'wide-label' })
   # file_field_block(:username, { :class => 'long' }, { :class => 'wide-label' })
-  self.field_types.each do |field_type|
+  (self.field_types - [:hidden_field]).each do |field_type|
     class_eval <<-EOF
     def #{field_type}_block(field, options={}, label_options={})
       label_options.reverse_merge!(:caption => options.delete(:caption)) if options[:caption]

data/lib/sinatra_more/markup_plugin/form_helpers.rb

@@ -3,22 +3,20 @@ module SinatraMore
     # Constructs a form for object using given or default form_builder
     # form_for @user, '/register', :id => 'register' do |f| ... end
     def form_for(object, url, settings={}, &block)
-      default_builder = self.respond_to?(:options) && self.options.default_builder
-      configured_builder = settings[:builder] || default_builder || 'StandardFormBuilder'
-      configured_builder = configured_builder.constantize if configured_builder.is_a?(String)
-      settings.reverse_merge!(:method => 'post', :action => url)
-      settings[:enctype] = "multipart/form-data" if settings.delete(:multipart)
-      form_html = capture_html(configured_builder.new(self, object), &block)
-      concat_content content_tag('form', form_html, settings)
+      builder_class = configured_form_builder_class(settings[:builder])
+      form_html = capture_html(builder_class.new(self, object), &block)
+      form_tag(url, settings) { form_html }
     end
 
     # Constructs a form without object based on options
     # form_tag '/register' do ... end
     def form_tag(url, options={}, &block)
       options.reverse_merge!(:method => 'post', :action => url)
-      concat_content content_tag('form', capture_html(&block), options)
+      options[:enctype] = "multipart/form-data" if options.delete(:multipart)
+      inner_form_html = hidden_form_method_field(options[:method]) + capture_html(&block)
+      concat_content content_tag('form', inner_form_html, options)
     end
-    
+
     # Constructs a field_set to group fields with given options
     # field_set_tag("Office", :class => 'office-set')
     # parameters: legend_text=nil, options={}
@@ -56,6 +54,13 @@ module SinatraMore
       end
     end
 
+    # Constructs a hidden field input from the given options
+    # hidden_field_tag :session_key, :value => "__secret__"
+    def hidden_field_tag(name, options={})
+      options.reverse_merge!(:name => name)
+      input_tag(:hidden, options)
+    end
+
     # Constructs a text field input from the given options
     # text_field_tag :username, :class => 'long'
     def text_field_tag(name, options={})
@@ -90,5 +95,28 @@ module SinatraMore
       options.reverse_merge!(:value => caption)
       input_tag(:submit, options)
     end
+
+    protected
+
+    # returns the hidden method field for 'put' and 'delete' forms
+    # Only 'get' and 'post' are allowed within browsers;
+    # 'put' and 'delete' are just specified using hidden fields with form action still 'put'.
+    # hidden_form_method_field('delete') => <input name="_method" value="delete" />
+    def hidden_form_method_field(desired_method)
+      return '' if (desired_method =~ /get|post/)
+      original_method = desired_method.dup
+      desired_method.replace('post')
+      hidden_field_tag(:_method, :value => original_method)
+    end
+
+    # Returns the FormBuilder class to use based on all available setting sources
+    # If explicitly defined, returns that, otherwise returns defaults
+    # configured_form_builder_class(nil) => StandardFormBuilder
+    def configured_form_builder_class(explicit_builder=nil)
+      default_builder = self.respond_to?(:options) && self.options.default_builder
+      configured_builder = explicit_builder || default_builder || 'StandardFormBuilder'
+      configured_builder = configured_builder.constantize if configured_builder.is_a?(String)
+      configured_builder
+    end
   end
 end

data/lib/sinatra_more/markup_plugin/format_helpers.rb

@@ -1,6 +1,19 @@
 module SinatraMore
   module FormatHelpers
-    
+
+    # Returns escaped text to protect against malicious content
+    def h(text)
+      Rack::Utils.escape_html(text)
+    end
+    alias escape_html h
+
+    # Returns escaped text to protect against malicious content
+    # Returns blank if the text is empty
+    def h!(text, blank_text = ' ')
+      return blank_text if text.nil? || text.empty?
+      h text
+    end
+
     # Returns relative time in words referencing the given date
     # relative_time_ago(Time.now)
     def relative_time_ago(date)

data/sinatra_more.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{sinatra_more}
-  s.version = "0.1.9"
+  s.version = "0.1.10"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Nathan Esquenazi"]

data/test/fixtures/markup_app/app.rb

@@ -43,6 +43,7 @@ end
 
 class MarkupUser
   def errors; Errors.new; end
+  def session_id; 45; end
 end
 
 class Errors < Array

data/test/fixtures/markup_app/views/form_for.erb

@@ -1,5 +1,6 @@
 <% form_for MarkupUser.new, '/demo', :id => 'demo' do |f| %>
   <%= f.error_messages(:header_message => "custom MarkupUser cannot be saved!") %>
+  <%= f.hidden_field :session_id %>
   <p>
     <%= f.label :username, :caption => "Login", :class => 'user-label' %>
     <%= f.text_field :username, :class => 'user-text', :value => "John" %>
@@ -25,6 +26,7 @@
 
 <% form_for MarkupUser.new, '/another_demo', :id => 'demo2', :method => 'get' do |f| %>
   <%= f.error_messages :header_message => "custom MarkupUser cannot be saved!" %>
+  <%= f.hidden_field :session_id %>
   <%= f.text_field_block :username, { :class => 'input' }, { :caption => 'Nickname', :class => 'label' } %>
   <%= f.password_field_block :code, { :class => 'input' } %>
   <%= f.text_area_block :about, { :class => 'textarea' } %>

data/test/fixtures/markup_app/views/form_for.haml

@@ -1,5 +1,6 @@
 - form_for MarkupUser.new, '/demo', :id => 'demo' do |f|
   = f.error_messages(:header_message => "custom MarkupUser cannot be saved!")
+  = f.hidden_field :session_id
   %p
     = f.label :username, :caption => "Login", :class => 'user-label'
     = f.text_field :username, :class => 'user-text', :value => "John"
@@ -20,6 +21,7 @@
 
 - form_for MarkupUser.new, '/another_demo', :id => 'demo2', :method => 'get' do |f|
   = f.error_messages :header_message => "custom MarkupUser cannot be saved!"
+  = f.hidden_field :session_id
   = f.text_field_block :username, { :class => 'input' }, { :caption => 'Nickname', :class => 'label' }
   = f.password_field_block :code, { :class => 'input' }
   = f.text_area_block :about, { :class => 'textarea' }

data/test/fixtures/markup_app/views/form_tag.erb

@@ -1,5 +1,6 @@
 <% form_tag '/simple', :class => 'simple-form' do %>
   <%= error_messages_for(nil) %>
+  <%= hidden_field_tag :session_id, :value => "__secret__" %>
   <% field_set_tag do %>
     <%= label_tag :username %>
     <%= text_field_tag :username %>
@@ -11,6 +12,7 @@
 
 <% form_tag '/advanced', :id => 'advanced', :class => 'advanced-form', :method => 'get' do %>
   <%= error_messages_for MarkupUser.new, :header_message => "There are problems with saving user!" %>
+  <%= hidden_field_tag :session_id, :value => "__secret__" %>
   <% field_set_tag "Advanced", :class => 'advanced-field-set' do %>
     <p>
       <%= label_tag :username, :class => 'first', :caption => "Nickname" %>

data/test/fixtures/markup_app/views/form_tag.haml

@@ -1,6 +1,7 @@
 - form_tag '/simple', :class => 'simple-form' do
   = error_messages_for nil
   - field_set_tag do
+    = hidden_field_tag :session_id, :value => "__secret__"
     = label_tag :username
     = text_field_tag :username
     = label_tag :password
@@ -9,6 +10,7 @@
 
 - form_tag '/advanced', :id => 'advanced', :class => 'advanced-form', :method => 'get' do
   = error_messages_for MarkupUser.new, :header_message => "There are problems with saving user!"
+  = hidden_field_tag :session_id, :value => "__secret__"
   - field_set_tag "Advanced", :class => 'advanced-field-set' do
     %p
       = label_tag :username, :class => 'first', :caption => "Nickname"

data/test/markup_plugin/test_form_builder.rb

@@ -9,7 +9,7 @@ class TestFormBuilder < Test::Unit::TestCase
   end
 
   def setup
-    @user = stub(:errors => stub(:full_messages => ["1", "2"], :none? => false), :class => 'User', :first_name => "Joe")
+    @user = stub(:errors => stub(:full_messages => ["1", "2"], :none? => false), :class => 'User', :first_name => "Joe", :session_id => 54)
     @user_none = stub(:errors => stub(:none? => true), :class => 'User')
   end
 
@@ -19,8 +19,21 @@ class TestFormBuilder < Test::Unit::TestCase
 
   context 'for #form_for method' do
     should "display correct form html" do
-      actual_html = form_for(@user, '/register', :id => 'register') { "Demo" }
-      assert_has_tag('form', :action => '/register', :id => 'register', :content => "Demo") { actual_html }
+      actual_html = form_for(@user, '/register', :id => 'register', :method => 'post') { "Demo" }
+      assert_has_tag('form', :action => '/register', :id => 'register', :method => 'post', :content => "Demo") { actual_html }
+      assert_has_tag('form input[type=hidden]', :name => '_method', :count => 0) { actual_html } # no method action field
+    end
+
+    should "display correct form html with method :post" do
+      actual_html = form_for(@user, '/update', :method => 'put') { "Demo" }
+      assert_has_tag('form', :action => '/update', :method => 'post') { actual_html }
+      assert_has_tag('form input', :type => 'hidden', :name => "_method", :value => 'put') { actual_html }
+    end
+
+    should "display correct form html with method :delete" do
+      actual_html = form_for(@user, '/destroy', :method => 'delete') { "Demo" }
+      assert_has_tag('form', :action => '/destroy', :method => 'post') { actual_html }
+      assert_has_tag('form input', :type => 'hidden', :name => "_method", :value => 'delete') { actual_html }
     end
 
     should "display correct form html with multipart" do
@@ -106,6 +119,25 @@ class TestFormBuilder < Test::Unit::TestCase
     end
   end
 
+  context 'for #hidden_field method' do
+    should "display correct hidden field html" do
+      actual_html = standard_builder.hidden_field(:session_id, :class => 'hidden')
+      assert_has_tag('input.hidden[type=hidden]', :value => "54", :id => 'user_session_id', :name => 'user[session_id]') { actual_html }
+    end
+
+    should "display correct hidden field in haml" do
+      visit '/haml/form_for'
+      assert_have_selector '#demo input[type=hidden]', :id => 'markup_user_session_id', :value => "45"
+      assert_have_selector '#demo2 input', :type => 'hidden', :name => 'markup_user[session_id]'
+    end
+
+    should "display correct hidden field in erb" do
+      visit '/erb/form_for'
+      assert_have_selector '#demo input[type=hidden]', :id => 'markup_user_session_id', :value => "45"
+      assert_have_selector '#demo2 input', :type => 'hidden', :name => 'markup_user[session_id]'
+    end
+  end
+
   context 'for #text_field method' do
     should "display correct text field html" do
       actual_html = standard_builder.text_field(:first_name, :class => 'large')
@@ -115,13 +147,13 @@ class TestFormBuilder < Test::Unit::TestCase
     should "display correct text field in haml" do
       visit '/haml/form_for'
       assert_have_selector '#demo input.user-text[type=text]', :id => 'markup_user_username', :value => "John"
-      assert_have_selector '#demo2 input', :class => 'input', :name => 'markup_user[username]'
+      assert_have_selector '#demo2 input', :type => 'text', :class => 'input', :name => 'markup_user[username]'
     end
 
     should "display correct text field in erb" do
       visit '/erb/form_for'
       assert_have_selector '#demo input.user-text[type=text]', :id => 'markup_user_username', :value => "John"
-      assert_have_selector '#demo2 input', :class => 'input', :name => 'markup_user[username]'
+      assert_have_selector '#demo2 input', :type => 'text', :class => 'input', :name => 'markup_user[username]'
     end
   end
 

data/test/markup_plugin/test_form_helpers.rb

@@ -10,15 +10,33 @@ class TestFormHelpers < Test::Unit::TestCase
 
   context 'for #form_tag method' do
     should "display correct forms in ruby" do
-      actual_html = form_tag('/register', :class => 'test', :action => "hello") { "Demo" }
+      actual_html = form_tag('/register', :class => 'test', :method => "post") { "Demo" }
       assert_has_tag(:form, :class => "test") { actual_html }
+      assert_has_tag('form input', :type => 'hidden', :name => '_method', :count => 0) { actual_html }
     end
-    
-    should "display correct inputs in ruby for form_tag" do
-      actual_html = form_tag('/register', :class => 'test', :action => "hello") { text_field_tag(:username) }
+
+    should "display correct text inputs within form_tag" do
+      actual_html = form_tag('/register', :class => 'test') { text_field_tag(:username) }
       assert_has_tag('form input', :type => 'text', :name => "username") { actual_html }
     end
 
+    should "display correct form with method :put" do
+      actual_html = form_tag('/update', :class => 'put-form', :method => "put") { "Demo" }
+      assert_has_tag(:form, :class => "put-form", :method => 'post') { actual_html }
+      assert_has_tag('form input', :type => 'hidden', :name => "_method", :value => 'put') { actual_html }
+    end
+
+    should "display correct form with method :delete" do
+      actual_html = form_tag('/remove', :class => 'delete-form', :method => "delete") { "Demo" }
+      assert_has_tag(:form, :class => "delete-form", :method => 'post') { actual_html }
+      assert_has_tag('form input', :type => 'hidden', :name => "_method", :value => 'delete') { actual_html }
+    end
+
+    should "display correct form with multipart encoding" do
+      actual_html = form_tag('/remove', :multipart => true) { "Demo" }
+      assert_has_tag(:form, :enctype => "multipart/form-data") { actual_html }
+    end
+
     should "display correct forms in erb" do
       visit '/erb/form_tag'
       assert_have_selector 'form.simple-form', :action => '/simple'
@@ -124,6 +142,25 @@ class TestFormHelpers < Test::Unit::TestCase
     end
   end
 
+  context 'for #hidden_field_tag method' do
+    should "display hidden field in ruby" do
+      actual_html = hidden_field_tag(:session_key, :id => 'session_id', :value => '56768')
+      assert_has_tag(:input, :type => 'hidden', :id => "session_id", :name => 'session_key', :value => '56768') { actual_html }
+    end
+
+    should "display hidden field in erb" do
+      visit '/erb/form_tag'
+      assert_have_selector 'form.simple-form input[type=hidden]', :count => 1, :name => 'session_id', :value => "__secret__"
+      assert_have_selector 'form.advanced-form input[type=hidden]', :count => 1, :name => 'session_id', :value => "__secret__"
+    end
+
+    should "display hidden field in haml" do
+      visit '/haml/form_tag'
+      assert_have_selector 'form.simple-form input[type=hidden]', :count => 1, :name => 'session_id', :value => "__secret__"
+      assert_have_selector 'form.advanced-form input[type=hidden]', :count => 1, :name => 'session_id', :value => "__secret__"
+    end
+  end
+
   context 'for #text_field_tag method' do
     should "display text field in ruby" do
       actual_html = text_field_tag(:username, :class => 'long')

data/test/markup_plugin/test_format_helpers.rb

@@ -8,6 +8,23 @@ class TestFormatHelpers < Test::Unit::TestCase
 
   include SinatraMore::FormatHelpers
 
+  context 'for #h and #h! method' do
+    should "escape the simple html" do
+      assert_equal '&lt;h1&gt;hello&lt;/h1&gt;', h('<h1>hello</h1>')
+      assert_equal '&lt;h1&gt;hello&lt;/h1&gt;', escape_html('<h1>hello</h1>')
+    end
+    should "escape all brackets, quotes and ampersands" do
+      assert_equal '&lt;h1&gt;&lt;&gt;&quot;&amp;demo&amp;&quot;&lt;&gt;&lt;/h1&gt;', h('<h1><>"&demo&"<></h1>')
+    end
+    should "return default text if text is empty" do
+      assert_equal 'default', h!("", "default")
+      assert_equal '&nbsp;', h!("")
+    end
+    should "return text escaped if not empty" do
+      assert_equal '&lt;h1&gt;hello&lt;/h1&gt;', h!('<h1>hello</h1>')
+    end
+  end
+
   context 'for #relative_time_ago method' do
     should "display today" do
       assert_equal 'today', relative_time_ago(Time.now)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: sinatra_more
 version: !ruby/object:Gem::Version 
-  version: 0.1.9
+  version: 0.1.10
 platform: ruby
 authors: 
 - Nathan Esquenazi