svg_conform 0.1.1 → 0.1.2

data/lib/svg_conform/requirements/link_validation_requirement.rb

@@ -45,6 +45,36 @@ module SvgConform
         end
       end
 
+      def validate_sax_element(element, context)
+        # Check href attributes
+        href_value = element.raw_attributes["href"] || element.raw_attributes["xlink:href"]
+
+        if href_value && !ascii_only?(href_value)
+          context.add_error(
+            requirement_id: id,
+            message: "Link href '#{href_value}' contains non-ASCII characters",
+            node: element,
+            severity: :error
+          )
+        end
+
+        # Check other IRI attributes
+        iri_attributes = %w[src action formaction cite longdesc usemap]
+        iri_attributes.each do |attr_name|
+          iri_value = element.raw_attributes[attr_name]
+          next unless iri_value
+
+          next if ascii_only?(iri_value)
+
+          context.add_error(
+            requirement_id: id,
+            message: "IRI attribute '#{attr_name}' value '#{iri_value}' contains non-ASCII characters",
+            node: element,
+            severity: :error
+          )
+        end
+      end
+
       private
 
       def ascii_only?(string)

data/lib/svg_conform/requirements/namespace_attributes_requirement.rb

@@ -41,6 +41,65 @@ module SvgConform
         end
       end
 
+      def validate_sax_element(element, context)
+        # Skip validation for exempt elements (e.g., RDF metadata elements)
+        return if exempt_elements.include?(element.name)
+
+        # Check all attributes for namespace violations
+        element.attributes.each do |attr|
+          check_sax_attribute(attr, element, context)
+        end
+      end
+
+      private
+
+      def check_sax_attribute(attr, element, context)
+        attr_name = attr.name
+
+        # Check if this is a namespaced attribute by looking for colon in name
+        return unless attr_name.include?(":")
+
+        prefix, = attr_name.split(":", 2)
+
+        # Find the namespace URI for this prefix by walking up parent chain
+        namespace_uri = find_namespace_uri_sax(element, prefix)
+        return unless namespace_uri
+
+        # Determine if this namespace is invalid based on configuration
+        invalid_namespace = if allowed_namespaces.empty?
+                             # Blacklist mode: disallowed namespaces are forbidden
+                             disallowed_namespaces.include?(namespace_uri)
+                           else
+                             # Whitelist mode: only allowed namespaces are permitted
+                             !allowed_namespaces.include?(namespace_uri)
+                           end
+
+        return unless invalid_namespace
+
+        context.add_error(
+          requirement_id: id,
+          message: "Element '#{element.name}' does not allow attributes with namespace '#{namespace_uri}'",
+          node: element,
+          severity: :error,
+          data: { attribute: attr_name, namespace: namespace_uri }
+        )
+      end
+
+      def find_namespace_uri_sax(element, prefix)
+        # Check current element and ancestors for xmlns:prefix declarations
+        current = element
+        while current
+          # Check for xmlns:prefix attribute in raw_attributes
+          xmlns_value = current.raw_attributes["xmlns:#{prefix}"]
+          return xmlns_value if xmlns_value
+
+          # Move to parent
+          current = current.parent
+        end
+
+        nil
+      end
+
       private
 
       def check_attribute_nodes(node, context)

data/lib/svg_conform/requirements/namespace_requirement.rb

@@ -190,8 +190,82 @@ module SvgConform
         )
       end
 
+      def validate_sax_element(element, context)
+        # Check if this element has a namespace
+        element_namespace = get_element_namespace_sax(element)
+
+        # Skip if no namespace (default SVG namespace)
+        return if element_namespace.nil? || element_namespace.empty?
+
+        # Check against allowed namespaces if configured
+        # If allow_rdf_metadata is enabled, also allow RDF namespaces
+        effective_allowed_namespaces = allowed_namespaces
+        if allow_rdf_metadata
+          effective_allowed_namespaces = allowed_namespaces + RDF_NAMESPACES
+        end
+
+        if effective_allowed_namespaces && !effective_allowed_namespaces.empty? && !effective_allowed_namespaces.include?(element_namespace)
+          context.add_error(
+            requirement_id: id,
+            message: "The namespace #{element_namespace} is not permitted for svg elements.",
+            node: element,
+            severity: :error,
+            data: {
+              element_name: element.name,
+              namespace: element_namespace,
+              allowed_namespaces: effective_allowed_namespaces
+            }
+          )
+          return
+        end
+
+        # Check against disallowed namespaces if configured
+        return unless disallowed_namespaces && !disallowed_namespaces.empty? && disallowed_namespaces.include?(element_namespace)
+
+        context.add_error(
+          requirement_id: id,
+          message: "The namespace #{element_namespace} is not permitted for svg elements.",
+          node: element,
+          severity: :error,
+          data: {
+            element_name: element.name,
+            namespace: element_namespace,
+            disallowed_namespaces: disallowed_namespaces
+          }
+        )
+      end
+
       private
 
+      def get_element_namespace_sax(element)
+        # Try to get namespace from the element
+        namespace = element.namespace
+        return namespace if namespace && !namespace.empty?
+
+        # If no namespace found, check if element has a prefix (indicating it's namespaced)
+        if element.name.include?(":")
+          prefix = element.name.split(":").first
+          return find_namespace_uri_for_prefix_sax(element, prefix)
+        end
+
+        nil
+      end
+
+      def find_namespace_uri_for_prefix_sax(element, prefix)
+        # Check current element and ancestors for namespace declarations
+        current = element
+        while current
+          # Check for xmlns:prefix attribute
+          xmlns_attr = "xmlns:#{prefix}"
+          return current.raw_attributes[xmlns_attr] if current.raw_attributes[xmlns_attr]
+
+          # Move to parent
+          current = current.parent
+        end
+
+        nil
+      end
+
       def check_all_elements(document, context)
         # Recursively check all elements in the document
         traverse_elements(document.root, context)

data/lib/svg_conform/requirements/no_external_css_requirement.rb

@@ -44,6 +44,17 @@ module SvgConform
           has_style_attribute?(node)
       end
 
+      def validate_sax_element(element, context)
+        case element.name
+        when "style"
+          check_style_element_sax(element, context) if check_style_elements
+        when "link"
+          check_link_element_sax(element, context) if check_link_elements
+        else
+          check_style_attribute_sax(element, context) if check_style_attributes
+        end
+      end
+
       private
 
       def check_style_element(node, context)
@@ -109,6 +120,69 @@ module SvgConform
         )
       end
 
+      def check_style_element_sax(element, context)
+        # Check for @import rules in style elements
+        content = element.text_content
+
+        if content =~ /@import\s+url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i
+          url = ::Regexp.last_match(1)
+          unless allowed_url?(url)
+            context.add_error(
+              requirement_id: id,
+              message: "External CSS import not allowed: #{url}",
+              node: element,
+              severity: :error
+            )
+          end
+        end
+
+        return unless content =~ /@import\s+['"]([^'"]+)['"]/i
+
+        url = ::Regexp.last_match(1)
+        return if allowed_url?(url)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External CSS import not allowed: #{url}",
+          node: element,
+          severity: :error
+        )
+      end
+
+      def check_link_element_sax(element, context)
+        rel = element.raw_attributes["rel"]
+        href = element.raw_attributes["href"]
+
+        return unless rel&.downcase == "stylesheet" && href
+
+        return if allowed_url?(href)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External CSS link not allowed: #{href}",
+          node: element,
+          severity: :error
+        )
+      end
+
+      def check_style_attribute_sax(element, context)
+        style_value = element.raw_attributes["style"]
+        return unless style_value
+
+        # Check for url() references in style attributes
+        return unless style_value =~ /url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i
+
+        url = ::Regexp.last_match(1)
+        return if allowed_url?(url)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External URL reference in style attribute not allowed: #{url}",
+          node: element,
+          severity: :error
+        )
+      end
+
       def has_style_attribute?(node)
         !get_attribute(node, "style").nil?
       end

data/lib/svg_conform/requirements/no_external_fonts_requirement.rb

@@ -41,6 +41,17 @@ module SvgConform
           has_style_attribute?(node)
       end
 
+      def validate_sax_element(element, context)
+        case element.name
+        when "style"
+          check_style_element_sax(element, context) if check_style_fonts
+        when "font-face"
+          check_font_face_element_sax(element, context) if check_font_face
+        else
+          check_style_attribute_sax(element, context) if check_style_fonts
+        end
+      end
+
       private
 
       def check_style_element(node, context)
@@ -100,6 +111,53 @@ module SvgConform
         )
       end
 
+      def check_style_element_sax(element, context)
+        # Check for @font-face with external src in style elements
+        content = element.text_content
+
+        # Match @font-face blocks
+        content.scan(/@font-face\s*\{([^}]+)\}/m) do |match|
+          font_face_content = match[0]
+
+          # Check for src with url() that is not data: URI
+          if font_face_content =~ /src\s*:\s*url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i
+            url = ::Regexp.last_match(1)
+            unless embedded_font?(url)
+              context.add_error(
+                requirement_id: id,
+                message: "External font reference not allowed: #{url}. Fonts must be embedded as data URIs.",
+                node: element,
+                severity: :error
+              )
+            end
+          end
+        end
+      end
+
+      def check_font_face_element_sax(element, context)
+        # Note: For SAX, we can't traverse children yet
+        # This would need to be handled differently or deferred
+        # For now, skip XPath-based checking in SAX mode
+      end
+
+      def check_style_attribute_sax(element, context)
+        style_value = element.raw_attributes["style"]
+        return unless style_value
+
+        # Check for font-family with url() references
+        return unless style_value =~ /font-family\s*:\s*.*url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i
+
+        url = ::Regexp.last_match(1)
+        return if embedded_font?(url)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External font URL in style attribute not allowed: #{url}. Fonts must be embedded as data URIs.",
+          node: element,
+          severity: :error
+        )
+      end
+
       def has_style_attribute?(node)
         !get_attribute(node, "style").nil?
       end

data/lib/svg_conform/requirements/no_external_images_requirement.rb

@@ -37,6 +37,15 @@ module SvgConform
         node.name == "image" || has_style_attribute?(node)
       end
 
+      def validate_sax_element(element, context)
+        case element.name
+        when "image"
+          check_image_element_sax(element, context) if check_image_elements
+        else
+          check_style_attribute_sax(element, context) if check_style_images
+        end
+      end
+
       private
 
       def check_image_element(node, context)
@@ -70,6 +79,37 @@ module SvgConform
         end
       end
 
+      def check_image_element_sax(element, context)
+        # Check href and xlink:href attributes
+        href = element.raw_attributes["href"] || element.raw_attributes["xlink:href"]
+        return unless href && !embedded_image?(href)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External image reference not allowed: #{href}. Images must be embedded as data URIs.",
+          node: element,
+          severity: :error
+        )
+      end
+
+      def check_style_attribute_sax(element, context)
+        style_value = element.raw_attributes["style"]
+        return unless style_value
+
+        # Check for url() references to images in background, background-image, etc.
+        style_value.scan(/url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i) do
+          url = ::Regexp.last_match(1)
+          next if embedded_image?(url)
+
+          context.add_error(
+            requirement_id: id,
+            message: "External image URL in style attribute not allowed: #{url}. Images must be embedded as data URIs.",
+            node: element,
+            severity: :error
+          )
+        end
+      end
+
       def has_style_attribute?(node)
         !get_attribute(node, "style").nil?
       end

data/lib/svg_conform/requirements/style_requirement.rb

@@ -43,6 +43,18 @@ module SvgConform
         check_style_properties(style_value, node, context)
       end
 
+      def validate_sax_element(element, context)
+        style_value = element.raw_attributes["style"]
+        return unless style_value
+        return if style_value.strip.empty?
+
+        # 1. Check for malformed style syntax
+        check_malformed_syntax(style_value, element, context)
+
+        # 2. Check for allowed/disallowed properties and validate their values
+        check_style_properties(style_value, element, context)
+      end
+
       private
 
       def check_malformed_syntax(style_value, node, context)

data/lib/svg_conform/requirements/viewbox_required_requirement.rb

@@ -83,6 +83,78 @@ module SvgConform
         )
       end
 
+      def validate_sax_element(element, context)
+        # Only check the root SVG element
+        return unless element.name == "svg" && element.parent.nil?
+
+        viewbox = element.raw_attributes["viewBox"]
+
+        if viewbox.nil? || viewbox.empty?
+          context.add_error(
+            requirement_id: id,
+            message: "SVG root element must have a viewBox attribute",
+            node: element,
+            severity: :error,
+            data: { missing_attribute: "viewBox" }
+          )
+
+          # Add informational message about calculated viewBox if width/height are present
+          width = element.raw_attributes["width"]
+          height = element.raw_attributes["height"]
+
+          if width && height && valid_number?(width) && valid_number?(height)
+            calculated_viewbox = "0 0 #{width.to_f} #{height.to_f}"
+            context.add_error(
+              requirement_id: id,
+              message: "Trying to put in the attribute with value '#{calculated_viewbox}'",
+              node: element,
+              severity: :error,
+              data: {
+                calculated_viewbox: calculated_viewbox,
+                source_width: width,
+                source_height: height
+              }
+            )
+          end
+          return
+        end
+
+        # Validate viewBox format (should be "min-x min-y width height")
+        normalized_viewbox = viewbox.strip.gsub(/[(),]/, " ").squeeze(" ")
+        parts = normalized_viewbox.strip.split(/\s+/)
+        unless parts.length == 4 && parts.all? { |part| valid_number?(part) }
+          context.add_error(
+            requirement_id: id,
+            message: "viewBox attribute must contain four numeric values (min-x min-y width height)",
+            node: element,
+            severity: :error,
+            data: {
+              viewbox_value: viewbox,
+              parsed_parts: parts
+            }
+          )
+          return
+        end
+
+        # Check that width and height are positive
+        width = parts[2].to_f
+        height = parts[3].to_f
+
+        return unless width <= 0 || height <= 0
+
+        context.add_error(
+          requirement_id: id,
+          message: "viewBox width and height must be positive values",
+          node: element,
+          severity: :error,
+          data: {
+            viewbox_value: viewbox,
+            width: width,
+            height: height
+          }
+        )
+      end
+
       private
 
       def valid_number?(str)

data/lib/svg_conform/sax_document.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "nokogiri"
+require_relative "sax_validation_handler"
+
+module SvgConform
+  # SAX-based document for streaming validation
+  # Provides high-performance validation for large SVG files
+  # without loading entire DOM tree into memory
+  class SaxDocument
+    attr_reader :file_path, :content
+
+    def self.from_file(file_path)
+      new(File.read(file_path), file_path)
+    end
+
+    def self.from_content(content)
+      new(content, nil)
+    end
+
+    def initialize(content, file_path = nil)
+      @content = content
+      @file_path = file_path
+    end
+
+    # Validate using SAX streaming parser
+    def validate_with_profile(profile)
+      handler = SaxValidationHandler.new(profile)
+      parser = Nokogiri::XML::SAX::Parser.new(handler)
+      
+      begin
+        parser.parse(@content)
+      rescue StandardError => e
+        # Handle parse errors
+        handler.add_parse_error(e)
+      end
+      
+      handler.result
+    end
+
+    # For compatibility - convert to DOM when needed
+    def to_dom
+      Document.from_content(@content)
+    end
+  end
+end

data/lib/svg_conform/sax_validation_handler.rb

@@ -0,0 +1,158 @@
+# frozen_string_literal: true
+
+require "nokogiri"
+require_relative "element_proxy"
+require_relative "validation_context"
+require_relative "validation_result"
+
+module SvgConform
+  # SAX event handler for streaming SVG validation
+  # Processes XML events and dispatches to requirements
+  class SaxValidationHandler < Nokogiri::XML::SAX::Document
+    attr_reader :result, :context
+
+    def initialize(profile)
+      @profile = profile
+      @element_stack = []  # Track parent-child hierarchy
+      @path_stack = []  # Current element path
+      @position_counters = []  # Stack of sibling counters per level
+      @parse_errors = []
+      @result = nil  # Will be set in end_document
+
+      # Create validation context (without document reference for SAX)
+      @context = create_sax_context
+
+      # Classify requirements into immediate vs deferred
+      @immediate_requirements = []
+      @deferred_requirements = []
+      classify_requirements
+    end
+
+    # SAX Event: Document start
+    def start_document
+      # Initialize root level counters
+      @position_counters.push({})
+    end
+
+    # SAX Event: Element start tag
+    def start_element(name, attributes = [])
+      attrs = Hash[attributes]
+
+      # Calculate position among siblings at current level
+      current_counters = @position_counters.last || {}
+      current_counters[name] ||= 0
+      current_counters[name] += 1
+      position = current_counters[name]
+
+      # Build element proxy
+      element = ElementProxy.new(
+        name: name,
+        attributes: attrs,
+        position: position,
+        path: @path_stack.dup,
+        parent: @element_stack.last
+      )
+
+      # Push to stacks
+      @element_stack.push(element)
+      @path_stack.push("#{name}[#{position}]")
+      @position_counters.push({})  # New level for this element's children
+
+      # Validate with immediate requirements
+      @immediate_requirements.each do |req|
+        req.validate_sax_element(element, @context)
+      end
+
+      # Deferred requirements may need to collect data
+      @deferred_requirements.each do |req|
+        req.collect_sax_data(element, @context) if req.respond_to?(:collect_sax_data)
+      end
+    end
+
+    # SAX Event: Element end tag
+    def end_element(name)
+      @element_stack.pop
+      @path_stack.pop
+      @position_counters.pop
+    end
+
+    # SAX Event: Text content
+    def characters(string)
+      return if @element_stack.empty?
+      @element_stack.last.text_content << string
+    end
+
+    # SAX Event: Document complete
+    def end_document
+      # Run deferred validation
+      @deferred_requirements.each do |req|
+        req.validate_sax_complete(@context)
+      end
+
+      # Create result
+      @result = ValidationResult.new(nil, @profile, @context)
+    end
+
+    # SAX Event: Parse error
+    def error(error_message)
+      @parse_errors << error_message
+    end
+
+    # SAX Event: Warning
+    def warning(warning_message)
+      # Can log warnings if needed
+    end
+
+    # Handle parse errors
+    def add_parse_error(error)
+      @context.add_error(
+        node: nil,
+        message: "Parse error: #{error.message}",
+        requirement_id: "parse_error",
+        severity: :error
+      )
+    end
+
+    # Get result (will be nil until end_document called)
+    def result
+      @result || create_incomplete_result
+    end
+
+    private
+
+    def create_incomplete_result
+      # Return result even if parsing incomplete
+      ValidationResult.new(nil, @profile, @context)
+    end
+
+    # Create a SAX-compatible validation context
+    def create_sax_context
+      # Create context without triggering DOM operations
+      context = ValidationContext.allocate
+      context.instance_variable_set(:@document, nil)
+      context.instance_variable_set(:@profile, @profile)
+      context.instance_variable_set(:@errors, [])
+      context.instance_variable_set(:@warnings, [])
+      context.instance_variable_set(:@validity_errors, [])
+      context.instance_variable_set(:@infos, [])
+      context.instance_variable_set(:@data, {})
+      context.instance_variable_set(:@structurally_invalid_node_ids, Set.new)
+      context.instance_variable_set(:@node_id_cache, {})
+      context.instance_variable_set(:@cache_populated, true)  # Skip population for SAX
+      context
+    end
+
+    # Classify requirements based on validation needs
+    def classify_requirements
+      return unless @profile.requirements
+
+      @profile.requirements.each do |req|
+        if req.respond_to?(:needs_deferred_validation?) && req.needs_deferred_validation?
+          @deferred_requirements << req
+        else
+          @immediate_requirements << req
+        end
+      end
+    end
+  end
+end