text_helpers 0.3.2 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f610ed6fbdfcc77dc691a49ec829c6476a061f08
4
- data.tar.gz: 244695c5fe67c660b3c140d75a68c4deb5f3e529
3
+ metadata.gz: e0042dc19e9deddd4e91c467ee37e19dd35f0b2f
4
+ data.tar.gz: 1e39637937fe563fe9b6e81ce05a08fd7f4626f8
5
5
  SHA512:
6
- metadata.gz: 1bad27e3bf042294009be3a0924c761e9ddac5ff51024a32032cf4d2b9f5a7dc586a17b77258e45b9211690ee55245fe74e5c45b870ed6af5df8f8c2944884e6
7
- data.tar.gz: 4450a67219284ab29a6d8f6cded17ce561764ae274f1804c45304d4e77795b0d623658821d9bc29dd1602c0a2d64b88a072e02294d9d68f21f356f6091fa7e11
6
+ metadata.gz: 8f1e1554ca7e1f236cc374ea9858c4105fa8cbeba0553a81b3284733a04865c5ca5b65d477d1224d7c9936d1851e5a1e6ab04ad5800e1ec24ea80d994fc3453d
7
+ data.tar.gz: 32a613528353df4ee8379fd2bd62b74573e3e1a014d1f3a8dfbcb8a9f34f8bb3871ea041254448c51f1d2799421b6748b121c1414d872712cfcc49b3bb08d636
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # TextHelpers
2
2
 
3
- `TextHelpers` is a library intended to make working with static text in Rails
3
+ `TextHelpers` is a library intended to make working with static text in Rails
4
4
  projects as painless as possible.
5
5
 
6
6
  Include it in your `Gemfile` with:
@@ -11,9 +11,9 @@ gem "text_helpers"
11
11
 
12
12
  ## Suggested Use
13
13
 
14
- All static text should be placed in locale files, in a directory
15
- structure mirroring the app directory structure. The text for
16
- `app/views/some/_partial.html.haml` would go in
14
+ All static text should be placed in locale files, in a directory
15
+ structure mirroring the app directory structure. The text for
16
+ `app/views/some/_partial.html.haml` would go in
17
17
  `config/locales/views/some/partial.en.yml`, for example. This is not a strict
18
18
  requirement, but will go a long way toward keeping your locales easily
19
19
  maintainable.
@@ -35,10 +35,10 @@ used for variable text.
35
35
  ### In Views
36
36
 
37
37
  To access this text in views, two helpers are available, `text` and `html`.
38
- Both helpers take a lookup key, used to identify the desired piece of text,
38
+ Both helpers take a lookup key, used to identify the desired piece of text,
39
39
  and an argument hash, which is forwarded to the `I18n.t` call.
40
40
 
41
- `text` returns the requested text, with special values interpolated, and made
41
+ `text` returns the requested text, with special values interpolated, and made
42
42
  html_safe (so HTML can be used here, when absolutely necessary).
43
43
 
44
44
  `html` parses the requested text using Markdown, making it useful for rendering
@@ -53,6 +53,19 @@ HTML entities for common cases.
53
53
  If you want to render a small fragment of Markdown without `p` tag wrappers,
54
54
  you can pass `inline: true` as an option to `html`.
55
55
 
56
+ `text` and `html` will escape all arguments passed to it in order to prevent XSS
57
+ attacks. If you want to pass html content, you should ensure you mark it as .html_safe
58
+
59
+ Example: `text('welcome_user', username)` will escape html characters in username
60
+ ```ruby
61
+ Welcome <b>Bob</b>
62
+ ```
63
+
64
+ Example: `text('welcome_user', username.html_safe)` will output html characters in username
65
+ ```ruby
66
+ Welcome <b>Bob</b>
67
+ ```
68
+
56
69
  ### In Controllers
57
70
 
58
71
  The same helpers are available in controllers, with the translation scope based
@@ -61,7 +74,7 @@ used for flash messages or alerts of some kind.
61
74
 
62
75
  ## Testing
63
76
 
64
- Some shared `RSpec` contexts are available to allow the same locale
77
+ Some shared `RSpec` contexts are available to allow the same locale
65
78
  abstractions for testing. You can include these contexts with:
66
79
 
67
80
  ```
@@ -23,7 +23,7 @@ module TextHelpers
23
23
  text = I18n.t(key, {
24
24
  scope: self.translation_scope,
25
25
  default: "!#{key}!"
26
- }.merge(options)).strip
26
+ }.merge(html_safe_options(options))).strip
27
27
 
28
28
  # Interpolate any keypaths (e.g., `!some.lookup.path/key!`) found in the text.
29
29
  while text =~ /!([\w._\/]+)!/ do
@@ -82,5 +82,17 @@ module TextHelpers
82
82
  def translation_scope
83
83
  raise NotImplementedError
84
84
  end
85
+
86
+ # Protected: Convert all passed in arguments into html-safe strings
87
+ #
88
+ # hash - a set of key-value pairs, which converts the second argument into an html-safe string
89
+ #
90
+ # Returns a hash
91
+ def html_safe_options(hash)
92
+ hash.inject({}) do |result, (key, value)|
93
+ result[key] = ERB::Util.h(value)
94
+ result
95
+ end
96
+ end
85
97
  end
86
98
  end
@@ -1,3 +1,3 @@
1
1
  module TextHelpers
2
- VERSION = "0.3.2"
2
+ VERSION = "0.4.0"
3
3
  end
@@ -26,7 +26,9 @@ describe TextHelpers::Translation do
26
26
  list_key: "* #{@scoped_text}",
27
27
  interpolated_key: "Global? (!test_key!)",
28
28
  recursive_key: "Recursively !test.interpolated_key!",
29
- quoted_key: "They're looking for \"#{@global_text}\"--#{@scoped_text}"
29
+ quoted_key: "They're looking for \"#{@global_text}\"--#{@scoped_text}",
30
+ argument_key: "This is what %{user} said",
31
+ number_key: "120\""
30
32
  }
31
33
  }
32
34
  end
@@ -101,6 +103,26 @@ describe TextHelpers::Translation do
101
103
  it "automatically converts quotes and dashes to clean HTML replacements" do
102
104
  assert_equal "<p>They&rsquo;re looking for &ldquo;#{@global_text}&rdquo;&ndash;#{@nb_scoped_text}</p>\n", @helper.html(:quoted_key)
103
105
  end
106
+
107
+ it "converts to straight quotes in the general case" do
108
+ assert_equal "120&quot;", @helper.text(:number_key) # 120"
109
+ end
110
+
111
+ it "handles i18n arguments" do
112
+ assert_equal "This is what Han Solo said", @helper.text(:argument_key, user: "Han Solo")
113
+ end
114
+
115
+ it "handles i18n arguments which are not strings" do
116
+ assert_equal "This is what 1234 said", @helper.text(:argument_key, user: 1234)
117
+ end
118
+
119
+ it "handles i18n arguments which are not html-safe" do
120
+ assert_equal "This is what &lt;b&gt;Han&lt;/b&gt; Solo said", @helper.text(:argument_key, user: "<b>Han</b> Solo")
121
+ end
122
+
123
+ it "handles i18n arguments which are html-safe" do
124
+ assert_equal "This is what <b>Han</b> Solo said", @helper.text(:argument_key, user: "<b>Han</b> Solo".html_safe)
125
+ end
104
126
  end
105
127
 
106
128
  describe "when no valid scope is provided" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: text_helpers
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Horner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-21 00:00:00.000000000 Z
11
+ date: 2014-10-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport