text_helpers 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f610ed6fbdfcc77dc691a49ec829c6476a061f08
4
- data.tar.gz: 244695c5fe67c660b3c140d75a68c4deb5f3e529
3
+ metadata.gz: e0042dc19e9deddd4e91c467ee37e19dd35f0b2f
4
+ data.tar.gz: 1e39637937fe563fe9b6e81ce05a08fd7f4626f8
5
5
  SHA512:
6
- metadata.gz: 1bad27e3bf042294009be3a0924c761e9ddac5ff51024a32032cf4d2b9f5a7dc586a17b77258e45b9211690ee55245fe74e5c45b870ed6af5df8f8c2944884e6
7
- data.tar.gz: 4450a67219284ab29a6d8f6cded17ce561764ae274f1804c45304d4e77795b0d623658821d9bc29dd1602c0a2d64b88a072e02294d9d68f21f356f6091fa7e11
6
+ metadata.gz: 8f1e1554ca7e1f236cc374ea9858c4105fa8cbeba0553a81b3284733a04865c5ca5b65d477d1224d7c9936d1851e5a1e6ab04ad5800e1ec24ea80d994fc3453d
7
+ data.tar.gz: 32a613528353df4ee8379fd2bd62b74573e3e1a014d1f3a8dfbcb8a9f34f8bb3871ea041254448c51f1d2799421b6748b121c1414d872712cfcc49b3bb08d636
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # TextHelpers
2
2
 
3
- `TextHelpers` is a library intended to make working with static text in Rails
3
+ `TextHelpers` is a library intended to make working with static text in Rails
4
4
  projects as painless as possible.
5
5
 
6
6
  Include it in your `Gemfile` with:
@@ -11,9 +11,9 @@ gem "text_helpers"
11
11
 
12
12
  ## Suggested Use
13
13
 
14
- All static text should be placed in locale files, in a directory
15
- structure mirroring the app directory structure. The text for
16
- `app/views/some/_partial.html.haml` would go in
14
+ All static text should be placed in locale files, in a directory
15
+ structure mirroring the app directory structure. The text for
16
+ `app/views/some/_partial.html.haml` would go in
17
17
  `config/locales/views/some/partial.en.yml`, for example. This is not a strict
18
18
  requirement, but will go a long way toward keeping your locales easily
19
19
  maintainable.
@@ -35,10 +35,10 @@ used for variable text.
35
35
  ### In Views
36
36
 
37
37
  To access this text in views, two helpers are available, `text` and `html`.
38
- Both helpers take a lookup key, used to identify the desired piece of text,
38
+ Both helpers take a lookup key, used to identify the desired piece of text,
39
39
  and an argument hash, which is forwarded to the `I18n.t` call.
40
40
 
41
- `text` returns the requested text, with special values interpolated, and made
41
+ `text` returns the requested text, with special values interpolated, and made
42
42
  html_safe (so HTML can be used here, when absolutely necessary).
43
43
 
44
44
  `html` parses the requested text using Markdown, making it useful for rendering
@@ -53,6 +53,19 @@ HTML entities for common cases.
53
53
  If you want to render a small fragment of Markdown without `p` tag wrappers,
54
54
  you can pass `inline: true` as an option to `html`.
55
55
 
56
+ `text` and `html` will escape all arguments passed to it in order to prevent XSS
57
+ attacks. If you want to pass html content, you should ensure you mark it as .html_safe
58
+
59
+ Example: `text('welcome_user', username)` will escape html characters in username
60
+ ```ruby
61
+ Welcome <b>Bob</b>
62
+ ```
63
+
64
+ Example: `text('welcome_user', username.html_safe)` will output html characters in username
65
+ ```ruby
66
+ Welcome <b>Bob</b>
67
+ ```
68
+
56
69
  ### In Controllers
57
70
 
58
71
  The same helpers are available in controllers, with the translation scope based
@@ -61,7 +74,7 @@ used for flash messages or alerts of some kind.
61
74
 
62
75
  ## Testing
63
76
 
64
- Some shared `RSpec` contexts are available to allow the same locale
77
+ Some shared `RSpec` contexts are available to allow the same locale
65
78
  abstractions for testing. You can include these contexts with:
66
79
 
67
80
  ```
@@ -23,7 +23,7 @@ module TextHelpers
23
23
  text = I18n.t(key, {
24
24
  scope: self.translation_scope,
25
25
  default: "!#{key}!"
26
- }.merge(options)).strip
26
+ }.merge(html_safe_options(options))).strip
27
27
 
28
28
  # Interpolate any keypaths (e.g., `!some.lookup.path/key!`) found in the text.
29
29
  while text =~ /!([\w._\/]+)!/ do
@@ -82,5 +82,17 @@ module TextHelpers
82
82
  def translation_scope
83
83
  raise NotImplementedError
84
84
  end
85
+
86
+ # Protected: Convert all passed in arguments into html-safe strings
87
+ #
88
+ # hash - a set of key-value pairs, which converts the second argument into an html-safe string
89
+ #
90
+ # Returns a hash
91
+ def html_safe_options(hash)
92
+ hash.inject({}) do |result, (key, value)|
93
+ result[key] = ERB::Util.h(value)
94
+ result
95
+ end
96
+ end
85
97
  end
86
98
  end
@@ -1,3 +1,3 @@
1
1
  module TextHelpers
2
- VERSION = "0.3.2"
2
+ VERSION = "0.4.0"
3
3
  end
@@ -26,7 +26,9 @@ describe TextHelpers::Translation do
26
26
  list_key: "* #{@scoped_text}",
27
27
  interpolated_key: "Global? (!test_key!)",
28
28
  recursive_key: "Recursively !test.interpolated_key!",
29
- quoted_key: "They're looking for \"#{@global_text}\"--#{@scoped_text}"
29
+ quoted_key: "They're looking for \"#{@global_text}\"--#{@scoped_text}",
30
+ argument_key: "This is what %{user} said",
31
+ number_key: "120\""
30
32
  }
31
33
  }
32
34
  end
@@ -101,6 +103,26 @@ describe TextHelpers::Translation do
101
103
  it "automatically converts quotes and dashes to clean HTML replacements" do
102
104
  assert_equal "<p>They&rsquo;re looking for &ldquo;#{@global_text}&rdquo;&ndash;#{@nb_scoped_text}</p>\n", @helper.html(:quoted_key)
103
105
  end
106
+
107
+ it "converts to straight quotes in the general case" do
108
+ assert_equal "120&quot;", @helper.text(:number_key) # 120"
109
+ end
110
+
111
+ it "handles i18n arguments" do
112
+ assert_equal "This is what Han Solo said", @helper.text(:argument_key, user: "Han Solo")
113
+ end
114
+
115
+ it "handles i18n arguments which are not strings" do
116
+ assert_equal "This is what 1234 said", @helper.text(:argument_key, user: 1234)
117
+ end
118
+
119
+ it "handles i18n arguments which are not html-safe" do
120
+ assert_equal "This is what &lt;b&gt;Han&lt;/b&gt; Solo said", @helper.text(:argument_key, user: "<b>Han</b> Solo")
121
+ end
122
+
123
+ it "handles i18n arguments which are html-safe" do
124
+ assert_equal "This is what <b>Han</b> Solo said", @helper.text(:argument_key, user: "<b>Han</b> Solo".html_safe)
125
+ end
104
126
  end
105
127
 
106
128
  describe "when no valid scope is provided" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: text_helpers
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Horner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-21 00:00:00.000000000 Z
11
+ date: 2014-10-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport