trenni-sanitize 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6fcc82f737fa654994e5e196347156bb38bfa74c
+  data.tar.gz: 7b8bafec2a1731ecc20c9f850e9620e9941a6f9d
+SHA512:
+  metadata.gz: 106aab6ca77fed6efc2f7f77ab5f83d5606f20fafd0b80dd05d1aa2421b5626129d02a2513b8636eb8745d3b49bf2b6c4657a60156be90193bc20faebeaa5997
+  data.tar.gz: 48735a28e214041eba2e7f1087b2c553efe7d3816ece68ae9b00dfbc970abbd06fcd34e5ee4478d8a9133f0c851b40f7f66aaa3734935daaf91237e3aaf2029e

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+lib/trenni/trenni.bundle

data/.rspec

@@ -0,0 +1,5 @@
+--color
+--format documentation
+--backtrace
+--warnings
+--require spec_helper

data/.simplecov

@@ -0,0 +1,9 @@
+
+SimpleCov.start do
+	add_filter "/spec/"
+end
+
+if ENV['TRAVIS']
+	require 'coveralls'
+	Coveralls.wear!
+end

data/.travis.yml

@@ -0,0 +1,17 @@
+language: ruby
+sudo: false
+rvm:
+  - 2.1
+  - 2.2
+  - 2.3
+  - 2.4
+  - ruby-head
+  - jruby-head
+  - rbx-2
+env:
+  - COVERAGE=true
+matrix:
+  allow_failures:
+    - rvm: "rbx-2"
+    - rvm: "ruby-head"
+    - rvm: "jruby-head"

data/Gemfile

@@ -0,0 +1,16 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in trenni.gemspec
+gemspec
+
+group :development do
+	gem 'pry'
+end
+
+group :test do
+	gem 'ruby-prof', platforms: [:mri]
+	gem "benchmark-ips"
+	
+	# For comparisons:
+	gem "sanitize"
+end

data/README.md

@@ -0,0 +1,139 @@
+# trenni-sanitize::Sanitize
+
+Sanitize markup by adding, changing or removing tags. 
+
+[![Build Status](https://secure.travis-ci.org/ioquatix/trenni-sanitize.svg)](http://travis-ci.org/ioquatix/trenni-sanitize)
+[![Code Climate](https://codeclimate.com/github/ioquatix/trenni-sanitize.svg)](https://codeclimate.com/github/ioquatix/trenni-sanitize)
+[![Coverage Status](https://coveralls.io/repos/ioquatix/trenni-sanitize/badge.svg)](https://coveralls.io/r/ioquatix/trenni-sanitize)
+
+## Motivation
+
+I use the [sanitize] gem and generally it's great. However, it's performance can be an issue and additionally, it doesn't preserve tag namespaces when parsing fragments due to how Nokogiri works internally.
+
+[sanitize]: https://github.com/rgrove/sanitize/
+
+## Is it fast?
+
+In my informal testing, this gem is about ~50x faster than the [sanitize] gem when generating plain text.
+
+Warming up --------------------------------------
+            Sanitize    96.000  i/100ms
+    Trenni::Sanitize     4.447k i/100ms
+Calculating -------------------------------------
+            Sanitize    958.020  (± 4.5%) i/s -      4.800k in   5.020564s
+    Trenni::Sanitize     44.718k (± 4.2%) i/s -    226.797k in   5.080756s
+
+Comparison:
+    Trenni::Sanitize:    44718.1 i/s
+            Sanitize:      958.0 i/s - 46.68x  slower
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+	gem 'trenni-sanitize'
+
+And then execute:
+
+	$ bundle
+
+Or install it yourself as:
+
+	$ gem install trenni-sanitize
+
+## Usage
+
+`Trenni::Sanitize::Delegate` is a stream-based processor. That means it parses the incoming markup and makes decisions about what to keep and what to discard during parsing.
+
+### Extracting Text
+
+You can extract text using something similar to the following parser delegate:
+
+```ruby
+class Text < Trenni::Sanitize::Filter
+	def filter(tag)
+		# Filter out all tags
+		return false
+	end
+	
+	def doctype(string)
+	end
+	
+	def instruction(string)
+	end
+	
+	def text(string)
+		# Output all text
+		@output << string
+	end
+end
+
+text = Text.parse("<p>Hello World</p>").output
+# => "Hello World"
+```
+
+### Extracting Safe Markup
+
+Here is a simple filter that only allows a limited set of tags:
+
+```ruby
+class Fragment < Trenni::Sanitize::Filter
+	STANDARD_ATTRIBUTES = ['class'].freeze
+	
+	ALLOWED_TAGS = {
+		'em' => [],
+		'strong' => [],
+		'p' => [],
+		'img' => [] + ['src', 'alt', 'width', 'height'],
+		'a' => ['href', 'target']
+	}.freeze
+	
+	def filter(tag)
+		if attributes = ALLOWED_TAGS[tag.name]
+			tag.attributes.slice!(attributes)
+			
+			return tag
+		end
+	end
+	
+	def doctype(string)
+	end
+	
+	def instruction(string)
+	end
+end
+```
+
+As you can see, while [sanitize] is driven by configuration, `Trenni::Sanitize::Filter` is driven by code.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## License
+
+Released under the MIT license.
+
+Copyright, 2018, by [Samuel G. D. Williams](http://www.codeotaku.com/samuel-williams).
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,19 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+# Load all rake tasks:
+import(*Dir.glob('tasks/**/*.rake'))
+
+RSpec::Core::RakeTask.new(:test)
+
+task :environment do
+	$LOAD_PATH.unshift File.expand_path('lib', __dir__)
+end
+
+task :console => :environment do
+	require 'pry'
+	
+	Pry.start
+end
+
+task :default => :test

data/lib/trenni/sanitize.rb

@@ -0,0 +1,25 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'sanitize/extensions'
+
+require_relative 'sanitize/text'
+require_relative 'sanitize/fragment'
+

data/lib/trenni/sanitize/extensions.rb

@@ -0,0 +1,14 @@
+
+class Hash
+	unless defined?(slice)
+		def slice(*keys)
+			self.select{|key, value| keys.include? key}
+		end
+	end
+	
+	unless defined?(slice!)
+		def slice!(*keys)
+			self.select!{|key, value| keys.include? key}
+		end
+	end
+end

data/lib/trenni/sanitize/filter.rb

@@ -0,0 +1,159 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'trenni/parsers'
+require 'trenni/builder'
+require 'trenni/entities'
+
+module Trenni
+	module Sanitize
+		# Provides a high level interface for parsing markup.
+		class Filter
+			TAG = 1
+			
+			DOCTYPE = 2
+			COMMENT = 4
+			INSTRUCTION = 8
+			CDATA = 16
+			TEXT = 32
+			
+			CONTENT = DOCTYPE | COMMENT | INSTRUCTION | CDATA | TEXT
+			ALL = TAG | CONTENT
+			
+			def self.parse(input, output = nil, entities = Trenni::Entities::HTML5)
+				# This allows us to handle passing in a string:
+				input = Trenni::Buffer(input)
+				
+				output ||= MarkupString.new.force_encoding(input.encoding)
+				
+				delegate = self.new(output, entities)
+				
+				delegate.parse!(input)
+				
+				return delegate
+			end
+			
+			Node = Struct.new(:name, :tag, :skip) do
+				def skip!(mode = ALL)
+					self.skip |= mode
+				end
+				
+				def skip?(mode = ALL)
+					(self.skip & mode) == mode
+				end
+				
+				def [] key
+					self.tag.attributes[key]
+				end
+			end
+			
+			def initialize(output, entities)
+				@output = output
+				
+				@entities = entities
+				
+				@current = nil
+				@stack = []
+				
+				@current = @top = Node.new(nil, nil, 0)
+				
+				@skip = nil
+			end
+			
+			attr :output
+			
+			# The current node being parsed.
+			attr :current
+			
+			def top
+				@stack.last || @top
+			end
+			
+			def parse!(input)
+				Trenni::Parsers.parse_markup(input, self, @entities)
+				
+				while @stack.size > 1
+					close_tag(@stack.last.name)
+				end
+				
+				return self
+			end
+			
+			def open_tag_begin(name, offset)
+				tag = Tag.new(name, false, {})
+				
+				@current = Node.new(name, tag, current.skip)
+			end
+
+			def attribute(key, value)
+				@current.tag.attributes[key] = value
+			end
+
+			def open_tag_end(self_closing)
+				if self_closing
+					@current.tag.closed = true
+				else
+					@stack << @current
+				end
+				
+				filter(@current)
+				
+				@current.tag.write_opening_tag(@output) unless @current.skip? TAG
+				
+				# If the tag was self-closing, it's no longer current at this point, we are back in the context of the parent tag.
+				@current = self.top if self_closing
+			end
+
+			def close_tag(name, offset = nil)
+				while node = @stack.pop
+					node.tag.write_closing_tag(@output) unless node.skip? TAG
+					
+					break if node.name == name
+				end
+				
+				@current = self.top
+			end
+			
+			def filter(tag)
+				return tag
+			end
+			
+			def doctype(string)
+				@output << string unless current.skip? DOCTYPE
+			end
+
+			def comment(string)
+				@output << string unless current.skip? COMMENT
+			end
+
+			def instruction(string)
+				@output << string unless current.skip? INSTRUCTION
+			end
+
+			def cdata(string)
+				@output << string unless current.skip? CDATA
+			end
+
+			def text(string)
+				Markup.append(@output, string) unless current.skip? TEXT
+			end
+		end
+	end
+end

data/lib/trenni/sanitize/fragment.rb

@@ -0,0 +1,65 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'filter'
+
+module Trenni
+	module Sanitize
+		class Fragment < Filter
+			STANDARD_ATTRIBUTES = ['class', 'style'].freeze
+			
+			ALLOWED_TAGS = {
+				'div' => STANDARD_ATTRIBUTES,
+				'span' => STANDARD_ATTRIBUTES,
+				'br' => STANDARD_ATTRIBUTES,
+				'b' => STANDARD_ATTRIBUTES,
+				'i' => STANDARD_ATTRIBUTES,
+				'em' => STANDARD_ATTRIBUTES,
+				'strong' => STANDARD_ATTRIBUTES,
+				'ul' => STANDARD_ATTRIBUTES,
+				'strike' => STANDARD_ATTRIBUTES,
+				'h1' => STANDARD_ATTRIBUTES,
+				'h2' => STANDARD_ATTRIBUTES,
+				'h3' => STANDARD_ATTRIBUTES,
+				'h4' => STANDARD_ATTRIBUTES,
+				'h5' => STANDARD_ATTRIBUTES,
+				'h6' => STANDARD_ATTRIBUTES,
+				'p' => STANDARD_ATTRIBUTES,
+				'img' => STANDARD_ATTRIBUTES + ['src', 'alt', 'width', 'height'],
+				'image' => STANDARD_ATTRIBUTES,
+				'a' => STANDARD_ATTRIBUTES + ['href', 'target']
+			}.freeze
+			
+			def filter(node)
+				if attributes = ALLOWED_TAGS[node.name]
+					node.tag.attributes.slice!(attributes)
+				else
+					node.skip!
+				end
+			end
+			
+			def doctype(string)
+			end
+			
+			def instruction(string)
+			end
+		end
+	end
+end

data/lib/trenni/sanitize/text.rb

@@ -0,0 +1,47 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'filter'
+
+module Trenni
+	module Sanitize
+		class Text < Filter
+			def filter(node)
+				if node.name == 'script'
+					node.skip!(ALL) # Skip everything including content.
+				else
+					node.skip!(TAG) # Only skip the tag output, but not the content.
+				end
+			end
+			
+			def doctype(string)
+			end
+			
+			def comment(string)
+			end
+			
+			def instruction(string)
+			end
+			
+			def cdata(string)
+			end
+		end
+	end
+end

data/lib/trenni/sanitize/version.rb

@@ -0,0 +1,25 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+module Trenni
+	module Sanitize
+		VERSION = "0.1.0"
+	end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,53 @@
+
+if ENV['COVERAGE']
+	begin
+		require 'simplecov'
+		
+		SimpleCov.start do
+			add_filter "/spec/"
+		end
+		
+		if ENV['TRAVIS']
+			require 'coveralls'
+			Coveralls.wear!
+		end
+	rescue LoadError
+		warn "Could not load simplecov: #{$!}"
+	end
+end
+
+require "bundler/setup"
+require "trenni/sanitize"
+
+begin
+	require 'ruby-prof'
+	
+	RSpec.shared_context "profile" do
+		before(:all) do
+			RubyProf.start
+		end
+		
+		after(:all) do
+			result = RubyProf.stop
+			
+			# Print a flat profile to text
+			printer = RubyProf::FlatPrinter.new(result)
+			printer.print(STDOUT)
+		end
+	end
+rescue LoadError
+	RSpec.shared_context "profile" do
+		before(:all) do
+			puts "Profiling not supported on this platform."
+		end
+	end
+end
+
+RSpec.configure do |config|
+	# Enable flags like --only-failures and --next-failure
+	config.example_status_persistence_file_path = ".rspec_status"
+
+	config.expect_with :rspec do |c|
+		c.syntax = :expect
+	end
+end

data/spec/trenni/sanitize/benchmark_spec.rb

@@ -0,0 +1,36 @@
+
+require 'sanitize'
+require 'benchmark/ips'
+
+require 'trenni/sanitize/text'
+
+RSpec.describe Trenni::Sanitize do
+	let(:buffer) {Trenni::Buffer.load_file(File.join(__dir__, "sample.html"))}
+	
+	it "should be faster than alternatives" do
+		config = Sanitize::Config.freeze_config(
+			:elements => %w[b i em strong ul li strike h1 h2 h3 h4 h5 h6 p img image a],
+			:attributes => {
+				'img' => %w[src alt width],
+				'a' => %w[href]
+			},
+		)
+		
+		text = buffer.read
+		
+		puts Sanitize.fragment(text).inspect
+		puts Trenni::Sanitize::Text.parse(buffer).output.inspect
+		
+		Benchmark.ips do |x|
+			x.report("Sanitize") do
+				Sanitize.fragment text
+			end
+			
+			x.report("Trenni::Sanitize") do
+				Trenni::Sanitize::Text.parse(buffer)
+			end
+			
+			x.compare!
+		end
+	end
+end

data/spec/trenni/sanitize/fragment_spec.rb

@@ -0,0 +1,60 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'trenni/sanitize/fragment'
+
+RSpec.describe Trenni::Sanitize::Fragment do
+	it "should filter out script tags" do
+		fragment = described_class.parse("<p onclick='malicious()'>Hello World</p><script>doot()</script>")
+		
+		expect(fragment.output).to be == "<p>Hello World</p>"
+	end
+	
+	it "should filter out nested script tags" do
+		fragment = described_class.parse("<div><p>Hello World</p><script>doot()</script></div>")
+		
+		expect(fragment.output).to be == "<div><p>Hello World</p></div>"
+	end
+	
+	it "should filter out tags" do
+		fragment = described_class.parse("<p onclick='malicious()'>Hello World</p><script>script</script>")
+		
+		expect(fragment.output).to be == "<p>Hello World</p>"
+	end
+	
+	it "should ignore unbalanced closing tags" do
+		fragment = described_class.parse("<p>Hello World</a></p>")
+		
+		expect(fragment.output).to be == "<p>Hello World</p>"
+	end
+	
+	it "should include trailing text" do
+		fragment = described_class.parse("Hello<script/>World")
+		
+		expect(fragment.output).to be == "HelloWorld"
+	end
+	
+	it "should escape text" do
+		fragment = described_class.parse("x&amp;y")
+		
+		expect(fragment.output).to be == "x&amp;y"
+	end
+end
+

data/spec/trenni/sanitize/sample.html

@@ -0,0 +1,12 @@
+<hr>
+<a href="http://somegreatsite.com">Link Name</a>
+is a link to another nifty site
+<h1>This is a Header</h1>
+<h1>This is a Medium Header</h2>
+Send me mail at <a href="mailto:support@yourcompany.com">
+support@yourcompany.com</a>.
+<hr>
+<p>This is a new paragraph!</p>
+<p><b>This is a new paragraph!</b></p>
+<br/><b><i>This is a new sentence without a paragraph break, in bold italics.</i></b>
+<hr>

data/trenni-sanitize.gemspec

@@ -0,0 +1,25 @@
+
+require_relative 'lib/trenni/sanitize/version'
+
+Gem::Specification.new do |spec|
+	spec.name          = "trenni-sanitize"
+	spec.platform      = Gem::Platform::RUBY
+	spec.version       = Trenni::Sanitize::VERSION
+	spec.authors       = ["Samuel Williams"]
+	spec.email         = ["samuel.williams@oriontransfer.co.nz"]
+	spec.summary       = %q{Sanitize markdown according to a set of rules.}
+	spec.homepage      = "https://github.com/ioquatix/trenni-sanitize"
+
+	spec.files         = `git ls-files`.split($/)
+	spec.executables   = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+	spec.require_paths = ["lib"]
+	
+	spec.required_ruby_version = '~> 2.1'
+	
+	spec.add_dependency "trenni", '~> 3.5.0'
+	
+	spec.add_development_dependency "bundler", "~> 1.3"
+	spec.add_development_dependency "rspec", "~> 3.4"
+	spec.add_development_dependency "rake"
+end

metadata

@@ -0,0 +1,123 @@
+--- !ruby/object:Gem::Specification
+name: trenni-sanitize
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Samuel Williams
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-02-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: trenni
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- samuel.williams@oriontransfer.co.nz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".simplecov"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- lib/trenni/sanitize.rb
+- lib/trenni/sanitize/extensions.rb
+- lib/trenni/sanitize/filter.rb
+- lib/trenni/sanitize/fragment.rb
+- lib/trenni/sanitize/text.rb
+- lib/trenni/sanitize/version.rb
+- spec/spec_helper.rb
+- spec/trenni/sanitize/benchmark_spec.rb
+- spec/trenni/sanitize/fragment_spec.rb
+- spec/trenni/sanitize/sample.html
+- spec/trenni/sanitize/text_spec.rb
+- trenni-sanitize.gemspec
+homepage: https://github.com/ioquatix/trenni-sanitize
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.12
+signing_key: 
+specification_version: 4
+summary: Sanitize markdown according to a set of rules.
+test_files:
+- spec/spec_helper.rb
+- spec/trenni/sanitize/benchmark_spec.rb
+- spec/trenni/sanitize/fragment_spec.rb
+- spec/trenni/sanitize/sample.html
+- spec/trenni/sanitize/text_spec.rb