wunderbar 0.15.0 → 0.16.0

data/README.md

@@ -80,13 +80,17 @@ Element with optional (omitted) attributes:
 
     _tr class: nil
 
+Text (markup characters are escaped):
+
+    _ "<3"
+
 Text (may contain markup):
 
-    _ "<em>hello</em>!!!"
+    _{"<em>hello</em>!!!"}
 
-Text (markup is escaped):
+Import of HTML/XML:
 
-    _? "<3"
+    _[Nokogiri::XML "<em>hello</em>"]
 
 Mixed content (autospaced):
 
@@ -192,7 +196,7 @@ argument inserts markup, respecting indendation.  Inserting markup without
 reguard to indendatation is done using "`_ << text`".  A number of other
 convenience methods are defined:
 
-* `_?`: insert text with indentation matching the current output
+* `_`: insert text with indentation matching the current output
 * `_!`: insert text without indenting
 * `_.post?`  -- was this invoked via HTTP POST?
 * `_.system` -- invokes a shell command, captures stdin, stdout, and stderr
@@ -325,8 +329,9 @@ Secure by default
 ---
 
 Wunderbar will properly escape all HTML and JSON output, eliminating problems
-of HTML or JavaScript injection.  This includes calls to `_` to insert markup
-directly when the input is `tainted` and not explicitly marked as `html-safe?`
+of HTML or JavaScript injection.  This includes calls to `_` to insert text
+directly.  Even calls to insert markup (`_{...}`) will escape the markup if
+the input is `tainted` and not explicitly marked as `html-safe?`
 (when using Rails).
 
 For all environments other than Rails, unless you call `Wunderbar.unsafe!` at

data/lib/wunderbar/builder.rb

@@ -142,6 +142,26 @@ module Wunderbar
 
     # avoid method_missing overhead for the most common case
     def tag!(sym, *args, &block)
+      if sym.respond_to? :children
+        node = sym
+        attributes = node.attributes
+        if node.attribute_nodes.any?(&:namespace)
+          attributes = Hash[node.attribute_nodes.map { |attr| 
+            name = attr.name
+            name = "#{attr.namespace.prefix}:#{name}" if attr.namespace
+            [name, attr.value]
+          }]
+        end
+        attributes.merge!(node.namespaces) if node.namespaces
+        args.push attributes
+        if node.namespace and node.namespace.prefix
+          args.unshift node.name.to_sym
+          sym = node.namespace.prefix
+        else
+          sym = node.name
+        end
+      end
+
       if !block and (args.empty? or args == [''])
         CssProxy.new(@_builder, @_builder.target!, sym, args)
       else
@@ -254,6 +274,72 @@ module Wunderbar
     rescue LoadError
       @_builder << data
     end
+
+    def [](*children)
+      if children.length == 1 and children.first.respond_to? :root
+        children = [children.first.root]
+      end
+
+      # remove leading and trailing space
+      if children.first.text? and children.first.text.strip.empty?
+        children.shift
+      end
+
+      if not children.empty?
+        children.pop if children.last.text? and children.last.text.strip.empty?
+      end
+
+      children.each do |child|
+        if child.text? or child.cdata?
+          text = child.text
+          if text.strip.empty?
+            text! "\n" if text.count("\n")>1
+          elsif indentation_state!.first == 0
+            indented_text! text.gsub(/\s+/, ' ')
+          else
+            indented_text! text.strip
+          end
+        elsif child.comment?
+          comment! child.text.sub(/\A /,'').sub(/ \Z/, '')
+        elsif HtmlMarkup.flatten? child.children
+          block_element = Proc.new do |node| 
+            node.element? and HtmlMarkup::HTML5_BLOCK.include?(node.name)
+          end
+
+          if child.children.any?(&block_element)
+            # indent children, but disable indentation on consecutive
+            # sequences of non-block-elements.  Put another way: break
+            # out block elements to a new line.
+            tag!(child) do
+              children = child.children.to_a
+              while not children.empty?
+                stop = children.index(&block_element)
+                if stop == 0
+                  self[children.shift]
+                else
+                  disable_indentation! do
+                    self[*children.shift(stop || children.length)]
+                  end
+                end
+              end
+            end
+          else
+            # disable indentation on the entire element
+            disable_indentation! do
+              tag!(child) {self[*child.children]}
+            end
+          end
+        elsif child.children.empty? and HtmlMarkup::VOID.include? child.name
+          tag!(child)
+        elsif child.children.all?(&:text?)
+          tag!(child, child.text.strip)
+        elsif child.children.any?(&:cdata?) and child.text =~ /[<&]/
+          self << child
+        else
+          tag!(child) {self[*child.children]}
+        end
+      end
+    end
   end
 
   require 'stringio'

data/lib/wunderbar/html-methods.rb

@@ -96,11 +96,9 @@ module Wunderbar
         end
 
         if String === args.first and args.first.respond_to? :html_safe?
-          if args.first.html_safe? and not block
-            if args.first.include? '>' or args.first.include? '&'
-              markup = args.shift
-              block = Proc.new {_ markup}
-            end
+          if args.first.html_safe? and not block and args.first =~ /[>&]/
+            markup = args.shift
+            block = Proc.new {_ {markup}}
           end
         end
 
@@ -187,21 +185,32 @@ module Wunderbar
       end
       @x.tag! :math, *args, &block
     end
-
-    def _?(text)
-      @x.indented_text! text.to_s
+    
+    def _pre(*args, &block)
+      @x.disable_indentation! { @x.tag! :pre, *args, &block }
     end
 
     def _!(text)
       @x.text! text.to_s
     end
 
-    def _(children=nil)
-      return @x if children == nil
+    def _(text=nil, &block)
+      unless block
+        if text
+          if text.respond_to? :html_safe? and text.html_safe?
+            _ {text}
+          else
+            @x.indented_text! text.to_s
+          end
+        end
+        return @x
+      end
+
+      children = block.call
 
       if String === children
         safe = !children.tainted?
-        safe ||= children.html_safe?  if children.respond_to? :html_safe?
+        safe ||= children.html_safe? if children.respond_to? :html_safe?
 
         if safe and (children.include? '<' or children.include? '&')
           require 'nokogiri'
@@ -210,67 +219,7 @@ module Wunderbar
           return @x.indented_text! children
         end
       end
-
-      # remove leading and trailing space
-      if children.first.text? and children.first.text.strip.empty?
-        children.shift
-      end
-
-      if not children.empty?
-        children.pop if children.last.text? and children.last.text.strip.empty?
-      end
-
-      children.each do |child|
-        if child.text? or child.cdata?
-          text = child.text
-          if text.strip.empty?
-            @x.text! "\n" if text.count("\n")>1
-          elsif @x.indentation_state!.first == 0
-            @x.indented_text! text.gsub(/\s+/, ' ')
-          else
-            @x.indented_text! text.strip
-          end
-        elsif child.comment?
-          @x.comment! child.text.sub(/\A /,'').sub(/ \Z/, '')
-        elsif self.class.flatten? child.children
-          block_element = Proc.new do |node| 
-            node.element? and HTML5_BLOCK.include?(node.name)
-          end
-
-          if child.children.any?(&block_element)
-            # indent children, but disable indentation on consecutive
-            # sequences of non-block-elements.  Put another way: break
-            # out block elements to a new line.
-            @x.tag!(child.name, child.attributes) do
-              children = child.children.to_a
-              while not children.empty?
-                stop = children.index(&block_element)
-                if stop == 0
-                  _ [children.shift]
-                else
-                  @x.disable_indentation! do
-                    _ children.shift(stop || children.length)
-                  end
-                end
-              end
-            end
-          else
-            # disable indentation on the entire element
-            @x.disable_indentation! do
-              @x.tag!(child.name, child.attributes) {_ child.children}
-            end
-          end
-        elsif child.children.empty? and VOID.include? child.name
-          @x.tag!(child.name, child.attributes)
-        elsif child.children.all? {|gchild| gchild.text?}
-          @x.tag!(child.name, child.text.strip, child.attributes)
-        elsif child.children.any? {|gchild| gchild.cdata?} and 
-          (child.text.include? '<' or child.text.include? '&')
-          @x << child
-        else
-          @x.tag!(child.name, child.attributes) {_ child.children}
-        end
-      end
+      @x[*children]
     end
 
     def _coffeescript(text)

data/lib/wunderbar/installation.rb

@@ -58,7 +58,11 @@ if install and ARGV.delete(install)
     file.puts "\n#{Wunderbar.data}\n" if Object.const_defined? :DATA
 
     # Load script
-    require = "require #{"./#{File.basename(main).sub(/\.rb$/,'')}".inspect}"
+    if main.end_with? '.rb'
+      require = "require #{"./#{File.basename(main).chomp('.rb')}".inspect}"
+    else
+      require = "load #{"./#{File.basename(main)}".inspect}"
+    end
     if ARGV.delete('--rescue') or ARGV.delete('--backtrace')
       file.puts <<-EOF.gsub(/^ {8}/,'')
         begin

data/lib/wunderbar/server.rb

@@ -54,6 +54,17 @@ else
     ENV['USER'] ||= $USER
   end
 
+  if ENV['HTTP_AUTH']
+    # RewriteEngine on
+    # RewriteRule ^.*$ - [E=HTTP_AUTH:%{HTTP:Authorization}]
+    begin
+      require 'base64'
+      $PASSWORD = Base64.decode64(ENV['HTTP_AUTH'] \
+        [/^Basic ([A-Za-z0-9+\/=]+)$/,1])[/^#{$USER}:(.*)/,1]
+    rescue
+    end
+  end
+
   $HOME = ENV['HOME']
   $HOME ||= Dir.home($USER) rescue nil
   $HOME ||= File.expand_path("~#{$USER}") rescue nil

data/lib/wunderbar/sinatra.rb

@@ -51,7 +51,7 @@ module Wunderbar
           builder.instance_eval(&block)
         else
           context = builder.get_binding do
-            builder.instance_eval {_ block.call}
+            builder.instance_eval {_(&block)}
           end
           context.eval(data.untaint, eval_file)
         end

data/lib/wunderbar/version.rb

@@ -1,7 +1,7 @@
 module Wunderbar
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 15
+    MINOR = 16
     TINY  = 0
 
     STRING = [MAJOR, MINOR, TINY].join('.')

data/wunderbar.gemspec

@@ -2,11 +2,11 @@
 
 Gem::Specification.new do |s|
   s.name = "wunderbar"
-  s.version = "0.15.0"
+  s.version = "0.16.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Sam Ruby"]
-  s.date = "2012-05-13"
+  s.date = "2012-05-17"
   s.description = "    Wunderbar makes it easy to produce valid HTML5, wellformed XHTML, Unicode\n    (utf-8), consistently indented, readable applications.  This includes\n    output that conforms to the Polyglot specification and the emerging\n    results from the XML Error Recovery Community Group.\n"
   s.email = "rubys@intertwingly.net"
   s.files = ["wunderbar.gemspec", "README.md", "COPYING", "lib/wunderbar.rb", "lib/wunderbar", "lib/wunderbar/installation.rb", "lib/wunderbar/html-methods.rb", "lib/wunderbar/job-control.rb", "lib/wunderbar/server.rb", "lib/wunderbar/logger.rb", "lib/wunderbar/rack.rb", "lib/wunderbar/builder.rb", "lib/wunderbar/websocket.rb", "lib/wunderbar/sinatra.rb", "lib/wunderbar/environment.rb", "lib/wunderbar/rails.rb", "lib/wunderbar/cgi-methods.rb", "lib/wunderbar/cssproxy.rb", "lib/wunderbar/version.rb"]

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: wunderbar
 version: !ruby/object:Gem::Version 
-  hash: 35
+  hash: 95
   prerelease: 
   segments: 
   - 0
-  - 15
+  - 16
   - 0
-  version: 0.15.0
+  version: 0.16.0
 platform: ruby
 authors: 
 - Sam Ruby
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-05-13 00:00:00 Z
+date: 2012-05-17 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: builder