xrb-sanitize 0.7.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: dfcb33d4fedbdd7120af3a40c693f1a2964e9d838d0578cf34e1f695aefbecc3
+  data.tar.gz: fc0887981944741f22ae2d5cafb7702723affd96238d83277a12fb5cd868d991
+SHA512:
+  metadata.gz: 507a7104250bdb9c9519df83b01040e0e3e63daf51644b2b272daa332a9086822dd297bd05b02c2691da2ba43117d92ff2a0a6b299e8f73305ef1f4ee414c925
+  data.tar.gz: d8eff16de230db5f695e7708246ddd7c7cb94a92deddde76df0dd64dec6350861b1bc1d4a46d7d53eb5410627f51834feff5ee7b81076fa957f61b823468bbdb

checksums.yaml.gz.sig

@@ -0,0 +1,2 @@
+r}M�&,f���������lPkf�u�)�����,�CVIQ'�S ԍ���:�
+X&F���#6C�	�Q����e����s
y��?,�

data/lib/xrb/sanitize/filter.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2018-2024, by Samuel Williams.
+
+require 'xrb/parsers'
+require 'xrb/builder'
+require 'xrb/entities'
+
+module XRB
+	module Sanitize
+		# Provides a high level interface for parsing markup.
+		class Filter
+			TAG = 1
+			
+			DOCTYPE = 2
+			COMMENT = 4
+			INSTRUCTION = 8
+			CDATA = 16
+			TEXT = 32
+			
+			CONTENT = DOCTYPE | COMMENT | INSTRUCTION | CDATA | TEXT
+			ALL = TAG | CONTENT
+			
+			def self.parse(input, output = nil, entities = XRB::Entities::HTML5)
+				# This allows us to handle passing in a string:
+				input = XRB::Buffer(input)
+				
+				output ||= MarkupString.new.force_encoding(input.encoding)
+				
+				delegate = self.new(output, entities)
+				
+				delegate.parse!(input)
+				
+				return delegate
+			end
+			
+			Node = Struct.new(:name, :tag, :skip) do
+				def skip!(mode = ALL)
+					self.skip |= mode
+				end
+				
+				def skip?(mode = ALL)
+					(self.skip & mode) == mode
+				end
+				
+				def accept!(mode = ALL)
+					self.skip &= ~mode
+				end
+				
+				def [] key
+					self.tag&.attributes[key]
+				end
+				
+				def limit_attributes(keys)
+					self.tag&.attributes&.select!{|key, value| keys.include?(key)}
+				end
+			end
+			
+			def initialize(output, entities)
+				@output = output
+				
+				@entities = entities
+				
+				@current = nil
+				@stack = []
+				
+				@current = @top = Node.new(nil, nil, 0)
+				
+				@skip = nil
+			end
+			
+			attr :output
+			
+			# The current node being parsed.
+			attr :current
+			
+			attr :stack
+			
+			def top
+				@stack.last || @top
+			end
+			
+			def parse!(input)
+				parse_begin
+				
+				XRB::Parsers.parse_markup(input, self, @entities)
+				
+				parse_end
+				
+				return self
+			end
+			
+			def parse_begin
+			end
+			
+			def parse_end
+				while @stack.size > 1
+					close_tag(@stack.last.name)
+				end
+			end
+			
+			def open_tag_begin(name, offset)
+				tag = Tag.new(name, false, {})
+				
+				@current = Node.new(name, tag, current.skip)
+			end
+			
+			def attribute(key, value)
+				@current.tag.attributes[key] = value
+			end
+			
+			def open_tag_end(self_closing)
+				if self_closing
+					@current.tag.closed = true
+				else
+					@stack << @current
+				end
+				
+				filter(@current)
+				
+				@current.tag.write_opening_tag(@output) unless @current.skip? TAG
+				
+				# If the tag was self-closing, it's no longer current at this point, we are back in the context of the parent tag.
+				@current = self.top if self_closing
+			end
+			
+			def close_tag(name, offset = nil)
+				while node = @stack.pop
+					node.tag.write_closing_tag(@output) unless node.skip? TAG
+					
+					break if node.name == name
+				end
+				
+				@current = self.top
+			end
+			
+			def filter(tag)
+				return tag
+			end
+			
+			def doctype(string)
+				@output << string unless current.skip? DOCTYPE
+			end
+			
+			def comment(string)
+				@output << string unless current.skip? COMMENT
+			end
+			
+			def instruction(string)
+				@output << string unless current.skip? INSTRUCTION
+			end
+			
+			def cdata(string)
+				@output << string unless current.skip? CDATA
+			end
+			
+			def text(string)
+				Markup.append(@output, string) unless current.skip? TEXT
+			end
+		end
+	end
+end

data/lib/xrb/sanitize/fragment.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2018-2024, by Samuel Williams.
+
+require_relative 'filter'
+
+require 'set'
+
+module XRB
+	module Sanitize
+		class Fragment < Filter
+			STANDARD_ATTRIBUTES = Set.new(['class', 'style']).freeze
+			
+			ALLOWED_TAGS = {
+				'div' => STANDARD_ATTRIBUTES,
+				'span' => STANDARD_ATTRIBUTES,
+				'br' => STANDARD_ATTRIBUTES,
+				'b' => STANDARD_ATTRIBUTES,
+				'i' => STANDARD_ATTRIBUTES,
+				'em' => STANDARD_ATTRIBUTES,
+				'strong' => STANDARD_ATTRIBUTES,
+				'ul' => STANDARD_ATTRIBUTES,
+				'ol' => STANDARD_ATTRIBUTES,
+				'li' => STANDARD_ATTRIBUTES,
+				'dl' => STANDARD_ATTRIBUTES,
+				'dt' => STANDARD_ATTRIBUTES,
+				'dd' => STANDARD_ATTRIBUTES,
+				'strike' => STANDARD_ATTRIBUTES,
+				'h1' => STANDARD_ATTRIBUTES,
+				'h2' => STANDARD_ATTRIBUTES,
+				'h3' => STANDARD_ATTRIBUTES,
+				'h4' => STANDARD_ATTRIBUTES,
+				'h5' => STANDARD_ATTRIBUTES,
+				'h6' => STANDARD_ATTRIBUTES,
+				'p' => STANDARD_ATTRIBUTES,
+				'img' => STANDARD_ATTRIBUTES + ['src', 'alt', 'width', 'height'],
+				'image' => STANDARD_ATTRIBUTES,
+				'a' => STANDARD_ATTRIBUTES + ['href', 'target']
+			}.freeze
+			
+			def filter(node)
+				if attributes = ALLOWED_TAGS[node.name]
+					node.limit_attributes(attributes)
+					
+					node.accept!
+				else
+					node.skip!
+				end
+			end
+			
+			def doctype(string)
+			end
+			
+			def instruction(string)
+			end
+		end
+	end
+end

data/lib/xrb/sanitize/text.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2018-2024, by Samuel Williams.
+
+require_relative 'filter'
+
+module XRB
+	module Sanitize
+		class Text < Filter
+			CLOSING = {
+				"p" => "\n\n",
+				"div" => "\n\n",
+			}
+			
+			def filter(node)
+				if node.name == "br"
+					text("\n\n")
+				end
+				
+				if node.name == 'script'
+					node.skip!(ALL) # Skip everything including content.
+				else
+					node.skip!(TAG) # Only skip the tag output, but not the content.
+				end
+			end
+			
+			def close_tag(name, offset = nil)
+				super
+				
+				if value = CLOSING[name]
+					text(value)
+				end
+			end
+			
+			def doctype(string)
+			end
+			
+			def comment(string)
+			end
+			
+			def instruction(string)
+			end
+			
+			def cdata(string)
+			end
+		end
+	end
+end

data/lib/xrb/sanitize/version.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2018-2024, by Samuel Williams.
+
+module XRB
+	module Sanitize
+		VERSION = "0.7.0"
+	end
+end

data/lib/xrb/sanitize.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+require_relative 'sanitize/text'
+require_relative 'sanitize/fragment'

data/license.md

@@ -0,0 +1,21 @@
+# MIT License
+
+Copyright, 2018-2024, by Samuel Williams.  
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/readme.md

@@ -0,0 +1,49 @@
+# XRB::Sanitize
+
+Sanitize markup by adding, changing or removing tags, using the [xrb](https://github.com/ioquatix/xrb) stream processor (which has a naive C implementation).
+
+[![Development Status](https://github.com/socketry/xrb-sanitize/workflows/Test/badge.svg)](https://github.com/socketry/xrb-sanitize/actions?workflow=Test)
+
+## Motivation
+
+I use the [sanitize](https://github.com/rgrove/sanitize/) gem and generally it's great. However, it's performance can be an issue and additionally, it doesn't preserve tag namespaces when parsing fragments due to how Nokogiri works internally. This is a problem when processing content destined for [utopia](https://github.com/ioquatix/utopia) since it heavily depends on tag namespaces.
+
+## Is it fast?
+
+In my informal testing, this gem is about \~50x faster than the [sanitize](https://github.com/rgrove/sanitize/) gem when generating plain text.
+
+    ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [x86_64-linux]
+    Warming up --------------------------------------
+                Sanitize   438.000 i/100ms
+           XRB::Sanitize     7.935k i/100ms
+    Calculating -------------------------------------
+                Sanitize      4.365k (± 0.1%) i/s -     21.900k in   5.017157s
+           XRB::Sanitize     78.670k (± 0.1%) i/s -    396.750k in   5.043233s
+    
+    Comparison:
+           XRB::Sanitize:    78669.9 i/s
+                Sanitize:     4365.0 i/s - 18.02x  slower
+
+## Usage
+
+Please see the [project documentation](https://socketry.github.io/xrb-sanitize/) for more details.
+
+  - [Getting Started](https://socketry.github.io/xrb-sanitize/guides/getting-started/index) - This guide explains how to get started with the `XRB::Sanitize` gem.
+
+## Contributing
+
+We welcome contributions to this project.
+
+1.  Fork it.
+2.  Create your feature branch (`git checkout -b my-new-feature`).
+3.  Commit your changes (`git commit -am 'Add some feature'`).
+4.  Push to the branch (`git push origin my-new-feature`).
+5.  Create new Pull Request.
+
+### Developer Certificate of Origin
+
+This project uses the [Developer Certificate of Origin](https://developercertificate.org/). All contributors to this project must agree to this document to have their contributions accepted.
+
+### Contributor Covenant
+
+This project is governed by the [Contributor Covenant](https://www.contributor-covenant.org/). All contributors and participants agree to abide by its terms.

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: xrb-sanitize
+version: !ruby/object:Gem::Version
+  version: 0.7.0
+platform: ruby
+authors:
+- Samuel Williams
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIE2DCCA0CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMRgwFgYDVQQDDA9zYW11
+  ZWwud2lsbGlhbXMxHTAbBgoJkiaJk/IsZAEZFg1vcmlvbnRyYW5zZmVyMRIwEAYK
+  CZImiZPyLGQBGRYCY28xEjAQBgoJkiaJk/IsZAEZFgJuejAeFw0yMjA4MDYwNDUz
+  MjRaFw0zMjA4MDMwNDUzMjRaMGExGDAWBgNVBAMMD3NhbXVlbC53aWxsaWFtczEd
+  MBsGCgmSJomT8ixkARkWDW9yaW9udHJhbnNmZXIxEjAQBgoJkiaJk/IsZAEZFgJj
+  bzESMBAGCgmSJomT8ixkARkWAm56MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
+  igKCAYEAomvSopQXQ24+9DBB6I6jxRI2auu3VVb4nOjmmHq7XWM4u3HL+pni63X2
+  9qZdoq9xt7H+RPbwL28LDpDNflYQXoOhoVhQ37Pjn9YDjl8/4/9xa9+NUpl9XDIW
+  sGkaOY0eqsQm1pEWkHJr3zn/fxoKPZPfaJOglovdxf7dgsHz67Xgd/ka+Wo1YqoE
+  e5AUKRwUuvaUaumAKgPH+4E4oiLXI4T1Ff5Q7xxv6yXvHuYtlMHhYfgNn8iiW8WN
+  XibYXPNP7NtieSQqwR/xM6IRSoyXKuS+ZNGDPUUGk8RoiV/xvVN4LrVm9upSc0ss
+  RZ6qwOQmXCo/lLcDUxJAgG95cPw//sI00tZan75VgsGzSWAOdjQpFM0l4dxvKwHn
+  tUeT3ZsAgt0JnGqNm2Bkz81kG4A2hSyFZTFA8vZGhp+hz+8Q573tAR89y9YJBdYM
+  zp0FM4zwMNEUwgfRzv1tEVVUEXmoFCyhzonUUw4nE4CFu/sE3ffhjKcXcY//qiSW
+  xm4erY3XAgMBAAGjgZowgZcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
+  BBYEFO9t7XWuFf2SKLmuijgqR4sGDlRsMC4GA1UdEQQnMCWBI3NhbXVlbC53aWxs
+  aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MC4GA1UdEgQnMCWBI3NhbXVlbC53aWxs
+  aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MA0GCSqGSIb3DQEBCwUAA4IBgQB5sxkE
+  cBsSYwK6fYpM+hA5B5yZY2+L0Z+27jF1pWGgbhPH8/FjjBLVn+VFok3CDpRqwXCl
+  xCO40JEkKdznNy2avOMra6PFiQyOE74kCtv7P+Fdc+FhgqI5lMon6tt9rNeXmnW/
+  c1NaMRdxy999hmRGzUSFjozcCwxpy/LwabxtdXwXgSay4mQ32EDjqR1TixS1+smp
+  8C/NCWgpIfzpHGJsjvmH2wAfKtTTqB9CVKLCWEnCHyCaRVuKkrKjqhYCdmMBqCws
+  JkxfQWC+jBVeG9ZtPhQgZpfhvh+6hMhraUYRQ6XGyvBqEUe+yo6DKIT3MtGE2+CP
+  eX9i9ZWBydWb8/rvmwmX2kkcBbX0hZS1rcR593hGc61JR6lvkGYQ2MYskBveyaxt
+  Q2K9NVun/S785AP05vKkXZEFYxqG6EW012U4oLcFl5MySFajYXRYbuUpH6AY+HP8
+  voD0MPg1DssDLKwXyt1eKD/+Fq0bFWhwVM/1XiAXL7lyYUyOq24KHgQ2Csg=
+  -----END CERTIFICATE-----
+date: 2024-04-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: xrb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/xrb/sanitize.rb
+- lib/xrb/sanitize/filter.rb
+- lib/xrb/sanitize/fragment.rb
+- lib/xrb/sanitize/text.rb
+- lib/xrb/sanitize/version.rb
+- license.md
+- readme.md
+homepage: https://github.com/ioquatix/xrb-sanitize
+licenses:
+- MIT
+metadata:
+  documentation_uri: https://socketry.github.io/xrb-sanitize/
+  funding_uri: https://github.com/sponsors/ioquatix/
+  source_code_uri: https://github.com/ioquatix/xrb-sanitize.git
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.3
+signing_key:
+specification_version: 4
+summary: Sanitize markdown according to a set of rules.
+test_files: []