yaml-validator 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 52b11bc6fc2895275cbaa9b598991cb46e6141e1
-  data.tar.gz: db3eeee113be83b523e616fea3d5d5613be28d6d
+  metadata.gz: 6e18403bff180fb06843d1d71c151fd38b094620
+  data.tar.gz: be16538882da43a2d6b8e6f82434b32a3ada5961
 SHA512:
-  metadata.gz: 91d4c5b1aa9fc563ea41e7a3f55d2b871c01af8bf5afa11acc70d56aac3f7c6f9f91f41b75db14c79389b6917563f7f56c140088376f11affe4122b6f0a28a4c
-  data.tar.gz: 23a18a9b2148c99decda38733b7d74763e098d7955b70c5dde3dc47815ff5aeba2b4e861c51896514cf84606ea7f4a10a88dafa5054742fe58e1f615a0d8ab69
+  metadata.gz: 8c8e85acdc2b4abdd7d521fc8fea2549ad52bc2a5f9c4e5f86ae29216eaa675f03bef16f26671ab5c69f7f26c321c8aa4285f59899d4bc94f8a173715a4e43b5
+  data.tar.gz: bc931ff8d9fd6267835a904d5baac0c5aa0f17ebd880ec7dae20f519835e0f017dc2e9d4b000f1077f1784c1772e35022756e1af27a111b6ab1bf7b114feee10

data/Gemfile

@@ -1,3 +1,3 @@
-source :rubygems
+source 'https://rubygems.org'
 
 gemspec

data/Gemfile.lock

@@ -1,25 +1,31 @@
 PATH
   remote: .
   specs:
-    yaml-validator (0.1.3)
+    yaml-validator (0.1.4)
       colorize
       rake
       rspec
+      sanitize
 
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
     colorize (0.5.8)
-    diff-lcs (1.1.3)
-    rake (10.0.4)
-    rspec (2.12.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    rspec-core (2.12.2)
-    rspec-expectations (2.12.1)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.12.0)
+    diff-lcs (1.2.4)
+    mini_portile (0.5.0)
+    nokogiri (1.6.0)
+      mini_portile (~> 0.5.0)
+    rake (10.1.0)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    sanitize (2.0.4)
+      nokogiri (~> 1.6.0)
 
 PLATFORMS
   ruby

data/lib/sanitized-html-validator.rb

@@ -0,0 +1,30 @@
+require 'sanitize'
+
+class SanitizedHtmlValidator
+  def self.validate(language, yaml_object)
+    validate_object(language, '', yaml_object)
+  end
+
+  def self.validate_object(language, full_key, yaml_object)
+    return [] if yaml_object.nil?
+
+    errors = []
+    yaml_object.each do |key, value|
+      full_subkey = (full_key.empty?) ? key : "#{full_key}.#{key}"
+
+      if value.is_a? String
+        unless valid_html?(value)
+          errors << "unsanitized html in '#{language}.#{full_subkey}' (#{value})"
+        end
+      elsif value.is_a? Hash
+        errors.concat validate_object(language, full_subkey, value)
+      end
+    end
+    errors
+  end
+
+  def self.valid_html?(html)
+    sanitized = Sanitize.clean(html, elements: [ 'strong', 'br', 'span', 'b', 'i' ]) 
+    html == sanitized
+  end
+end

data/lib/yaml-validator.rb

@@ -2,6 +2,7 @@ require 'yaml'
 require 'yaml-validator/version'
 require_relative './helpers'
 require_relative './pluralization-validator'
+require_relative './sanitized-html-validator'
 
 class YamlValidator
   
@@ -56,6 +57,7 @@ class YamlValidator
     if @options[:show_missing]
       errors.concat find_missing_translations(yaml_object)
       errors.concat find_missing_pluralizations(filename, yaml_object)
+      errors.concat find_unsanitized_html(filename, yaml_object)
     end
     
     errors.map { |err| "#{filename}: #{err}" }
@@ -182,6 +184,10 @@ class YamlValidator
   def identify_variables(string)
     string.scan(/%\{([^}]+)\}/).map(&:first)
   end
-  
+
+  def find_unsanitized_html(filename, yaml_object)
+    language = File.basename(filename, '.*')
+    SanitizedHtmlValidator.validate(language, yaml_object)
+  end
 end
 

data/lib/yaml-validator/version.rb

@@ -1,3 +1,3 @@
 class YamlValidator
-  VERSION = "0.1.3"
+  VERSION = "0.1.4"
 end

data/spec/fixtures/sanitized_html/en.yml

@@ -0,0 +1,4 @@
+en:
+  valid: 'this is a <strong>valid</strong><br>value'
+  invalid1: 'this is an <a href="spam.com">invalid</a> value'
+  invalid2: 'this is an <strong onclick="spam.com">invalid</strong> value'

data/spec/yaml-validator_spec.rb

@@ -235,4 +235,21 @@ describe YamlValidator do
     end
 
   end
+
+  describe "#sanitized_html" do
+    it "returns the non-sanitized values" do
+      validator = YamlValidator.new('spec/fixtures/sanitized_html')
+      
+      filename = 'spec/fixtures/sanitized_html/en.yml'
+      yaml_object = YAML.load_file(filename)['en']
+      yaml_object = Helpers.normalize_yaml(yaml_object)
+      
+      errors = validator.find_unsanitized_html(filename, yaml_object)
+      errors.should == [
+        "unsanitized html in 'en.invalid1' (this is an <a href=\"spam.com\">invalid</a> value)",
+        "unsanitized html in 'en.invalid2' (this is an <strong onclick=\"spam.com\">invalid</strong> value)"
+      ]
+    end
+  end
+  
 end

data/yaml-validator.gemspec

@@ -20,4 +20,5 @@ Gem::Specification.new do |gem|
   gem.add_dependency('rake')
   gem.add_dependency('rspec')
   gem.add_dependency('colorize')
+  gem.add_dependency('sanitize')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yaml-validator
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - David Elentok
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-29 00:00:00.000000000 Z
+date: 2013-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -52,6 +52,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: sanitize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: YAML locales validator
 email:
 - 3david@gmail.com
@@ -69,6 +83,7 @@ files:
 - bin/yaml-validator
 - lib/helpers.rb
 - lib/pluralization-validator.rb
+- lib/sanitized-html-validator.rb
 - lib/yaml-validator.rb
 - lib/yaml-validator/version.rb
 - pkg/yaml-validator-0.0.1.gem
@@ -81,6 +96,7 @@ files:
 - spec/fixtures/missing_translations/he.yml
 - spec/fixtures/numbered_keys/en.yml
 - spec/fixtures/numbered_keys/he.yml
+- spec/fixtures/sanitized_html/en.yml
 - spec/fixtures/weird_pluralizations/en.yml
 - spec/fixtures/weird_pluralizations/ru.yml
 - spec/fixtures/wrong_root/en.yml
@@ -122,6 +138,7 @@ test_files:
 - spec/fixtures/missing_translations/he.yml
 - spec/fixtures/numbered_keys/en.yml
 - spec/fixtures/numbered_keys/he.yml
+- spec/fixtures/sanitized_html/en.yml
 - spec/fixtures/weird_pluralizations/en.yml
 - spec/fixtures/weird_pluralizations/ru.yml
 - spec/fixtures/wrong_root/en.yml