Skip to content

Commit

Permalink
Escape url and title where needed.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jaap3
jaap3 committed Apr 24, 2009
1 parent b366917 commit 24d620c
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 58 deletions.
61 changes: 22 additions & 39 deletions lib/addthis.rb
View file
Original file line number Diff line number Diff line change
@@ -1,89 +1,72 @@
module Jaap3
module Addthis
CONFIG = {
:publisher => ""
}
CONFIG = {:publisher => ""}
DEFAULT_OPTIONS = {
:script_src => "http://s7.addthis.com/js/200/addthis_widget.js",
:secure => false,
:brand => nil, :header_color => nil, :header_background => nil,
:offset_top => nil, :offset_left => nil, :hover_delay => nil,
:options => nil, :language => nil
:options => nil, :language => nil, :secure => false
}
BOOKMARK_BUTTON_DEFAULTS = {
:title => "",
:alt => "Bookmark and Share",
:button_html => %q{<img src="http://s7.addthis.com/static/btn/lg-share-en.gif"
width="125" height="16" border="0" alt="#{options[:alt]}" />}
:button_html => '<img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" border="0" alt="Bookmark and Share" />'
}
FEED_BUTTON_DEFAULTS = {
:title => "Subscribe using any feed reader!",
:alt => "Subscribe",
:button_html => %q{<img src="http://s7.addthis.com/static/btn/lg-feed-en.gif"
width="125" height="16" border="0" alt="#{options[:alt]}" />}
:button_html => '<img src="http://s7.addthis.com/static/btn/lg-feed-en.gif" width="125" height="16" border="0" alt="Subscribe" />'
}
EMAIL_BUTTON_DEFAULTS = {
:title => "",
:alt => "Email",
:button_html => %q{<img src="http://s7.addthis.com/button1-email.gif"
width="54" height="16" border="0" alt="#{options[:alt]}" />}
:button_html => '<img src="http://s7.addthis.com/button1-email.gif" width="54" height="16" border="0" alt="Email" />'
}

module Helper
def addthis_bookmark_button(*args)
url, options = extract_addthis_url_and_options(args)
options[:button_html] = yield if block_given?
options = BOOKMARK_BUTTON_DEFAULTS.merge(options)
s = %Q{
<a href="http://www.addthis.com/bookmark.php?v=20"
onmouseover="return addthis_open(this, '', '#{url}', '#{options[:page_title]}')"
title="#{options[:title]}" onmouseout="addthis_close()"
onclick="return addthis_sendto()">}
s = %Q{<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="#{addthis_open("", url, options[:page_title])}" onmouseout="addthis_close()" onclick="return addthis_sendto()" title="#{options[:title]}">}
addthis_tag(s, options)
end
alias addthis_share_button addthis_bookmark_button

def addthis_feed_button(url, *args)
options = FEED_BUTTON_DEFAULTS.merge(extract_addthis_options(args))
def addthis_email_button(*args)
url, options = extract_addthis_url_and_options(args)
options[:button_html] = yield if block_given?
s = %Q{
<a href="http://www.addthis.com/feed.php?pub=#{options[:publisher]}&h1=#{url}&t1="
onclick="return addthis_open(this, 'feed', '#{url}')"
title="#{options[:title]}" target="_blank">}
options = EMAIL_BUTTON_DEFAULTS.merge(options)
s = %Q{<a href="http://www.addthis.com/bookmark.php" onclick="#{addthis_open("email", url, options[:page_title])}" title="#{options[:title]}">}
addthis_tag(s, options)
end

def addthis_email_button(*args)
url, options = extract_addthis_url_and_options(args)
def addthis_feed_button(url, *args)
options = FEED_BUTTON_DEFAULTS.merge(extract_addthis_options(args))
options[:button_html] = yield if block_given?
options = EMAIL_BUTTON_DEFAULTS.merge(options)
s = %Q{
<a href="http://www.addthis.com/bookmark.php"
onclick="return addthis_open(this, 'email', '#{url}', '#{options[:page_title]}')"
title="#{options[:title]}">}
s = %Q{<a href="http://www.addthis.com/feed.php?pub=#{options[:publisher]}&h1=#{url.gsub(/[^a-zA-Z0-9_\.\-]/n) {|c| sprintf('%%%02x', c[0]) }}&t1=" onclick="#{addthis_open("feed", url)}" title="#{options[:title]}" target="_blank">}
addthis_tag(s, options)
end

protected
def addthis_tag(str, options = {})
s = [%Q{<!-- AddThis Button BEGIN -->}]
s = ["<!-- AddThis Button BEGIN -->"]
s << addthis_custom_script(options)
s << %Q{#{str}#{options[:button_html].gsub(/#\{options\[:alt\]\}/, options[:alt])}</a>}
s << %Q{<script type="text/javascript" src="#{options[:script_src]}"></script>}
s << %Q{<!-- AddThis Button END -->}
s << "#{str}#{options[:button_html]}</a><script type=\"text/javascript\" src=\"#{options[:script_src]}\"></script>"
s << "<!-- AddThis Button END -->"
s = s * "\n"
options[:secure] ? s.gsub(/http:\/\/s[57]\.addthis\.com/, "https://secure.addthis.com") : s
end

def addthis_custom_script(options = {})
s = %Q{<script type="text/javascript">
var addthis_pub = "#{options[:publisher]}";}
s = "<script type=\"text/javascript\">var addthis_pub = '#{options[:publisher]}';"
[:brand, :header_color, :header_background, :offset_top, :offset_left, :hover_delay, :options, :language].each do |custom|
s << %Q{var addthis_#{custom} = #{options[custom].is_a?(Integer) ? options[custom] : %Q("#{options[custom]}")};} unless options[custom].nil?
s << "var addthis_#{custom} = #{options[custom].is_a?(Integer) ? options[custom] : "'#{options[custom]}'"};" unless options[custom].nil?
end
s << "</script>"
end

def addthis_open(type, url, title = nil)
"addthis_open(this, '#{type}', '#{url}'#{ title.nil? ? "" : ", '#{title.gsub("'", "\\u0027").gsub("\"", "\\u0022")}'"})"
end

def extract_addthis_url_and_options(args, options = {:page_title => "[TITLE]"})
url = args[0].is_a?(String) ? args.shift : "[URL]"
return url, options = extract_addthis_options(args, options)
Expand Down
32 changes: 15 additions & 17 deletions test/addthis_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,6 @@ class AddthisTest < Test::Unit::TestCase
assert respond_to?(:addthis_email_button)
end

should "escape URL when used as a query param"

should "escape URL when used in a javascript string"

should "escape page_title when used as a query param"

should "escape page_title when used in a javascript string"

[:addthis_bookmark_button, :addthis_feed_button, :addthis_email_button].each do |m|
context "the output of #{m}" do
setup do
Expand All @@ -51,10 +43,19 @@ class AddthisTest < Test::Unit::TestCase
end
end

[:addthis_bookmark_button, :addthis_email_button].each do |m|
context "the output of #{m} with url and title set" do
setup { @output = method(m).call("http://example.com", "It's an \"example\"") }

should "include title" do
assert_match "'It\\u0027s an \\u0022example\\u0022'", @output
end
end
end

context "a bookmark/share button" do
setup { @output = addthis_bookmark_button }

should_set_alt_to Jaap3::Addthis::BOOKMARK_BUTTON_DEFAULTS[:alt]
should_set_title_to Jaap3::Addthis::BOOKMARK_BUTTON_DEFAULTS[:title]
should_set_href_to "http://www.addthis.com/bookmark.php?v=20"

Expand All @@ -70,9 +71,8 @@ class AddthisTest < Test::Unit::TestCase
context "a feed button" do
setup { @output = addthis_feed_button("http://example.com") }

should_set_alt_to Jaap3::Addthis::FEED_BUTTON_DEFAULTS[:alt]
should_set_title_to Jaap3::Addthis::FEED_BUTTON_DEFAULTS[:title]
should_set_href_to "http://www.addthis.com/feed.php?pub=&h1=http://example.com&t1="
should_set_href_to "http://www.addthis.com/feed.php?pub=&h1=http%3a%2f%2fexample.com&t1="

should "set url to example.com" do
assert_match "'http://example.com')", @output
Expand All @@ -82,7 +82,6 @@ class AddthisTest < Test::Unit::TestCase
context "an email button" do
setup { @output = addthis_email_button }

should_set_alt_to Jaap3::Addthis::EMAIL_BUTTON_DEFAULTS[:alt]
should_set_title_to Jaap3::Addthis::EMAIL_BUTTON_DEFAULTS[:title]
should_set_href_to "http://www.addthis.com/bookmark.php"
end
Expand All @@ -101,7 +100,7 @@ class AddthisTest < Test::Unit::TestCase
context "a feed button" do
setup { @output = addthis_feed_button("http://example.com") }

should_set_href_to "http://www.addthis.com/feed.php?pub=test_publisher&h1=http://example.com&t1="
should_set_href_to "http://www.addthis.com/feed.php?pub=test_publisher&h1=http%3a%2f%2fexample.com&t1="
end

context "in turn overwritten by options hash" do
Expand All @@ -116,7 +115,7 @@ class AddthisTest < Test::Unit::TestCase
context "a feed button" do
setup { @output = addthis_feed_button("http://example.com", :publisher => "another_publisher") }

should_set_href_to "http://www.addthis.com/feed.php?pub=another_publisher&h1=http://example.com&t1="
should_set_href_to "http://www.addthis.com/feed.php?pub=another_publisher&h1=http%3a%2f%2fexample.com&t1="
end
end
end
Expand All @@ -143,13 +142,12 @@ class AddthisTest < Test::Unit::TestCase
end
end

context "when overwriting alt and title" do
context "when overwriting title" do
[:addthis_bookmark_button, :addthis_feed_button, :addthis_email_button].each do |m|
context "the output of #{m}" do
setup { @output = method(m).call("http://example.com", :alt => "Example", :title => "Example title") }
setup { @output = method(m).call("http://example.com", :title => "Example title") }

should_set_title_to "Example title"
should_set_alt_to "Example"
end
end
end
Expand Down
4 changes: 2 additions & 2 deletions test/test_helper.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@ def should_set_script_src_to(expected)

def should_not_customize(attribute)
should "not set addthis_#{attribute}" do
assert_no_match(/var addthis_#{attribute} = "[\"]+";/, @output)
assert_no_match(/var addthis_#{attribute} = '[^']+';/, @output)
end
end

def should_customize(attribute, value)
should "set addthis_#{attribute} to '#{value}" do
assert_match(/var addthis_#{attribute} = ["]?#{value}["]?;/, @output)
assert_match(/var addthis_#{attribute} = [']?#{value}[']?;/, @output)
end
end
end
Expand Down

0 comments on commit 24d620c

Please sign in to comment.