Skip to content

Commit

Permalink
style(rubocop): correct all warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
flavorjones committed Apr 3, 2023
1 parent 45fa826 commit 293903d
Show file tree
Hide file tree
Showing 9 changed files with 176 additions and 164 deletions.
4 changes: 3 additions & 1 deletion Gemfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
source 'https://rubygems.org'
# frozen_string_literal: true

source "https://rubygems.org"

gemspec

Expand Down
4 changes: 3 additions & 1 deletion Rakefile
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
# frozen_string_literal: true

require "bundler/gem_tasks"
require "rake/testtask"

task default: :test
Rake::TestTask.new do |t|
t.pattern = 'test/**/*_test.rb'
t.pattern = "test/**/*_test.rb"
t.warning = true
t.verbose = true
end
2 changes: 2 additions & 0 deletions lib/rails-html-sanitizer.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require "rails/html/sanitizer/version"
require "loofah"
require "rails/html/scrubbers"
Expand Down
34 changes: 17 additions & 17 deletions lib/rails/html/sanitizer.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

module Rails
module Html
XPATHS_TO_REMOVE = %w{.//script .//form comment()}
Expand All @@ -8,15 +10,14 @@ def sanitize(html, options = {})
end

private
def remove_xpaths(node, xpaths)
node.xpath(*xpaths).remove
node
end

def remove_xpaths(node, xpaths)
node.xpath(*xpaths).remove
node
end

def properly_encode(fragment, options)
fragment.xml? ? fragment.to_xml(options) : fragment.to_html(options)
end
def properly_encode(fragment, options)
fragment.xml? ? fragment.to_xml(options) : fragment.to_html(options)
end
end

# === Rails::Html::FullSanitizer
Expand All @@ -35,7 +36,7 @@ def sanitize(html, options = {})
remove_xpaths(loofah_fragment, XPATHS_TO_REMOVE)
loofah_fragment.scrub!(TextOnlyScrubber.new)

properly_encode(loofah_fragment, encoding: 'UTF-8')
properly_encode(loofah_fragment, encoding: "UTF-8")
end
end

Expand Down Expand Up @@ -132,22 +133,21 @@ def sanitize(html, options = {})
loofah_fragment.scrub!(:strip)
end

properly_encode(loofah_fragment, encoding: 'UTF-8')
properly_encode(loofah_fragment, encoding: "UTF-8")
end

def sanitize_css(style_string)
Loofah::HTML5::Scrub.scrub_css(style_string)
end

private
def allowed_tags(options)
options[:tags] || self.class.allowed_tags
end

def allowed_tags(options)
options[:tags] || self.class.allowed_tags
end

def allowed_attributes(options)
options[:attributes] || self.class.allowed_attributes
end
def allowed_attributes(options)
options[:attributes] || self.class.allowed_attributes
end
end

WhiteListSanitizer = SafeListSanitizer
Expand Down
2 changes: 2 additions & 0 deletions lib/rails/html/sanitizer/version.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

module Rails
module Html
class Sanitizer
Expand Down
119 changes: 60 additions & 59 deletions lib/rails/html/scrubbers.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

module Rails
module Html
# === Rails::Html::PermitScrubber
Expand Down Expand Up @@ -77,84 +79,83 @@ def scrub(node)
end

protected
def allowed_node?(node)
@tags.include?(node.name)
end

def allowed_node?(node)
@tags.include?(node.name)
end
def skip_node?(node)
node.text?
end

def skip_node?(node)
node.text?
end
def scrub_attribute?(name)
!@attributes.include?(name)
end

def scrub_attribute?(name)
!@attributes.include?(name)
end
def keep_node?(node)
if @tags
allowed_node?(node)
else
Loofah::HTML5::Scrub.allowed_element?(node.name)
end
end

def keep_node?(node)
if @tags
allowed_node?(node)
else
Loofah::HTML5::Scrub.allowed_element?(node.name)
def scrub_node(node)
node.before(node.children) unless prune # strip
node.remove
end
end

def scrub_node(node)
node.before(node.children) unless prune # strip
node.remove
end
def scrub_attributes(node)
if @attributes
node.attribute_nodes.each do |attr|
attr.remove if scrub_attribute?(attr.name)
scrub_attribute(node, attr)
end

def scrub_attributes(node)
if @attributes
node.attribute_nodes.each do |attr|
attr.remove if scrub_attribute?(attr.name)
scrub_attribute(node, attr)
scrub_css_attribute(node)
else
Loofah::HTML5::Scrub.scrub_attributes(node)
end

scrub_css_attribute(node)
else
Loofah::HTML5::Scrub.scrub_attributes(node)
end
end

def scrub_css_attribute(node)
if Loofah::HTML5::Scrub.respond_to?(:scrub_css_attribute)
Loofah::HTML5::Scrub.scrub_css_attribute(node)
else
style = node.attributes['style']
style.value = Loofah::HTML5::Scrub.scrub_css(style.value) if style
def scrub_css_attribute(node)
if Loofah::HTML5::Scrub.respond_to?(:scrub_css_attribute)
Loofah::HTML5::Scrub.scrub_css_attribute(node)
else
style = node.attributes["style"]
style.value = Loofah::HTML5::Scrub.scrub_css(style.value) if style
end
end
end

def validate!(var, name)
if var && !var.is_a?(Enumerable)
raise ArgumentError, "You should pass :#{name} as an Enumerable"
def validate!(var, name)
if var && !var.is_a?(Enumerable)
raise ArgumentError, "You should pass :#{name} as an Enumerable"
end
var
end
var
end

def scrub_attribute(node, attr_node)
attr_name = if attr_node.namespace
"#{attr_node.namespace.prefix}:#{attr_node.node_name}"
else
attr_node.node_name
end
def scrub_attribute(node, attr_node)
attr_name = if attr_node.namespace
"#{attr_node.namespace.prefix}:#{attr_node.node_name}"
else
attr_node.node_name
end

if Loofah::HTML5::SafeList::ATTR_VAL_IS_URI.include?(attr_name)
return if Loofah::HTML5::Scrub.scrub_uri_attribute(attr_node)
end
if Loofah::HTML5::SafeList::ATTR_VAL_IS_URI.include?(attr_name)
return if Loofah::HTML5::Scrub.scrub_uri_attribute(attr_node)
end

if Loofah::HTML5::SafeList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name)
Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref(attr_node)
end
if Loofah::HTML5::SafeList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name)
Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref(attr_node)
end

if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == 'xlink:href' && attr_node.value =~ /^\s*[^#\s].*/m
attr_node.remove
end
if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == "xlink:href" && attr_node.value =~ /^\s*[^#\s].*/m
attr_node.remove
end

node.remove_attribute(attr_node.name) if attr_name == 'src' && attr_node.value !~ /[^[:space:]]/
node.remove_attribute(attr_node.name) if attr_name == "src" && attr_node.value !~ /[^[:space:]]/

Loofah::HTML5::Scrub.force_correct_attribute_escaping! node
end
Loofah::HTML5::Scrub.force_correct_attribute_escaping! node
end
end

# === Rails::Html::TargetScrubber
Expand Down
12 changes: 7 additions & 5 deletions rails-html-sanitizer.gemspec
Original file line number Diff line number Diff line change
@@ -1,21 +1,23 @@
# coding: utf-8
lib = File.expand_path('../lib', __FILE__)
# frozen_string_literal: true

lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'rails/html/sanitizer/version'
require "rails/html/sanitizer/version"

Gem::Specification.new do |spec|
spec.name = "rails-html-sanitizer"
spec.version = Rails::Html::Sanitizer::VERSION
spec.authors = ["Rafael Mendonça França", "Kasper Timm Hansen"]
spec.email = ["rafaelmfranca@gmail.com", "kaspth@gmail.com"]
spec.description = %q{HTML sanitization for Rails applications}
spec.summary = %q{This gem is responsible to sanitize HTML fragments in Rails applications.}
spec.description = "HTML sanitization for Rails applications"
spec.summary = "This gem is responsible to sanitize HTML fragments in Rails applications."
spec.homepage = "https://github.com/rails/rails-html-sanitizer"
spec.license = "MIT"

spec.required_ruby_version = ">= 2.5.0"

spec.metadata = {
spec.metadata = {
"bug_tracker_uri" => "https://github.com/rails/rails-html-sanitizer/issues",
"changelog_uri" => "https://github.com/rails/rails-html-sanitizer/blob/v#{spec.version}/CHANGELOG.md",
"documentation_uri" => "https://www.rubydoc.info/gems/rails-html-sanitizer/#{spec.version}",
Expand Down
Loading

0 comments on commit 293903d

Please sign in to comment.