run tree through sanitize

parslet
Jordan Orelli 9 years ago
parent 0364c5f2c7
commit cb7b786d55

@ -3,11 +3,25 @@ require 'sanitize'
module Bristlecode module Bristlecode
Config = Sanitize::Config::freeze_config(
:elements => %w[b em i strong u a strike br],
:attributes => {
'a' => ['href']
},
:add_attributes => {
'a' => {'rel' => 'nofollow'}
},
:protocols => {
'a' => {'href' => ['http', 'https', :relative]}
}
)
def Bristlecode.to_html(text) def Bristlecode.to_html(text)
parser = Bristlecode::Parser.new parser = Bristlecode::Parser.new
parse_tree = parser.parse(text) parse_tree = parser.parse(text)
tree = Bristlecode::Transform.new.apply(parse_tree) tree = Bristlecode::Transform.new.apply(parse_tree)
tree.to_html html = tree.to_html
Sanitize.fragment(html, Bristlecode::Config)
end end
def Bristlecode.clean(text) def Bristlecode.clean(text)

@ -21,9 +21,6 @@ module Bristlecode
expect(to_html('&')).to eq('&') expect(to_html('&')).to eq('&')
expect(to_html('>')).to eq('>') expect(to_html('>')).to eq('>')
expect(to_html('<')).to eq('&lt;') expect(to_html('<')).to eq('&lt;')
expect(to_html("'")).to eq('&#x27;')
expect(to_html('"')).to eq('&quot;')
expect(to_html('/')).to eq('&#x2F;')
end end
it 'handles plain text just fine' do it 'handles plain text just fine' do
@ -57,23 +54,23 @@ module Bristlecode
it 'can render simple links' do it 'can render simple links' do
input = '[url]http://example.com[/url]' input = '[url]http://example.com[/url]'
output = '<a href="http://example.com">http:&#x2F;&#x2F;example.com</a>' output = '<a href="http://example.com" rel="nofollow">http://example.com</a>'
expect(to_html(input)).to eq(output) expect(to_html(input)).to eq(output)
input = '[url] http://example.com [/url]' input = '[url] http://example.com [/url]'
output = '<a href="http://example.com">http:&#x2F;&#x2F;example.com</a>' output = '<a href="http://example.com" rel="nofollow">http://example.com</a>'
expect(to_html(input)).to eq(output) expect(to_html(input)).to eq(output)
end end
it 'passes simple url contents opaquely' do it 'passes simple url contents opaquely' do
input = '[url]http://x[b]y[/b]z[/url]' input = '[url]http://x[b]y[/b]z[/url]'
output = '<a href="http://x[b]y[/b]z">http:&#x2F;&#x2F;x[b]y[&#x2F;b]z</a>' output = '<a href="http://x%5Bb%5Dy%5B/b%5Dz" rel="nofollow">http://x[b]y[/b]z</a>'
expect(to_html(input)).to eq(output) expect(to_html(input)).to eq(output)
end end
it 'handles urls with titles' do it 'handles urls with titles' do
input = '[url=http://google.com]the google[/url]' input = '[url=http://google.com]the google[/url]'
output = '<a href="http://google.com">the google</a>' output = '<a href="http://google.com" rel="nofollow">the google</a>'
expect(to_html(input)).to eq(output) expect(to_html(input)).to eq(output)
end end

Loading…
Cancel
Save