Class: ActionView::Helpers::InstanceTag

Inherits:

Object

• Object
• ActionView::Helpers::InstanceTag

Defined in:

lib/bot-away/action_view/helpers/instance_tag.rb

Instance Attribute Summary

• #honeypot_index ⇒ Object
• #spinner ⇒ Object readonly

  Returns the value of attribute spinner.

Instance Method Summary

• #assuming(object) ⇒ Object
• #content_tag_with_obfuscation(name, content_or_options_with_block = nil, options = nil, *args, &block) ⇒ Object
• #disguise(element) ⇒ Object
• #honeypot_options(options) ⇒ Object
• #honeypot_tag(name, options = nil, *args) ⇒ Object
• #honeypot_warning_message ⇒ Object
• #honeypot_warning_tag ⇒ Object
• #initialize_with_spinner(object_name, method_name, template_object, object = nil) ⇒ Object
• #obfuscate_options(options) ⇒ Object
• #obfuscated_tag(name, options = nil, *args) ⇒ Object
• #tag_with_honeypot(name, options = nil, *args) ⇒ Object
• #to_label_tag_with_obfuscation(text = nil, options = {}, &block) ⇒ Object

  Special case.

Instance Attribute Details

#honeypot_index ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 113

def honeypot_index
  @honeypot_index || rand(I18n.t("bot_away.number_of_honeypot_warning_messages").to_i) + 1
end

#spinner ⇒ Object (readonly)

Returns the value of attribute spinner.

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 2

def spinner
  @spinner
end

Instance Method Details

#assuming(object) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 33

def assuming(object)
  yield if object
  object
end

#content_tag_with_obfuscation(name, content_or_options_with_block = nil, options = nil, *args, &block) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 76

def content_tag_with_obfuscation(name, content_or_options_with_block = nil, options = nil, *args, &block)
  if block_given?
    content_tag_without_obfuscation(name, content_or_options_with_block, options, *args, &block)
  else
    # this should cover all Rails selects.
    if spinner && options && (options.keys.include?('id') || options.keys.include?('name'))
      if name == 'select' && !content_or_options_with_block.empty?
        content = '<option selected value=""></option>'.html_safe
      else
        content = ""
      end
      disguise(content_tag_without_obfuscation(name, content, honeypot_options(options), *args)) +
              content_tag_without_obfuscation(name, content_or_options_with_block, obfuscate_options(options), *args)
    else
      content_tag_without_obfuscation(name, content_or_options_with_block, options, *args)
    end
  end
end

#disguise(element) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 100

def disguise(element)
  return element.replace("Honeypot(#{element})") if BotAway.show_honeypots
  # TODO a way to customize the hidden tags too
  case honeypot_index % 3
    when 0 # Hidden
      element.replace "<div style='display:none;'>#{honeypot_warning_tag}#{element}</div>"
    when 1 # Off-screen
      element.replace "<div style='position:absolute;left:-1000px;top:-1000px;'>#{honeypot_warning_tag}#{element}</div>"
    else   # Negligible size
      element.replace "<div style='position:absolute;width:0px;height:1px;z-index:-1;color:transparent;overflow:hidden;'>#{honeypot_warning_tag}#{element}</div>"
  end
end

#honeypot_options(options) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 24

def honeypot_options(options)
  add_default_name_and_id(options)
  assuming(spinner && options) do
    options['value'] &&= ''
    options['autocomplete'] = 'off'
    options['tabindex'] = -rand(10) - 1
  end
end

#honeypot_tag(name, options = nil, *args) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 38

def honeypot_tag(name, options = nil, *args)
  disguise tag_without_honeypot(name, honeypot_options(options ? options.dup : {}), *args)
end

#honeypot_warning_message ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 117

def honeypot_warning_message
  warning = I18n.t "bot_away.honeypot_warning_#{honeypot_index}"
  if BotAway.obfuscate_honeypot_warning_messages?
    warning.reverse.chars.collect { |b| "&#x#{b.ord.to_s(16)};" }.join
  else
    warning.html_safe
  end
end

#honeypot_warning_tag ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 126

def honeypot_warning_tag
  if BotAway.obfuscate_honeypot_warning_messages?
    "<bdo dir=\"rtl\">#{honeypot_warning_message}</bdo>".html_safe
  else
    honeypot_warning_message
  end
end

#initialize_with_spinner(object_name, method_name, template_object, object = nil) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 5

def initialize_with_spinner(object_name, method_name, template_object, object = nil)
  initialize_without_spinner(object_name, method_name, template_object, object)
  
  if template_object.controller.send(:protect_against_forgery?) &&
             !BotAway.excluded?(:object_name => object_name, :method_name => method_name) &&
             !BotAway.excluded?(:controller => template_object.controller.controller_name,
                                :action => template_object.controller.action_name)
    @spinner = BotAway::Spinner.new(template_object.request.ip, object_name, template_object.form_authenticity_token)
  end
end

#obfuscate_options(options) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 16

def obfuscate_options(options)
  add_default_name_and_id(options)
  assuming(spinner && options) do
    options['name'] &&= spinner.encode(options['name'])
    options['id'] &&= spinner.encode(options['id'])
  end
end

#obfuscated_tag(name, options = nil, *args) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 42

def obfuscated_tag(name, options = nil, *args)
  tag_without_honeypot(name, obfuscate_options(options ? options.dup : {}), *args)
end

#tag_with_honeypot(name, options = nil, *args) ⇒ Object

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 46

def tag_with_honeypot(name, options = nil, *args)
  if spinner
    obfuscated_tag(name, options, *args) + honeypot_tag(name, options, *args)
  else
    tag_without_honeypot(name, options, *args)
  end
end

#to_label_tag_with_obfuscation(text = nil, options = {}, &block) ⇒ Object

Special case

# File 'lib/bot-away/action_view/helpers/instance_tag.rb', line 55

def to_label_tag_with_obfuscation(text = nil, options = {}, &block)
  # TODO: Can this be simplified? It's pretty similar to to_label_tag_without_obfuscation...
  options = options.stringify_keys
  tag_value = options.delete("value")
  name_and_id = options.dup

  if name_and_id["for"]
    name_and_id["id"] = name_and_id["for"]
  else
    name_and_id.delete("id")
  end

  add_default_name_and_id_for_value(tag_value, name_and_id)
  options["for"] ||= name_and_id["id"]
  options["for"] = spinner.encode(options["for"]) if spinner && options["for"]
  # TODO ideas for future implementation, but they may break nested tags
  # escaped_reversed_text = text.to_s.reverse.chars.collect { |b| "&#x#{b.ord.to_s(16)};" }.join
  # text = '<bdo dir="rtl">'.html_safe + escaped_reversed_text + '</bdo>'.html_safe
  to_label_tag_without_obfuscation(text, options)
end