Class: BetterHtml::TestHelper::SafeLodashTester::Tester
- Inherits:
-
Object
- Object
- BetterHtml::TestHelper::SafeLodashTester::Tester
- Defined in:
- lib/better_html/test_helper/safe_lodash_tester.rb
Instance Attribute Summary collapse
-
#errors ⇒ Object
readonly
Returns the value of attribute errors.
Instance Method Summary collapse
- #add_error(message, location:) ⇒ Object
- #add_no_statement_error(loc) ⇒ Object
-
#initialize(buffer, config: BetterHtml.config) ⇒ Tester
constructor
A new instance of Tester.
- #lodash_nodes(node) ⇒ Object
- #validate! ⇒ Object
- #validate_no_statements(node) ⇒ Object
- #validate_tag_attributes(tag) ⇒ Object
- #validate_tag_expression(attribute, lodash_node) ⇒ Object
Constructor Details
#initialize(buffer, config: BetterHtml.config) ⇒ Tester
Returns a new instance of Tester.
54 55 56 57 58 59 60 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 54 def initialize(buffer, config: BetterHtml.config) @buffer = buffer @config = config @errors = Errors.new @parser = BetterHtml::Parser.new(buffer, template_language: :lodash) validate! end |
Instance Attribute Details
#errors ⇒ Object (readonly)
Returns the value of attribute errors.
52 53 54 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 52 def errors @errors end |
Instance Method Details
#add_error(message, location:) ⇒ Object
62 63 64 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 62 def add_error(, location:) @errors.add(SafetyError.new(, location: location)) end |
#add_no_statement_error(loc) ⇒ Object
130 131 132 133 134 135 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 130 def add_no_statement_error(loc) add_error( "javascript statement not allowed here; did you mean '[%=' ?", location: loc ) end |
#lodash_nodes(node) ⇒ Object
85 86 87 88 89 90 91 92 93 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 85 def lodash_nodes(node) Enumerator.new do |yielder| next if node.nil? node.descendants(:lodash).each do |lodash_node| indicator_node, code_node = *lodash_node yielder.yield(lodash_node, indicator_node, code_node) end end end |
#validate! ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 66 def validate! @parser.nodes_with_type(:tag).each do |tag_node| tag = Tree::Tag.from_node(tag_node) validate_tag_attributes(tag) validate_no_statements(tag_node) if tag.name == 'script' && !tag.closing? add_error( "No script tags allowed nested in lodash templates", location: tag_node.loc ) end end @parser.nodes_with_type(:cdata, :comment).each do |node| validate_no_statements(node) end end |
#validate_no_statements(node) ⇒ Object
124 125 126 127 128 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 124 def validate_no_statements(node) lodash_nodes(node).each do |lodash_node, indicator_node, code_node| add_no_statement_error(lodash_node.loc) if indicator_node.nil? end end |
#validate_tag_attributes(tag) ⇒ Object
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 95 def validate_tag_attributes(tag) tag.attributes.each do |attribute| lodash_nodes(attribute.value_node).each do |lodash_node, indicator_node, code_node| next if indicator_node.nil? if indicator_node.loc.source == '=' validate_tag_expression(attribute, lodash_node) elsif indicator_node.loc.source == '!' add_error( "lodash interpolation with '[%!' inside html attribute is never safe", location: lodash_node.loc ) end end end end |
#validate_tag_expression(attribute, lodash_node) ⇒ Object
112 113 114 115 116 117 118 119 120 121 122 |
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 112 def validate_tag_expression(attribute, lodash_node) _, code_node = *lodash_node source = code_node.loc.source.strip if @config.javascript_attribute_name?(attribute.name) && !@config.lodash_safe_javascript_expression?(source) add_error( "lodash interpolation in javascript attribute "\ "`#{attribute.name}` must call `JSON.stringify(#{source})`", location: lodash_node.loc ) end end |