Module: BetterHtml::TestHelper::SafeLodashTester

Defined in:
lib/better_html/test_helper/safe_lodash_tester.rb

Defined Under Namespace

Classes: Tester

Constant Summary collapse

SAFETY_TIPS = 
"-----------\n\nThe javascript snippets listed above do not appear to be escaped properly\nin their context. Here are some tips:\n\nAlways use lodash's escape syntax inside a html tag:\n  <a href=\"[%= value %]\">\n           ^^^^\n\nAlways use JSON.stringify() for html attributes which contain javascript, like 'onclick',\nor twine attributes like 'data-define', 'data-context', 'data-eval', 'data-bind', etc:\n  <div onclick=\"[%= JSON.stringify(value) %]\">\n                    ^^^^^^^^^^^^^^\n\nNever use <script> tags inside lodash template.\n  <script type=\"text/javascript\">\n  ^^^^^^^\n\n-----------\n"

Instance Method Summary collapse

Instance Method Details

#assert_lodash_safety(data, **options) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/better_html/test_helper/safe_lodash_tester.rb', line 30

def assert_lodash_safety(data, **options)
  buffer = ::Parser::Source::Buffer.new(options[:filename] || '(buffer)')
  buffer.source = data
  tester = Tester.new(buffer, **options)

  message = ""
  tester.errors.each do |error|
    message << "      On line \#{error.location.line}\n      \#{error.message}\n      \#{error.location.line_source_with_underline}\\n\n    EOL\n  end\n\n  message << SAFETY_TIPS\n\n  assert_predicate tester.errors, :empty?, message\nend\n"