From ba0d621695c372464383b56d2f33a7b892ed6aa5 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Mon, 25 Aug 2008 21:24:48 -0500 Subject: Include all helpers into ActionView::Helper --- actionpack/lib/action_view.rb | 7 +- actionpack/lib/action_view/base.rb | 13 ---- actionpack/lib/action_view/helpers.rb | 39 ++++++++++ .../lib/action_view/helpers/sanitize_helper.rb | 85 ++++++++++++++-------- actionpack/lib/action_view/test_case.rb | 4 +- actionpack/test/template/sanitize_helper_test.rb | 6 +- 6 files changed, 100 insertions(+), 54 deletions(-) create mode 100644 actionpack/lib/action_view/helpers.rb (limited to 'actionpack') diff --git a/actionpack/lib/action_view.rb b/actionpack/lib/action_view.rb index f13324a9d0..3f35303a51 100644 --- a/actionpack/lib/action_view.rb +++ b/actionpack/lib/action_view.rb @@ -38,10 +38,9 @@ I18n.backend.populate do I18n.load_translations File.dirname(__FILE__) + '/action_view/locale/en-US.yml' end +require 'action_view/helpers' + ActionView::Base.class_eval do include ActionView::Partials - - ActionView::Base.helper_modules.each do |helper_module| - include helper_module - end + include ActionView::Helpers end diff --git a/actionpack/lib/action_view/base.rb b/actionpack/lib/action_view/base.rb index a85e698c1f..cc89c66a39 100644 --- a/actionpack/lib/action_view/base.rb +++ b/actionpack/lib/action_view/base.rb @@ -203,19 +203,6 @@ module ActionView #:nodoc: end include CompiledTemplates - def self.helper_modules #:nodoc: - helpers = [] - Dir.entries(File.expand_path("#{File.dirname(__FILE__)}/helpers")).sort.each do |file| - next unless file =~ /^([a-z][a-z_]*_helper).rb$/ - require "action_view/helpers/#{$1}" - helper_module_name = $1.camelize - if Helpers.const_defined?(helper_module_name) - helpers << Helpers.const_get(helper_module_name) - end - end - return helpers - end - def self.process_view_paths(value) ActionView::PathSet.new(Array(value)) end diff --git a/actionpack/lib/action_view/helpers.rb b/actionpack/lib/action_view/helpers.rb new file mode 100644 index 0000000000..05e1cf990a --- /dev/null +++ b/actionpack/lib/action_view/helpers.rb @@ -0,0 +1,39 @@ +Dir.entries(File.expand_path("#{File.dirname(__FILE__)}/helpers")).sort.each do |file| + next unless file =~ /^([a-z][a-z_]*_helper).rb$/ + require "action_view/helpers/#{$1}" +end + +module ActionView #:nodoc: + module Helpers #:nodoc: + def self.included(base) + base.extend(ClassMethods) + end + + module ClassMethods + include SanitizeHelper::ClassMethods + end + + include ActiveRecordHelper + include AssetTagHelper + include AtomFeedHelper + include BenchmarkHelper + include CacheHelper + include CaptureHelper + include DateHelper + include DebugHelper + include FormCountryHelper + include FormHelper + include FormOptionsHelper + include FormTagHelper + include NumberHelper + include PrototypeHelper + include RecordIdentificationHelper + include RecordTagHelper + include SanitizeHelper + include ScriptaculousHelper + include TagHelper + include TextHelper + include TranslationHelper + include UrlHelper + end +end diff --git a/actionpack/lib/action_view/helpers/sanitize_helper.rb b/actionpack/lib/action_view/helpers/sanitize_helper.rb index c3c03394ee..637caf203b 100644 --- a/actionpack/lib/action_view/helpers/sanitize_helper.rb +++ b/actionpack/lib/action_view/helpers/sanitize_helper.rb @@ -6,17 +6,13 @@ module ActionView # The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. # These helper methods extend ActionView making them callable within your template files. module SanitizeHelper - def self.included(base) - base.extend(ClassMethods) - end - # This +sanitize+ helper will html encode all tags and strip all attributes that aren't specifically allowed. # It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any # tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out # the extensive test suite. # # <%= sanitize @article.body %> - # + # # You can add or remove tags/attributes if you want to customize it a bit. See ActionView::Base for full docs on the # available options. You can add tags/attributes for single uses of +sanitize+ by passing either the :attributes or :tags options: # @@ -27,27 +23,27 @@ module ActionView # Custom Use (only the mentioned tags and attributes are allowed, nothing else) # # <%= sanitize @article.body, :tags => %w(table tr td), :attributes => %w(id class style) - # + # # Add table tags to the default allowed tags - # + # # Rails::Initializer.run do |config| # config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' # end - # + # # Remove tags to the default allowed tags - # + # # Rails::Initializer.run do |config| # config.after_initialize do # ActionView::Base.sanitized_allowed_tags.delete 'div' # end # end - # + # # Change allowed default attributes - # + # # Rails::Initializer.run do |config| # config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style' # end - # + # # Please note that sanitizing user-provided text does not guarantee that the # resulting markup is valid (conforming to a document type) or even well-formed. # The output may still contain e.g. unescaped '<', '>', '&' characters and @@ -62,8 +58,8 @@ module ActionView self.class.white_list_sanitizer.sanitize_css(style) end - # Strips all HTML tags from the +html+, including comments. This uses the - # html-scanner tokenizer and so its HTML parsing ability is limited by + # Strips all HTML tags from the +html+, including comments. This uses the + # html-scanner tokenizer and so its HTML parsing ability is limited by # that of html-scanner. # # ==== Examples @@ -73,10 +69,10 @@ module ActionView # # strip_tags("Bold no more! See more here...") # # => Bold no more! See more here... - # + # # strip_tags("
Welcome to my website!
") # # => Welcome to my website! - def strip_tags(html) + def strip_tags(html) self.class.full_sanitizer.sanitize(html) end @@ -96,21 +92,48 @@ module ActionView end module ClassMethods #:nodoc: - def self.extended(base) - class << base - attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer - - # we want these to be class methods on ActionView::Base, they'll get mattr_readers for these below. - helper_def = [:sanitized_protocol_separator, :sanitized_uri_attributes, :sanitized_bad_tags, :sanitized_allowed_tags, - :sanitized_allowed_attributes, :sanitized_allowed_css_properties, :sanitized_allowed_css_keywords, - :sanitized_shorthand_css_properties, :sanitized_allowed_protocols, :sanitized_protocol_separator=].collect! do |prop| - prop = prop.to_s - "def #{prop}(#{:value if prop =~ /=$/}) white_list_sanitizer.#{prop.sub /sanitized_/, ''} #{:value if prop =~ /=$/} end" - end.join("\n") - eval helper_def - end - end - + attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer + + def sanitized_protocol_separator + white_list_sanitizer.protocol_separator + end + + def sanitized_uri_attributes + white_list_sanitizer.uri_attributes + end + + def sanitized_bad_tags + white_list_sanitizer.bad_tags + end + + def sanitized_allowed_tags + white_list_sanitizer.allowed_tags + end + + def sanitized_allowed_attributes + white_list_sanitizer.allowed_attributes + end + + def sanitized_allowed_css_properties + white_list_sanitizer.allowed_css_properties + end + + def sanitized_allowed_css_keywords + white_list_sanitizer.allowed_css_keywords + end + + def sanitized_shorthand_css_properties + white_list_sanitizer.shorthand_css_properties + end + + def sanitized_allowed_protocols + white_list_sanitizer.allowed_protocols + end + + def sanitized_protocol_separator=(value) + white_list_sanitizer.protocol_separator = value + end + # Gets the HTML::FullSanitizer instance used by +strip_tags+. Replace with # any object that responds to +sanitize+. # diff --git a/actionpack/lib/action_view/test_case.rb b/actionpack/lib/action_view/test_case.rb index 1a3c93c283..adbb37fd09 100644 --- a/actionpack/lib/action_view/test_case.rb +++ b/actionpack/lib/action_view/test_case.rb @@ -25,9 +25,7 @@ module ActionView end end - ActionView::Base.helper_modules.each do |helper_module| - include helper_module - end + include ActionView::Helpers include ActionController::PolymorphicRoutes include ActionController::RecordIdentifier diff --git a/actionpack/test/template/sanitize_helper_test.rb b/actionpack/test/template/sanitize_helper_test.rb index e5427d9dc1..f715071bbc 100644 --- a/actionpack/test/template/sanitize_helper_test.rb +++ b/actionpack/test/template/sanitize_helper_test.rb @@ -11,9 +11,9 @@ class SanitizeHelperTest < ActionView::TestCase assert_equal "Dont touch me", strip_links("Dont touch me") assert_equal "on my mind\nall day long") - assert_equal "0wn3d", strip_links("0wn3d") - assert_equal "Magic", strip_links("Magic") - assert_equal "FrrFox", strip_links("FrrFox") + assert_equal "0wn3d", strip_links("0wn3d") + assert_equal "Magic", strip_links("Magic") + assert_equal "FrrFox", strip_links("FrrFox") assert_equal "My mind\nall day long", strip_links("My mind\nall day long") assert_equal "all day long", strip_links("<a href='hello'>all day long</a>") end -- cgit v1.2.3