require 'action_view/helpers/tag_helper'
require 'html/document'
module ActionView
module Helpers #:nodoc:
# The TextHelper module provides a set of methods for filtering, formatting
# and transforming strings, which can reduce the amount of inline Ruby code in
# your views. These helper methods extend ActionView making them callable
# within your template files.
module TextHelper
def self.included(base)
base.extend(ClassMethods)
end
# The preferred method of outputting text in your views is to use the
# <%= "text" %> eRuby syntax. The regular _puts_ and _print_ methods
# do not operate as expected in an eRuby code block. If you absolutely must
# output text within a non-output code block (i.e., <% %>), you can use the concat method.
#
# ==== Examples
# <%
# concat "hello", binding
# # is the equivalent of <%= "hello" %>
#
# if (logged_in == true):
# concat "Logged in!", binding
# else
# concat link_to('login', :action => login), binding
# end
# # will either display "Logged in!" or a login link
# %>
def concat(string, binding)
eval(ActionView::Base.erb_variable, binding) << string
end
# If +text+ is longer than +length+, +text+ will be truncated to the length of
# +length+ (defaults to 30) and the last characters will be replaced with the +truncate_string+
# (defaults to "...").
#
# ==== Examples
# truncate("Once upon a time in a world far far away", 14)
# # => Once upon a...
#
# truncate("Once upon a time in a world far far away")
# # => Once upon a time in a world f...
#
# truncate("And they found that many people were sleeping better.", 25, "(clipped)")
# # => And they found that many (clipped)
#
# truncate("And they found that many people were sleeping better.", 15, "... (continued)")
# # => And they found... (continued)
def truncate(text, length = 30, truncate_string = "...")
if text.nil? then return end
l = length - truncate_string.chars.length
(text.chars.length > length ? text.chars[0...l] + truncate_string : text).to_s
end
# Highlights one or more +phrases+ everywhere in +text+ by inserting it into
# a +highlighter+ string. The highlighter can be specialized by passing +highlighter+
# as a single-quoted string with \1 where the phrase is to be inserted (defaults to
# '\1')
#
# ==== Examples
# highlight('You searched for: rails', 'rails')
# # => You searched for: rails
#
# highlight('You searched for: ruby, rails, dhh', 'actionpack')
# # => You searched for: ruby, rails, dhh
#
# highlight('You searched for: rails', ['for', 'rails'], '\1')
# # => You searched for: rails
#
# highlight('You searched for: rails', 'rails', "\1")
# # => You searched for: \1')
if text.blank? || phrases.blank?
text
else
match = Array(phrases).map { |p| Regexp.escape(p) }.join('|')
text.gsub(/(#{match})/i, highlighter)
end
end
# Extracts an excerpt from +text+ that matches the first instance of +phrase+.
# The +radius+ expands the excerpt on each side of the first occurrence of +phrase+ by the number of characters
# defined in +radius+ (which defaults to 100). If the excerpt radius overflows the beginning or end of the +text+,
# then the +excerpt_string+ will be prepended/appended accordingly. If the +phrase+
# isn't found, nil is returned.
#
# ==== Examples
# excerpt('This is an example', 'an', 5)
# # => "...s is an examp..."
#
# excerpt('This is an example', 'is', 5)
# # => "This is an..."
#
# excerpt('This is an example', 'is')
# # => "This is an example"
#
# excerpt('This next thing is an example', 'ex', 2)
# # => "...next t..."
#
# excerpt('This is also an example', 'an', 8, ' This is Textile! Rejoice! I love ROR! Visit the Rails website here. tag that RedCloth adds.
#
# You can learn more about Textile's syntax at its website[http://www.textism.com/tools/textile].
# This method is only available if RedCloth[http://whytheluckystiff.net/ruby/redcloth/]
# is available.
#
# ==== Examples
# textilize_without_paragraph("*This is Textile!* Rejoice!")
# # => "This is Textile! Rejoice!"
#
# textilize_without_paragraph("I _love_ ROR(Ruby on Rails)!")
# # => "I love ROR!"
#
# textilize_without_paragraph("h2. Textile makes markup -easy- simple!")
# # => " " then textiled = textiled[3..-1] end
if textiled[-4..-1] == " We are using Markdown now! We like to write The Markdown website
# # has more information. tags. One newline (\n) is
# considered as a linebreak and a Here is some basic text... We want to put a paragraph... ...right there.Textile makes markup
"
#
# textilize("Visit the Rails website "here":http://www.rubyonrails.org/.)
# # => "easy simple!Textile makes markup
"
#
# textilize_without_paragraph("Visit the Rails website "here":http://www.rubyonrails.org/.)
# # => "Visit the Rails website here."
def textilize_without_paragraph(text)
textiled = textilize(text)
if textiled[0..2] == "easy simple!code
, not just read it!
tag is appended. This
# method does not remove the newlines from the +text+.
#
# ==== Examples
# my_text = """Here is some basic text...
# ...with a line break."""
#
# simple_format(my_text)
# # => "
...with a line break.
"). # 2+ newline -> paragraph
gsub(/([^\n]\n)(?=[^\n])/, '\1
') # 1 newline -> br
end
# Turns all URLs and e-mail addresses into clickable links. The +link+ parameter
# will limit what should be linked. You can add HTML attributes to the links using
# +href_options+. Options for +link+ are :all (default),
# :email_addresses, and :urls. If a block is given, each URL and
# e-mail address is yielded and the result is used as the link text.
#
# ==== Examples
# auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com")
# # => "Go to http://www.rubyonrails.org and
# # say hello to david@loudthinking.com"
#
# auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :urls)
# # => "Visit http://www.loudthinking.com/
# # or e-mail david@loudthinking.com"
#
# auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :email_addresses)
# # => "Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com"
#
# post_body = "Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com."
# auto_link(post_body, :all, :target => '_blank') do |text|
# truncate(text, 15)
# end
# # => "Welcome to my new blog at http://www.m....
# Please e-mail me at me@email.com."
#
def auto_link(text, link = :all, href_options = {}, &block)
return '' if text.blank?
case link
when :all then auto_link_email_addresses(auto_link_urls(text, href_options, &block), &block)
when :email_addresses then auto_link_email_addresses(text, &block)
when :urls then auto_link_urls(text, href_options, &block)
end
end
# Strips all link tags from +text+ leaving just the link text.
#
# ==== Examples
# strip_links('Ruby on Rails')
# # => Ruby on Rails
#
# strip_links('Please e-mail me at me@email.com.')
# # => Please e-mail me at me@email.com.
#
# strip_links('Blog: Visit.')
# # => Blog: Visit
def strip_links(html)
if !html.blank? && (html.index("")
tokenizer = HTML::Tokenizer.new(html)
result = returning [] do |result|
while token = tokenizer.next
node = HTML::Node.parse(nil, 0, 0, token, false)
result << node.to_s unless node.is_a?(HTML::Tag) && ["a", "href"].include?(node.name)
end
end.join
result == html ? result : strip_links(result) # Recurse - handle all dirty nested links
else
html
end
end
# This #sanitize helper will html encode all tags and strip all attributes that aren't specifically allowed.
# It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any
# tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out
# the extensive test suite.
#
# <%= sanitize @article.body %>
#
# You can add or remove tags/attributes if you want to customize it a bit. See ActionView::Base for full docs on the
# available options. You can add tags/attributes for single uses of #sanitize by passing either the :attributes or :tags options:
#
# Normal Use
#
# <%= sanitize @article.body %>
#
# Custom Use
#
# <%= sanitize @article.body, :tags => %w(table tr td), :attributes => %w(id class style)
#
# Add table tags
#
# Rails::Initializer.run do |config|
# config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
# end
#
# Remove tags
#
# Rails::Initializer.run do |config|
# config.after_initialize do
# ActionView::Base.sanitized_allowed_tags.delete 'div'
# end
# end
#
# Change allowed attributes
#
# Rails::Initializer.run do |config|
# config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
# end
#
def sanitize(html, options = {})
return html if html.blank? || !html.include?('<')
attrs = options.key?(:attributes) ? Set.new(options[:attributes]).merge(sanitized_allowed_attributes) : sanitized_allowed_attributes
tags = options.key?(:tags) ? Set.new(options[:tags] ).merge(sanitized_allowed_tags) : sanitized_allowed_tags
returning [] do |new_text|
tokenizer = HTML::Tokenizer.new(html)
parent = []
while token = tokenizer.next
node = HTML::Node.parse(nil, 0, 0, token, false)
new_text << case node
when HTML::Tag
if node.closing == :close
parent.shift
else
parent.unshift node.name
end
node.attributes.keys.each do |attr_name|
value = node.attributes[attr_name].to_s
if !attrs.include?(attr_name) || contains_bad_protocols?(attr_name, value)
node.attributes.delete(attr_name)
else
node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(value)
end
end if node.attributes
tags.include?(node.name) ? node : nil
else
sanitized_bad_tags.include?(parent.first) ? nil : node.to_s.gsub(/, "<")
end
end
end.join
end
# Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute
def sanitize_css(style)
# disallow urls
style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
# gauntlet
if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$))*$/
return ''
end
returning [] do |clean|
style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val|
if sanitized_allowed_css_properties.include?(prop.downcase)
clean << prop + ': ' + val + ';'
elsif sanitized_shorthand_css_properties.include?(prop.split('-')[0].downcase)
unless val.split().any? do |keyword|
!sanitized_allowed_css_keywords.include?(keyword) &&
keyword !~ /^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
end
clean << prop + ': ' + val + ';'
end
end
end
end.join(' ')
end
# Strips all HTML tags from the +html+, including comments. This uses the
# html-scanner tokenizer and so its HTML parsing ability is limited by
# that of html-scanner.
#
# ==== Examples
#
# strip_tags("Strip these tags!")
# # => Strip these tags!
#
# strip_tags("Bold no more! See more here...")
# # => Bold no more! See more here...
#
# strip_tags("
item | #