Kasper Timm Hansen kaspth
kaspth
/ old_css_select.rb
Last active
December 20, 2015 00:09
An attempt to absolve css_select and assert_select from their argument parsing. To make the code more declarative and stuff... The order of arguments:
0: html element (optional)
1: selector
2: comparator
3: message
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def css_select(*args) | |
| # See assert_select to understand what's going on here. | |
| arg = args.shift | |
| if arg.is_a?(HTML::Node) | |
| root = arg | |
| arg = args.shift | |
| elsif arg == nil | |
| raise ArgumentError, "First argument is either selector or element to select, but nil found. Perhaps you called assert_select with an element that does not exist?" | |
| elsif defined?(@selected) && @selected |
kaspth
/ failures.txt
Last active
December 19, 2015 02:48
The failures I'm seeing in sanitizers_test.rb.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In actionview dir run tests with | |
| # rake test TEST=test/template/sanitizers_test.rb | |
| 1) Failure: | |
| SanitizerTest#test_should_not_fall_for_xss_image_hack_4 [actionview/test/template/sanitizers_test.rb:173]: | |
| Expected: "<img>" | |
| Actual: "<img>alert(\"XSS\")\">" | |
| 2) Failure: |
kaspth
/ scrub_that_api.rb
Last active
December 18, 2015 04:58
A new API proposal for custom HTML scrubbing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # By switching out the html-scanner lib with Loofah, we can make use of the custom HTML scrubbers within Loofah to get more control over what gets sanitized. | |
| # This could be useful in apps where users submit text content. | |
| # Say Twitter in an alternate universe allows users to format their tweets using some HTML tags. They then need a way to specify what tags are black- and/or whitelisted. | |
| # This is an example of how it could work in a model. | |
| class Comment < ActiveRecord::Base | |
| # block based | |
| # block takes a node | |
| scrubs :body do |node| |
NewerOlder