diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..3a4b14e --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,2 @@ +1.0.0 (10-14-09) +Initial butchering of defunkt's work. \ No newline at end of file diff --git a/CHANGES b/CHANGES deleted file mode 100644 index 40ec9ec..0000000 --- a/CHANGES +++ /dev/null @@ -1,13 +0,0 @@ -= 0.3 - - Fixed Model.textiled = false bug - - Refactored tests - - Changed api from @story.description_plain to @story.description(:plain) - kept old way, though - -= 0.2 - - * Fix issue with object.attribute_plain overwriting the original attribute [Thanks, James] - * Fix issue with attributes trying to work on nil values [Thanks again, James] - -= 0.1 - - * Initial import diff --git a/LICENSE b/LICENSE index 844bbe4..b538434 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2006 Chris Wanstrath +Copyright (c) 2006,2009 Chris Wanstrath, Gabe da Silveira Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in diff --git a/README.rdoc b/README.rdoc index 7900c26..14f4420 100644 --- a/README.rdoc +++ b/README.rdoc @@ -1,13 +1,24 @@ -= Acts as Textiled += Acts as Sanitiled -This simple plugin allows you to forget about constantly rendering Textile in -your application. Instead, you can rest easy knowing the Textile fields you -want to display as HTML will always be displayed as HTML (unless you tell your -code otherwise). +This plugin, based on Chris Wanstrath's venerable acts_as_textiled, extends the +automatic textiling functionality to sanitization as well using as its basis Ryan +Grove's powerful yet simple Sanitize gem. -No database modifications are needed. +The reasoning behind this approach is simple. Filtering input before it is saved to the database (as xss_terminate and many other popular plugins do) often fails to preserve user intent. On the other hand, filtering output at the template level is error prone, and you are begging to get pwned. Short of some sort of taint mode (which Rails 3 will have!), I believe the method employed by acts_as_textiled is the next best thing: you get safe output by default, but input is never corrupted. -You need RedCloth, of course. And Rails. +== Requirements + +Sanitize 1.1.0 +Nokogiri 1.3.3 +RedCloth (for Textile support) +ActiveRecord (tested on 2.3.4) + +== Changes from acts_as_textiled + +acts_as_sanitiled mostly maintains the API, but one noticeable difference is that it +needs to expose the Sanitize config. Therefore acts_as_textiled use of a hash to +provide per-column RedCloth configuration had to be replaced with Sanitize config. +RedCloth options can still be passed as an array that applies to all fields listed. == Usage @@ -50,28 +61,23 @@ You need RedCloth, of course. And Rails. == Different Modes -RedCloth supports different modes, such as :lite_mode. To use a mode on -a specific attribute simply pass it in as an options hash after any -attributes you don't want to mode-ify. Like so: - - class Story < ActiveRecord::Base - acts_as_textiled :body_text, :description => :lite_mode - end - -Or: +Sanitize supports a detailed configuration hash describing what HTML is allowed (among +other things). This can be passed at the end of the declaration. See the Sanitize docs +for more information. class Story < ActiveRecord::Base - acts_as_textiled :body_text => :lite_mode, :description => :lite_mode + acts_as_sanitiled :body_text, :elements => ['em','strong','div'], :attributes => {'div' => ['class','id']} end -You can also pass in multiple modes per attribute: +RedCloth supports different modes, such as :lite_mode. To use a mode on +a specific attribute simply pass one or more options in an array after the field names. Like so: class Story < ActiveRecord::Base - acts_as_textiled :body_text, :description => [ :lite_mode, :no_span_caps ] + acts_as_sanitiled :body_text, :description, [ :lite_mode ] end Get it? Now let's say you have an admin tool and you want the text to be displayed -in the text boxes / fields as plaintext. Do you have to change all your views? +in the text boxes / fields as plaintext. Do you have to change all your views? Hell no. @@ -87,7 +93,7 @@ You'll see the Textile plaintext in the text field. It Just Works. == form tags -If you're being a bit unconvential, no worries. You can still get at your +If you're being a bit unconvential, no worries. You can still get at your raw Textile like so: Description:
<%= text_field_tag :description, @story.description(:source) %> @@ -96,7 +102,7 @@ And there's always object.textiled = false, as demo'd above. == Pre-fetching -acts_as_textiled locally caches rendered HTML once the attribute in question has +acts_as_sanitiled locally caches rendered HTML once the attribute in question has been requested. Obviously this doesn't bode well for marshalling or caching. If you need to force your object to build and cache HTML for all textiled attributes, @@ -105,7 +111,7 @@ call the +textilize+ method on your object. If you're real crazy you can even do something like this: class Story < ActiveRecord::Base - acts_as_textiled :body_text, :description + acts_as_sanitiled :body_text, :description def after_find textilize @@ -118,3 +124,4 @@ won't need to do this. Enjoy. * By Chris Wanstrath [ chris[at]ozmm[dot]org ] +* Butchered and Sanitized by Gabe da Silveira [ gabe[at]websaviour[dot]com ] \ No newline at end of file diff --git a/Rakefile b/Rakefile deleted file mode 100644 index 1647604..0000000 --- a/Rakefile +++ /dev/null @@ -1,14 +0,0 @@ -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - -desc 'Generate RDoc documentation for the acts_as_textiled plugin.' -Rake::RDocTask.new(:rdoc) do |rdoc| - files = ['README', 'LICENSE', 'lib/**/*.rb'] - rdoc.rdoc_files.add(files) - rdoc.main = "README" # page to start on - rdoc.title = "acts_as_textiled" - rdoc.template = File.exists?(t="/Users/chris/ruby/projects/err/rock/template.rb") ? t : "/var/www/rock/template.rb" - rdoc.rdoc_dir = 'doc' # rdoc output folder - rdoc.options << '--inline-source' -end diff --git a/about.yml b/about.yml deleted file mode 100644 index b4fafd7..0000000 --- a/about.yml +++ /dev/null @@ -1,7 +0,0 @@ -author: Chris Wanstrath (chris[at]ozmm[dot]org) -summary: -homepage: http://errtheblog.com/post/14 -plugin: http://require.errtheblog.com/svn/acts_as_textiled -license: MIT -version: 0.3 -rails_version: 1.1+ diff --git a/init.rb b/init.rb deleted file mode 100644 index d70cc1e..0000000 --- a/init.rb +++ /dev/null @@ -1,8 +0,0 @@ -begin - require 'RedCloth' unless defined? RedCloth -rescue LoadError - nil -end - -require 'acts_as_textiled' -ActiveRecord::Base.send(:include, Err::Acts::Textiled) diff --git a/lib/acts_as_textiled.rb b/lib/acts_as_sanitiled.rb similarity index 95% rename from lib/acts_as_textiled.rb rename to lib/acts_as_sanitiled.rb index 5c6374e..4f31fce 100644 --- a/lib/acts_as_textiled.rb +++ b/lib/acts_as_sanitiled.rb @@ -1,3 +1,9 @@ +begin + require 'RedCloth' unless defined? RedCloth +rescue LoadError + nil +end + module Err module Acts #:nodoc: all module Textiled @@ -106,3 +112,5 @@ def html_regexp end end end + +ActiveRecord::Base.send(:include, Err::Acts::Textiled) diff --git a/test/helper.rb b/test/helper.rb index de69c02..a605217 100644 --- a/test/helper.rb +++ b/test/helper.rb @@ -53,7 +53,7 @@ def self.find(id) end end unless defined? ActiveRecord -require File.dirname(__FILE__) + '/../init' +require 'acts_as_sanitiled.rb' class Author < ActiveRecord::Base acts_as_textiled :blog => :lite_mode