Class: Ape::SanitizationValidator
- Defined in:
- lib/ape/validators/sanitization_validator.rb
Instance Attribute Summary
Attributes inherited from Validator
Instance Method Summary collapse
Methods inherited from Validator
Methods included from Util
Methods included from ValidatorDsl
Dynamic Method Handling
This class handles dynamic methods through the method_missing method in the class Ape::Validator
Instance Method Details
#validate(opts = {}) ⇒ Object
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/ape/validators/sanitization_validator.rb', line 6 def validate(opts = {}) reporter.info(self, "TESTING: Content sanitization") coll = opts[:entry_collection] poster = Poster.new(coll.href, @authent) name = 'Posting unclean XHTML' worked = poster.post(Names::AtomEntryMediaType, Samples.unclean_xhtml_entry) if !worked reporter.save_dialog(name, poster) reporter.error(self, "Can't POST unclean XHTML: #{poster.last_error}", name) return end location = poster.header('Location') name = "Retrieval of unclean XHTML entry" entry = check_resource(location, name, Names::AtomMediaType) return unless entry begin entry = Entry.new(:text => entry.body, :uri => location) rescue REXML::ParseException prob = $!.to_s.gsub(/\n/, '<br/>') reporter.error(self, "New entry is not well-formed: #{prob}") return end no_problem = true patterns = { '//xhtml:script' => "Published entry retains xhtml:script element.", '//*[@background]' => "Published entry retains 'background' attribute.", '//*[@style]' => "Published entry retains 'style' attribute.", } patterns.each { |xp, | reporter.warning(self, ) unless entry.xpath_match(xp).empty? } entry.xpath_match('//xhtml:a').each do |a| if a.attributes['href'] =~ /^([a-zA-Z]+):/ if $1 != 'http' no_problem = false reporter.warning(self, "Published entry retains dangerous hyperlink: '#{a.attributes['href']}'.") end end end delete_entry(entry) reporter.success(self, "Published entry appears to be sanitized.") if no_problem end |