From 8e0735eca61670205bbaa41c663b4bcf4fc32fb6 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Wed, 11 Jun 2014 14:52:56 -0600 Subject: [PATCH 01/15] tests: switch to Minitest 5 MiniTest::Unit::TestCase is now Minitest::Test. Update to the latest Minitest 5 API. --- test/test_rails_autolink.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 43a2f3a..2215296 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -13,7 +13,7 @@ require 'timeout' require "rails_autolink/helpers" -class TestRailsAutolink < MiniTest::Unit::TestCase +class TestRailsAutolink < Minitest::Test include ActionView::Helpers::CaptureHelper include ActionView::Helpers::TextHelper include ActionView::Helpers::SanitizeHelper From 36bcf380b8a199d724080059ae6ddfacd2246228 Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Thu, 26 May 2016 06:54:39 +0930 Subject: [PATCH 02/15] Avoid another pathological input If we failed to find a valid email address starting from the first valid-local-part character in a sequence, there's no need to try from the second. --- lib/rails_autolink/helpers.rb | 2 +- test/test_rails_autolink.rb | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/rails_autolink/helpers.rb b/lib/rails_autolink/helpers.rb index 8445ff6..2269331 100644 --- a/lib/rails_autolink/helpers.rb +++ b/lib/rails_autolink/helpers.rb @@ -79,7 +79,7 @@ def auto_link(text, *args, &block) #link = :all, html = {}, &block) AUTO_LINK_CRE = [/<[^>]+$/, /^[^>]*>/, //i, /<\/a>/i] AUTO_EMAIL_LOCAL_RE = /[\w.!#\$%&'*\/=?^`{|}~+-]/ - AUTO_EMAIL_RE = /[\w.!#\$%+-]\.?#{AUTO_EMAIL_LOCAL_RE}*@[\w-]+(?:\.[\w-]+)+/ + AUTO_EMAIL_RE = /(? '[', ')' => '(', '}' => '{' } diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 43a2f3a..88b20c8 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -331,10 +331,12 @@ def test_autolink_with_trailing_amp_on_link end def test_auto_link_does_not_timeout_when_parsing_odd_email_input - inputs = %w( + inputs = %W( foo@................................... foo@........................................ foo@............................................. + + #{'foo' * 20000}@ ) inputs.each do |input| From 47340b17f558bea7b0009acf4c0e34688c5a8a9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Mon, 18 Jul 2022 10:19:27 +0200 Subject: [PATCH 03/15] Update test suite to match current implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We’re delegating escaping and sanitisation to `ActionView#sanitize`. The last commit is 6 years old and the rails dependency is specified as > 3.1 so it’s natural that the test suite is no longer up-to-date. Current behaviour on Rails 7.0.3.1: 1. Self-closing tags no longer has `/` before `>`. 2. & is escaped as `%amp;`. 3. Save part of malicious content is rendered. 4. `target` attribute is rendered before `href`. 5. `+` is escaped in mailto link. Notice that 2. makes auto linking emails with & behave differently. This commit does not change the behaviour but documents the difference in behaviour. It is possible that this is a regression that should be addressed. --- test/test_rails_autolink.rb | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 537d232..56bc94c 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -24,7 +24,7 @@ class TestRailsAutolink < Minitest::Test def test_auto_link_within_tags link_raw = 'http://www.rubyonrails.org/images/rails.png' - link_result = %Q() + link_result = %Q() assert_equal link_result, auto_link(link_result) end @@ -62,7 +62,7 @@ def test_auto_link_with_block url = "http://api.rubyonrails.com/Foo.html" email = "fantabulous@shiznadel.ic" - assert_equal %(

#{url[0...7]}...
#{email[0...7]}...

), auto_link("

#{url}
#{email}

") { |_url| truncate(_url, :length => 10) } + assert_equal %(

#{url[0...7]}...
#{email[0...7]}...

), auto_link("

#{url}
#{email}

") { |_url| truncate(_url, :length => 10) } end def test_auto_link_with_block_with_html @@ -81,7 +81,7 @@ def test_auto_link_with_block_with_html def test_auto_link_should_sanitize_input_when_sanitize_option_is_not_false link_raw = %{http://www.rubyonrails.com?id=1&num=2} malicious_script = '' - assert_equal %{http://www.rubyonrails.com?id=1&num=2}, auto_link("#{link_raw}#{malicious_script}") + assert_equal %{http://www.rubyonrails.com?id=1&num=2alert("malicious!")}, auto_link("#{link_raw}#{malicious_script}") assert auto_link("#{link_raw}#{malicious_script}").html_safe? end @@ -90,7 +90,7 @@ def test_auto_link_should_sanitize_input_with_sanitize_options malicious_script = '' text_with_attributes = %{Ruby} - text_result = %{http://www.rubyonrails.com?id=1&num=2Ruby} + text_result = %{http://www.rubyonrails.com?id=1&num=2alert("malicious!")Ruby} assert_equal text_result, auto_link("#{link_raw}#{malicious_script}#{text_with_attributes}", :sanitize_options => {:attributes => ["target", "href"]}, :html => {:class => 'big'}) @@ -146,7 +146,7 @@ def test_auto_link_at_eol url1 = "http://api.rubyonrails.com/Foo.html" url2 = "http://www.ruby-doc.org/core/Bar.html" - assert_equal %(

#{url1}
#{url2}

), auto_link("

#{url1}
#{url2}

") + assert_equal %(

#{url1}
#{url2}

), auto_link("

#{url1}
#{url2}

") end def test_auto_link_should_be_html_safe @@ -177,14 +177,16 @@ def test_auto_link_email_address end def test_auto_link_email_addres_with_especial_chars - email_raw = "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com" + email_raw = "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com" + email_raw_encoded = ERB::Util.url_encode("andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com").gsub("%40", "@") email_sanitized = if Rails.version =~ /^3/ # mail_to changed the number base it rendered HTML encoded characters at some point - "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com" + "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com" else - "and&re$la*+r-a.o'rea=l~ly@tenderlovemaking.com" + "andre$la*+r-a.o'rea=l~ly@tenderlovemaking.com" end - email_result = %{#{email_sanitized}} + email_result = %{#{email_sanitized}} + assert_equal email_result, auto_link(email_raw) assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe' end @@ -194,7 +196,7 @@ def test_auto_link email_result = %{#{email_raw}} link_raw = 'http://www.rubyonrails.com' link_result = generate_result(link_raw) - link_result_with_options = %{#{link_raw}} + link_result_with_options = %{#{link_raw}} assert_equal '', auto_link(nil) assert_equal '', auto_link('') @@ -212,7 +214,7 @@ def test_auto_link assert_equal %(#{link_result} #{link_result}), auto_link(%(#{link_result} #{link_raw})) email2_raw = '+david@loudthinking.com' - email2_result = %{#{email2_raw}} + email2_result = %{#{email2_raw}} assert_equal email2_result, auto_link(email2_raw) assert_equal email2_result, auto_link(email2_raw, :all) assert_equal email2_result, auto_link(email2_raw, :email_addresses) @@ -347,13 +349,9 @@ def test_auto_link_does_not_timeout_when_parsing_odd_email_input end private - def generate_result(link_text, href = nil, escape = false) + def generate_result(link_text, href = nil) href ||= link_text - if escape - %{#{CGI::escapeHTML link_text}} - else - %{#{link_text}} - end + %{#{CGI::escapeHTML link_text}}.gsub("'", "'") # ActionView does not escape ' end # from ruby core From 73ba82d9a62eddea5878f1ce73dccaffff11b881 Mon Sep 17 00:00:00 2001 From: Jeremy Daer Date: Thu, 11 Aug 2022 11:28:38 -0700 Subject: [PATCH 04/15] Tests generate expected autolink result using sanitization which may subtly differ from CGI.escapeHTML --- test/test_rails_autolink.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 56bc94c..873afc4 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -350,8 +350,9 @@ def test_auto_link_does_not_timeout_when_parsing_odd_email_input private def generate_result(link_text, href = nil) - href ||= link_text - %{#{CGI::escapeHTML link_text}}.gsub("'", "'") # ActionView does not escape ' + text = sanitize(link_text) + href = sanitize(href) || text + %{#{text}}.gsub("'", "'") # ActionView does not escape ' end # from ruby core From 3eff029bdbc7cdbba63679c69924243995349737 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Mon, 18 Jul 2022 11:48:59 +0200 Subject: [PATCH 05/15] Include trailing hyphens in URL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this commit http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value- Would generate http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value- Instead of http://www.rubyonrails.com/foo.cgi?trailing_ampersand=value- The reason this was failing was because the unescaped `-` acted as a character class (specifying a range of characters to match, rather than matching against the literal hyphen character. The previously matched characters were: = & ; : / < `=` and `&` already had specific test cases. `test_autolink_with_trailing_amp_on_link` was failing when we escape the hyphen (because `&` is turned into `&` and because of that we rely on `;` being included in the URL. `/` was already explicitly included in the pattern but was not explicitly tested. `>` is not a problem as it’s escaped to `<`. Including `:` has been [identified](https://github.com/tenderlove/rails_autolink/pull/45#issuecomment-1209691944) as a regression so we add a test to document that a trailing `:` is no longer being part of the URL. --- lib/rails_autolink/helpers.rb | 2 +- test/test_rails_autolink.rb | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/rails_autolink/helpers.rb b/lib/rails_autolink/helpers.rb index 2269331..cbb33da 100644 --- a/lib/rails_autolink/helpers.rb +++ b/lib/rails_autolink/helpers.rb @@ -98,7 +98,7 @@ def auto_link_urls(text, html_options = {}, options = {}) href else # don't include trailing punctuation character as part of the URL - while href.sub!(/[^#{WORD_PATTERN}\/-=&]$/, '') + while href.sub!(/[^#{WORD_PATTERN}\/\-=;]$/, '') punctuation.push $& if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size href << punctuation.pop diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 873afc4..85ef1f3 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -332,6 +332,28 @@ def test_autolink_with_trailing_amp_on_link assert_equal generate_result(url), auto_link(url) end + def test_autolink_with_trailing_colon_on_link + url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value:" + expected_url = "http://www.rubyonrails.com/foo.cgi?trailing_colon=value" + + assert_equal "#{generate_result(expected_url)}:", auto_link(url) + end + + def test_autolink_with_trailing_hyphen_on_link + url = "http://www.rubyonrails.com/foo.cgi?trailing_hyphen=value-" + assert_equal generate_result(url), auto_link(url) + end + + def test_autolink_with_trailing_forward_slash_on_link + url = "http://www.rubyonrails.com/foo.cgi?trailing_forward_slash=value/" + assert_equal generate_result(url), auto_link(url) + end + + def test_autolink_with_trailing_number_on_link + url = "http://www.rubyonrails.com/foo.cgi?trailing_number=value3" + assert_equal generate_result(url), auto_link(url) + end + def test_auto_link_does_not_timeout_when_parsing_odd_email_input inputs = %W( foo@................................... From 83aa8edb67c33366070f3d7213c79cb865771b9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Tue, 1 Nov 2022 15:34:55 +0100 Subject: [PATCH 06/15] =?UTF-8?q?Require=20a=20word=20part=20after=20?= =?UTF-8?q?=E2=80=9Cwww.=E2=80=9D=20when=20auto=20linking?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is to not parse things like “awww... what a cute kitten” as a link. Credits to @ItsYou who proposed the solution to issue #46 back in 2015. This commit slims down the tests a bit, leaves out the unnecessary forward- slash escape and add regression test for numeric domain but is otherwise the same as PR #58. --- lib/rails_autolink/helpers.rb | 2 +- test/test_rails_autolink.rb | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/rails_autolink/helpers.rb b/lib/rails_autolink/helpers.rb index cbb33da..0de8000 100644 --- a/lib/rails_autolink/helpers.rb +++ b/lib/rails_autolink/helpers.rb @@ -71,7 +71,7 @@ def auto_link(text, *args, &block) #link = :all, html = {}, &block) private AUTO_LINK_RE = %r{ - (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\. ) + (?: ((?:ed2k|ftp|http|https|irc|mailto|news|gopher|nntp|telnet|webcal|xmpp|callto|feed|svn|urn|aim|rsync|tag|ssh|sftp|rtsp|afs|file):)// | www\.\w ) [^\s<\u00A0"]+ }ix diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 85ef1f3..c1c7541 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -315,6 +315,7 @@ def test_auto_link_parsing http://of.openfoundry.org/projects/492/download#4th.Release.3 http://maps.google.co.uk/maps?f=q&q=the+london+eye&ie=UTF8&ll=51.503373,-0.11939&spn=0.007052,0.012767&z=16&iwloc=A http://около.кола/колокола + https://123domain.com https://123.com https://123.domain.com https://www.123.domain.com ) urls.each do |url| @@ -370,6 +371,10 @@ def test_auto_link_does_not_timeout_when_parsing_odd_email_input end end + def test_auto_link_with_www_in_non_url_string + assert_equal "awww.", auto_link("awww.") + end + private def generate_result(link_text, href = nil) text = sanitize(link_text) From 1c0a98b727c6c7ba82dc3163aaaf0f1943dee9c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Wed, 2 Nov 2022 10:42:36 +0100 Subject: [PATCH 07/15] Version up :tada: --- CHANGELOG.rdoc | 8 ++++++++ lib/rails_autolink/version.rb | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index e90f62e..5f8d8ce 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,11 @@ +=== 1.1.7 / 2022-11-02 + +* Require a word part after “www.” when auto linking #75 +* Include trailing hyphens in URL #74 +* Make test suite work under Rails 7 #72 +* Optimize email address parsing #63 +* Switch to MiniTest 5 #48 + === 1.1.6 / 2014-06-08 * Fixed a potential XSS vulnerability #47 diff --git a/lib/rails_autolink/version.rb b/lib/rails_autolink/version.rb index 007616e..b6e6dc4 100644 --- a/lib/rails_autolink/version.rb +++ b/lib/rails_autolink/version.rb @@ -1,3 +1,3 @@ module RailsAutolink - VERSION = '1.1.6' -end \ No newline at end of file + VERSION = '1.1.7' +end From 6bd03fcfbaaa343b410f647049489d7f44533768 Mon Sep 17 00:00:00 2001 From: Guillaume Briday Date: Mon, 26 Dec 2022 09:55:01 -0500 Subject: [PATCH 08/15] Converting rdoc to md --- CHANGELOG.md | 68 +++++++++++++++++++++++++++++++++++++++++++++ CHANGELOG.rdoc | 56 ------------------------------------- LICENSE | 21 ++++++++++++++ README.md | 66 ++++++++++++++++++++++++++++++++++++++++++++ README.rdoc | 75 -------------------------------------------------- 5 files changed, 155 insertions(+), 131 deletions(-) create mode 100644 CHANGELOG.md delete mode 100644 CHANGELOG.rdoc create mode 100644 LICENSE create mode 100644 README.md delete mode 100644 README.rdoc diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..4a57f24 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,68 @@ +### 1.1.7 / 2022-11-02 + +- Require a word part after “www.” when auto linking #75 +- Include trailing hyphens in URL #74 +- Make test suite work under Rails 7 #72 +- Optimize email address parsing #63 +- Switch to MiniTest 5 #48 + + +### 1.1.6 / 2014-06-08 + +- Fixed a potential XSS vulnerability #47 +- Hold onto trailing `=` and `&` characters as part of urls #45 +- Ensure test compatibility with Rails `3.2.x/4.0.x/4.1.x` #44 +- Readme typo #41 +- require timeout in tests #40 + + +### 1.1.5 / 2013-10-23 + +- Improved performance of email regex + +- Protocol regex is case insensitive + + +### 1.1.3 / 2013-09-12 + +- Updates gemspec to work with latest rubygems + + +### 1.1.1 / 2013-09-12 + +- Improved email regex to allow especial chars: !#$%&'*+-/=?^_`{|}~ + + +### 1.1.0 / 2013-05-02 + +- Ready for Rails 4. + + +### 1.0.7 / 2012-04-27 + +- Added support for non-latin characters in autolinked urls + + +### 1.0.6 / 2012-03-12 + +- Added sanitize_options arg + + +### 1.0.5 / 2012-01-27 + +- Update dependency to include rails 3.2.X + + +### 1.0.2 / 2011-06-18 + +- Compatibility with rails 3.1.0.rc4 + + +### 1.0.0 / 2011-05-02 + +- 1 major enhancement + + - Birthday! + + + diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc deleted file mode 100644 index 5f8d8ce..0000000 --- a/CHANGELOG.rdoc +++ /dev/null @@ -1,56 +0,0 @@ -=== 1.1.7 / 2022-11-02 - -* Require a word part after “www.” when auto linking #75 -* Include trailing hyphens in URL #74 -* Make test suite work under Rails 7 #72 -* Optimize email address parsing #63 -* Switch to MiniTest 5 #48 - -=== 1.1.6 / 2014-06-08 - -* Fixed a potential XSS vulnerability #47 -* Hold onto trailing = and & characters as part of urls #45 -* Ensure test compatibility with Rails 3.2.x/4.0.x/4.1.x #44 -* Readme typo #41 -* require timeout in tests #40 - -=== 1.1.5 / 2013-10-23 - -* Improved performance of email regex - -* Protocol regex is case insensitive - -=== 1.1.3 / 2013-09-12 - -* Updates gemspec to work with latest rubygems - -=== 1.1.1 / 2013-09-12 - -* Improved email regex to allow especial chars: !#$%&'*+-/=?^_`{|}~ - -=== 1.1.0 / 2013-05-02 - -* Ready for Rails 4. - -=== 1.0.7 / 2012-04-27 - -* Added support for non-latin characters in autolinked urls - -=== 1.0.6 / 2012-03-12 - -* Added sanitize_options arg - -=== 1.0.5 / 2012-01-27 - -* Update dependency to include rails 3.2.X - -=== 1.0.2 / 2011-06-18 - -* Compatibility with rails 3.1.0.rc4 - -=== 1.0.0 / 2011-05-02 - -* 1 major enhancement - - * Birthday! - diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6f2da3f --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2011 DHH + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the 'Software'), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..3ab5c09 --- /dev/null +++ b/README.md @@ -0,0 +1,66 @@ +# rails_autolink + +- http://github.com/tenderlove/rails_autolink + + +## Description + +This is an extraction of the `auto_link` method from rails. The `auto_link` +method was removed from Rails in version Rails 3.1. This gem is meant to +bridge the gap for people migrating. + +## Features + +By default auto_link returns sanitized html_safe strings. This behaviour can +be overridden by setting the `:sanitize` option to false (thus making it +insecure if you don't have the content under control). + +## Install + +Add this line to your application's Gemfile: + +```ruby +gem 'rails_autolink' +``` + +And then execute: + +```bash +$ bundle install +``` + + +## Synopsis + +```ruby +require 'rails_autolink' + +auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com") +# => "Go to http://www.rubyonrails.org and +# say hello to david@loudthinking.com" + +auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :urls) +# => "Visit http://www.loudthinking.com/ +# or e-mail david@loudthinking.com" + +auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :email_addresses) +# => "Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com" + +auto_link("Go to http://www.rubyonrails.org ") +# => "Go to http://www.rubyonrails.org " + +auto_link("Go to http://www.rubyonrails.org ", :sanitize => false) +# => "Go to http://www.rubyonrails.org " + +post_body = "Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com." +auto_link(post_body, :html => { :target => '_blank' }) do |text| + truncate(text, :length => 15) +end +# => "Welcome to my new blog at http://www.m.... +``` + +## Requirements + +- `rails` > `3.1` + + diff --git a/README.rdoc b/README.rdoc deleted file mode 100644 index d29c2cd..0000000 --- a/README.rdoc +++ /dev/null @@ -1,75 +0,0 @@ -= rails_autolink - -* http://github.com/tenderlove/rails_autolink - -== DESCRIPTION: - -This is an extraction of the `auto_link` method from rails. The `auto_link` -method was removed from Rails in version Rails 3.1. This gem is meant to -bridge the gap for people migrating. - -== FEATURES: - -By default auto_link returns sanitized html_safe strings. -This behaviour can be overridden by setting the :sanitize option to false -(thus making it insecure if you don't have the content under control). - -== SYNOPSIS: - - require 'rails_autolink' - - auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com") - # => "Go to http://www.rubyonrails.org and - # say hello to david@loudthinking.com" - - auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :urls) - # => "Visit http://www.loudthinking.com/ - # or e-mail david@loudthinking.com" - - auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :email_addresses) - # => "Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com" - - auto_link("Go to http://www.rubyonrails.org ") - # => "Go to http://www.rubyonrails.org " - - auto_link("Go to http://www.rubyonrails.org ", :sanitize => false) - # => "Go to http://www.rubyonrails.org " - - post_body = "Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com." - auto_link(post_body, :html => { :target => '_blank' }) do |text| - truncate(text, :length => 15) - end - # => "Welcome to my new blog at http://www.m.... - -== REQUIREMENTS: - -* rails > 3.1 - -== INSTALL: - -* gem install rails_autolink - -== LICENSE: - -(The MIT License) - -Copyright (c) 2011 DHH - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. From ac044e636299d02863442f0ac1b43427b2dd4d20 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Thu, 2 Feb 2023 18:10:24 +1100 Subject: [PATCH 09/15] Use GitHub Actions for CI --- .github/workflows/test.yml | 35 +++++++++++++++++++++++++++++++++++ Gemfile | 12 ++---------- test/test_rails_autolink.rb | 4 ++-- 3 files changed, 39 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..4f7df0c --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,35 @@ +--- +name: Tests +on: [ push, pull_request ] +jobs: + test: + name: Test (Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}) + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - { ruby: '3.2', rails: '7.0.4.2' } + - { ruby: '3.2', rails: '6.1.7.2' } + - { ruby: '3.1', rails: '7.0.4.2' } + - { ruby: '3.1', rails: '6.1.7.2' } + - { ruby: '3.1', rails: '6.0.6.1' } + - { ruby: '3.0', rails: '6.1.7.2' } + - { ruby: '3.0', rails: '6.0.6.1' } + - { ruby: '2.7', rails: '6.1.7.2' } + - { ruby: '2.7', rails: '6.0.6.1' } + - { ruby: '2.7', rails: '5.2.8.1' } + - { ruby: '2.6', rails: '5.2.8.1' } + - { ruby: '2.5', rails: '5.2.8.1' } + - { ruby: '2.4', rails: '5.1.7' } + - { ruby: '2.3', rails: '5.0.7.2' } + - { ruby: '2.2', rails: '4.2.11.3' } + env: + RAILS_VERSION: ${{ matrix.rails }} + steps: + - uses: actions/checkout@v3 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - run: bundle exec rake diff --git a/Gemfile b/Gemfile index 55f4efb..b47f33a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,13 +1,5 @@ source 'https://rubygems.org' -# To test on latest Rails release, use the following: -gem 'rails' +gem 'rails', ENV.fetch('RAILS_VERSION', '>= 3.1') +gem 'rails-dom-testing' gem 'minitest' - -# To test on Rails 4.0.x release, use the following e.g. for 4.0.1: -# gem 'rails', '= 4.0.1' -# gem 'minitest' - -# To test on Rails 3.2.x, use the following e.g. for 3.2.17: -# gem 'rails', '= 3.2.17' -# gem 'minitest', '= 4.2' diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index c1c7541..8e5f850 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -9,7 +9,7 @@ require 'action_pack' require 'action_view' require 'action_view/helpers' -require 'action_dispatch/testing/assertions' +require 'rails/dom/testing/assertions' require 'timeout' require "rails_autolink/helpers" @@ -20,7 +20,7 @@ class TestRailsAutolink < Minitest::Test include ActionView::Helpers::TagHelper include ActionView::Helpers::UrlHelper include ActionView::Helpers::OutputSafetyHelper - include ActionDispatch::Assertions::DomAssertions + include Rails::Dom::Testing::Assertions def test_auto_link_within_tags link_raw = 'http://www.rubyonrails.org/images/rails.png' From 18ceb873b0b4b8ae6b325886791b8a1978c685b3 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Thu, 2 Feb 2023 19:18:03 +1100 Subject: [PATCH 10/15] Reduce Rails dependencies --- Gemfile | 5 ++++- rails_autolink.gemspec | 5 ++++- test/test_rails_autolink.rb | 1 - 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index b47f33a..db52fe3 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,8 @@ source 'https://rubygems.org' -gem 'rails', ENV.fetch('RAILS_VERSION', '>= 3.1') +rails_version = ENV.fetch('RAILS_VERSION', '>= 3.1') +gem 'actionview', rails_version +gem 'activesupport', rails_version +gem 'railties', rails_version gem 'rails-dom-testing' gem 'minitest' diff --git a/rails_autolink.gemspec b/rails_autolink.gemspec index 10d10b5..0a9f44b 100644 --- a/rails_autolink.gemspec +++ b/rails_autolink.gemspec @@ -10,7 +10,10 @@ Gem::Specification.new do |s| s.summary = 'Automatic generation of html links in texts' s.description = 'This is an extraction of the `auto_link` method from rails. The `auto_link` method was removed from Rails in version Rails 3.1. This gem is meant to bridge the gap for people migrating.' - s.add_dependency 'rails', '> 3.1' + rails_constraint = '> 3.1' + s.add_dependency 'actionview', rails_constraint + s.add_dependency 'activesupport', rails_constraint + s.add_dependency 'railties', rails_constraint s.required_ruby_version = '>= 1.9.3' s.license = 'MIT' diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 8e5f850..394388c 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -6,7 +6,6 @@ require 'cgi' require 'active_support' require 'active_support/core_ext' -require 'action_pack' require 'action_view' require 'action_view/helpers' require 'rails/dom/testing/assertions' From 9267284e70a44dcd6cf4d34ea97c42f779f98c82 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Thu, 2 Feb 2023 21:28:32 +1100 Subject: [PATCH 11/15] Remove unneeded files from the gem package There are a bunch of files in the gem package that aren't useful for downstream projects. Removing these reduces the gem package size from 14K to 8.5K. --- rails_autolink.gemspec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rails_autolink.gemspec b/rails_autolink.gemspec index 0a9f44b..fbeec31 100644 --- a/rails_autolink.gemspec +++ b/rails_autolink.gemspec @@ -17,5 +17,9 @@ Gem::Specification.new do |s| s.required_ruby_version = '>= 1.9.3' s.license = 'MIT' - s.files = Dir.glob("{test,lib/**/*}") + `git ls-files -z`.split("\0") + s.files = Dir.chdir(__dir__) do + `git ls-files -z`.split("\x0").select do |file| + file.start_with?('lib', 'CHANGELOG', 'LICENSE', 'README') + end + end end From 34d74d5dbf63e2bd3b4b90e9afd64ec8e6ccf05d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Fri, 10 Feb 2023 14:37:21 +0100 Subject: [PATCH 12/15] =?UTF-8?q?Don=E2=80=99t=20include=20trailing=20>?= =?UTF-8?q?=20in=20auto=20linked=20URL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This resolves an issue where <http://example.com> would include as part of the URL. Gmail likes to format URLs in the email text part that it generates from the HTML part in this manner which makes this more common to encounter in the wild than it would otherwise be. --- lib/rails_autolink/helpers.rb | 6 +++++- test/test_rails_autolink.rb | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/rails_autolink/helpers.rb b/lib/rails_autolink/helpers.rb index 0de8000..7286f5b 100644 --- a/lib/rails_autolink/helpers.rb +++ b/lib/rails_autolink/helpers.rb @@ -92,6 +92,7 @@ def auto_link_urls(text, html_options = {}, options = {}) text.gsub(AUTO_LINK_RE) do scheme, href = $1, $& punctuation = [] + trailing_gt = "" if auto_linked?($`, $') # do not change string; URL is already linked @@ -106,6 +107,9 @@ def auto_link_urls(text, html_options = {}, options = {}) end end + # don't include trailing > entities as part of the URL + trailing_gt = $& if href.sub!(/>$/, '') + link_text = block_given?? yield(href) : href href = 'http://' + href unless scheme @@ -113,7 +117,7 @@ def auto_link_urls(text, html_options = {}, options = {}) link_text = sanitize(link_text) href = sanitize(href) end - content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('') + content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('') + trailing_gt.html_safe end end end diff --git a/test/test_rails_autolink.rb b/test/test_rails_autolink.rb index 394388c..3a42df0 100644 --- a/test/test_rails_autolink.rb +++ b/test/test_rails_autolink.rb @@ -42,6 +42,11 @@ def test_auto_link_with_brackets link3_result = generate_result(link3_raw) assert_equal link3_result, auto_link(link3_raw) assert_equal "{link: #{link3_result}}", auto_link("{link: #{link3_raw}}") + + link4_raw = 'http://en.wikipedia.org/wiki/Sprite_{computer_graphics}' + link4_result = generate_result(link4_raw) + assert_equal link4_result, auto_link(link4_raw) + assert_equal "<link: #{link4_result}>", auto_link("<link: #{link4_raw}>") end def test_auto_link_with_options_hash From 3d910f1e621e3fe7fd122cbca0a85b9c22c98b58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Wed, 15 Feb 2023 10:27:56 +0100 Subject: [PATCH 13/15] =?UTF-8?q?Version=20up=20=F0=9F=8E=89=20(1.1.8)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 17 +++++------------ README.md | 2 -- lib/rails_autolink/version.rb | 2 +- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a57f24..3a765ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,8 @@ -### 1.1.7 / 2022-11-02 +### 1.1.8 / 2023-02-15 -- Require a word part after “www.” when auto linking #75 -- Include trailing hyphens in URL #74 -- Make test suite work under Rails 7 #72 -- Optimize email address parsing #63 -- Switch to MiniTest 5 #48 +- Don’t include trailing > in auto linked URL #81 +- Remove unneeded files from the gem package #80 +- Reduce Rails dependencies #79 ### 1.1.6 / 2014-06-08 @@ -19,7 +17,6 @@ ### 1.1.5 / 2013-10-23 - Improved performance of email regex - - Protocol regex is case insensitive @@ -61,8 +58,4 @@ ### 1.0.0 / 2011-05-02 - 1 major enhancement - - - Birthday! - - - +- Birthday! diff --git a/README.md b/README.md index 3ab5c09..7450730 100644 --- a/README.md +++ b/README.md @@ -62,5 +62,3 @@ end ## Requirements - `rails` > `3.1` - - diff --git a/lib/rails_autolink/version.rb b/lib/rails_autolink/version.rb index b6e6dc4..4cff66d 100644 --- a/lib/rails_autolink/version.rb +++ b/lib/rails_autolink/version.rb @@ -1,3 +1,3 @@ module RailsAutolink - VERSION = '1.1.7' + VERSION = '1.1.8' end From 92a81986a5eebf5a565a447c69b4bc8b4469ac6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicklas=20Ramho=CC=88j=20Holtryd?= Date: Wed, 15 Feb 2023 10:48:54 +0100 Subject: [PATCH 14/15] Restore 1.1.7 specification in changeling Was accidentally removed in 3d910f1e6. --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a765ad..5a8fc24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,15 @@ - Reduce Rails dependencies #79 +### 1.1.7 / 2022-11-02 + +- Require a word part after “www.” when auto linking #75 +- Include trailing hyphens in URL #74 +- Make test suite work under Rails 7 #72 +- Optimize email address parsing #63 +- Switch to MiniTest 5 #48 + + ### 1.1.6 / 2014-06-08 - Fixed a potential XSS vulnerability #47 From 255b714657088895ba56d7808b6b4b6ffac133cb Mon Sep 17 00:00:00 2001 From: hirano-vm4 Date: Sat, 30 Sep 2023 16:32:04 +0900 Subject: [PATCH 15/15] Enhance Synopsis in README for Better Understanding. --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.md b/README.md index 7450730..dc2c88c 100644 --- a/README.md +++ b/README.md @@ -32,26 +32,46 @@ $ bundle install ## Synopsis +### Basic Usage + ```ruby require 'rails_autolink' auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com") # => "Go to http://www.rubyonrails.org and # say hello to david@loudthinking.com" +``` +### Convert Only URLs to Links + +```ruby auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :urls) # => "Visit http://www.loudthinking.com/ # or e-mail david@loudthinking.com" +``` + +### Convert Only Email Addresses to Links +```ruby auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :link => :email_addresses) # => "Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com" +``` + +### Generate Links Without Sanitizing HTML Tags +```ruby +## By default, HTML tags are sanitized to protect from malicious code auto_link("Go to http://www.rubyonrails.org ") # => "Go to http://www.rubyonrails.org " +## Use the :sanitize => false option to prevent sanitization auto_link("Go to http://www.rubyonrails.org ", :sanitize => false) # => "Go to http://www.rubyonrails.org " +``` + +### Customize Links and Shorten Text +```ruby post_body = "Welcome to my new blog at http://www.myblog.com/. Please e-mail me at me@email.com." auto_link(post_body, :html => { :target => '_blank' }) do |text| truncate(text, :length => 15)