Skip to content

Commit

Permalink
Merge pull request #118 from rails/flavorjones-tweak-comment-and-pi
Browse files Browse the repository at this point in the history
improve performance (slightly)
  • Loading branch information
flavorjones authored Aug 23, 2021
2 parents db9ccec + b1fe437 commit d494309
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 45 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
## next / unreleased

* Slightly improve performance.

Assuming elements are more common than comments, make one less method call per node.

*Mike Dalessio*

## 1.4.1 / 2021-08-18

* Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
Expand Down
2 changes: 1 addition & 1 deletion lib/rails/html/scrubbers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def scrub(node)
end
return CONTINUE if skip_node?(node)

unless (node.comment? || node.element?) && keep_node?(node)
unless (node.element? || node.comment?) && keep_node?(node)
return STOP if scrub_node(node) == STOP
end

Expand Down
60 changes: 16 additions & 44 deletions test/scrubbers_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ def test_default_scrub_behavior
assert_scrubbed '<tag>hello</tag>', 'hello'
end

def test_default_scrub_removes_comments
assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
'<div>one</div><span>three</span>')
end

def test_default_scrub_removes_processing_instructions
assert_scrubbed('<div>one</div><?div two><span>three</span>',
'<div>one</div><span>three</span>')
end

def test_default_attributes_removal_behavior
assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
end
Expand All @@ -56,6 +66,12 @@ def test_leaves_only_supplied_tags
assert_scrubbed html, '<tag>leave me now</tag>'
end

def test_leaves_comments_when_supplied_as_tag
@scrubber.tags = %w(div comment)
assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
'<div>one</div><!-- two -->three')
end

def test_leaves_only_supplied_tags_nested
html = '<tag>leave <em>me <span>now</span></em></tag>'
@scrubber.tags = %w(tag)
Expand Down Expand Up @@ -112,50 +128,6 @@ def test_attributes_accessor_validation
end
end

class PermitScrubberSubclassTest < ScrubberTest
def setup
@scrubber = Class.new(::Rails::Html::PermitScrubber) do
attr :nodes_seen

def initialize
super()
@nodes_seen = []
end

def keep_node?(node)
@nodes_seen << node.name
super(node)
end
end.new
end

def test_elements_are_checked
html = %Q("<div></div><a></a><tr></tr>")
Loofah.scrub_fragment(html, @scrubber)
assert_includes(@scrubber.nodes_seen, "div")
assert_includes(@scrubber.nodes_seen, "a")
assert_includes(@scrubber.nodes_seen, "tr")
end

def test_comments_are_checked
# this passes in v1.3.0 but fails in v1.4.0
html = %Q("<div></div><!-- ohai --><tr></tr>")
Loofah.scrub_fragment(html, @scrubber)
assert_includes(@scrubber.nodes_seen, "div")
assert_includes(@scrubber.nodes_seen, "comment")
assert_includes(@scrubber.nodes_seen, "tr")
end

def test_craftily_named_processing_instructions_are_not_checked
# this fails in v1.3.0 but passes in v1.4.0
html = %Q("<div></div><?a content><tr></tr>")
Loofah.scrub_fragment(html, @scrubber)
assert_includes(@scrubber.nodes_seen, "div")
refute_includes(@scrubber.nodes_seen, "a")
assert_includes(@scrubber.nodes_seen, "tr")
end
end

class TargetScrubberTest < ScrubberTest
def setup
@scrubber = Rails::Html::TargetScrubber.new
Expand Down

0 comments on commit d494309

Please sign in to comment.