From d5cb4e9d31ac9fdc05c51ad8e9f101fedc92a232 Mon Sep 17 00:00:00 2001 From: mathieu-mbru Date: Wed, 16 Mar 2022 16:06:51 +0100 Subject: [PATCH 1/4] Replace source = doc.to_s by source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&') for transforming the encodings --- lib/deface/applicator.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/deface/applicator.rb b/lib/deface/applicator.rb index 4e7eb98..2ef64c5 100644 --- a/lib/deface/applicator.rb +++ b/lib/deface/applicator.rb @@ -48,8 +48,16 @@ def apply_overrides(source, overrides:, log: true) matches.each {|match| override.execute_action match } end end - +=begin + replace this line of (gem deface) source = doc.to_s + by source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&') + because + doc.class = Nokogiri::HTML::DocumentFragment + and the methode to_s(of nokogiri) use escape_text. +=end + #source = doc.to_s + source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&') Deface::Parser.undo_erb_markup!(source) From deb1e795bf1cbe0816b350a4199218db7105cdc7 Mon Sep 17 00:00:00 2001 From: mathieu-mbru Date: Thu, 17 Mar 2022 09:46:34 +0100 Subject: [PATCH 2/4] Create a method of test. --- spec/deface/applicator_spec.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/spec/deface/applicator_spec.rb b/spec/deface/applicator_spec.rb index f794ffc..ae1173f 100644 --- a/spec/deface/applicator_spec.rb +++ b/spec/deface/applicator_spec.rb @@ -88,5 +88,14 @@ module Deface end end + describe "source containing a javascript tag" do + before { Deface::Override.new(:virtual_path => "posts/index", + :name => "Posts#index", + :remove => "p") } + let(:source) { "<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>" } + it "should return unmodified source" do + expect(Dummy.apply(source, { :virtual_path => "posts/index" })).to eq("<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>") + end + end end end From 4e697089ab7af789ebb0f2aacbf8a10efd13a300 Mon Sep 17 00:00:00 2001 From: mathieu-mbru Date: Thu, 17 Mar 2022 09:53:42 +0100 Subject: [PATCH 3/4] Correction of indentation --- spec/deface/applicator_spec.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/spec/deface/applicator_spec.rb b/spec/deface/applicator_spec.rb index ae1173f..a19d65a 100644 --- a/spec/deface/applicator_spec.rb +++ b/spec/deface/applicator_spec.rb @@ -89,13 +89,13 @@ module Deface end describe "source containing a javascript tag" do - before { Deface::Override.new(:virtual_path => "posts/index", - :name => "Posts#index", - :remove => "p") } - let(:source) { "<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>" } - it "should return unmodified source" do - expect(Dummy.apply(source, { :virtual_path => "posts/index" })).to eq("<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>") + before { Deface::Override.new(:virtual_path => "posts/index", + :name => "Posts#index", + :remove => "p") } + let(:source) { "<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>" } + it "should return unmodified source" do + expect(Dummy.apply(source, { :virtual_path => "posts/index" })).to eq("<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>") + end end end - end end From dbe45fdb1ad5327977deb18c9406b27d1dab6256 Mon Sep 17 00:00:00 2001 From: mathieu-mbru Date: Thu, 17 Mar 2022 12:32:07 +0100 Subject: [PATCH 4/4] Using a more generic solution --- lib/deface/applicator.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/deface/applicator.rb b/lib/deface/applicator.rb index 2ef64c5..703919f 100644 --- a/lib/deface/applicator.rb +++ b/lib/deface/applicator.rb @@ -51,13 +51,13 @@ def apply_overrides(source, overrides:, log: true) =begin replace this line of (gem deface) source = doc.to_s - by source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&') + by source = source = CGI.unescapeHTML doc.to_s because doc.class = Nokogiri::HTML::DocumentFragment and the methode to_s(of nokogiri) use escape_text. =end #source = doc.to_s - source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&') + source = CGI.unescapeHTML doc.to_s Deface::Parser.undo_erb_markup!(source)