refactor: extract scrubber logic into composable concerns

flavorjones · flavorjones · commit 2ada04ee74f4 · 2023-05-12T15:49:43.000-04:00
The three concerns are:

- fragment parsing
- scrubbing
- serialization

These are combined in a fourth concern which implements a `#sanitize`
method that composes the other concerns like:

  serialize(scrub(parse_fragment(html)))

This should enable us to easily add HTML5 fragment parsing in a
subsequent commit.
diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb
@@ -2,7 +2,7 @@
 
 module Rails
   module Html
-    class Sanitizer # :nodoc:
+    class Sanitizer
       class << self
         def full_sanitizer
           Rails::Html::FullSanitizer
@@ -36,33 +36,175 @@ def properly_encode(fragment, options)
         end
     end
 
-    # === Rails::Html::FullSanitizer
-    # Removes all tags but strips out scripts, forms and comments.
-    #
-    # full_sanitizer = Rails::Html::FullSanitizer.new
-    # full_sanitizer.sanitize("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
-    # # => Bold no more!  See more here...
-    class FullSanitizer < Sanitizer
-      def parse_fragment(html)
-        Loofah.fragment(html)
+    module Concern # :nodoc:
+      module ComposedSanitize # :nodoc:
+        def sanitize(html, options = {})
+          return unless html
+          return html if html.empty?
+
+          serialize(scrub(parse_fragment(html), options))
+        end
       end
 
-      def scrub(fragment)
-        fragment.scrub!(TextOnlyScrubber.new)
+      module Parser # :nodoc:
+        module Html4 # :nodoc:
+          def parse_fragment(html)
+            Loofah.html4_fragment(html)
+          end
+        end
       end
 
-      def serialize(fragment)
-        properly_encode(fragment, encoding: "UTF-8")
+      module Scrubber # :nodoc:
+        module Full # :nodoc:
+          def scrub(fragment, options = {})
+            fragment.scrub!(TextOnlyScrubber.new)
+          end
+        end
+
+        module Link # :nodoc:
+          def initialize
+            super
+            @link_scrubber = TargetScrubber.new
+            @link_scrubber.tags = %w(a)
+            @link_scrubber.attributes = %w(href)
+          end
+
+          def scrub(fragment, options = {})
+            fragment.scrub!(@link_scrubber)
+          end
+        end
+
+        module SafeList # :nodoc:
+          DEFAULT_ALLOWED_TAGS = Set.new([
+                                           "a",
+                                           "abbr",
+                                           "acronym",
+                                           "address",
+                                           "b",
+                                           "big",
+                                           "blockquote",
+                                           "br",
+                                           "cite",
+                                           "code",
+                                           "dd",
+                                           "del",
+                                           "dfn",
+                                           "div",
+                                           "dl",
+                                           "dt",
+                                           "em",
+                                           "h1",
+                                           "h2",
+                                           "h3",
+                                           "h4",
+                                           "h5",
+                                           "h6",
+                                           "hr",
+                                           "i",
+                                           "img",
+                                           "ins",
+                                           "kbd",
+                                           "li",
+                                           "ol",
+                                           "p",
+                                           "pre",
+                                           "samp",
+                                           "small",
+                                           "span",
+                                           "strong",
+                                           "sub",
+                                           "sup",
+                                           "time",
+                                           "tt",
+                                           "ul",
+                                           "var",
+                                         ]).freeze
+          DEFAULT_ALLOWED_ATTRIBUTES = Set.new([
+                                                 "abbr",
+                                                 "alt",
+                                                 "cite",
+                                                 "class",
+                                                 "datetime",
+                                                 "height",
+                                                 "href",
+                                                 "lang",
+                                                 "name",
+                                                 "src",
+                                                 "title",
+                                                 "width",
+                                                 "xml:lang",
+                                               ]).freeze
+
+          def self.included(klass)
+            class << klass
+              attr_accessor :allowed_tags
+              attr_accessor :allowed_attributes
+            end
+
+            klass.allowed_tags = DEFAULT_ALLOWED_TAGS.dup
+            klass.allowed_attributes = DEFAULT_ALLOWED_ATTRIBUTES.dup
+          end
+
+          def initialize(prune: false)
+            @permit_scrubber = PermitScrubber.new(prune: prune)
+          end
+
+          def scrub(fragment, options = {})
+            if scrubber = options[:scrubber]
+              # No duck typing, Loofah ensures subclass of Loofah::Scrubber
+              fragment.scrub!(scrubber)
+            elsif allowed_tags(options) || allowed_attributes(options)
+              @permit_scrubber.tags = allowed_tags(options)
+              @permit_scrubber.attributes = allowed_attributes(options)
+              fragment.scrub!(@permit_scrubber)
+            else
+              fragment.scrub!(:strip)
+            end
+          end
+
+          def sanitize_css(style_string)
+            Loofah::HTML5::Scrub.scrub_css(style_string)
+          end
+
+          private
+            def allowed_tags(options)
+              options[:tags] || self.class.allowed_tags
+            end
+
+            def allowed_attributes(options)
+              options[:attributes] || self.class.allowed_attributes
+            end
+        end
       end
 
-      def sanitize(html, options = {})
-        return unless html
-        return html if html.empty?
+      module Serializer # :nodoc:
+        module UTF8Encode # :nodoc:
+          def serialize(fragment)
+            properly_encode(fragment, encoding: "UTF-8")
+          end
+        end
 
-        serialize(scrub(parse_fragment(html)))
+        module SimpleString # :nodoc:
+          def serialize(fragment)
+            fragment.to_s
+          end
+        end
       end
     end
 
+    # === Rails::Html::FullSanitizer
+    # Removes all tags but strips out scripts, forms and comments.
+    #
+    # full_sanitizer = Rails::Html::FullSanitizer.new
+    # full_sanitizer.sanitize("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
+    # # => Bold no more!  See more here...
+    class FullSanitizer < Sanitizer
+      include Concern::ComposedSanitize
+      include Concern::Parser::Html4
+      include Concern::Scrubber::Full
+      include Concern::Serializer::UTF8Encode
+    end
+
     # === Rails::Html::LinkSanitizer
     # Removes +a+ tags and +href+ attributes leaving only the link text.
     #
@@ -71,30 +213,10 @@ def sanitize(html, options = {})
     #
     #  => 'Only the link text will be kept.'
     class LinkSanitizer < Sanitizer
-      def initialize
-        @link_scrubber = TargetScrubber.new
-        @link_scrubber.tags = %w(a)
-        @link_scrubber.attributes = %w(href)
-      end
-
-      def parse_fragment(html)
-        Loofah.fragment(html)
-      end
-
-      def scrub(fragment)
-        fragment.scrub!(@link_scrubber)
-      end
-
-      def serialize(fragment)
-        fragment.to_s
-      end
-
-      def sanitize(html, options = {})
-        return unless html
-        return html if html.empty?
-
-        serialize(scrub(parse_fragment(html)))
-      end
+      include Concern::ComposedSanitize
+      include Concern::Parser::Html4
+      include Concern::Scrubber::Link
+      include Concern::Serializer::SimpleString
     end
 
     # === Rails::Html::SafeListSanitizer
@@ -140,114 +262,10 @@ def sanitize(html, options = {})
     # Safe list via a custom scrubber
     # safe_list_sanitizer.sanitize(@article.body, scrubber: ArticleScrubber.new)
     class SafeListSanitizer < Sanitizer
-      class << self
-        attr_accessor :allowed_tags
-        attr_accessor :allowed_attributes
-      end
-      self.allowed_tags = Set.new([
-        "a",
-        "abbr",
-        "acronym",
-        "address",
-        "b",
-        "big",
-        "blockquote",
-        "br",
-        "cite",
-        "code",
-        "dd",
-        "del",
-        "dfn",
-        "div",
-        "dl",
-        "dt",
-        "em",
-        "h1",
-        "h2",
-        "h3",
-        "h4",
-        "h5",
-        "h6",
-        "hr",
-        "i",
-        "img",
-        "ins",
-        "kbd",
-        "li",
-        "ol",
-        "p",
-        "pre",
-        "samp",
-        "small",
-        "span",
-        "strong",
-        "sub",
-        "sup",
-        "time",
-        "tt",
-        "ul",
-        "var",
-      ])
-      self.allowed_attributes = Set.new([
-        "abbr",
-        "alt",
-        "cite",
-        "class",
-        "datetime",
-        "height",
-        "href",
-        "lang",
-        "name",
-        "src",
-        "title",
-        "width",
-        "xml:lang",
-      ])
-
-      def initialize(prune: false)
-        @permit_scrubber = PermitScrubber.new(prune: prune)
-      end
-
-      def parse_fragment(html)
-        Loofah.fragment(html)
-      end
-
-      def scrub(fragment, options = {})
-        if scrubber = options[:scrubber]
-          # No duck typing, Loofah ensures subclass of Loofah::Scrubber
-          fragment.scrub!(scrubber)
-        elsif allowed_tags(options) || allowed_attributes(options)
-          @permit_scrubber.tags = allowed_tags(options)
-          @permit_scrubber.attributes = allowed_attributes(options)
-          fragment.scrub!(@permit_scrubber)
-        else
-          fragment.scrub!(:strip)
-        end
-      end
-
-      def serialize(fragment)
-        properly_encode(fragment, encoding: "UTF-8")
-      end
-
-      def sanitize(html, options = {})
-        return unless html
-        return html if html.empty?
-
-        serialize(scrub(parse_fragment(html), options))
-      end
-
-      def sanitize_css(style_string)
-        Loofah::HTML5::Scrub.scrub_css(style_string)
-      end
-
-      private
-        def allowed_tags(options)
-          options[:tags] || self.class.allowed_tags
-        end
-
-        def allowed_attributes(options)
-          options[:attributes] || self.class.allowed_attributes
-        end
+      include Concern::ComposedSanitize
+      include Concern::Parser::Html4
+      include Concern::Scrubber::SafeList
+      include Concern::Serializer::UTF8Encode
     end
 
     WhiteListSanitizer = SafeListSanitizer # :nodoc:
diff --git a/test/sanitizer_test.rb b/test/sanitizer_test.rb
@@ -23,7 +23,7 @@
 class SanitizersTest < Minitest::Test
   def test_sanitizer_sanitize_raises_not_implemented_error
     assert_raises NotImplementedError do
-      Rails::Html::Sanitizer.new.sanitize("")
+      Rails::Html::Sanitizer.new.sanitize("asdf")
     end
   end
 
