spec/support/helpers/html_escaped_helpers.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

# frozen_string_literal: true

module HtmlEscapedHelpers
  extend self

  # Checks if +content+ contains HTML escaped tags and returns its match.
  #
  # It matches escaped opening and closing tags `&lt;<name>` and
  # `&lt;/<name>`. The match is discarded if the tag is inside a quoted
  # attribute value.
  # Foor example, `<div title="We allow # &lt;b&gt;bold&lt;/b&gt;">`.
  #
  # @return [MatchData, nil] Returns the match or +nil+ if no match was found.
  def match_html_escaped_tags(content)
    match_data = %r{&lt;\s*(?:/\s*)?\w+}.match(content)
    return unless match_data

    # Escaped HTML tags are allowed inside quoted attribute values like:
    # `title="Press &lt;back&gt;"`
    return if %r{=\s*["'][^>]*\z}.match?(match_data.pre_match)

    match_data
  end

  # Checks if +content+ contains HTML escaped tags and raises an exception
  # if it does.
  #
  # See #match_html_escaped_tags for details.
  def ensure_no_html_escaped_tags!(content, example)
    match_data = match_html_escaped_tags(content)
    return unless match_data

    # Truncate
    pre_match = match_data.pre_match.last(50)
    match = match_data[0]
    post_match = match_data.post_match.first(50)

    string = "#{pre_match}«#{match}»#{post_match}"

    raise <<~MESSAGE
      The following string contains HTML escaped tags:

      #{string}

      Please consider using `.html_safe`.

      This check can be disabled via:

        it #{example.description.inspect}, :skip_html_escaped_tags_check do
          ...
        end

    MESSAGE
  end
end