Skip to content

Commit

Permalink
Add support for html_attributes and ( characters in the heredoc cop.
Browse files Browse the repository at this point in the history
  • Loading branch information
jaredcwhite committed Nov 11, 2023
1 parent 737b87e commit 8007acb
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 9 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Changelog

## 0.4.1 / 2023-11-10

* Add support for `html_attributes` and `(` characters in the heredoc cop.

## 0.4.0 / 2023-11-03

* Add insecure heredoc cop in anticipation of Bridgetown 1.4

## 0.3.2 / 2021-12-25

* Allow multi-line endless method definitions
Expand Down
23 changes: 17 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,28 @@
# RuboCop Bridgetown
# RuboCop: Bridgetown

A RuboCop extension to enforce a common code style in the Bridgetown ecosystem and beyond.
A [RuboCop](https://rubocop.org/) extension to enforce a common code style in the Bridgetown ecosystem and beyond.

![Gem Version](https://img.shields.io/gem/v/rubocop-bridgetown.svg?label=Latest%20Release)
![RuboCop Support](https://img.shields.io/badge/Rubocop%20Support-1.23.0-green.svg)


## Installation

Just add the `rubocop-bridgetown` gem to your Gemfile.

```ruby
# Gemfile

gem "rubocop-bridgetown", "~> 0.3"
gem "rubocop-bridgetown", "~> 0.4"
```

or if you're developing another gem:

```ruby
# <plugin>.gemspec

spec.add_development_dependency "rubocop-bridgetown", "~> 0.3"
spec.add_development_dependency "rubocop-bridgetown", "~> 0.4"
```

and run `bundle install`

## Usage
Expand Down Expand Up @@ -65,4 +68,12 @@ AllCops:

## Customization

You can override any settings inherited from the extension by subsequently redefining the concerned parameters.
You can override any settings inherited from the extension by configuring cops in your `.rubocop.yml`.

Besides cops which are provided directly by RuboCop and `rubocop-performance`, there are a few additional cops provided by this plugin:

* `Bridgetown/HTMLEscapedHeredoc`: this will monitor any heredocs in your code for potential XSS issues inside of any string interpolations. To avoid linting errors, you will need to wrap any interpolated code inside of one of the following method names: `html`, `html_map`, `html_attributes`, `text`, or `render`. These methods are provided by the [Streamlined](https://github.com/bridgetownrb/streamlined) gem, bundled in Bridgetown 1.4 by default (but you can use them in any Ruby application including Rails).
* `Bridgetown/NoPAllowed`: this encourages using your framework's logger rather than `p` to output debugging information.
* `Bridgetown/NoPutsAllowed`: this encourages using your framework's logger rather than `puts` to output debugging information.

You can disable any of these cops in specific parts of your codebase as needed, or by setting `Enabled: false` for any particular cop in your `.rubocop.yml`.
4 changes: 2 additions & 2 deletions lib/rubocop/cop/bridgetown/html_escaped_heredoc.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ module Bridgetown
class HTMLEscapedHeredoc < Cop
include Heredoc

MSG = "Insecure heredoc detected. Use `html`, `html_map`, `text`, or `render` inside interpolation."
MSG = "Insecure heredoc detected. Use `html`, `html_map`, `html_attributes`, `text`, or `render` inside interpolations."

def on_heredoc(node)
return unless node.source.match?(%r!(HTML|MARKDOWN)$!) &&
heredoc_body(node).match?(%r%[^\\]#\{(?!\s*?(html|html_map|text|render)[ \-])%)
heredoc_body(node).match?(%r%[^\\]#\{(?!\s*?(html|html_map|html_attributes|text|render)[ \-\(])%)

add_offense(node, message: MSG)
end
Expand Down
2 changes: 1 addition & 1 deletion rubocop-bridgetown.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ $LOAD_PATH.unshift File.expand_path("lib", __dir__)

Gem::Specification.new do |s|
s.name = "rubocop-bridgetown"
s.version = "0.4.0"
s.version = "0.4.1"
s.authors = ["Bridgetown Team"]
s.email = ["[email protected]"]
s.homepage = "https://github.com/bridgetownrb/rubocop-bridgetown"
Expand Down

0 comments on commit 8007acb

Please sign in to comment.