Merge pull request #189 from Martii/addSupportURLsupport

sizzlemctwizzle · sizzlemctwizzle · commit f0c8c99923cf · 2014-06-24T15:54:55.000-05:00
Add support for only one last `@supportURL`, fix naming standardization, and such
diff --git a/controllers/script.js b/controllers/script.js
@@ -2,6 +2,8 @@ var fs = require('fs');
 var formidable = require('formidable');
 var async = require('async');
 var _ = require('underscore');
+var sanitizeHtml = require('sanitize-html');
+var htmlWhitelistLink = require('../libs/htmlWhitelistLink.json');
 
 var Discussion = require('../models/discussion').Discussion;
 var Group = require('../models/group').Group;
@@ -53,6 +55,9 @@ var getScriptPageTasks = function (options) {
   var script = options.script;
   var authedUser = options.authedUser;
 
+  // Temporaries
+  var htmlStub = null;
+
   //--- Tasks
 
   // Show the number of open issues
@@ -64,23 +69,23 @@ var getScriptPageTasks = function (options) {
   if (script.meta.author && script.meta.collaborator) {
     options.hasCollab = true;
     if (typeof script.meta.collaborator === 'string') {
-      options.script.meta.collaborators = [{ name: script.meta.collaborator }];
+      options.script.collaborators = [{ url: encodeURIComponent(script.meta.collaborator), text: script.meta.collaborator }];
     } else {
-      options.script.meta.collaborators = [];
+      options.script.collaborators = [];
       script.meta.collaborator.forEach(function (collaborator) {
-        options.script.meta.collaborators.push({ name: collaborator });
+        options.script.collaborators.push({ url: encodeURIComponent(collaborator), text: collaborator });
       });
     }
   }
 
   // Show licensings of the script
   if (script.meta.license) {
     if (typeof script.meta.license === 'string') {
-      options.script.meta.licenses = [{ name: script.meta.license }];
+      options.script.licenses = [{ name: script.meta.license }];
     } else {
-      options.script.meta.licenses = [];
+      options.script.licenses = [];
       script.meta.license.forEach(function (license) {
-        options.script.meta.licenses.push({ name: license });
+        options.script.licenses.push({ name: license });
       });
     }
   } else if (!script.isLib) {
@@ -90,11 +95,25 @@ var getScriptPageTasks = function (options) {
   // Show homepages of the script
   if (script.meta.homepageURL) {
     if (typeof script.meta.homepageURL === 'string') {
-      options.script.meta.homepages = [{ name: script.meta.homepageURL }];
+      htmlStub = '<a href="' + script.meta.homepageURL + '"></a>';
+      if (htmlStub === sanitizeHtml(htmlStub, htmlWhitelistLink)) {
+        options.script.homepages = [{
+          url: script.meta.homepageURL,
+          text: decodeURI(script.meta.homepageURL),
+          hasNoFollow: !/^(?:https?:\/\/)?openuserjs\.org\//i.test(script.meta.homepageURL)
+        }];
+      }
     } else {
-      options.script.meta.homepages = [];
+      options.script.homepages = [];
       script.meta.homepageURL.forEach(function (homepage) {
-        options.script.meta.homepages.push({ name: homepage });
+        htmlStub = '<a href="' + homepage + '"></a>';
+        if (htmlStub === sanitizeHtml(htmlStub, htmlWhitelistLink)) {
+          options.script.homepages.push({
+            url: homepage,
+            text: decodeURI(homepage),
+            hasNoFollow: !/^(?:https?:\/\/)?openuserjs\.org/i.test(homepage)
+          });
+        }
       });
     }
   }
diff --git a/libs/htmlWhitelistLink.json b/libs/htmlWhitelistLink.json
@@ -0,0 +1,17 @@
+{
+  "allowedTags": [
+    "a"
+  ],
+  "allowedAttributes": {
+    "a": [
+      "href"
+    ]
+  },
+  "selfClosing": [
+  ],
+  "allowedSchemes": [
+    "http",
+    "https",
+    "mailto"
+  ]
+}
diff --git a/libs/modelParser.js b/libs/modelParser.js
@@ -1,6 +1,8 @@
 var moment = require('moment');
 var _ = require('underscore');
 var util = require('util');
+var sanitizeHtml = require('sanitize-html');
+var htmlWhitelistLink = require('./htmlWhitelistLink.json');
 
 var Script = require('../models/script').Script;
 
@@ -83,6 +85,9 @@ var parseScript = function (scriptData) {
   if (!scriptData) return;
   var script = scriptData.toObject ? scriptData.toObject() : scriptData;
 
+  // Temporaries
+  var htmlStub = null;
+
   // Author
   if (_.isString(script.author)) {
     script.author = parseUser({ name: script.author });
@@ -102,6 +107,29 @@ var parseScript = function (scriptData) {
     script.icon45Url = script.meta.icon64;
   }
 
+  // Support Url
+  if (script.meta.supportURL) {
+    if (_.isString(script.meta.supportURL)) {
+      htmlStub = '<a href="' + script.meta.supportURL + '"></a>';
+      if (htmlStub === sanitizeHtml(htmlStub, htmlWhitelistLink)) {
+        script.support = [{
+          url: script.meta.supportURL,
+          text: decodeURI(script.meta.supportURL),
+          hasNoFollow: !/^(?:https?:\/\/)?openuserjs\.org/i.test(script.meta.supportURL)
+        }];
+      }
+    } else if (_.isArray(script.meta.supportURL) && !_.isEmpty(script.meta.supportURL)) {
+      htmlStub = '<a href="' + script.meta.supportURL[script.meta.supportURL.length - 1] + '"></a>';
+      if (htmlStub === sanitizeHtml(htmlStub, htmlWhitelistLink)) {
+        script.support = [{
+          url:  script.meta.supportURL[script.meta.supportURL.length - 1],
+          text: decodeURI(script.meta.supportURL[script.meta.supportURL.length - 1]),
+          hasNoFollow:  !/^(?:https?:\/\/)?openuserjs\.org/i.test(script.meta.supportURL[script.meta.supportURL.length - 1])
+        }];
+      }
+    }
+  }
+
   //
   script.fullName = script.author.name + '/' + script.name; // GitHub-like name
 
diff --git a/views/pages/scriptPage.html b/views/pages/scriptPage.html
@@ -35,11 +35,12 @@
                   </ul>
                 </span>
               {{/script.hasGroups}}
-              {{#script.meta.homepages}}<p><i class="fa fa-fw fa-home"></i> <b>Homepage:</b> <a href="{{name}}">{{name}}</a></p>{{/script.meta.homepages}}
+              {{#script.homepages}}<p><i class="fa fa-fw fa-home"></i> <b>Homepage:</b> <a href="{{{url}}}"{{#hasNoFollow}} rel="nofollow"{{/hasNoFollow}}>{{text}}</a></p>{{/script.homepages}}
+              {{#script.support}}<p><i class="fa fa-fw fa-support"></i> <b>Support:</b> <a href="{{{url}}}"{{#hasNoFollow}} rel="nofollow"{{/hasNoFollow}}>{{text}}</a></p>{{/script.support}}
               {{#script.meta.copyright}}<p><i class="fa fa-fw fa-legal"></i> <b>Copyright:</b> {{script.meta.copyright}}</p>{{/script.meta.copyright}}
-              {{#script.meta.licenses}}<p><i class="fa fa-fw fa-legal"></i> <b>License:</b> {{name}}</p>{{/script.meta.licenses}}
+              {{#script.licenses}}<p><i class="fa fa-fw fa-legal"></i> <b>License:</b> {{name}}</p>{{/script.licenses}}
               {{#hasCollab}}
-              <p><i class="fa fa-fw fa-user"></i> <b>Collaborator:</b> {{#script.meta.collaborators}} <span class="label label-info"><a href="/users/{{name}}">{{name}}</a></span> {{/script.meta.collaborators}}</p>
+              <p><i class="fa fa-fw fa-user"></i> <b>Collaborator:</b> {{#script.collaborators}} <span class="label label-info"><a href="/users/{{{url}}}">{{text}}</a></span> {{/script.collaborators}}</p>
               {{/hasCollab}}
               {{#script.fork}}
                 <p><b>Fork History:</b></p>
