Merge pull request #118 from rails/flavorjones-tweak-comment-and-pi

flavorjones · web-flow · commit d4943093aae5 · 2021-08-23T17:54:56.000-04:00
improve performance (slightly)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## next / unreleased
+
+* Slightly improve performance.
+
+  Assuming elements are more common than comments, make one less method call per node.
+
+  *Mike Dalessio*
+
 ## 1.4.1 / 2021-08-18
 
 * Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
diff --git a/lib/rails/html/scrubbers.rb b/lib/rails/html/scrubbers.rb
@@ -68,7 +68,7 @@ def scrub(node)
         end
         return CONTINUE if skip_node?(node)
 
-        unless (node.comment? || node.element?) && keep_node?(node)
+        unless (node.element? || node.comment?) && keep_node?(node)
           return STOP if scrub_node(node) == STOP
         end
 
diff --git a/test/scrubbers_test.rb b/test/scrubbers_test.rb
@@ -41,6 +41,16 @@ def test_default_scrub_behavior
     assert_scrubbed '<tag>hello</tag>', 'hello'
   end
 
+  def test_default_scrub_removes_comments
+    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
+                    '<div>one</div><span>three</span>')
+  end
+
+  def test_default_scrub_removes_processing_instructions
+    assert_scrubbed('<div>one</div><?div two><span>three</span>',
+                    '<div>one</div><span>three</span>')
+  end
+
   def test_default_attributes_removal_behavior
     assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
   end
@@ -56,6 +66,12 @@ def test_leaves_only_supplied_tags
     assert_scrubbed html, '<tag>leave me now</tag>'
   end
 
+  def test_leaves_comments_when_supplied_as_tag
+    @scrubber.tags = %w(div comment)
+    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
+                    '<div>one</div><!-- two -->three')
+  end
+
   def test_leaves_only_supplied_tags_nested
     html = '<tag>leave <em>me <span>now</span></em></tag>'
     @scrubber.tags = %w(tag)
@@ -112,50 +128,6 @@ def test_attributes_accessor_validation
   end
 end
 
-class PermitScrubberSubclassTest < ScrubberTest
-  def setup
-    @scrubber = Class.new(::Rails::Html::PermitScrubber) do
-      attr :nodes_seen
-
-      def initialize
-        super()
-        @nodes_seen = []
-      end
-
-      def keep_node?(node)
-        @nodes_seen << node.name
-        super(node)
-      end
-    end.new
-  end
-
-  def test_elements_are_checked
-    html = %Q("<div></div><a></a><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    assert_includes(@scrubber.nodes_seen, "a")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-
-  def test_comments_are_checked
-    # this passes in v1.3.0 but fails in v1.4.0
-    html = %Q("<div></div><!-- ohai --><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    assert_includes(@scrubber.nodes_seen, "comment")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-
-  def test_craftily_named_processing_instructions_are_not_checked
-    # this fails in v1.3.0 but passes in v1.4.0
-    html = %Q("<div></div><?a content><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    refute_includes(@scrubber.nodes_seen, "a")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-end
-
 class TargetScrubberTest < ScrubberTest
   def setup
     @scrubber = Rails::Html::TargetScrubber.new
