Module: Ronin::Exploits::Mixins::HTML

Included in:
XSS
Defined in:
lib/ronin/exploits/mixins/html.rb

Overview

Mixin which adds methods for building HTML.

Instance Method Summary collapse

Instance Method Details

#attr(name, value, name_case: nil, quote: :double) ⇒ String

Formats an HTML attribute.

Parameters:

  • name (String, Symbol)

    The attribute's name.

  • value (#to_s)

    The attribute's value.

  • name_case (:lower, :upper, :random, nil) (defaults to: nil)

    Changes the case of the attribute name.

  • quote (:double, :single, :backtick, nil) (defaults to: :double)

    Controls how the attribute's value will be quoted.

Returns:

  • (String)

    The formatted HTML attribute and value.

Raises:

  • (ArgumentError)

    And invalid name_case: or quote: value was given.



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'lib/ronin/exploits/mixins/html.rb', line 81

def attr(name,value, name_case: nil, quote: :double)
  name  = attr_name(name, name_case: name_case)
  value = Support::Encoding::HTML.escape(value.to_s)

  quoted_value = case quote
                 when :double
                   "\"#{value}\""
                 when :single
                   "'#{value}'"
                 when :backtick
                   "`#{value}`"
                 when nil
                   value.gsub(' ',' ')
                 else
                   raise(ArgumentError,"quote keyword argument (#{quote.inspect}) was not :double, :single, :backtick, or nil")
                 end

  return "#{name}=#{quoted_value}"
end

#attr_list(attrs, **kwargs) ⇒ String

Formats an HTML attributes list.

Parameters:

  • attrs (Hash{String,Symbol => #to_s})

    The attribute names and values to format.

  • kwargs (Hash{Symbol => Object})

    Additional keyword arguments for #attr.

Options Hash (**kwargs):

  • :name_case (:lower, :upper, :random, nil)

    Changes the case of the attribute name.

  • :quote (:double, :single, :backtick, nil)

    Controls how the attribute's value will be quoted.

Returns:

  • (String)

    The formatted HTML attributes list.

Raises:

  • (ArgumentError)

    And invalid name_case: or quote: value was given.



122
123
124
125
126
 
# File 'lib/ronin/exploits/mixins/html.rb', line 122

def attr_list(attrs,**kwargs)
  attrs.map { |name,value|
    attr(name,value,**kwargs)
  }.join(' ')
end

#attr_name(name, name_case: nil) ⇒ String

Formats an HTML attribute name.

Parameters:

  • name (String, Symbol)

    The attribute name.

  • name_case (:lower, :upper, :random, nil) (defaults to: nil)

    Changes the case of the attribute name.

Returns:

  • (String)

    The formatted attribute name.

Raises:

  • (ArgumentError)

    An invalid name_case: value was given.



47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/ronin/exploits/mixins/html.rb', line 47

def attr_name(name, name_case: nil)
  name = name.to_s

  case name_case
  when :random then name.random_case
  when :lower  then name.downcase
  when :upper  then name.upcase
  when nil     then name
  else
    raise(ArgumentError,"HTML attr name case (#{name_case.inspect}) was not :lower, :upper, :random, or nil")
  end
end

#tag(name, tag_case: nil, attr_case: nil, attr_quote: :double, text: nil, **attrs) { ... } ⇒ String

Formats an HTML tag.

Examples:

tag('img', src: 'https://example.com/image.jpg')
# => "<img src=\"https://example.com/image.jpg\">"

with a block:

tag('p', class: 'foo') do
  tag('a', href: 'https://example.com/', text: "click me")
end
# => "<p class=\"foo\"><a href=\"https://example.com/\">click me</a></p>"

Parameters:

  • name (String, Symbol)

    The HTML tag name.

  • tag_case (:lower, :upper, :random, nil) (defaults to: nil)

    Changes the case of the tag name.

  • attr_case (:lower, :upper, :random, nil) (defaults to: nil)

    Changes the case of the attribute name.

  • text (#to_s, nil) (defaults to: nil)

    Optional inner text for the tag.

  • attrs (Hash{#to_s => #to_s})

    Additional attributes for the tag.

Yields:

  • [] If a block is given, it's return value will be used as the tag's contents. Otherwise, the text: value will be used as the tag's contents.

Returns:

  • (String)

    The formatted HTML tag.

Raises:

  • (ArgumentError)

    An invalid tag_case: or attr_case: value was given.



195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
 
# File 'lib/ronin/exploits/mixins/html.rb', line 195

def tag(name, tag_case: nil, attr_case: nil, attr_quote: :double, text: nil, **attrs)
  tag_name     = self.tag_name(name, name_case: tag_case)
  tag_contents = if !attrs.empty?
                   attrs = attr_list(attrs, name_case: attr_case,
                                            quote:     attr_quote)

                   "#{tag_name} #{attrs}"
                 else
                   tag_name
                 end

  if block_given?
    "<#{tag_contents}>#{yield}</#{tag_name}>"
  elsif text
    "<#{tag_contents}>#{text}</#{tag_name}>"
  else
    "<#{tag_contents}/>"
  end
end

#tag_name(name, name_case: nil) ⇒ String

Formats an HTML tag name.

Parameters:

  • name (String, Symbol)

    The tag name.

  • name_case (:lower, :upper, :random, nil) (defaults to: nil)

    Changes the case of the tag name.

Returns:

  • (String)

    The formatted HTML tag.

Raises:

  • (ArgumentError)

    An invalid name_case: value was given.



143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/ronin/exploits/mixins/html.rb', line 143

def tag_name(name, name_case: nil)
  name = name.to_s

  case name_case
  when :random then name.random_case
  when :lower  then name.downcase
  when :upper  then name.upcase
  when nil     then name
  else
    raise(ArgumentError,"HTML tag name case (#{name_case.inspect}) was not :lower, :upper, :random, or nil")
  end
end