From d14db51d9e7aa762102841e320cdb2c6156419c5 Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Fri, 9 Oct 2009 23:18:17 -0500
Subject: [PATCH] More Sanitizer Refactoring

Make the Sanitizer more efficient.
Also, update some unit tests.
---
 lib/sanitizer.rb                | 40 +++++++++++++++++----------------
 test/unit/page_renderer_test.rb |  6 ++---
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/lib/sanitizer.rb b/lib/sanitizer.rb
index bcfb143a..63eeb625 100644
--- a/lib/sanitizer.rb
+++ b/lib/sanitizer.rb
@@ -123,31 +123,33 @@ module Sanitizer
       #
       #   xhtml_sanitize('<script> do_nasty_stuff() </script>')
       #    => &lt;script> do_nasty_stuff() &lt;/script>
-      #   xhtml_sanitize_xhtml('<a href="javascript: sucker();">Click here for $100</a>')
+      #   xhtml_sanitize('<a href="javascript: sucker();">Click here for $100</a>')
       #    => <a>Click here for $100</a>
       def xhtml_sanitize(html)
-        if html.index("<")
-          tokenizer = HTML::Tokenizer.new(html.to_utf8)
-          new_text = ""
+        return html unless sanitizeable?(html)
+        tokenizer = HTML::Tokenizer.new(html.to_utf8)
+        results = []
 
-          while token = tokenizer.next
-            node = XHTML::Node.parse(nil, 0, 0, token, false)
-            new_text << case node.tag?
-              when true
-                if ALLOWED_ELEMENTS.include?(node.name)
-                  process_attributes_for(node)
-                  node.to_s
-                else
-                  node.to_s.gsub(/</, "&lt;").gsub(/>/, "&gt;")
-                end
+        while token = tokenizer.next
+          node = XHTML::Node.parse(nil, 0, 0, token, false)
+          results << case node.tag?
+            when true
+              if ALLOWED_ELEMENTS.include?(node.name)
+                process_attributes_for(node)
+                node.to_s
               else
-                node.to_s.unescapeHTML.escapeHTML
-            end
+                node.to_s.gsub(/</, "&lt;").gsub(/>/, "&gt;")
+              end
+            else
+              node.to_s.unescapeHTML.escapeHTML
           end
-
-          html = new_text
         end
-        html
+
+        results.join
+      end
+
+      def sanitizeable?(text)
+        !(text.nil? || text.empty? || !text.index("<"))
       end
 
   protected
diff --git a/test/unit/page_renderer_test.rb b/test/unit/page_renderer_test.rb
index d50f9322..8f2ba29a 100644
--- a/test/unit/page_renderer_test.rb
+++ b/test/unit/page_renderer_test.rb
@@ -373,10 +373,10 @@ END_THM
     assert_markup_parsed_as(
         "<p>should we go <a class='existingWikiWord' href='../show/ThatWay'>" +
 	    "That Way</a> or</p>\n<div class='maruku-equation' id='eq:eq1'>" +
-	    "<math class='maruku-mathml' display='block' " +
+	    "<span class='maruku-eq-number'>(1)</span><math class='maruku-mathml' display='block' " +
 	    "xmlns='http://www.w3.org/1998/Math/MathML'><mi>ThisWay</mi></math>" +
 	    "<span class='maruku-eq-tex'><code style='display: none;'>ThisWay</code>" +
-	    "</span><span class='maruku-eq-number'>(1)</span></div>", 
+	    "</span></div>", 
         "should we go ThatWay or \n\\[ThisWay\\]\n")
 
     assert_markup_parsed_as(
@@ -393,7 +393,7 @@ END_THM
 	    "That Way</a> or</p>\n<div class='maruku-equation'>" +
 	    "<math class='maruku-mathml' display='block' " +
 	    "xmlns='http://www.w3.org/1998/Math/MathML'><mi>ThisWay</mi><mi>$</mi>" +
-	    "<mn>100 </mn><mi>ThatWay</mi></math>" +
+	    "<mn>100</mn><mi>ThatWay</mi></math>" +
 	    "<span class='maruku-eq-tex'><code style='display: none;'>ThisWay \\$100 " +
 	    "ThatWay</code></span></div>", 
         "should we go ThatWay or \n$$ThisWay \\$100 ThatWay $$\n")