Merge pull request #25 from dwyl/description

adds description_plaintext_unlimited

Author: nelsonic

README.md

@@ -43,6 +43,8 @@ When you load one of the fields into your database, the corresponding `dump/1` c
 
 Likewise, when you load a field from the database, the `load/1` callback will be called, giving you the data in the format you need. `Fields.EmailEncrypted` will be decrypted back to plaintext. 
 
+Each Field optionally defines an `input_type/0` function. This will return an atom representing the `Phoenix.HTML.Form` input type to use for the Field. For example, `Fields.DescriptionPlaintextUnlimited.input_type` returns `:textarea`.
+
 The currently existing fields are:
 
 - [Encrypted](lib/encrypted.ex)
@@ -57,6 +59,7 @@ The currently existing fields are:
 - [AddressEncrypted](lib/address_encrypted.ex)
 - [PhoneNumber](lib/phone_number.ex)
 - [PhoneNumberEncrypted](lib/phone_number_encrypted.ex)
+- [DescriptionPlaintextUnlimited](lib/description_plaintext_unlimited.ex)
 
 ## Config 
 

lib/description_plaintext_unlimited.ex

@@ -0,0 +1,29 @@
+defmodule Fields.DescriptionPlaintextUnlimited do
+  @moduledoc """
+  An Ecto Type for plaintext description fields with no length restrictions.
+  Strips out all HTML tags to avoid XSS.
+
+  ## Example
+
+      schema "article" do
+        field(:description, Fields.DescriptionPlaintextUnlimited)
+      end
+  """
+  @behaviour Ecto.Type
+
+  def type, do: :string
+
+  def cast(value) do
+    {:ok, to_string(value)}
+  end
+
+  def dump(value) do
+    {:ok, HtmlSanitizeEx.strip_tags(value)}
+  end
+
+  def load(value) do
+    {:ok, value}
+  end
+
+  def input_type, do: :textarea
+end

mix.exs

@@ -4,7 +4,7 @@ defmodule Fields.MixProject do
   def project do
     [
       app: :fields,
-      version: "0.1.1",
+      version: "0.1.3",
       elixir: "~> 1.7",
       start_permanent: Mix.env() == :prod,
       deps: deps()
@@ -23,6 +23,7 @@ defmodule Fields.MixProject do
     [
       {:argon2_elixir, "~> 1.2"},
       {:ecto, "~> 2.2.10"},
+      {:html_sanitize_ex, "~> 1.3"},
       {:stream_data, "~> 0.4.2", only: :test}
       # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"},
     ]

mix.lock

@@ -3,6 +3,8 @@
   "decimal": {:hex, :decimal, "1.5.0", "b0433a36d0e2430e3d50291b1c65f53c37d56f83665b43d79963684865beab68", [:mix], [], "hexpm"},
   "ecto": {:hex, :ecto, "2.2.11", "4bb8f11718b72ba97a2696f65d247a379e739a0ecabf6a13ad1face79844791c", [:mix], [{:db_connection, "~> 1.1", [hex: :db_connection, repo: "hexpm", optional: true]}, {:decimal, "~> 1.2", [hex: :decimal, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.8.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"},
   "elixir_make": {:hex, :elixir_make, "0.4.2", "332c649d08c18bc1ecc73b1befc68c647136de4f340b548844efc796405743bf", [:mix], [], "hexpm"},
+  "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.3.0", "f005ad692b717691203f940c686208aa3d8ffd9dd4bb3699240096a51fa9564e", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"},
+  "mochiweb": {:hex, :mochiweb, "2.18.0", "eb55f1db3e6e960fac4e6db4e2db9ec3602cc9f30b86cd1481d56545c3145d2e", [:rebar3], [], "hexpm"},
   "poolboy": {:hex, :poolboy, "1.5.1", "6b46163901cfd0a1b43d692657ed9d7e599853b3b21b95ae5ae0a777cf9b6ca8", [:rebar], [], "hexpm"},
   "stream_data": {:hex, :stream_data, "0.4.2", "fa86b78c88ec4eaa482c0891350fcc23f19a79059a687760ddcf8680aac2799b", [:mix], [], "hexpm"},
 }

test/description_plaintext_unlimited.ex

@@ -0,0 +1,37 @@
+defmodule Fields.DescriptionPlaintextUnlimitedTest do
+  use ExUnit.Case
+  alias Fields.DescriptionPlaintextUnlimited as Description
+
+  describe "types" do
+    test "Desription.type is :string" do
+      assert Description.type() == :string
+    end
+  end
+
+  describe "cast" do
+    test "Description.cast accepts a string" do
+      assert {:ok, "testing"} == Description.cast("testing")
+    end
+  end
+
+  describe "dump" do
+    test "Description.dump strips html tags" do
+      {:ok, stripped} = Description.dump("<script>alert('hello')</script>")
+
+      assert stripped != "<script>alert('hello')</script>"
+      assert stripped == "alert('hello')"
+    end
+  end
+
+  describe "load" do
+    test "Description.load returns a string" do
+      assert {:ok, "testing"} == Description.load("testing")
+    end
+  end
+
+  describe "input_type" do
+    test "Description.input_type returns :textarea" do
+      assert Description.input_type() == :textarea
+    end
+  end
+end