Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
= Project: Builder
== Goal
Provide a simple way to create XML markup and data structures.
== Classes
Builder::XmlMarkup:: Generate XML markup notiation Builder::XmlEvents:: Generate XML events (i.e. SAX-like)
Notes::
== Usage
require 'rubygems' require_gem 'builder', '~> 2.0'
builder = Builder::XmlMarkup.new xml = builder.person { |b| b.name("Jim"); b.phone("555-1234") } xml #=> Jim555-1234
or
require 'rubygems' require_gem 'builder'
builder = Builder::XmlMarkup.new(:target=>STDOUT, :indent=>2) builder.person { |b| b.name("Jim"); b.phone("555-1234") }
== Compatibility
=== Version 2.0.0 Compatibility Changes
Version 2.0.0 introduces automatically escaped attribute values for the first time. Versions prior to 2.0.0 did not insert escape characters into attribute values in the XML markup. This allowed attribute values to explicitly reference entities, which was occasionally used by a small number of developers. Since strings could always be explicitly escaped by hand, this was not a major restriction in functionality.
However, it did suprise most users of builder. Since the body text is normally escaped, everybody expected the attribute values to be escaped as well. Escaped attribute values were the number one support request on the 1.x Builder series.
Starting with Builder version 2.0.0, all attribute values expressed as strings will be processed and the appropriate characters will be escaped (e.g. "&" will be tranlated to "&"). Attribute values that are expressed as Symbol values will not be processed for escaped characters and will be unchanged in output. (Yes, this probably counts as Symbol abuse, but the convention is convenient and flexible).
Example:
xml = Builder::XmlMarkup.new xml.sample(:escaped=>"This&That", :unescaped=>:"Here&There") xml.target! =>
=== Version 1.0.0 Compatibility Changes
Version 1.0.0 introduces some changes that are not backwards compatible with earlier releases of builder. The main areas of incompatibility are:
Keyword based arguments to +new+ (rather than positional based). It was found that a developer would often like to specify indentation without providing an explicit target, or specify a target without indentation. Keyword based arguments handle this situation nicely.
Builder must now be an explicit target for markup tags. Instead of writing
xml_markup = Builder::XmlMarkup.new xml_markup.div { strong("text") }
you need to write
xml_markup = Builder::XmlMarkup.new xml_markup.div { xml_markup.strong("text") }
The builder object is passed as a parameter to all nested markup blocks. This allows you to create a short alias for the builder object that can be used within the block. For example, the previous example can be written as:
xml_markup = Builder::XmlMarkup.new xml_markup.div { |xml| xml.strong("text") }
If you have both a pre-1.0 and a post-1.0 gem of builder installed, you can choose which version to use through the RubyGems +require_gem+ facility.
require_gem 'builder', "> 0.0" # Gets the old version
require_gem 'builder', "> 1.0" # Gets the new version
== Features
XML Comments are supported ...
xml_markup.comment! "This is a comment" #=>
XML processing instructions are supported ...
xml_markup.instruct! :xml, :version=>"1.0", :encoding=>"UTF-8" #=>
If the processing instruction is omitted, it defaults to "xml". When the processing instruction is "xml", the defaults attributes are:
version:: 1.0 encoding:: "UTF-8"
(NOTE: if the encoding is set to "UTF-8" and $KCODE is set to "UTF8", then Builder will emit UTF-8 encoded strings rather than encoding non-ASCII characters as entities.)
XML entity declarations are now supported to a small degree.
xml_markup.declare! :DOCTYPE, :chapter, :SYSTEM, "../dtds/chapter.dtd" #=>
The parameters to a declare! method must be either symbols or strings. Symbols are inserted without quotes, and strings are inserted with double quotes. Attribute-like arguments in hashes are not allowed.
If you need to have an argument to declare! be inserted without quotes, but the arguement does not conform to the typical Ruby syntax for symbols, then use the :"string" form to specify a symbol.
For example:
xml_markup.declare! :ELEMENT, :chapter, :"(title,para+)" #=>
Nested entity declarations are allowed. For example:
@xml_markup.declare! :DOCTYPE, :chapter do |x| x.declare! :ELEMENT, :chapter, :"(title,para+)" x.declare! :ELEMENT, :title, :"(#PCDATA)" x.declare! :ELEMENT, :para, :"(#PCDATA)" end
#=>
<!ELEMENT title (#PCDATA)>
<!ELEMENT para (#PCDATA)>
]>
Some support for XML namespaces is now available. If the first argument to a tag call is a symbol, it will be joined to the tag to produce a namespace:tag combination. It is easier to show this than describe it.
xml.SOAP :Envelope do ... end
Just put a space before the colon in a namespace to produce the right form for builder (e.g. "SOAP:Envelope" => "xml.SOAP :Envelope")
String attribute values are now escaped by default by Builder (NOTE: this is new behavior as of version 2.0).
However, occasionally you need to use entities in attribute values. Using a symbols (rather than a string) for an attribute value will cause Builder to not run its quoting/escaping algorithm on that particular value.
(Note: The +escape_attrs+ option for builder is now obsolete).
Example:
xml = Builder::XmlMarkup.new xml.sample(:escaped=>"This&That", :unescaped=>:"Here&There") xml.target! =>
UTF-8 Support
Builder correctly translates UTF-8 characters into valid XML. (New in version 2.0.0). Thanks to Sam Ruby for the translation code.
Example:
xml = Builder::XmlMarkup.new xml.sample("I�t�rn�ti�n�l") xml.target! => "Iñtërnâtiônàl"
You can get UTF-8 encoded output by making sure that the XML encoding is set to "UTF-8" and that the $KCODE variable is set to "UTF8".
$KCODE = 'UTF8' xml = Builder::XmlMarkup.new xml.instruct!(:xml, :encoding => "UTF-8") xml.sample("I�t�rn�ti�n�l") xml.target! => "I�t�rn�ti�n�l"
== Contact
Author:: Jim Weirich Email:: jim@weirichhouse.org Home Page:: http://onestepback.org License:: MIT Licence (http://www.opensource.org/licenses/mit-license.html)
FAQs
Unknown package
We found that bigfleet-builder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.