Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
W3C Validators is a Ruby wrapper for the World Wide Web Consortium's online validation services.
It supports the nu validator, the feed validator and the CSS validator.
gem install w3c_validators
There are three main validator classes available, the W3CValidators::NuValidator
(used for HTML), the W3CValidators::FeedValidator
and the W3CValidators::CSSValidator
.
Warning: The W3CValidators::MarkupValidator
also exist but is not anymore the preferred
way to check HTML document. Indeed, it is working fine for non-HTML5 documents,
but it is broken when you test an HTML5 document due to W3C redirection. W3CValidators::NuValidator
should be used instead for standard cases.
Each validator has offers three different validation methods.
validate_text
methods take a stringvalidate_file
methods take a path to a file or an IO objectvalidate_uri
methods take a published URLIn addition, the W3CValidators::MarkupValidator
has a validate_uri_quickly
method, which
performs a HEAD request against the markup validation service. The Results
of this call give an error count but no error details.
Each of the three validators allows you to specify a custom path to the validator. You can set your own validator like this:
validator = NuValidator.new(:validator_uri => 'http://localhost/check')
You can use a proxy server by passing in its information in the contructor.
validator = NuValidator.new(:proxy_host => 'proxy.example.com',
:proxy_port => 80,
:proxy_user => 'optional',
:proxy_pass => 'optional')
require 'w3c_validators'
include W3CValidators
@validator = NuValidator.new
file = File.dirname(__FILE__) + '/fixtures/valid_html5.html'
results = @validator.validate_file(fp)
if results.errors.length > 0
results.errors.each do |err|
puts err.to_s
end
else
puts 'Valid!'
end
require 'w3c_validators'
include W3CValidators
@validator = FeedValidator.new
results = @validator.validate_uri('http://example.com/feed.xml')
if results.errors.length > 0
results.errors.each do |err|
puts err.to_s
end
else
puts 'Valid!'
end
require 'w3c_validators'
include W3CValidators
@validator = CSSValidator.new
results = @validator.validate_text('body { margin: 0px; }')
if results.errors.length > 0
results.errors.each do |err|
puts err.to_s
end
else
puts 'Valid!'
end
require 'w3c_validators'
include W3CValidators
@validator = MarkupValidator.new
# override the DOCTYPE
@validator.set_doctype!(:html32)
# turn on debugging messages
@validator.set_debug!(true)
file = File.dirname(__FILE__) + '/fixtures/markup.html'
results = @validator.validate_file(fp)
if results.errors.length > 0
results.errors.each do |err|
puts err.to_s
end
else
puts 'Valid!'
end
puts 'Debugging messages'
results.debug_messages.each do |key, value|
puts "#{key}: #{value}"
end
# you can easily incorporate this in your ruby based frameworks:
# Gemfile
group :test do
gem 'w3c_validators'
end
# And in your relevant test file:
require 'w3c_validators'
class FoosControllerTest < ActionDispatch::IntegrationTest
setup do
@validator = W3CValidators::NuValidator.new
end
test "index" do
get foos_url
assert_equal 0, @validator.validate_text(response.body).errors.length
end
end
# granted it's not perfect, but hopefully that will at least get you going
# you might want to customise things so that it delivers a particular output in case an error shows up.
Run unit tests using rake test. Note that there is a one second delay between each call to the W3C's validators per their request.
Source is available on GitHub
Written by Alex Dunae (dunae.ca, e-mail 'code' at the same domain), 2007.
Thanks to Ryan King for creating the 0.9.2 update.
Thanks to Ryan King, Jonathan Julian and Sylvain LaFleur for creating the 0.9.3 update.
Thanks to James Rosen and Roman Shterenzon for creating the 1.0.1 update.
FAQs
Unknown package
We found that w3c_validators demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.