RedCloth 4.2.9 → 4.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/redcloth.gemspec CHANGED
@@ -6,15 +6,23 @@ require "redcloth/version"
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "RedCloth"
8
8
  s.version = RedCloth::VERSION.to_s
9
- s.authors = ["Jason Garber", "why the lucky stiff", "Ola Bini"]
9
+ s.authors = ["Jason Garber", "Joshua Siler", "Ola Bini"]
10
10
  s.description = "Textile parser for Ruby."
11
11
  s.summary = RedCloth::SUMMARY
12
- s.email = "redcloth-upwards@rubyforge.org"
13
- s.homepage = "http://redcloth.org"
14
- s.rubyforge_project = "redcloth"
12
+ s.homepage = "https://github.com/jgarber/redcloth"
13
+ s.license = "MIT"
15
14
 
15
+ s.platform = 'ruby'
16
+ s.required_ruby_version = Gem::Requirement.new(">= 2.4")
16
17
  s.rubygems_version = "1.3.7"
17
- s.default_executable = "redcloth"
18
+
19
+ if s.respond_to?(:metadata=)
20
+ s.metadata = {
21
+ "bug_tracker_uri" => "https://github.com/jgarber/redcloth/issues",
22
+ "changelog_uri" => "https://github.com/jgarber/redcloth/blob/master/CHANGELOG",
23
+ "source_code_uri" => "https://github.com/jgarber/redcloth"
24
+ }
25
+ end
18
26
 
19
27
  s.files = Dir['.gemtest', '.rspec', 'CHANGELOG', 'COPYING', 'Gemfile', 'README.rdoc', 'Rakefile', 'doc/**/*', 'bin/**/*', 'lib/**/*', 'redcloth.gemspec', 'spec/**/*', 'tasks/**/*']
20
28
  s.test_files = Dir['spec/**/*']
@@ -23,30 +31,16 @@ Gem::Specification.new do |s|
23
31
  s.rdoc_options = ["--charset=UTF-8", "--line-numbers", "--inline-source", "--title", "RedCloth", "--main", "README.rdoc"]
24
32
  s.require_paths += ["lib/case_sensitive_require", "ext"]
25
33
 
26
- s.files -= Dir['lib/redcloth.jar']
27
- s.files -= Dir['lib/**/*.dll']
28
34
  s.files -= Dir['lib/**/*.bundle']
29
35
  s.files -= Dir['lib/**/*.so']
30
-
31
- s.platform = RUBY_PLATFORM[/java/] || 'ruby'
32
- case s.platform.to_s
33
- when /java/
34
- s.files += ['lib/redcloth_scan.jar']
35
- else # MRI or Rubinius
36
- s.files += %w[attributes inline scan].map {|f| "ext/redcloth_scan/redcloth_#{f}.c"}
37
- s.files += ["ext/redcloth_scan/redcloth.h"]
38
- s.extensions = Dir['ext/**/extconf.rb']
39
- end
40
36
 
41
- s.add_development_dependency('bundler', '~> 1.0.10')
42
- s.add_development_dependency('rake', '~> 0.8.7')
43
- s.add_development_dependency('rspec', '~> 2.4')
44
- s.add_development_dependency('diff-lcs', '~> 1.1.2')
45
-
46
- # Have to load these even though they're only needed for
47
- # gem packaging. Otherwise, Bundler complains that they're
48
- # not installed even though they're not required.
49
- # See https://github.com/carlhuda/bundler/issues/issue/1021
50
- s.add_development_dependency('rvm', '~> 1.2.6')
51
- s.add_development_dependency('rake-compiler', '~> 0.7.1')
37
+ s.files += %w[attributes inline scan].map {|f| "ext/redcloth_scan/redcloth_#{f}.c"}
38
+ s.files += ["ext/redcloth_scan/redcloth.h"]
39
+ s.extensions = Dir['ext/**/extconf.rb']
40
+
41
+ s.add_development_dependency('bundler', '> 1.3.4')
42
+ s.add_development_dependency('rake', '~> 13')
43
+ s.add_development_dependency('rspec', '~> 3.12')
44
+ s.add_development_dependency('diff-lcs', '~> 1.5')
45
+
52
46
  end
@@ -4,7 +4,7 @@ module FigureTag
4
4
  def fig( opts )
5
5
  label, img = opts[:text].split('|').map! {|str| str.strip}
6
6
 
7
- html = %Q{<div class="img" id="figure-#{label.tr('.', '-')}">\n}
7
+ html = %Q{<div class="img" id="figure-#{label.tr('.', '-')}">\n}.dup
8
8
  html << %Q{ <a class="fig" href="/images/#{img}">\n}
9
9
  html << %Q{ <img src="/images/thumbs/#{img}" alt="Figure #{label}" />\n}
10
10
  html << %Q{ </a>\n}
@@ -15,13 +15,13 @@ end
15
15
 
16
16
  describe "custom tags" do
17
17
  it "should recognize the custom tag" do
18
- input = %Q{The first line of text.\n\n}
18
+ input = %Q{The first line of text.\n\n}.dup
19
19
  input << %Q{fig. 1.1 | img.jpg\n\n}
20
20
  input << %Q{The last line of text.\n}
21
21
  r = RedCloth.new input
22
22
  r.extend FigureTag
23
23
 
24
- html = %Q{<p>The first line of text.</p>\n}
24
+ html = %Q{<p>The first line of text.</p>\n}.dup
25
25
  html << %Q{<div class="img" id="figure-1-1">\n}
26
26
  html << %Q{ <a class="fig" href="/images/img.jpg">\n}
27
27
  html << %Q{ <img src="/images/thumbs/img.jpg" alt="Figure 1.1" />\n}
@@ -30,13 +30,13 @@ describe "custom tags" do
30
30
  html << %Q{<div>\n}
31
31
  html << %Q{<p>The last line of text.</p>}
32
32
 
33
- r.to_html.should == html
33
+ expect(r.to_html).to eq(html)
34
34
  end
35
35
 
36
36
  it "should fall back if custom tag isn't defined" do
37
37
  r = RedCloth.new %Q/fig()>[no]{color:red}. 1.1 | img.jpg/
38
38
 
39
- r.to_html.should == "<p>fig()>[no]{color:red}. 1.1 | img.jpg</p>"
39
+ expect(r.to_html).to eq("<p>fig()>[no]{color:red}. 1.1 | img.jpg</p>")
40
40
  end
41
41
 
42
42
  it "should not call just regular string methods" do
@@ -45,6 +45,6 @@ describe "custom tags" do
45
45
 
46
46
  html = "<p>next. </p>"
47
47
 
48
- r.to_html.should == html
48
+ expect(r.to_html).to eq(html)
49
49
  end
50
- end
50
+ end
data/spec/erb_spec.rb CHANGED
@@ -5,6 +5,6 @@ describe "ERB helper" do
5
5
  template = %{<%=t "This new ERB tag makes is so _easy_ to use *RedCloth*" %>}
6
6
  expected = %{<p>This new <span class="caps">ERB</span> tag makes is so <em>easy</em> to use <strong>RedCloth</strong></p>}
7
7
 
8
- ERB.new(template).result.should == expected
8
+ expect(ERB.new(template).result).to eq(expected)
9
9
  end
10
10
  end
@@ -20,7 +20,7 @@ describe RedClothSmileyExtension do
20
20
 
21
21
  html = %Q{<p>You&#8217;re so silly! <img src='/images/emoticons/58_80.png' title=':P' class='smiley' /></p>}
22
22
 
23
- RedCloth.new(input).to_html(:textile, :refs_smiley).should == html
23
+ expect(RedCloth.new(input).to_html(:textile, :refs_smiley)).to eq(html)
24
24
  end
25
25
 
26
26
  end
@@ -159,7 +159,7 @@ in: '"link text":http://example.com/'
159
159
  html: <p><a href="http://example.com/">link text</a></p>
160
160
  ---
161
161
  name: local links
162
- desc: The host name may be ommitted for local links.
162
+ desc: The host name may be omitted for local links.
163
163
  in: '"link text":/example'
164
164
  html: <p><a href="/example">link text</a></p>
165
165
  ---
@@ -6,8 +6,8 @@ describe "HTML" do
6
6
  end
7
7
 
8
8
  it "should not raise an error when orphaned parentheses in a link are followed by punctuation and words in HTML" do
9
- lambda {
9
+ expect {
10
10
  RedCloth.new(%Q{Test "(read this":http://test.host), ok}).to_html
11
- }.should_not raise_error
11
+ }.not_to raise_error
12
12
  end
13
13
  end
@@ -6,8 +6,8 @@ describe "LaTeX" do
6
6
  end
7
7
 
8
8
  it "should not raise an error when orphaned parentheses in a link are followed by punctuation and words in LaTeX" do
9
- lambda {
9
+ expect {
10
10
  RedCloth.new(%Q{Test "(read this":http://test.host), ok}).to_latex
11
- }.should_not raise_error
11
+ }.not_to raise_error
12
12
  end
13
13
  end
data/spec/parser_spec.rb CHANGED
@@ -4,15 +4,15 @@ describe RedCloth do
4
4
 
5
5
  describe "#new" do
6
6
  it "should accept options" do
7
- lambda {
7
+ expect {
8
8
  RedCloth.new("test", [:hard_breaks])
9
- }.should_not raise_error(ArgumentError)
9
+ }.not_to raise_error
10
10
  end
11
11
  end
12
12
 
13
13
  it "should have a VERSION" do
14
- RedCloth.const_defined?("VERSION").should be_true
15
- RedCloth::VERSION.const_defined?("STRING").should be_true
14
+ expect(RedCloth.const_defined?("VERSION")).to be_truthy
15
+ expect(RedCloth::VERSION.const_defined?("STRING")).to be_truthy
16
16
  end
17
17
 
18
18
  it "should show the version as a string" do
@@ -21,7 +21,7 @@ describe RedCloth do
21
21
  end
22
22
 
23
23
  it "should have EXTENSION_LANGUAGE" do
24
- RedCloth.const_defined?("EXTENSION_LANGUAGE").should be_true
24
+ RedCloth.const_defined?("EXTENSION_LANGUAGE").should be_truthy
25
25
  RedCloth::EXTENSION_LANGUAGE.should_not be_empty
26
26
  RedCloth::DESCRIPTION.should include(RedCloth::EXTENSION_LANGUAGE)
27
27
  end
@@ -85,8 +85,9 @@ describe RedCloth do
85
85
 
86
86
  if RUBY_VERSION > "1.9.0"
87
87
  it "should preserve character encoding" do
88
- input = "This is an ISO-8859-1 string"
88
+ input = "This is an ISO-8859-1 string".dup
89
89
  input.force_encoding 'iso-8859-1'
90
+
90
91
  output = RedCloth.new(input).to_html
91
92
 
92
93
  output.should == "<p>This is an <span class=\"caps\">ISO</span>-8859-1 string</p>"
@@ -94,7 +95,7 @@ describe RedCloth do
94
95
  end
95
96
 
96
97
  it "should not raise ArgumentError: invalid byte sequence" do
97
- s = "\xa3"
98
+ s = "\xa3".dup
98
99
  s.force_encoding 'iso-8859-1'
99
100
  lambda { RedCloth.new(s).to_html }.should_not raise_error
100
101
  end
@@ -0,0 +1,33 @@
1
+ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684
2
+
3
+ require 'redcloth'
4
+
5
+ describe 'CVE-2012-6684' do
6
+
7
+ it 'should not let javascript links pass through' do
8
+ # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en
9
+ output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
10
+ expect(output).to_not match(/href=.javascript:alert/)
11
+
12
+ output = RedCloth.new('["clickme":jAvascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
13
+ expect(output).to_not match(/href=.jAvascript:alert/)
14
+ end
15
+
16
+ it 'should not let javascript links pass through on images' do
17
+ output = RedCloth.new('"!<javascript:alert(1)(2)!:javascript:prompt(document.domain)"').to_html
18
+ expect(output).to match(/src=.javascript:alert/)
19
+ expect(output).to match(/href=.javascript:prompt/)
20
+
21
+ output = RedCloth.new('"!<javascript:alert(1)(2)!:javascript:prompt(document.domain)"', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
22
+ expect(output).to_not match(/src=.javascript:alert/)
23
+ expect(output).to_not match(/href=.javascript:prompt/)
24
+
25
+ output = RedCloth.new('"!<jAvascript:alert(1)(2)!:jAvascript:prompt(document.domain)"').to_html
26
+ expect(output).to match(/src=.jAvascript:alert/)
27
+ expect(output).to match(/href=.jAvascript:prompt/)
28
+
29
+ output = RedCloth.new('"!<jAvascript:alert(1)(2)!:jAvascript:prompt(document.domain)"', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
30
+ expect(output).to_not match(/src=.jAvascript:alert/)
31
+ expect(output).to_not match(/href=.jAvascript:prompt/)
32
+ end
33
+ end
@@ -0,0 +1,49 @@
1
+ # https://github.com/advisories/GHSA-qcm3-vfq5-wfr2
2
+ # https://github.com/e23e/CVE-2023-31606#readme
3
+ # https://github.com/jgarber/redcloth/issues/73
4
+ # https://github.com/jgarber/redcloth/pull/75
5
+
6
+ require 'redcloth'
7
+
8
+ describe 'CVE-2023-31606' do
9
+
10
+ it 'process malicious html without delay' do
11
+ # INFO (Helio): inside RedCloth repo, running `$ bundle exec rspec .`, with the test below, I can't replicate,
12
+ # on my development machine, the time spent on this sample text.
13
+ # However, on the same development machine, when I run this test this code, in a test-redcloth-regexp.rb script, in a rails app
14
+ # with `gem 'RedCloth'` in it, I was able to get the results indicated in the issue (https://github.com/jgarber/redcloth/issues/73),
15
+ # by https://github.com/e23e
16
+ # Here are the outputs:
17
+ # hac@MBP tcard % time ruby test-redcloth-regexp.rb
18
+ # 0.158047
19
+ # ruby test-redcloth-regexp.rb 0.12s user 0.11s system 82% cpu 0.279 total
20
+ # hac@MBP tcard % time ruby test-redcloth-regexp.rb
21
+ # 18.457945
22
+ # ruby test-redcloth-regexp.rb 18.32s user 0.22s system 99% cpu 18.556 total
23
+ # hac@MBP tcard % cat !$
24
+ # cat test-redcloth-regexp.rb
25
+ # require 'RedCloth'
26
+ # text = '<A' + 'A' * (54773)
27
+ # t1 = Time.now
28
+ # text = RedCloth.new(text, [:sanitize_html]).to_html
29
+ # t2 = Time.now
30
+ # puts (t2-t1)
31
+ # hac@MBP tcard %
32
+
33
+ text = '<A' + 'A' * (54773)
34
+
35
+ t1 = Time.now
36
+ res = RedCloth.new(text, [:sanitize_html]).to_html
37
+ t2 = Time.now
38
+
39
+ expect(t2-t1).to be <= 3
40
+ end
41
+
42
+ it 'should keep the generated HTML the same' do
43
+ text = "<a href=https://example.com> Example </a>"
44
+ result = RedCloth.new(text, [:sanitize_html]).to_html
45
+
46
+ expect(result).to eq("<p><a href=\"https://example.com\"> Example </a></p>")
47
+ end
48
+
49
+ end
data/spec/spec_helper.rb CHANGED
@@ -10,11 +10,11 @@ def examples_from_yaml(&block)
10
10
  if doc[formatter]
11
11
  example("should output #{formatter} for #{name}") do
12
12
  output = method("format_as_#{formatter}").call(doc)
13
- output.should == doc[formatter]
13
+ expect(output).to eq(doc[formatter])
14
14
  end
15
15
  else
16
16
  example("should not raise errors when rendering #{formatter} for #{name}") do
17
- lambda { method("format_as_#{formatter}").call(doc) }.should_not raise_error
17
+ expect { method("format_as_#{formatter}").call(doc) }.not_to raise_error
18
18
  end
19
19
  end
20
20
  end
@@ -26,11 +26,11 @@ def fixtures
26
26
  Dir[File.join(File.dirname(__FILE__), *%w[fixtures *.yml])].each do |testfile|
27
27
  testgroup = File.basename(testfile, '.yml')
28
28
  num = 0
29
- YAML::load_documents(File.open(testfile)) do |doc|
29
+ YAML::load_stream(File.open(testfile)) do |doc|
30
30
  name = doc['name'] || num
31
31
  @fixtures["#{testgroup} #{name}"] = doc
32
32
  num += 1
33
33
  end
34
34
  end
35
35
  @fixtures
36
- end
36
+ end
data/tasks/compile.rake CHANGED
@@ -12,19 +12,16 @@ CLOBBER.include [
12
12
  ]
13
13
 
14
14
  # Load the Gem specification for the current platform (Ruby or JRuby).
15
- def gemspec(platform = RUBY_PLATFORM[/java/] || 'ruby')
15
+ def gemspec(platform = 'ruby')
16
16
  Gem::Specification.load(File.expand_path('../../redcloth.gemspec', __FILE__))
17
17
  end
18
18
 
19
19
  require 'rake/extensiontask'
20
- require 'rake/javaextensiontask'
21
20
  require File.dirname(__FILE__) + '/ragel_extension_task'
22
21
 
23
- if defined?(JRUBY_VERSION)
24
- Rake::JavaRagelExtensionTask.new('redcloth_scan', gemspec)
25
- else
26
- extconf = "ext/redcloth_scan/extconf.rb"
27
- file extconf do
22
+
23
+ extconf = "ext/redcloth_scan/extconf.rb"
24
+ file extconf do
28
25
  FileUtils.mkdir(File.dirname(extconf)) unless File.directory?(File.dirname(extconf))
29
26
  File.open(extconf, "w") do |io|
30
27
  io.write(<<-EOF)
@@ -32,16 +29,10 @@ require 'mkmf'
32
29
  CONFIG['warnflags'].gsub!(/-Wshorten-64-to-32/, '') if CONFIG['warnflags']
33
30
  $CFLAGS << ' -O0 -Wall ' if CONFIG['CC'] =~ /gcc/
34
31
  dir_config("redcloth_scan")
35
- have_library("c", "main")
36
32
  create_makefile("redcloth_scan")
37
33
  EOF
38
34
  end
39
- end
40
-
41
- Rake::RagelExtensionTask.new("redcloth_scan", gemspec) do |ext|
42
- if ENV['RUBY_CC_VERSION']
43
- ext.cross_compile = true
44
- ext.cross_platform = ['i386-mingw32', 'i386-mswin32-60']
45
- end
46
- end
47
35
  end
36
+
37
+ Rake::RagelExtensionTask.new("redcloth_scan", gemspec) do |ext|
38
+ end
@@ -42,17 +42,14 @@ module Rake
42
42
  {
43
43
  'scan' => {
44
44
  'c' => "#{@ext_dir}/redcloth_scan.c",
45
- 'java' => "#{@ext_dir}/RedclothScanService.java",
46
45
  'rb' => "#{@ext_dir}/redcloth_scan.rb"
47
46
  },
48
47
  'inline' => {
49
48
  'c' => "#{@ext_dir}/redcloth_inline.c",
50
- 'java' => "#{@ext_dir}/RedclothInline.java",
51
49
  'rb' => "#{@ext_dir}/redcloth_inline.rb"
52
50
  },
53
51
  'attributes' => {
54
52
  'c' => "#{@ext_dir}/redcloth_attributes.c",
55
- 'java' => "#{@ext_dir}/RedclothAttributes.java",
56
53
  'rb' => "#{@ext_dir}/redcloth_attributes.rb"
57
54
  }
58
55
  }[machine][lang]
@@ -88,7 +85,6 @@ module Rake
88
85
  def host_language_flag
89
86
  {
90
87
  'c' => 'C',
91
- 'java' => 'J',
92
88
  'rb' => 'R'
93
89
  }[lang]
94
90
  end
@@ -96,7 +92,6 @@ module Rake
96
92
  def preferred_code_style
97
93
  {
98
94
  'c' => 'T0',
99
- 'java' => nil,
100
95
  'rb' => 'F1'
101
96
  }[lang]
102
97
  end
@@ -117,11 +112,5 @@ module Rake
117
112
  "c"
118
113
  end
119
114
  end
120
- class JavaRagelExtensionTask < JavaExtensionTask
121
- include RagelGenerationTasks
122
-
123
- def lang
124
- "java"
125
- end
126
- end
115
+
127
116
  end
data/tasks/release.rake CHANGED
@@ -1,15 +1,15 @@
1
1
  namespace :release do
2
- desc 'Upload all packages and tag git'
3
- task :all => ['build:all', :release, :push_native_gems]
2
+ desc 'Push all gems to rubygems.org'
3
+ # 1. run rake test
4
+ # 2. update changelog
5
+ # 3. change version in version.rb
6
+ # 4. branch into stable vx.x branch
7
+ # 5. git tag and push tag
8
+ # 5.1. git tag vx.x.x
9
+ # 5.2. git push --follow-tags
4
10
 
5
- desc 'Push all gems to rubygems.org (gemcutter)'
6
- task :push_native_gems do
7
- Dir.chdir('pkg') do
8
- Dir['*.gem'].select {|g| g =~ /\w+-[^-]+-\w+.gem/ }.each do |gem_file|
9
- sh("gem push #{gem_file}")
10
- end
11
- end
11
+ task :gem do
12
+ sh("gem build redcloth.gemspec")
13
+ sh("gem push RedCloth-*.gem")
12
14
  end
13
15
  end
14
-
15
- Rake::Task['release'].prerequisites.unshift('build')
data/tasks/rvm.rake CHANGED
@@ -1,12 +1,14 @@
1
+ require 'rvm'
2
+
1
3
  namespace :rvm do
2
4
 
3
- RVM_RUBIES = ['jruby-1.5.6' , 'ruby-1.8.6-p398', 'ruby-1.9.1-p243', 'ruby-1.9.2-p136', 'ree-1.8.7-2010.02']
5
+ RVM_RUBIES = ['ruby-1.8.6-p398', 'ruby-1.9.1-p243', 'ruby-1.9.2-p136', 'ruby-2.2.3p173']
4
6
  RVM_GEMSET_NAME = 'redcloth'
5
7
 
6
8
  task :setup do
7
9
  unless @rvm_setup
8
10
  rvm_lib_path = "#{`echo $rvm_path`.strip}/lib"
9
- $LOAD_PATH.unshift(rvm_lib_path) unless $LOAD_PATH.include?(rvm_lib_path)
11
+ #$LOAD_PATH.unshift(rvm_lib_path) unless $LOAD_PATH.include?(rvm_lib_path)
10
12
  require 'rvm'
11
13
  require 'tmpdir'
12
14
  @rvm_setup = true
@@ -21,7 +23,7 @@ namespace :rvm do
21
23
  # gets confused when locked to java and running ruby and vice-versa.
22
24
  STDERR << RVM.run('bundle update').stderr
23
25
 
24
- result = RVM.perform_set_operation(:rake)
26
+ result = RVM.run("rake test")
25
27
  STDOUT << result.stdout
26
28
  STDERR << result.stderr
27
29
  end