adamh-sanitize 1.0.4.4 → 1.1.0

data/HISTORY

@@ -1,6 +1,42 @@
 Sanitize History
 ================================================================================
 
+Version 1.1.0
+  * Migrated from Hpricot to Nokogiri. Requires libxml2 >= 2.7.2 [Adam Hooper]
+
+Version 1.0.8.1 (git)
+  * Changed protocol regex to ensure Sanitize doesn't kill URLs with colons in 
+    path segments. [Peter Cooper]
+
+Version 1.0.8 (2009-04-23)
+  * Added a workaround for an Hpricot bug that prevents attribute names from
+    being downcased in recent versions of Hpricot. This was exploitable to
+    prevent non-whitelisted protocols from being cleaned. [Reported by Ben
+    Wanicur]
+
+Version 1.0.7 (2009-04-11)
+  * Requires Hpricot 0.8.1+, which is finally compatible with Ruby 1.9.1.
+  * Fixed a bug that caused named character entities containing digits (like
+    ²) to be escaped when they shouldn't have been. [Reported by Sebastian
+    Steinmetz]
+
+Version 1.0.6 (2009-02-23)
+  * Removed htmlentities gem dependency.
+  * Existing well-formed character entity references in the input string are now
+    preserved rather than being decoded and re-encoded.
+  * The ' character is now encoded as ' instead of ' to prevent
+    problems in IE6.
+  * You can now specify the symbol :all in place of an element name in the
+    attributes config hash to allow certain attributes on all elements. [Thanks
+    to Mutwin Kraus]
+
+Version 1.0.5 (2009-02-05)
+  * Fixed a bug introduced in version 1.0.3 that prevented non-whitelisted
+    protocols from being cleaned when relative URLs were allowed. [Reported by
+    Dev Purkayastha]
+  * Fixed "undefined method `parent='" exceptions caused by parser changes in
+    edge Hpricot.
+
 Version 1.0.4 (2009-01-16)
   * Fixed a bug that made it possible to sneak a non-whitelisted element through
     by repeating it several times in a row. All versions of Sanitize prior to

data/README.rdoc

@@ -9,13 +9,13 @@ elements, certain attributes within those elements, and even certain URL
 protocols within attributes that contain URLs. Any HTML elements or attributes
 that you don't explicitly allow will be removed.
 
-Because it's based on Hpricot, a full-fledged HTML parser, rather than a bunch
+Because it's based on nokogiri, a full-fledged HTML parser, rather than a bunch
 of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
 caution.
 
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   1.0.4 (2009-01-16)
+*Version*::   1.0.8 (2009-04-23)
 *Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize
@@ -23,8 +23,7 @@ caution.
 == Requires
 
 * RubyGems
-* Hpricot 0.6+
-* HTMLEntities 4.0.0+
+* nokogiri
 
 == Usage
 
@@ -100,6 +99,14 @@ attributes in lowercase.
     'img'        => ['alt', 'src', 'title']
   }
 
+If you'd like to allow certain attributes on all elements, use the symbol
+<code>:all</code> instead of an element name.
+
+  :attributes => {
+    :all => ['class'],
+    'a'  => ['href', 'title']
+  }
+
 ==== :add_attributes
 
 Attributes to add to specific elements. If the attribute already exists, it will
@@ -122,12 +129,25 @@ protocol at all), it will be removed.
   }
 
 If you'd like to allow the use of relative URLs which don't have a protocol,
-include the special value <code>:relative</code> in the protocol array:
+include the symbol <code>:relative</code> in the protocol array:
 
   :protocols => {
     'a' => {'href' => ['http', 'https', :relative]}
   }
 
+
+== Contributors
+
+The following lovely people have contributed to Sanitize in the form of patches
+or ideas that later became code:
+
+* Peter Cooper <git@peterc.org>
+* Ryan Grove <ryan@wonko.com>
+* Adam Hooper <adam@adamhooper.com>
+* Mutwin Kraus <mutle@blogage.de>
+* Dev Purkayastha <dev.purkayastha@gmail.com>
+* Ben Wanicur <bwanicur@verticalresponse.com>
+
 == License
 
 Copyright (c) 2009 Ryan Grove <ryan@wonko.com>

data/lib/sanitize.rb

@@ -26,11 +26,9 @@ $:.uniq!
 
 require 'rubygems'
 
-gem 'why-hpricot', '~> 0.7'
-gem 'htmlentities',  '~> 4.0.0'
+gem 'nokogiri', '~> 1.3.3'
 
-require 'hpricot'
-require 'htmlentities'
+require 'nokogiri'
 require 'sanitize/config'
 require 'sanitize/config/restricted'
 require 'sanitize/config/basic'
@@ -38,30 +36,24 @@ require 'sanitize/config/relaxed'
 
 class Sanitize
 
+  # Characters that should be replaced with entities in text nodes.
+  ENTITY_MAP = {
+    '<' => '&lt;',
+    '>' => '&gt;',
+    '"' => '&quot;',
+    "'" => '&#39;'
+  }
+
+  # Matches an unencoded ampersand that is not part of a valid character entity
+  # reference.
+  REGEX_AMPERSAND = /&(?!(?:[a-z]+[0-9]{0,2}|#[0-9]+|#x[0-9a-f]+);)/i
+
   # Matches an attribute value that could be treated by a browser as a URL
-  # with a protocol prefix, such as "http:" or "javascript:". Any string of one
+  # with a protocol prefix, such as "http:" or "javascript:". Any string of zero
   # or more characters followed by a colon is considered a match, even if the
   # colon is encoded as an entity and even if it's an incomplete entity (which
   # IE6 and Opera will still parse).
-  REGEX_PROTOCOL = /^([^:]+)(?:\:|&#0*58|&#x0*3a)(?:[^0-9a-f]|$)/i
-
-  #--
-  # Class Methods
-  #++
-
-  # Returns a sanitized copy of _html_, using the settings in _config_ if
-  # specified.
-  def self.clean(html, config = {})
-    sanitize = Sanitize.new(config)
-    sanitize.clean(html)
-  end
-
-  # Performs Sanitize#clean in place, returning _html_, or +nil+ if no changes
-  # were made.
-  def self.clean!(html, config = {})
-    sanitize = Sanitize.new(config)
-    sanitize.clean!(html)
-  end
+  REGEX_PROTOCOL = /^([A-Za-z0-9\+\-\.\&\;\#\s]*?)(?:\:|&#0*58|&#x0*3a)/i
 
   #--
   # Instance Methods
@@ -81,77 +73,98 @@ class Sanitize
   # Performs clean in place, returning _html_, or +nil+ if no changes were
   # made.
   def clean!(html)
-    fragment = Hpricot(html)
-
-    fragment.search('*') do |node|
-      if node.bogusetag? || node.doctype? || node.procins? || node.xmldecl?
-        node.parent.altered!
-        node.parent.children[node.parent.children.index(node), 1] = []
-        next
-      end
+    fragment = Nokogiri::HTML::DocumentFragment.parse(html)
 
+    fragment.traverse do |node|
       if node.comment?
-        unless @config[:allow_comments]
-          node.parent.altered!
-          node.parent.children[node.parent.children.index(node), 1] = []
-        end
-      elsif node.elem?
+        node.unlink unless @config[:allow_comments]
+      elsif node.element?
         name = node.name.to_s.downcase
 
         # Delete any element that isn't in the whitelist.
         unless @config[:elements].include?(name)
-          node.parent.replace_child(node, node.children || [])
+          node.children.each { |n| node.add_previous_sibling(n) }
+          node.unlink
           next
         end
 
-        node.raw_attributes ||= {}
-        if @config[:attributes].has_key?(name)
+        attr_whitelist = ((@config[:attributes][name] || []) +
+            (@config[:attributes][:all] || [])).uniq
+
+        if attr_whitelist.empty?
+          # Delete all attributes from elements with no whitelisted
+          # attributes.
+          node.attribute_nodes.each { |attr| attr.remove }
+        else
           # Delete any attribute that isn't in the whitelist for this element.
-          node.raw_attributes.delete_if do |key, value|
-            !@config[:attributes][name].include?(key.to_s.downcase)
+          node.attribute_nodes.each do |attr|
+            attr.unlink unless attr_whitelist.include?(attr.name.downcase)
           end
 
           # Delete remaining attributes that use unacceptable protocols.
           if @config[:protocols].has_key?(name)
             protocol = @config[:protocols][name]
 
-            node.raw_attributes.delete_if do |key, value|
-              next false unless protocol.has_key?(key)
-              next true if value.nil?
+            node.attribute_nodes.each do |attr|
+              attr_name = attr.name.downcase
+              next false unless protocol.has_key?(attr_name)
 
-              if value.to_s.downcase =~ REGEX_PROTOCOL
-                !protocol[key].include?($1.downcase)
+              del = if attr.value.to_s.downcase =~ REGEX_PROTOCOL
+                !protocol[attr_name].include?($1.downcase)
               else
-                !protocol[key].include?(:relative)
+                !protocol[attr_name].include?(:relative)
               end
+
+              attr.unlink if del
             end
           end
-        else
-          # Delete all attributes from elements with no whitelisted
-          # attributes.
-          node.raw_attributes = {}
         end
 
         # Add required attributes.
         if @config[:add_attributes].has_key?(name)
-          node.raw_attributes.merge!(@config[:add_attributes][name])
+          @config[:add_attributes][name].each do |key, val|
+            node[key] = val
+          end
         end
+      elsif node.cdata?
+        node.replace(Nokogiri::XML::Text.new(node.text, node.document))
       end
     end
 
-    # Make one last pass through the fragment and encode all special HTML chars
-    # and non-ASCII chars as entities. This eliminates certain types of
-    # maliciously-malformed nested tags and also compensates for Hpricot's
-    # burning desire to decode all entities.
-    coder = HTMLEntities.new
+    result = fragment.to_xhtml(:encoding => 'UTF-8', :indent => 0).gsub(/>\n/, '>')
+    return result == html ? nil : html[0, html.length] = result
+  end
 
-    fragment.traverse_element do |node|
-      if node.text?
-        node.swap(coder.encode(node.inner_text, :named))
-      end
+  #--
+  # Class Methods
+  #++
+
+  class << self
+    # Returns a sanitized copy of _html_, using the settings in _config_ if
+    # specified.
+    def clean(html, config = {})
+      sanitize = Sanitize.new(config)
+      sanitize.clean(html)
     end
 
-    result = fragment.to_s
-    return result == html ? nil : html[0, html.length] = result
+    # Performs Sanitize#clean in place, returning _html_, or +nil+ if no changes
+    # were made.
+    def clean!(html, config = {})
+      sanitize = Sanitize.new(config)
+      sanitize.clean!(html)
+    end
+
+    # Encodes special HTML characters (<, >, ", ', and &) in _html_ as entity
+    # references and returns the encoded string.
+    def encode_html(html)
+      str = html.dup
+
+      # Encode special chars.
+      ENTITY_MAP.each {|char, entity| str.gsub!(char, entity) }
+
+      # Convert unencoded ampersands to entity references.
+      str.gsub(REGEX_AMPERSAND, '&amp;')
+    end
   end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: adamh-sanitize
 version: !ruby/object:Gem::Version 
-  version: 1.0.4.4
+  version: 1.1.0
 platform: ruby
 authors: 
 - Ryan Grove
@@ -13,24 +13,14 @@ date: 2009-05-16 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: adamh-hpricot
+  name: nokogiri
   type: :runtime
   version_requirement: 
   version_requirements: !ruby/object:Gem::Requirement 
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: "0.6"
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: htmlentities
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: 4.0.0
+        version: 1.3.3
     version: 
 description: 
 email: ryan@wonko.com