antisamy 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/antisamy/policy.rb +163 -175
- metadata +18 -18
data/lib/antisamy/policy.rb
CHANGED
@@ -39,20 +39,9 @@ module AntiSamy
|
|
39
39
|
PRESERVE_COMMENTS = "preserveComments"
|
40
40
|
ON_UNKNOWN_TAG = "onUnknownTag"
|
41
41
|
MAX_SHEETS = "maxStyleSheetImports"
|
42
|
-
|
43
42
|
# Class method to fetch the schema
|
44
43
|
def self.schema
|
45
|
-
|
46
|
-
File.open(__FILE__) do |f|
|
47
|
-
begin
|
48
|
-
line = f.gets
|
49
|
-
end until line.match(/^__END__$/)
|
50
|
-
while line = f.gets
|
51
|
-
data << line
|
52
|
-
end
|
53
|
-
end
|
54
|
-
data.rewind
|
55
|
-
data.read
|
44
|
+
XSD
|
56
45
|
end
|
57
46
|
|
58
47
|
# Create a policy object.
|
@@ -411,167 +400,166 @@ module AntiSamy
|
|
411
400
|
@css_rules[name.downcase] = prop
|
412
401
|
end
|
413
402
|
end
|
414
|
-
|
415
|
-
|
416
|
-
|
417
|
-
|
418
|
-
|
419
|
-
|
420
|
-
<xsd:
|
421
|
-
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
<xsd:
|
433
|
-
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
|
438
|
-
|
439
|
-
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
453
|
-
|
454
|
-
|
455
|
-
|
456
|
-
|
457
|
-
|
458
|
-
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
|
467
|
-
|
468
|
-
|
469
|
-
|
470
|
-
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
|
475
|
-
|
476
|
-
|
477
|
-
|
478
|
-
|
479
|
-
|
480
|
-
|
481
|
-
|
482
|
-
|
483
|
-
|
484
|
-
|
485
|
-
|
486
|
-
|
487
|
-
|
488
|
-
|
489
|
-
|
490
|
-
|
491
|
-
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
|
506
|
-
|
507
|
-
|
508
|
-
|
509
|
-
|
510
|
-
|
511
|
-
|
512
|
-
|
513
|
-
|
514
|
-
|
515
|
-
|
516
|
-
|
517
|
-
|
518
|
-
|
519
|
-
|
520
|
-
|
521
|
-
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
|
526
|
-
|
527
|
-
|
528
|
-
|
529
|
-
|
530
|
-
|
531
|
-
|
532
|
-
|
533
|
-
|
534
|
-
|
535
|
-
|
536
|
-
|
537
|
-
|
538
|
-
|
539
|
-
|
540
|
-
|
541
|
-
|
542
|
-
|
543
|
-
|
544
|
-
|
545
|
-
|
546
|
-
|
547
|
-
|
548
|
-
|
549
|
-
|
550
|
-
|
551
|
-
|
552
|
-
|
553
|
-
|
554
|
-
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
563
|
-
|
564
|
-
|
565
|
-
|
566
|
-
|
567
|
-
|
568
|
-
|
569
|
-
|
570
|
-
|
571
|
-
|
572
|
-
<xsd:sequence>
|
573
|
-
<xsd:element name="literal-list" type="LiteralList" minOccurs="1"/>
|
574
|
-
</xsd:sequence>
|
575
|
-
</xsd:complexType>
|
403
|
+
XSD = <<-SHEET
|
404
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
405
|
+
<xsd:schema
|
406
|
+
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
|
407
|
+
<xsd:element name="anti-samy-rules">
|
408
|
+
<xsd:complexType>
|
409
|
+
<xsd:sequence>
|
410
|
+
<xsd:element name="directives" type="Directives" maxOccurs="1" minOccurs="1"/>
|
411
|
+
<xsd:element name="common-regexps" type="CommonRegexps" maxOccurs="1" minOccurs="1"/>
|
412
|
+
<xsd:element name="common-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
|
413
|
+
<xsd:element name="global-tag-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
|
414
|
+
<xsd:element name="tags-to-encode" type="TagsToEncodeList" minOccurs="0" maxOccurs="1"/>
|
415
|
+
<xsd:element name="tag-rules" type="TagRules" minOccurs="1" maxOccurs="1"/>
|
416
|
+
<xsd:element name="css-rules" type="CSSRules" minOccurs="1" maxOccurs="1"/>
|
417
|
+
<xsd:element name="allowed-empty-tags" type="AllowedEmptyTags" minOccurs="0" maxOccurs="1"/>
|
418
|
+
</xsd:sequence>
|
419
|
+
</xsd:complexType>
|
420
|
+
</xsd:element>
|
421
|
+
<xsd:complexType name="Directives">
|
422
|
+
<xsd:sequence maxOccurs="unbounded">
|
423
|
+
<xsd:element name="directive" type="Directive" minOccurs="0"/>
|
424
|
+
</xsd:sequence>
|
425
|
+
</xsd:complexType>
|
426
|
+
<xsd:complexType name="Directive">
|
427
|
+
<xsd:attribute name="name" use="required">
|
428
|
+
<xsd:simpleType>
|
429
|
+
<xsd:restriction base="xsd:string">
|
430
|
+
<xsd:enumeration value="omitXmlDeclaration"/>
|
431
|
+
<xsd:enumeration value="omitDoctypeDeclaration"/>
|
432
|
+
<xsd:enumeration value="maxInputSize"/>
|
433
|
+
<xsd:enumeration value="useXHTML"/>
|
434
|
+
<xsd:enumeration value="embedStyleSheets"/>
|
435
|
+
<xsd:enumeration value="maxStyleSheetImports"/>
|
436
|
+
<xsd:enumeration value="connectionTimeout"/>
|
437
|
+
<xsd:enumeration value="nofollowAnchors"/>
|
438
|
+
<xsd:enumeration value="validateParamAsEmbed"/>
|
439
|
+
<xsd:enumeration value="preserveComments"/>
|
440
|
+
<xsd:enumeration value="preserveSpace"/>
|
441
|
+
<xsd:enumeration value="onUnknownTag"/>
|
442
|
+
<xsd:enumeration value="formatOutput"/>
|
443
|
+
</xsd:restriction>
|
444
|
+
</xsd:simpleType>
|
445
|
+
</xsd:attribute>
|
446
|
+
<xsd:attribute name="value" use="required"/>
|
447
|
+
</xsd:complexType>
|
448
|
+
<xsd:complexType name="CommonRegexps">
|
449
|
+
<xsd:sequence maxOccurs="unbounded">
|
450
|
+
<xsd:element name="regexp" type="RegExp" minOccurs="0"/>
|
451
|
+
</xsd:sequence>
|
452
|
+
</xsd:complexType>
|
453
|
+
<xsd:complexType name="AttributeList">
|
454
|
+
<xsd:sequence maxOccurs="unbounded">
|
455
|
+
<xsd:element name="attribute" type="Attribute" minOccurs="0"/>
|
456
|
+
</xsd:sequence>
|
457
|
+
</xsd:complexType>
|
458
|
+
<xsd:complexType name="TagsToEncodeList">
|
459
|
+
<xsd:sequence maxOccurs="unbounded">
|
460
|
+
<xsd:element name="tag" minOccurs="0"/>
|
461
|
+
</xsd:sequence>
|
462
|
+
</xsd:complexType>
|
463
|
+
<xsd:complexType name="TagRules">
|
464
|
+
<xsd:sequence maxOccurs="unbounded">
|
465
|
+
<xsd:element name="tag" type="Tag" minOccurs="0"/>
|
466
|
+
</xsd:sequence>
|
467
|
+
</xsd:complexType>
|
468
|
+
<xsd:complexType name="Tag">
|
469
|
+
<xsd:sequence maxOccurs="unbounded">
|
470
|
+
<xsd:element name="attribute" type="Attribute" minOccurs="0" />
|
471
|
+
</xsd:sequence>
|
472
|
+
<xsd:attribute name="name" use="required"/>
|
473
|
+
<xsd:attribute name="action" use="required">
|
474
|
+
<xsd:simpleType>
|
475
|
+
<xsd:restriction base="xsd:string">
|
476
|
+
<xsd:enumeration value="validate"/>
|
477
|
+
<xsd:enumeration value="truncate"/>
|
478
|
+
<xsd:enumeration value="remove"/>
|
479
|
+
<xsd:enumeration value="filter"/>
|
480
|
+
<xsd:enumeration value="encode"/>
|
481
|
+
</xsd:restriction>
|
482
|
+
</xsd:simpleType>
|
483
|
+
</xsd:attribute>
|
484
|
+
</xsd:complexType>
|
485
|
+
<xsd:complexType name="Attribute">
|
486
|
+
<xsd:sequence>
|
487
|
+
<xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
|
488
|
+
<xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
|
489
|
+
</xsd:sequence>
|
490
|
+
<xsd:attribute name="name" use="required"/>
|
491
|
+
<xsd:attribute name="description"/>
|
492
|
+
<xsd:attribute name="onInvalid">
|
493
|
+
<xsd:simpleType>
|
494
|
+
<xsd:restriction base="xsd:string">
|
495
|
+
<xsd:enumeration value="removeTag"/>
|
496
|
+
<xsd:enumeration value="filterTag"/>
|
497
|
+
<xsd:enumeration value="encodeTag"/>
|
498
|
+
<xsd:enumeration value="removeAttribute"/>
|
499
|
+
</xsd:restriction>
|
500
|
+
</xsd:simpleType>
|
501
|
+
</xsd:attribute>
|
502
|
+
</xsd:complexType>
|
503
|
+
<xsd:complexType name="RegexpList">
|
504
|
+
<xsd:sequence maxOccurs="unbounded">
|
505
|
+
<xsd:element name="regexp" type="RegExp" minOccurs="0"/>
|
506
|
+
</xsd:sequence>
|
507
|
+
</xsd:complexType>
|
508
|
+
<xsd:complexType name="RegExp">
|
509
|
+
<xsd:attribute name="name" type="xsd:string"/>
|
510
|
+
<xsd:attribute name="value" type="xsd:string"/>
|
511
|
+
</xsd:complexType>
|
512
|
+
<xsd:complexType name="LiteralList">
|
513
|
+
<xsd:sequence maxOccurs="unbounded">
|
514
|
+
<xsd:element name="literal" type="Literal" minOccurs="0"/>
|
515
|
+
</xsd:sequence>
|
516
|
+
</xsd:complexType>
|
517
|
+
<xsd:complexType name="Literal">
|
518
|
+
<xsd:attribute name="value" type="xsd:string"/>
|
519
|
+
</xsd:complexType>
|
520
|
+
<xsd:complexType name="CSSRules">
|
521
|
+
<xsd:sequence maxOccurs="unbounded">
|
522
|
+
<xsd:element name="property" type="Property" minOccurs="0"/>
|
523
|
+
</xsd:sequence>
|
524
|
+
</xsd:complexType>
|
525
|
+
<xsd:complexType name="Property">
|
526
|
+
<xsd:sequence>
|
527
|
+
<xsd:element name="category-list" type="CategoryList" minOccurs="0"/>
|
528
|
+
<xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
|
529
|
+
<xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
|
530
|
+
<xsd:element name="shorthand-list" type="ShorthandList" minOccurs="0"/>
|
531
|
+
</xsd:sequence>
|
532
|
+
<xsd:attribute name="name" type="xsd:string" use="required"/>
|
533
|
+
<xsd:attribute name="default" type="xsd:string"/>
|
534
|
+
<xsd:attribute name="description" type="xsd:string"/>
|
535
|
+
</xsd:complexType>
|
536
|
+
<xsd:complexType name="ShorthandList">
|
537
|
+
<xsd:sequence maxOccurs="unbounded">
|
538
|
+
<xsd:element name="shorthand" type="Shorthand" minOccurs="0"/>
|
539
|
+
</xsd:sequence>
|
540
|
+
</xsd:complexType>
|
541
|
+
<xsd:complexType name="Shorthand">
|
542
|
+
<xsd:attribute name="name" type="xsd:string" use="required"/>
|
543
|
+
</xsd:complexType>
|
544
|
+
<xsd:complexType name="CategoryList">
|
545
|
+
<xsd:sequence maxOccurs="unbounded">
|
546
|
+
<xsd:element name="category" type="Category" minOccurs="0"/>
|
547
|
+
</xsd:sequence>
|
548
|
+
</xsd:complexType>
|
549
|
+
<xsd:complexType name="Category">
|
550
|
+
<xsd:attribute name="value" type="xsd:string" use="required"/>
|
551
|
+
</xsd:complexType>
|
552
|
+
<xsd:complexType name="Entity">
|
553
|
+
<xsd:attribute name="name" type="xsd:string" use="required"/>
|
554
|
+
<xsd:attribute name="cdata" type="xsd:string" use="required"/>
|
555
|
+
</xsd:complexType>
|
556
|
+
<xsd:complexType name="AllowedEmptyTags">
|
557
|
+
<xsd:sequence>
|
558
|
+
<xsd:element name="literal-list" type="LiteralList" minOccurs="1"/>
|
559
|
+
</xsd:sequence>
|
560
|
+
</xsd:complexType>
|
576
561
|
|
577
|
-
</xsd:schema>
|
562
|
+
</xsd:schema>
|
563
|
+
SHEET
|
564
|
+
end
|
565
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: antisamy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2011-12-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
|
-
requirement: &
|
16
|
+
requirement: &24191592 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 2.3.0
|
22
22
|
type: :development
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *24191592
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: yard
|
27
|
-
requirement: &
|
27
|
+
requirement: &24191232 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ~>
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 0.6.0
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *24191232
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: bundler
|
38
|
-
requirement: &
|
38
|
+
requirement: &24190920 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ~>
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: 1.0.0
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *24190920
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: jeweler
|
49
|
-
requirement: &
|
49
|
+
requirement: &24190356 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ~>
|
@@ -54,10 +54,10 @@ dependencies:
|
|
54
54
|
version: 1.5.2
|
55
55
|
type: :development
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *24190356
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
59
|
name: rcov
|
60
|
-
requirement: &
|
60
|
+
requirement: &24189564 !ruby/object:Gem::Requirement
|
61
61
|
none: false
|
62
62
|
requirements:
|
63
63
|
- - ! '>='
|
@@ -65,10 +65,10 @@ dependencies:
|
|
65
65
|
version: '0'
|
66
66
|
type: :development
|
67
67
|
prerelease: false
|
68
|
-
version_requirements: *
|
68
|
+
version_requirements: *24189564
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: nokogiri
|
71
|
-
requirement: &
|
71
|
+
requirement: &24188952 !ruby/object:Gem::Requirement
|
72
72
|
none: false
|
73
73
|
requirements:
|
74
74
|
- - ! '>='
|
@@ -76,10 +76,10 @@ dependencies:
|
|
76
76
|
version: '0'
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
|
-
version_requirements: *
|
79
|
+
version_requirements: *24188952
|
80
80
|
- !ruby/object:Gem::Dependency
|
81
81
|
name: nokogiri
|
82
|
-
requirement: &
|
82
|
+
requirement: &24188508 !ruby/object:Gem::Requirement
|
83
83
|
none: false
|
84
84
|
requirements:
|
85
85
|
- - ! '>='
|
@@ -87,10 +87,10 @@ dependencies:
|
|
87
87
|
version: '0'
|
88
88
|
type: :runtime
|
89
89
|
prerelease: false
|
90
|
-
version_requirements: *
|
90
|
+
version_requirements: *24188508
|
91
91
|
- !ruby/object:Gem::Dependency
|
92
92
|
name: nokogiri
|
93
|
-
requirement: &
|
93
|
+
requirement: &24188100 !ruby/object:Gem::Requirement
|
94
94
|
none: false
|
95
95
|
requirements:
|
96
96
|
- - ! '>='
|
@@ -98,7 +98,7 @@ dependencies:
|
|
98
98
|
version: '0'
|
99
99
|
type: :development
|
100
100
|
prerelease: false
|
101
|
-
version_requirements: *
|
101
|
+
version_requirements: *24188100
|
102
102
|
description: ! "\n AntiSamy is a library to clean user-supplied HTML/CSS. This
|
103
103
|
gem is a port of the anti-samy framework created for OWASP (http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project)\n
|
104
104
|
\ AntiSamy works by using a policy to removed any dangerous input you specify
|
@@ -176,7 +176,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
176
176
|
version: '0'
|
177
177
|
segments:
|
178
178
|
- 0
|
179
|
-
hash: -
|
179
|
+
hash: -556336287
|
180
180
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
181
181
|
none: false
|
182
182
|
requirements:
|