antisamy 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. data/lib/antisamy/policy.rb +163 -175
  2. metadata +18 -18
data/lib/antisamy/policy.rb CHANGED
@@ -39,20 +39,9 @@ module AntiSamy
39
39
  PRESERVE_COMMENTS = "preserveComments"
40
40
  ON_UNKNOWN_TAG = "onUnknownTag"
41
41
  MAX_SHEETS = "maxStyleSheetImports"
42
-
43
42
  # Class method to fetch the schema
44
43
  def self.schema
45
- data = StringIO.new
46
- File.open(__FILE__) do |f|
47
- begin
48
- line = f.gets
49
- end until line.match(/^__END__$/)
50
- while line = f.gets
51
- data << line
52
- end
53
- end
54
- data.rewind
55
- data.read
44
+ XSD
56
45
  end
57
46
 
58
47
  # Create a policy object.
@@ -411,167 +400,166 @@ module AntiSamy
411
400
  @css_rules[name.downcase] = prop
412
401
  end
413
402
  end
414
- end
415
- end
416
-
417
-
418
- __END__
419
- <?xml version="1.0" encoding="UTF-8"?>
420
- <xsd:schema
421
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
422
- <xsd:element name="anti-samy-rules">
423
- <xsd:complexType>
424
- <xsd:sequence>
425
- <xsd:element name="directives" type="Directives" maxOccurs="1" minOccurs="1"/>
426
- <xsd:element name="common-regexps" type="CommonRegexps" maxOccurs="1" minOccurs="1"/>
427
- <xsd:element name="common-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
428
- <xsd:element name="global-tag-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
429
- <xsd:element name="tags-to-encode" type="TagsToEncodeList" minOccurs="0" maxOccurs="1"/>
430
- <xsd:element name="tag-rules" type="TagRules" minOccurs="1" maxOccurs="1"/>
431
- <xsd:element name="css-rules" type="CSSRules" minOccurs="1" maxOccurs="1"/>
432
- <xsd:element name="allowed-empty-tags" type="AllowedEmptyTags" minOccurs="0" maxOccurs="1"/>
433
- </xsd:sequence>
434
- </xsd:complexType>
435
- </xsd:element>
436
- <xsd:complexType name="Directives">
437
- <xsd:sequence maxOccurs="unbounded">
438
- <xsd:element name="directive" type="Directive" minOccurs="0"/>
439
- </xsd:sequence>
440
- </xsd:complexType>
441
- <xsd:complexType name="Directive">
442
- <xsd:attribute name="name" use="required">
443
- <xsd:simpleType>
444
- <xsd:restriction base="xsd:string">
445
- <xsd:enumeration value="omitXmlDeclaration"/>
446
- <xsd:enumeration value="omitDoctypeDeclaration"/>
447
- <xsd:enumeration value="maxInputSize"/>
448
- <xsd:enumeration value="useXHTML"/>
449
- <xsd:enumeration value="embedStyleSheets"/>
450
- <xsd:enumeration value="maxStyleSheetImports"/>
451
- <xsd:enumeration value="connectionTimeout"/>
452
- <xsd:enumeration value="nofollowAnchors"/>
453
- <xsd:enumeration value="validateParamAsEmbed"/>
454
- <xsd:enumeration value="preserveComments"/>
455
- <xsd:enumeration value="preserveSpace"/>
456
- <xsd:enumeration value="onUnknownTag"/>
457
- <xsd:enumeration value="formatOutput"/>
458
- </xsd:restriction>
459
- </xsd:simpleType>
460
- </xsd:attribute>
461
- <xsd:attribute name="value" use="required"/>
462
- </xsd:complexType>
463
- <xsd:complexType name="CommonRegexps">
464
- <xsd:sequence maxOccurs="unbounded">
465
- <xsd:element name="regexp" type="RegExp" minOccurs="0"/>
466
- </xsd:sequence>
467
- </xsd:complexType>
468
- <xsd:complexType name="AttributeList">
469
- <xsd:sequence maxOccurs="unbounded">
470
- <xsd:element name="attribute" type="Attribute" minOccurs="0"/>
471
- </xsd:sequence>
472
- </xsd:complexType>
473
- <xsd:complexType name="TagsToEncodeList">
474
- <xsd:sequence maxOccurs="unbounded">
475
- <xsd:element name="tag" minOccurs="0"/>
476
- </xsd:sequence>
477
- </xsd:complexType>
478
- <xsd:complexType name="TagRules">
479
- <xsd:sequence maxOccurs="unbounded">
480
- <xsd:element name="tag" type="Tag" minOccurs="0"/>
481
- </xsd:sequence>
482
- </xsd:complexType>
483
- <xsd:complexType name="Tag">
484
- <xsd:sequence maxOccurs="unbounded">
485
- <xsd:element name="attribute" type="Attribute" minOccurs="0" />
486
- </xsd:sequence>
487
- <xsd:attribute name="name" use="required"/>
488
- <xsd:attribute name="action" use="required">
489
- <xsd:simpleType>
490
- <xsd:restriction base="xsd:string">
491
- <xsd:enumeration value="validate"/>
492
- <xsd:enumeration value="truncate"/>
493
- <xsd:enumeration value="remove"/>
494
- <xsd:enumeration value="filter"/>
495
- <xsd:enumeration value="encode"/>
496
- </xsd:restriction>
497
- </xsd:simpleType>
498
- </xsd:attribute>
499
- </xsd:complexType>
500
- <xsd:complexType name="Attribute">
501
- <xsd:sequence>
502
- <xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
503
- <xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
504
- </xsd:sequence>
505
- <xsd:attribute name="name" use="required"/>
506
- <xsd:attribute name="description"/>
507
- <xsd:attribute name="onInvalid">
508
- <xsd:simpleType>
509
- <xsd:restriction base="xsd:string">
510
- <xsd:enumeration value="removeTag"/>
511
- <xsd:enumeration value="filterTag"/>
512
- <xsd:enumeration value="encodeTag"/>
513
- <xsd:enumeration value="removeAttribute"/>
514
- </xsd:restriction>
515
- </xsd:simpleType>
516
- </xsd:attribute>
517
- </xsd:complexType>
518
- <xsd:complexType name="RegexpList">
519
- <xsd:sequence maxOccurs="unbounded">
520
- <xsd:element name="regexp" type="RegExp" minOccurs="0"/>
521
- </xsd:sequence>
522
- </xsd:complexType>
523
- <xsd:complexType name="RegExp">
524
- <xsd:attribute name="name" type="xsd:string"/>
525
- <xsd:attribute name="value" type="xsd:string"/>
526
- </xsd:complexType>
527
- <xsd:complexType name="LiteralList">
528
- <xsd:sequence maxOccurs="unbounded">
529
- <xsd:element name="literal" type="Literal" minOccurs="0"/>
530
- </xsd:sequence>
531
- </xsd:complexType>
532
- <xsd:complexType name="Literal">
533
- <xsd:attribute name="value" type="xsd:string"/>
534
- </xsd:complexType>
535
- <xsd:complexType name="CSSRules">
536
- <xsd:sequence maxOccurs="unbounded">
537
- <xsd:element name="property" type="Property" minOccurs="0"/>
538
- </xsd:sequence>
539
- </xsd:complexType>
540
- <xsd:complexType name="Property">
541
- <xsd:sequence>
542
- <xsd:element name="category-list" type="CategoryList" minOccurs="0"/>
543
- <xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
544
- <xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
545
- <xsd:element name="shorthand-list" type="ShorthandList" minOccurs="0"/>
546
- </xsd:sequence>
547
- <xsd:attribute name="name" type="xsd:string" use="required"/>
548
- <xsd:attribute name="default" type="xsd:string"/>
549
- <xsd:attribute name="description" type="xsd:string"/>
550
- </xsd:complexType>
551
- <xsd:complexType name="ShorthandList">
552
- <xsd:sequence maxOccurs="unbounded">
553
- <xsd:element name="shorthand" type="Shorthand" minOccurs="0"/>
554
- </xsd:sequence>
555
- </xsd:complexType>
556
- <xsd:complexType name="Shorthand">
557
- <xsd:attribute name="name" type="xsd:string" use="required"/>
558
- </xsd:complexType>
559
- <xsd:complexType name="CategoryList">
560
- <xsd:sequence maxOccurs="unbounded">
561
- <xsd:element name="category" type="Category" minOccurs="0"/>
562
- </xsd:sequence>
563
- </xsd:complexType>
564
- <xsd:complexType name="Category">
565
- <xsd:attribute name="value" type="xsd:string" use="required"/>
566
- </xsd:complexType>
567
- <xsd:complexType name="Entity">
568
- <xsd:attribute name="name" type="xsd:string" use="required"/>
569
- <xsd:attribute name="cdata" type="xsd:string" use="required"/>
570
- </xsd:complexType>
571
- <xsd:complexType name="AllowedEmptyTags">
572
- <xsd:sequence>
573
- <xsd:element name="literal-list" type="LiteralList" minOccurs="1"/>
574
- </xsd:sequence>
575
- </xsd:complexType>
403
+ XSD = <<-SHEET
404
+ <?xml version="1.0" encoding="UTF-8"?>
405
+ <xsd:schema
406
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema">
407
+ <xsd:element name="anti-samy-rules">
408
+ <xsd:complexType>
409
+ <xsd:sequence>
410
+ <xsd:element name="directives" type="Directives" maxOccurs="1" minOccurs="1"/>
411
+ <xsd:element name="common-regexps" type="CommonRegexps" maxOccurs="1" minOccurs="1"/>
412
+ <xsd:element name="common-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
413
+ <xsd:element name="global-tag-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
414
+ <xsd:element name="tags-to-encode" type="TagsToEncodeList" minOccurs="0" maxOccurs="1"/>
415
+ <xsd:element name="tag-rules" type="TagRules" minOccurs="1" maxOccurs="1"/>
416
+ <xsd:element name="css-rules" type="CSSRules" minOccurs="1" maxOccurs="1"/>
417
+ <xsd:element name="allowed-empty-tags" type="AllowedEmptyTags" minOccurs="0" maxOccurs="1"/>
418
+ </xsd:sequence>
419
+ </xsd:complexType>
420
+ </xsd:element>
421
+ <xsd:complexType name="Directives">
422
+ <xsd:sequence maxOccurs="unbounded">
423
+ <xsd:element name="directive" type="Directive" minOccurs="0"/>
424
+ </xsd:sequence>
425
+ </xsd:complexType>
426
+ <xsd:complexType name="Directive">
427
+ <xsd:attribute name="name" use="required">
428
+ <xsd:simpleType>
429
+ <xsd:restriction base="xsd:string">
430
+ <xsd:enumeration value="omitXmlDeclaration"/>
431
+ <xsd:enumeration value="omitDoctypeDeclaration"/>
432
+ <xsd:enumeration value="maxInputSize"/>
433
+ <xsd:enumeration value="useXHTML"/>
434
+ <xsd:enumeration value="embedStyleSheets"/>
435
+ <xsd:enumeration value="maxStyleSheetImports"/>
436
+ <xsd:enumeration value="connectionTimeout"/>
437
+ <xsd:enumeration value="nofollowAnchors"/>
438
+ <xsd:enumeration value="validateParamAsEmbed"/>
439
+ <xsd:enumeration value="preserveComments"/>
440
+ <xsd:enumeration value="preserveSpace"/>
441
+ <xsd:enumeration value="onUnknownTag"/>
442
+ <xsd:enumeration value="formatOutput"/>
443
+ </xsd:restriction>
444
+ </xsd:simpleType>
445
+ </xsd:attribute>
446
+ <xsd:attribute name="value" use="required"/>
447
+ </xsd:complexType>
448
+ <xsd:complexType name="CommonRegexps">
449
+ <xsd:sequence maxOccurs="unbounded">
450
+ <xsd:element name="regexp" type="RegExp" minOccurs="0"/>
451
+ </xsd:sequence>
452
+ </xsd:complexType>
453
+ <xsd:complexType name="AttributeList">
454
+ <xsd:sequence maxOccurs="unbounded">
455
+ <xsd:element name="attribute" type="Attribute" minOccurs="0"/>
456
+ </xsd:sequence>
457
+ </xsd:complexType>
458
+ <xsd:complexType name="TagsToEncodeList">
459
+ <xsd:sequence maxOccurs="unbounded">
460
+ <xsd:element name="tag" minOccurs="0"/>
461
+ </xsd:sequence>
462
+ </xsd:complexType>
463
+ <xsd:complexType name="TagRules">
464
+ <xsd:sequence maxOccurs="unbounded">
465
+ <xsd:element name="tag" type="Tag" minOccurs="0"/>
466
+ </xsd:sequence>
467
+ </xsd:complexType>
468
+ <xsd:complexType name="Tag">
469
+ <xsd:sequence maxOccurs="unbounded">
470
+ <xsd:element name="attribute" type="Attribute" minOccurs="0" />
471
+ </xsd:sequence>
472
+ <xsd:attribute name="name" use="required"/>
473
+ <xsd:attribute name="action" use="required">
474
+ <xsd:simpleType>
475
+ <xsd:restriction base="xsd:string">
476
+ <xsd:enumeration value="validate"/>
477
+ <xsd:enumeration value="truncate"/>
478
+ <xsd:enumeration value="remove"/>
479
+ <xsd:enumeration value="filter"/>
480
+ <xsd:enumeration value="encode"/>
481
+ </xsd:restriction>
482
+ </xsd:simpleType>
483
+ </xsd:attribute>
484
+ </xsd:complexType>
485
+ <xsd:complexType name="Attribute">
486
+ <xsd:sequence>
487
+ <xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
488
+ <xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
489
+ </xsd:sequence>
490
+ <xsd:attribute name="name" use="required"/>
491
+ <xsd:attribute name="description"/>
492
+ <xsd:attribute name="onInvalid">
493
+ <xsd:simpleType>
494
+ <xsd:restriction base="xsd:string">
495
+ <xsd:enumeration value="removeTag"/>
496
+ <xsd:enumeration value="filterTag"/>
497
+ <xsd:enumeration value="encodeTag"/>
498
+ <xsd:enumeration value="removeAttribute"/>
499
+ </xsd:restriction>
500
+ </xsd:simpleType>
501
+ </xsd:attribute>
502
+ </xsd:complexType>
503
+ <xsd:complexType name="RegexpList">
504
+ <xsd:sequence maxOccurs="unbounded">
505
+ <xsd:element name="regexp" type="RegExp" minOccurs="0"/>
506
+ </xsd:sequence>
507
+ </xsd:complexType>
508
+ <xsd:complexType name="RegExp">
509
+ <xsd:attribute name="name" type="xsd:string"/>
510
+ <xsd:attribute name="value" type="xsd:string"/>
511
+ </xsd:complexType>
512
+ <xsd:complexType name="LiteralList">
513
+ <xsd:sequence maxOccurs="unbounded">
514
+ <xsd:element name="literal" type="Literal" minOccurs="0"/>
515
+ </xsd:sequence>
516
+ </xsd:complexType>
517
+ <xsd:complexType name="Literal">
518
+ <xsd:attribute name="value" type="xsd:string"/>
519
+ </xsd:complexType>
520
+ <xsd:complexType name="CSSRules">
521
+ <xsd:sequence maxOccurs="unbounded">
522
+ <xsd:element name="property" type="Property" minOccurs="0"/>
523
+ </xsd:sequence>
524
+ </xsd:complexType>
525
+ <xsd:complexType name="Property">
526
+ <xsd:sequence>
527
+ <xsd:element name="category-list" type="CategoryList" minOccurs="0"/>
528
+ <xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
529
+ <xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
530
+ <xsd:element name="shorthand-list" type="ShorthandList" minOccurs="0"/>
531
+ </xsd:sequence>
532
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
533
+ <xsd:attribute name="default" type="xsd:string"/>
534
+ <xsd:attribute name="description" type="xsd:string"/>
535
+ </xsd:complexType>
536
+ <xsd:complexType name="ShorthandList">
537
+ <xsd:sequence maxOccurs="unbounded">
538
+ <xsd:element name="shorthand" type="Shorthand" minOccurs="0"/>
539
+ </xsd:sequence>
540
+ </xsd:complexType>
541
+ <xsd:complexType name="Shorthand">
542
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
543
+ </xsd:complexType>
544
+ <xsd:complexType name="CategoryList">
545
+ <xsd:sequence maxOccurs="unbounded">
546
+ <xsd:element name="category" type="Category" minOccurs="0"/>
547
+ </xsd:sequence>
548
+ </xsd:complexType>
549
+ <xsd:complexType name="Category">
550
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
551
+ </xsd:complexType>
552
+ <xsd:complexType name="Entity">
553
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
554
+ <xsd:attribute name="cdata" type="xsd:string" use="required"/>
555
+ </xsd:complexType>
556
+ <xsd:complexType name="AllowedEmptyTags">
557
+ <xsd:sequence>
558
+ <xsd:element name="literal-list" type="LiteralList" minOccurs="1"/>
559
+ </xsd:sequence>
560
+ </xsd:complexType>
576
561
 
577
- </xsd:schema>
562
+ </xsd:schema>
563
+ SHEET
564
+ end
565
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: antisamy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-12-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &23758128 !ruby/object:Gem::Requirement
16
+ requirement: &24191592 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 2.3.0
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *23758128
24
+ version_requirements: *24191592
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: yard
27
- requirement: &23757420 !ruby/object:Gem::Requirement
27
+ requirement: &24191232 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ~>
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 0.6.0
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *23757420
35
+ version_requirements: *24191232
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: bundler
38
- requirement: &23757036 !ruby/object:Gem::Requirement
38
+ requirement: &24190920 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: 1.0.0
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *23757036
46
+ version_requirements: *24190920
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: jeweler
49
- requirement: &23756388 !ruby/object:Gem::Requirement
49
+ requirement: &24190356 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ~>
@@ -54,10 +54,10 @@ dependencies:
54
54
  version: 1.5.2
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *23756388
57
+ version_requirements: *24190356
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: rcov
60
- requirement: &23755860 !ruby/object:Gem::Requirement
60
+ requirement: &24189564 !ruby/object:Gem::Requirement
61
61
  none: false
62
62
  requirements:
63
63
  - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
65
65
  version: '0'
66
66
  type: :development
67
67
  prerelease: false
68
- version_requirements: *23755860
68
+ version_requirements: *24189564
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: nokogiri
71
- requirement: &23755200 !ruby/object:Gem::Requirement
71
+ requirement: &24188952 !ruby/object:Gem::Requirement
72
72
  none: false
73
73
  requirements:
74
74
  - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
76
76
  version: '0'
77
77
  type: :development
78
78
  prerelease: false
79
- version_requirements: *23755200
79
+ version_requirements: *24188952
80
80
  - !ruby/object:Gem::Dependency
81
81
  name: nokogiri
82
- requirement: &23754468 !ruby/object:Gem::Requirement
82
+ requirement: &24188508 !ruby/object:Gem::Requirement
83
83
  none: false
84
84
  requirements:
85
85
  - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
87
87
  version: '0'
88
88
  type: :runtime
89
89
  prerelease: false
90
- version_requirements: *23754468
90
+ version_requirements: *24188508
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: nokogiri
93
- requirement: &23753832 !ruby/object:Gem::Requirement
93
+ requirement: &24188100 !ruby/object:Gem::Requirement
94
94
  none: false
95
95
  requirements:
96
96
  - - ! '>='
@@ -98,7 +98,7 @@ dependencies:
98
98
  version: '0'
99
99
  type: :development
100
100
  prerelease: false
101
- version_requirements: *23753832
101
+ version_requirements: *24188100
102
102
  description: ! "\n AntiSamy is a library to clean user-supplied HTML/CSS. This
103
103
  gem is a port of the anti-samy framework created for OWASP (http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project)\n
104
104
  \ AntiSamy works by using a policy to removed any dangerous input you specify
@@ -176,7 +176,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
176
176
  version: '0'
177
177
  segments:
178
178
  - 0
179
- hash: -447607437
179
+ hash: -556336287
180
180
  required_rubygems_version: !ruby/object:Gem::Requirement
181
181
  none: false
182
182
  requirements: