devcenter-parser 2.2.0 → 2.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/devcenter-parser.rb +13 -3
- data/lib/devcenter-parser/version.rb +1 -1
- data/test/devcenter-parser_test.rb +5 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 33d985f26f470aa8726d4bde43b7e8b2bf189ff1
|
4
|
+
data.tar.gz: 8a85de0f3826a51f796ec72e42e398822432a419
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd8aa1323f3abd4587612013659b7a08e3ddc90293fcf73703202d8544ec01d053bfeefcfb6e99c5a61aa87c4543b62b748bc34e9a8adb710efd361e2b2b88b5
|
7
|
+
data.tar.gz: 44ece71a5cabf78624735e5e0baaf7d085fa3afeeb0002eb8b9faebcea198cea7920aa8d19209ba8c77479d097230abb9652fad10d09d8de82bb51b61599696d
|
data/.gitignore
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
pkg/
|
data/lib/devcenter-parser.rb
CHANGED
@@ -86,7 +86,7 @@ module DevcenterParser
|
|
86
86
|
# custom
|
87
87
|
config[:elements] += %w{ toolbelt }
|
88
88
|
|
89
|
-
config[:transformers] = Array(config[:transformers]).push(
|
89
|
+
config[:transformers] = Array(config[:transformers]).push(sanitize_node_with_invalid_src)
|
90
90
|
|
91
91
|
@@sanitize_config = config.merge({remove_contents: true, allow_comments: true})
|
92
92
|
end
|
@@ -112,11 +112,21 @@ module DevcenterParser
|
|
112
112
|
broken_html.nil? ? "Contains broken raw HTML." : "This raw HTML is invalid: #{CGI.unescapeHTML(broken_html)}"
|
113
113
|
end
|
114
114
|
|
115
|
-
def self.
|
115
|
+
def self.sanitize_node_with_invalid_src
|
116
116
|
lambda do |env|
|
117
117
|
return unless env[:node].attributes['src']
|
118
|
+
# disallow javascript in src for all attributes
|
119
|
+
env[:node].unlink if env[:node].attributes['src'].value =~ /\Ajavascript:/i
|
118
120
|
# allow iframes if they have src that is from vimeo
|
119
|
-
env[:node].unlink
|
121
|
+
env[:node].unlink if iframe?(env[:node]) && iframe_has_invalid_src?(env[:node])
|
120
122
|
end
|
121
123
|
end
|
124
|
+
|
125
|
+
def self.iframe_has_invalid_src?(node)
|
126
|
+
node.attributes['src'].value !~ /\Ahttps:\/\/player.vimeo.com\//i
|
127
|
+
end
|
128
|
+
|
129
|
+
def self.iframe?(node)
|
130
|
+
node.name == 'iframe'
|
131
|
+
end
|
122
132
|
end
|
@@ -47,6 +47,11 @@ describe 'DevcenterParser' do
|
|
47
47
|
assert_parsing_result src, src
|
48
48
|
end
|
49
49
|
|
50
|
+
it 'allows images' do
|
51
|
+
src = '<p><img src="http://nav.heroku.com/images/logos/logo.png" alt="image"></p>'
|
52
|
+
assert_parsing_result src, src
|
53
|
+
end
|
54
|
+
|
50
55
|
describe 'github markdown' do
|
51
56
|
it 'leaves HTML comments' do
|
52
57
|
md = '<!-- c1 -->'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devcenter-parser
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Heroku
|
@@ -87,6 +87,7 @@ executables: []
|
|
87
87
|
extensions: []
|
88
88
|
extra_rdoc_files: []
|
89
89
|
files:
|
90
|
+
- ".gitignore"
|
90
91
|
- Gemfile
|
91
92
|
- LICENSE
|
92
93
|
- README.md
|