devcenter-parser 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/devcenter-parser.rb +13 -3
- data/lib/devcenter-parser/version.rb +1 -1
- data/test/devcenter-parser_test.rb +5 -0
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 33d985f26f470aa8726d4bde43b7e8b2bf189ff1
|
|
4
|
+
data.tar.gz: 8a85de0f3826a51f796ec72e42e398822432a419
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd8aa1323f3abd4587612013659b7a08e3ddc90293fcf73703202d8544ec01d053bfeefcfb6e99c5a61aa87c4543b62b748bc34e9a8adb710efd361e2b2b88b5
|
|
7
|
+
data.tar.gz: 44ece71a5cabf78624735e5e0baaf7d085fa3afeeb0002eb8b9faebcea198cea7920aa8d19209ba8c77479d097230abb9652fad10d09d8de82bb51b61599696d
|
data/.gitignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
pkg/
|
data/lib/devcenter-parser.rb
CHANGED
|
@@ -86,7 +86,7 @@ module DevcenterParser
|
|
|
86
86
|
# custom
|
|
87
87
|
config[:elements] += %w{ toolbelt }
|
|
88
88
|
|
|
89
|
-
config[:transformers] = Array(config[:transformers]).push(
|
|
89
|
+
config[:transformers] = Array(config[:transformers]).push(sanitize_node_with_invalid_src)
|
|
90
90
|
|
|
91
91
|
@@sanitize_config = config.merge({remove_contents: true, allow_comments: true})
|
|
92
92
|
end
|
|
@@ -112,11 +112,21 @@ module DevcenterParser
|
|
|
112
112
|
broken_html.nil? ? "Contains broken raw HTML." : "This raw HTML is invalid: #{CGI.unescapeHTML(broken_html)}"
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
-
def self.
|
|
115
|
+
def self.sanitize_node_with_invalid_src
|
|
116
116
|
lambda do |env|
|
|
117
117
|
return unless env[:node].attributes['src']
|
|
118
|
+
# disallow javascript in src for all attributes
|
|
119
|
+
env[:node].unlink if env[:node].attributes['src'].value =~ /\Ajavascript:/i
|
|
118
120
|
# allow iframes if they have src that is from vimeo
|
|
119
|
-
env[:node].unlink
|
|
121
|
+
env[:node].unlink if iframe?(env[:node]) && iframe_has_invalid_src?(env[:node])
|
|
120
122
|
end
|
|
121
123
|
end
|
|
124
|
+
|
|
125
|
+
def self.iframe_has_invalid_src?(node)
|
|
126
|
+
node.attributes['src'].value !~ /\Ahttps:\/\/player.vimeo.com\//i
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
def self.iframe?(node)
|
|
130
|
+
node.name == 'iframe'
|
|
131
|
+
end
|
|
122
132
|
end
|
|
@@ -47,6 +47,11 @@ describe 'DevcenterParser' do
|
|
|
47
47
|
assert_parsing_result src, src
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
+
it 'allows images' do
|
|
51
|
+
src = '<p><img src="http://nav.heroku.com/images/logos/logo.png" alt="image"></p>'
|
|
52
|
+
assert_parsing_result src, src
|
|
53
|
+
end
|
|
54
|
+
|
|
50
55
|
describe 'github markdown' do
|
|
51
56
|
it 'leaves HTML comments' do
|
|
52
57
|
md = '<!-- c1 -->'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devcenter-parser
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Heroku
|
|
@@ -87,6 +87,7 @@ executables: []
|
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
+
- ".gitignore"
|
|
90
91
|
- Gemfile
|
|
91
92
|
- LICENSE
|
|
92
93
|
- README.md
|