friendly_format 0.7.0 → 0.7.1

data/CHANGES

@@ -1,7 +1,9 @@
 = friendly_format changes history
 
-== friendly_format 0.7.0 / 2009-07-31
+== friendly_format 0.7.1 / 2009-08-06
+* filter attribute value start with javascript.
 
+== friendly_format 0.7.0 / 2009-07-31
 * no more super long line. added a newline after br tag.
 * all adapters work nearly the same now.
 * dropped support for libxml
@@ -13,7 +15,6 @@
 * now js attrs in allowed tags would be filter out
 
 == friendly_format 0.6.1 / 2009-04-05
-
 * added nokogiri and libxml-ruby support.
 * drop support for hpricot < 0.7
 * you can explicitly choose adapter, or auto-choose:
@@ -26,11 +27,9 @@
 * escape gt(>) in pre tag and forbidden tag as well.
 
 == friendly_format 0.5.1 / 2008-12-11
-
 * first release to rubyforge
 
 == friendly_format 0.5 / 2008-11-05
-
 * 1 major enhancement
   * Birthday!
   * extracted from Ludy::XhtmlFormatter!

data/friendly_format.gemspec

@@ -2,11 +2,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{friendly_format}
-  s.version = "0.7.0"
+  s.version = "0.7.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Lin Jen-Shin (aka godfat \347\234\237\345\270\270)"]
-  s.date = %q{2009-07-31}
+  s.date = %q{2009-08-06}
   s.description = %q{ make user input be valid xhtml and format it with gsub("\n", "<br/>") etc.
  you can partially allow some tags and don't escape them.}
   s.email = %q{godfat (XD) godfat.org}

data/lib/friendly_format.rb

@@ -5,7 +5,6 @@ require 'friendly_format/set_strict'
 
 # 2008-05-09 godfat
 module FriendlyFormat
-  autoload(:LibxmlAdapter,   'friendly_format/adapter/libxml_adapter')
   autoload(:HpricotAdapter,  'friendly_format/adapter/hpricot_adapter')
   autoload(:NokogiriAdapter, 'friendly_format/adapter/nokogiri_adapter')
 
@@ -15,11 +14,7 @@ module FriendlyFormat
       @adapter ||= begin
                      HpricotAdapter
                    rescue LoadError
-                     begin
-                       NokogiriAdapter
-                     rescue LoadError
-                       LibxmlAdapter
-                     end
+                     NokogiriAdapter
                    end
     end
   end
@@ -244,7 +239,9 @@ module FriendlyFormat
     end
 
     def node_attrs_reject_js node
-      attrs2str(node.attributes.reject{ |k, v| k =~ /\Aon/ })
+      attrs2str(node.attributes.reject{ |k, v|
+        k      =~ /\Aon/ ||
+        v.to_s =~ /\Ajavascript/ })
     end
 
     def attrs2str attrs

data/lib/friendly_format/version.rb

@@ -1,3 +1,3 @@
 module FriendlyFormat
-  VERSION = '0.7.0'
+  VERSION = '0.7.1'
 end

data/test/test_friendly_format.rb

@@ -236,6 +236,9 @@ compilation mode. 非常驚人的開發速度。<br />
 
     s = '<a href="#" onclick="window.alert(\'attack!\')">js</a>'
     assert_equal(FriendlyFormat.escape_ltgt(s), format_article(s))
+
+    s = '<a href="javascript:alert(\'attack!\')">win a wing!</a>'
+    assert_equal('<a>win a wing!</a>', format_article(s, :a))
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: friendly_format
 version: !ruby/object:Gem::Version 
-  version: 0.7.0
+  version: 0.7.1
 platform: ruby
 authors: 
 - "Lin Jen-Shin (aka godfat \xE7\x9C\x9F\xE5\xB8\xB8)"
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-07-31 00:00:00 +08:00
+date: 2009-08-06 00:00:00 +08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency