govspeak 3.6.0 → 3.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 88204b81285c071614cae4cdbc7933647c408ec7
-  data.tar.gz: 4927a7e014000868d29574ef257eda8d3fadd012
+  metadata.gz: 208629adeff44f5b4bdf055e2b4700a46fc5fb80
+  data.tar.gz: 966520c069158aeefe79b1bf2e3c3fd533c87664
 SHA512:
-  metadata.gz: 220d392cd52c2ee77f44e3ba65af87a143b14706339c99ec13bbd32063c1933e3079f82512f2941a6720923a9e0449a100fd31ddf624fd2b2b6d30edbcdda3ed
-  data.tar.gz: 76327a9e3df12548d9edeafe83646102374044757dec3d98b1805dba514b897e0bbb56ab0a3fb992888936f05b6393da263ba6f0f8cc11fedd40ec348713e413
+  metadata.gz: 4d44cc1f691a94d4ab384420039bc3581d9b108c45ed34ccc1d8b17880386b50e4dc5e558d84dca03a158c2bd29a7e07b9cc45f5e4bd03e6dc12ab03c0ed8ac0
+  data.tar.gz: 231abbfa5ddf1d1b766639a0defa7981ded9802311359b77e2b7dc1d08a5ff587c7f85ab4bd89dc921c2d7d6164bc3542b53922c26961efe247a03bdcb388bca

data/CHANGELOG.md

@@ -1,8 +1,12 @@
-## 3.6.0
+## 3.6.1
 
 * Update minimum Kramdown version from 1.5.0 to 1.10.0 ([changelog](https://github.com/gettalong/kramdown/tree/2cd02dfacda041d3108a039e085f804645a9d538/doc/news))
 * Allow table columns to be left, right or centre aligned using the [standard markdown pattern](http://kramdown.gettalong.org/quickref.html#tables) provided by Kramdown
 
+## 3.6.0
+
+* Yanked, see 3.6.1 which includes [fix](https://github.com/alphagov/govspeak/pull/73)
+
 ## 3.5.2
 
 * Fix a couple of issues with the [header_extractor](https://github.com/alphagov/govspeak/blob/master/lib/govspeak/header_extractor.rb). The method now picks up headers nested inside `blocks`, and when ID's are [explicitly set](http://kramdown.gettalong.org/syntax.html#specifying-a-header-id). See [https://github.com/alphagov/govspeak/pull/66](https://github.com/alphagov/govspeak/pull/66) for more.

data/lib/govspeak/html_sanitizer.rb

@@ -28,10 +28,14 @@ class Govspeak::HtmlSanitizer
 
       # Kramdown uses text-align to allow table cells to be aligned
       # http://kramdown.gettalong.org/quickref.html#tables
-      unless node['style'].match(/^text-align:\s*(center|left|right)$/)
+      if invalid_style_attribute?(node['style'])
         node.remove_attribute('style')
       end
     end
+
+    def invalid_style_attribute?(style)
+      style && !style.match(/^text-align:\s*(center|left|right)$/)
+    end
   end
 
   def initialize(dirty_html, options = {})

data/lib/govspeak/version.rb

@@ -1,3 +1,3 @@
 module Govspeak
-  VERSION = "3.6.0"
+  VERSION = "3.6.1"
 end

data/test/html_sanitizer_test.rb

@@ -44,9 +44,14 @@ class HtmlSanitizerTest < Minitest::Test
     assert_equal "", Govspeak::HtmlSanitizer.new(html).sanitize_without_images
   end
 
+  test "allows table cells and table headings without a style attribute" do
+    html = "<th>thing</th><td>thing</td>"
+    assert_equal html, Govspeak::HtmlSanitizer.new(html).sanitize
+  end
+
   test "allows valid text-align properties on the style attribute for table cells and table headings" do
     ["left", "right", "center"].each do |alignment|
-      html = "<td style=\"text-align: #{alignment}\">thing</td>"
+      html = "<th style=\"text-align: #{alignment}\">thing</th><td style=\"text-align: #{alignment}\">thing</td>"
       assert_equal html, Govspeak::HtmlSanitizer.new(html).sanitize
     end
 
@@ -57,8 +62,8 @@ class HtmlSanitizerTest < Minitest::Test
       "background-image: url(javascript:alert('XSS'))",
       "expression(alert('XSS'));"
     ].each do |style|
-      html = "<td style=\"#{style}\">thing</td>"
-      assert_equal '<td>thing</td>', Govspeak::HtmlSanitizer.new(html).sanitize
+      html = "<th style=\"#{style}\">thing</th><td style=\"#{style}\">thing</td>"
+      assert_equal '<th>thing</th><td>thing</td>', Govspeak::HtmlSanitizer.new(html).sanitize
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: govspeak
 version: !ruby/object:Gem::Version
-  version: 3.6.0
+  version: 3.6.1
 platform: ruby
 authors:
 - Ben Griffiths