govspeak 3.6.0 → 3.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/lib/govspeak/html_sanitizer.rb +5 -1
- data/lib/govspeak/version.rb +1 -1
- data/test/html_sanitizer_test.rb +8 -3
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 208629adeff44f5b4bdf055e2b4700a46fc5fb80
|
|
4
|
+
data.tar.gz: 966520c069158aeefe79b1bf2e3c3fd533c87664
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4d44cc1f691a94d4ab384420039bc3581d9b108c45ed34ccc1d8b17880386b50e4dc5e558d84dca03a158c2bd29a7e07b9cc45f5e4bd03e6dc12ab03c0ed8ac0
|
|
7
|
+
data.tar.gz: 231abbfa5ddf1d1b766639a0defa7981ded9802311359b77e2b7dc1d08a5ff587c7f85ab4bd89dc921c2d7d6164bc3542b53922c26961efe247a03bdcb388bca
|
data/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
|
-
## 3.6.
|
|
1
|
+
## 3.6.1
|
|
2
2
|
|
|
3
3
|
* Update minimum Kramdown version from 1.5.0 to 1.10.0 ([changelog](https://github.com/gettalong/kramdown/tree/2cd02dfacda041d3108a039e085f804645a9d538/doc/news))
|
|
4
4
|
* Allow table columns to be left, right or centre aligned using the [standard markdown pattern](http://kramdown.gettalong.org/quickref.html#tables) provided by Kramdown
|
|
5
5
|
|
|
6
|
+
## 3.6.0
|
|
7
|
+
|
|
8
|
+
* Yanked, see 3.6.1 which includes [fix](https://github.com/alphagov/govspeak/pull/73)
|
|
9
|
+
|
|
6
10
|
## 3.5.2
|
|
7
11
|
|
|
8
12
|
* Fix a couple of issues with the [header_extractor](https://github.com/alphagov/govspeak/blob/master/lib/govspeak/header_extractor.rb). The method now picks up headers nested inside `blocks`, and when ID's are [explicitly set](http://kramdown.gettalong.org/syntax.html#specifying-a-header-id). See [https://github.com/alphagov/govspeak/pull/66](https://github.com/alphagov/govspeak/pull/66) for more.
|
|
@@ -28,10 +28,14 @@ class Govspeak::HtmlSanitizer
|
|
|
28
28
|
|
|
29
29
|
# Kramdown uses text-align to allow table cells to be aligned
|
|
30
30
|
# http://kramdown.gettalong.org/quickref.html#tables
|
|
31
|
-
|
|
31
|
+
if invalid_style_attribute?(node['style'])
|
|
32
32
|
node.remove_attribute('style')
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
|
+
|
|
36
|
+
def invalid_style_attribute?(style)
|
|
37
|
+
style && !style.match(/^text-align:\s*(center|left|right)$/)
|
|
38
|
+
end
|
|
35
39
|
end
|
|
36
40
|
|
|
37
41
|
def initialize(dirty_html, options = {})
|
data/lib/govspeak/version.rb
CHANGED
data/test/html_sanitizer_test.rb
CHANGED
|
@@ -44,9 +44,14 @@ class HtmlSanitizerTest < Minitest::Test
|
|
|
44
44
|
assert_equal "", Govspeak::HtmlSanitizer.new(html).sanitize_without_images
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
+
test "allows table cells and table headings without a style attribute" do
|
|
48
|
+
html = "<th>thing</th><td>thing</td>"
|
|
49
|
+
assert_equal html, Govspeak::HtmlSanitizer.new(html).sanitize
|
|
50
|
+
end
|
|
51
|
+
|
|
47
52
|
test "allows valid text-align properties on the style attribute for table cells and table headings" do
|
|
48
53
|
["left", "right", "center"].each do |alignment|
|
|
49
|
-
html = "<td style=\"text-align: #{alignment}\">thing</td>"
|
|
54
|
+
html = "<th style=\"text-align: #{alignment}\">thing</th><td style=\"text-align: #{alignment}\">thing</td>"
|
|
50
55
|
assert_equal html, Govspeak::HtmlSanitizer.new(html).sanitize
|
|
51
56
|
end
|
|
52
57
|
|
|
@@ -57,8 +62,8 @@ class HtmlSanitizerTest < Minitest::Test
|
|
|
57
62
|
"background-image: url(javascript:alert('XSS'))",
|
|
58
63
|
"expression(alert('XSS'));"
|
|
59
64
|
].each do |style|
|
|
60
|
-
html = "<td style=\"#{style}\">thing</td>"
|
|
61
|
-
assert_equal '<td>thing</td>', Govspeak::HtmlSanitizer.new(html).sanitize
|
|
65
|
+
html = "<th style=\"#{style}\">thing</th><td style=\"#{style}\">thing</td>"
|
|
66
|
+
assert_equal '<th>thing</th><td>thing</td>', Govspeak::HtmlSanitizer.new(html).sanitize
|
|
62
67
|
end
|
|
63
68
|
end
|
|
64
69
|
end
|