govspeak 6.5.8 → 6.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26ef4d3bfb3ed9dcf07d44a1428e815928a4fa1ee94f388de829bb999b3cd79c
-  data.tar.gz: c2982f083911dcaf38a0883d48e9ca302a3b514b7bc05b99b827830c02db884d
+  metadata.gz: 14e93ed0928bdacce945ae5d1ea81d3bbc40508fcc1875c59e02297aed7f78e8
+  data.tar.gz: b6f7f01034081da748db3d02e81fe31f72f155f2921de02b6d07f65d04587e09
 SHA512:
-  metadata.gz: f75532f9905ae86df812be38a837d60abe1007cad72e8d886c95019f2563734a9e136368b74c1d1499d41bc8c83b2c3a41f415128c93c7025c4f4aacb9765e6f
-  data.tar.gz: e6ef52ca611f2b3e74e77a3330ddaf602385eb90685b3839c8bd28f4bdf06c21652c50cff4a85fc2b157e8e009e11c5ce9c7c439a92d5abdf78821725fbaba2c
+  metadata.gz: 00e6e768ecdc8ce782f849957370199bdbfde7a85973c83366590b09155395455f62be45e86bcf8864053070ecb3a9560645bef410e562121ef08acefe2bccac
+  data.tar.gz: dd68a811064c4e63a092b00ffef191db7f3221308eb84cf916304b8e2207522baea4e37226c09527c4dc25f618b74b2604b39fc96ac986dfbb8008e93454f8fb

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 6.7.0
+
+* Update heading & docs [#206](https://github.com/alphagov/govspeak/pull/206)
+
+## 6.6.0
+
+* Allow passed elements to be relaxed from sanitization [#203](https://github.com/alphagov/govspeak/pull/203)
+
+## 6.5.11
+
+* Fix issue rendering $CTA blocks before $C (PR#202)
+
+## 6.5.10
+
+* Be optimistic in versions of govuk_publishing_components and i18n allowed (PR#200)
+
+## 6.5.9
+
+* Adjust footnote markup to accommodate multiple references (PR#198)
+
 ## 6.5.8
 
 * Customise footnote markup for accessibility (PR#192)

data/README.md

@@ -65,7 +65,7 @@ creates an example box
 
 ## Highlights
 
-### Advisory
+### Advisory (DEPRECATED: marked for removal. Use 'Information callouts' instead.)
 
     @This is a very important message or warning@
 
@@ -77,7 +77,7 @@ highlights the enclosed text in yellow
 </h3>
 ```
 
-### Answer
+### Answer (DEPRECATED: marked for removal)
 
     {::highlight-answer}
     The VAT rate is *20%*
@@ -598,8 +598,8 @@ will output
 ```html
 <div id="contact_123" class="contact">
   <div class="content">
-    <h3>Government Digital Service</h3>
     <div class="vcard contact-inner">
+      <p>Government Digital Service</p>
       <div class="email-url-number">
         <p class="email">
           <span class="type">Email</span>

data/lib/govspeak.rb

@@ -53,6 +53,7 @@ module Govspeak
       @source = source ? source.dup : ""
 
       @images = options.delete(:images) || []
+      @allowed_elements = options.delete(:allowed_elements) || []
       @attachments = Array.wrap(options.delete(:attachments))
       @links = Array.wrap(options.delete(:links))
       @contacts = Array.wrap(options.delete(:contacts))
@@ -66,7 +67,7 @@ module Govspeak
     def to_html
       @to_html ||= begin
                      html = if @options[:sanitize]
-                              HtmlSanitizer.new(kramdown_doc.to_html).sanitize
+                              HtmlSanitizer.new(kramdown_doc.to_html).sanitize(allowed_elements: @allowed_elements)
                             else
                               kramdown_doc.to_html
                             end
@@ -272,6 +273,10 @@ module Govspeak
       lines.join
     end
 
+    # More specific tags must be defined first. Those defined earlier have a
+    # higher precedence for being matched. For example $CTA must be defined
+    # before $C otherwise the first ($C)TA fill be matched to a contact tag.
+    wrap_with_div("call-to-action", "$CTA", Govspeak::Document)
     wrap_with_div("summary", "$!")
     wrap_with_div("form-download", "$D")
     wrap_with_div("contact", "$C")
@@ -279,7 +284,6 @@ module Govspeak
     wrap_with_div("information", "$I", Govspeak::Document)
     wrap_with_div("additional-information", "$AI")
     wrap_with_div("example", "$E", Govspeak::Document)
-    wrap_with_div("call-to-action", "$CTA", Govspeak::Document)
 
     extension("address", surrounded_by("$A")) do |body|
       %(\n<div class="address"><div class="adr org fn"><p>\n#{body.sub("\n", '').gsub("\n", '<br />')}\n</p></div></div>\n)

data/lib/govspeak/html_sanitizer.rb

@@ -40,18 +40,19 @@ class Govspeak::HtmlSanitizer
     @allowed_image_hosts = options[:allowed_image_hosts]
   end
 
-  def sanitize
+  def sanitize(allowed_elements: [])
     transformers = [TableCellTextAlignWhitelister.new]
     if @allowed_image_hosts && @allowed_image_hosts.any?
       transformers << ImageSourceWhitelister.new(@allowed_image_hosts)
     end
-    Sanitize.clean(@dirty_html, Sanitize::Config.merge(sanitize_config, transformers: transformers))
+
+    Sanitize.clean(@dirty_html, Sanitize::Config.merge(sanitize_config(allowed_elements: allowed_elements), transformers: transformers))
   end
 
-  def sanitize_config
+  def sanitize_config(allowed_elements: [])
     Sanitize::Config.merge(
       Sanitize::Config::RELAXED,
-      elements: Sanitize::Config::RELAXED[:elements] + %w[govspeak-embed-attachment govspeak-embed-attachment-link svg path],
+      elements: Sanitize::Config::RELAXED[:elements] + %w[govspeak-embed-attachment govspeak-embed-attachment-link svg path].concat(allowed_elements),
       attributes: {
         :all => Sanitize::Config::RELAXED[:attributes][:all] + %w[role aria-label],
         "a" => Sanitize::Config::RELAXED[:attributes]["a"] + [:data],

data/lib/govspeak/post_processor.rb

@@ -126,7 +126,8 @@ module Govspeak
         el.content = "[footnote #{footnote_number}]"
       end
       document.css("[role='doc-backlink']").map do |el|
-        el.content = "[go to where this is referenced]"
+        backlink_number = " " + el.css("sup")[0].content if el.css("sup")[0].present?
+        el["aria-label"] = "go to where this is referenced#{backlink_number}"
       end
     end
 

data/lib/govspeak/version.rb

@@ -1,3 +1,3 @@
 module Govspeak
-  VERSION = "6.5.8".freeze
+  VERSION = "6.7.0".freeze
 end

data/lib/templates/contact.html.erb

@@ -4,8 +4,8 @@
 %>
 <div id="contact_<%= contact.content_id %>" class="<%= ['contact', extra_class].flatten.join(' ') %>">
   <div class="content">
-    <h3><%= contact.title %></h3>
     <div class="vcard contact-inner">
+    <p><%= contact.title %></p>
     <% contact.post_addresses.each do |address| %>
       <%= Govspeak::HCardPresenter.new(address).render %>
     <% end %>

data/test/govspeak_contacts_test.rb

@@ -62,8 +62,8 @@ class GovspeakContactsTest < Minitest::Test
     expected_html_output = %(
       <div id="contact_4f3383e4-48a2-4461-a41d-f85ea8b89ba0" class="contact postal-address">
         <div class="content">
-          <h3>Government Digital Service</h3>
           <div class="vcard contact-inner">
+            <p>Government Digital Service</p>
             <p class="adr">
               <span class="street-address">125 Kingsway</span><br>
               <span class="locality">Holborn</span><br>
@@ -106,8 +106,8 @@ class GovspeakContactsTest < Minitest::Test
     expected_html_output = %(
       <div id="contact_4f3383e4-48a2-4461-a41d-f85ea8b89ba0" class="contact">
         <div class="content">
-          <h3>Government Digital Service</h3>
           <div class="vcard contact-inner">
+            <p>Government Digital Service</p>
             <div class="email-url-number">
               <p class="email">
                 <span class="type">Email</span>

data/test/govspeak_footnote_test.rb

@@ -11,21 +11,36 @@ class GovspeakFootnoteTest < Minitest::Test
 
     Footnotes can be added too[^2].
 
-    [^2]: And then later defined too." do
-    assert_html_output '
+    [^2]: And then later defined too.
+
+    This footnote has a reference number[^3].
+
+    And this footnote has the same reference number[^3].
+
+    [^3]: And then they both point here." do
+    assert_html_output(
+      %(
       <p>Footnotes can be added<sup id="fnref:1" role="doc-noteref"><a href="#fn:1" class="footnote">[footnote 1]</a></sup>.</p>
 
       <p>Footnotes can be added too<sup id="fnref:2" role="doc-noteref"><a href="#fn:2" class="footnote">[footnote 2]</a></sup>.</p>
 
+      <p>This footnote has a reference number<sup id="fnref:3" role="doc-noteref"><a href="#fn:3" class="footnote">[footnote 3]</a></sup>.</p>
+
+      <p>And this footnote has the same reference number<sup id="fnref:3:1" role="doc-noteref"><a href="#fn:3" class="footnote">[footnote 3]</a></sup>.</p>
+
       <div class="footnotes" role="doc-endnotes">
         <ol>
           <li id="fn:1" role="doc-endnote">
-            <p>And then later defined. <a href="#fnref:1" class="reversefootnote" role="doc-backlink">[go to where this is referenced]</a></p>
+            <p>And then later defined. <a href="#fnref:1" class="reversefootnote" role="doc-backlink" aria-label="go to where this is referenced">↩</a></p>
           </li>
           <li id="fn:2" role="doc-endnote">
-            <p>And then later defined too. <a href="#fnref:2" class="reversefootnote" role="doc-backlink">[go to where this is referenced]</a></p>
+            <p>And then later defined too. <a href="#fnref:2" class="reversefootnote" role="doc-backlink" aria-label="go to where this is referenced">↩</a></p>
+          </li>
+          <li id="fn:3" role="doc-endnote">
+            <p>And then they both point here. <a href="#fnref:3" class="reversefootnote" role="doc-backlink" aria-label="go to where this is referenced">↩</a> <a href="#fnref:3:1" class="reversefootnote" role="doc-backlink" aria-label="go to where this is referenced 2">↩<sup>2</sup></a></p>
           </li>
         </ol>
-      </div>'
+      </div>),
+    )
   end
 end

data/test/govspeak_test.rb

@@ -440,6 +440,25 @@ Teston
       </div>)
   end
 
+  test_given_govspeak "
+    $CTA
+    Click here to start the tool
+    $CTA
+
+    $C
+    Here is some text
+    $C
+    " do
+    assert_html_output %(
+      <div class="call-to-action">
+      <p>Click here to start the tool</p>
+      </div>
+
+      <div class="contact">
+      <p>Here is some text</p>
+      </div>)
+  end
+
   test_given_govspeak "
     [internal link](http://www.not-external.com)
 
@@ -647,6 +666,11 @@ Teston
     assert_equal "<script>doGoodThings();</script>", document.to_html.strip
   end
 
+  test "it can exclude stipulated elements from sanitization" do
+    document = Govspeak::Document.new("<uncommon-element>some content</uncommon-element>", allowed_elements: %w[uncommon-element])
+    assert_equal "<uncommon-element>some content</uncommon-element>", document.to_html.strip
+  end
+
   test "identifies a Govspeak document containing malicious HTML as invalid" do
     document = Govspeak::Document.new("<script>doBadThings();</script>")
     refute document.valid?

data/test/html_sanitizer_test.rb

@@ -96,4 +96,10 @@ class HtmlSanitizerTest < Minitest::Test
       assert_equal "<table><thead><tr><th>thing</th></tr></thead><tbody><tr><td>thing</td></tr></tbody></table>", Govspeak::HtmlSanitizer.new(html).sanitize
     end
   end
+
+  test "excludes specified elements from sanitization" do
+    html = "<custom-allowed-element><p>text</p></custom-allowed-element>"
+    assert_equal "<p>text</p>", Govspeak::HtmlSanitizer.new(html).sanitize
+    assert_equal html, Govspeak::HtmlSanitizer.new(html).sanitize(allowed_elements: %w[custom-allowed-element])
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: govspeak
 version: !ruby/object:Gem::Version
-  version: 6.5.8
+  version: 6.7.0
 platform: ruby
 authors:
 - GOV.UK Dev
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-05 00:00:00.000000000 Z
+date: 2021-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionview
@@ -56,20 +56,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '23.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '23.4'
+        version: '23'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '23.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '23.4'
+        version: '23'
 - !ruby/object:Gem::Dependency
   name: htmlentities
   requirement: !ruby/object:Gem::Requirement
@@ -88,14 +82,14 @@ dependencies:
   name: i18n
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.7'
 - !ruby/object:Gem::Dependency
@@ -180,14 +174,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.14.1
+        version: '5.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.14.1
+        version: '5.14'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement