govspeak 6.8.0 → 6.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/lib/govspeak/html_sanitizer.rb +11 -1
- data/lib/govspeak/html_validator.rb +12 -6
- data/lib/govspeak/version.rb +1 -1
- data/lib/govspeak.rb +4 -2
- data/test/govspeak_test.rb +42 -0
- metadata +22 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ca0f29b1dceee03154a3f7f535e27c5bf7ebf5ae5e42845919c7bfea3eb2e132
|
4
|
+
data.tar.gz: 428ff21aa80eaccd670ee643aed80d3081148417161f1a1bf10b78742e01c6b4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cef697b4026db708378ede49588032d2b95e603a4f4ce87053b8c47ce119ff94b6ad5363e4ec7079d914941c48db0fb6d93ed3b75fff1225459957ed3d24736a
|
7
|
+
data.tar.gz: e78af326c264e4d4d92dedebb23a8db4a08927e55101f435a4ebe4714142e5432262bf1b1ce45553e83f6bb969af859ee4bcba7388a62fc63c987cc83f86ad99
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
## 6.8.3
|
2
|
+
|
3
|
+
* Require Kramdown minimum version of 2.3.1 to avoid CVE-2021-28834 [#246](https://github.com/alphagov/govspeak/pull/246)
|
4
|
+
|
5
|
+
## 6.8.2
|
6
|
+
|
7
|
+
* Fix footnote numbering [#239](https://github.com/alphagov/govspeak/pull/239)
|
8
|
+
|
9
|
+
## 6.8.1
|
10
|
+
|
11
|
+
* Fix a bug which resulted in validation errors on 'Start Button' elements [#237](https://github.com/alphagov/govspeak/pull/237)
|
12
|
+
|
1
13
|
## 6.8.0
|
2
14
|
|
3
15
|
* Drop support for Ruby 2.6 which reaches End of Life (EOL) on 31/03/2022
|
@@ -46,7 +46,17 @@ class Govspeak::HtmlSanitizer
|
|
46
46
|
transformers << ImageSourceWhitelister.new(@allowed_image_hosts)
|
47
47
|
end
|
48
48
|
|
49
|
-
|
49
|
+
# It would be cleaner to move this `transformers` key into the `sanitize_config` method rather
|
50
|
+
# than having to use Sanitize::Config.merge() twice in succession. However, `sanitize_config`
|
51
|
+
# is a public method and it looks like other projects depend on it behaving the way it
|
52
|
+
# currently does – i.e. to return Sanitize config without any transformers.
|
53
|
+
# e.g. https://github.com/alphagov/hmrc-manuals-api/blob/4a83f78d0bb839520155623fd9b63b3b12a3b13a/app/validators/no_dangerous_html_in_text_fields_validator.rb#L44
|
54
|
+
config_with_transformers = Sanitize::Config.merge(
|
55
|
+
sanitize_config(allowed_elements: allowed_elements),
|
56
|
+
transformers: transformers,
|
57
|
+
)
|
58
|
+
|
59
|
+
Sanitize.clean(@dirty_html, config_with_transformers)
|
50
60
|
end
|
51
61
|
|
52
62
|
def sanitize_config(allowed_elements: [])
|
@@ -1,9 +1,9 @@
|
|
1
1
|
class Govspeak::HtmlValidator
|
2
2
|
attr_reader :govspeak_string
|
3
3
|
|
4
|
-
def initialize(govspeak_string,
|
4
|
+
def initialize(govspeak_string, options = {})
|
5
5
|
@govspeak_string = govspeak_string.dup.force_encoding(Encoding::UTF_8)
|
6
|
-
@
|
6
|
+
@allowed_image_hosts = options[:allowed_image_hosts]
|
7
7
|
end
|
8
8
|
|
9
9
|
def invalid?
|
@@ -11,17 +11,23 @@ class Govspeak::HtmlValidator
|
|
11
11
|
end
|
12
12
|
|
13
13
|
def valid?
|
14
|
-
dirty_html = govspeak_to_html
|
15
|
-
clean_html =
|
14
|
+
dirty_html = govspeak_to_html(sanitize: false)
|
15
|
+
clean_html = govspeak_to_html(sanitize: true)
|
16
16
|
normalise_html(dirty_html) == normalise_html(clean_html)
|
17
17
|
end
|
18
18
|
|
19
|
+
private
|
20
|
+
|
19
21
|
# Make whitespace in html tags consistent
|
20
22
|
def normalise_html(html)
|
21
23
|
Nokogiri::HTML5.fragment(html).to_s
|
22
24
|
end
|
23
25
|
|
24
|
-
def govspeak_to_html
|
25
|
-
Govspeak::Document.new(
|
26
|
+
def govspeak_to_html(sanitize:)
|
27
|
+
Govspeak::Document.new(
|
28
|
+
govspeak_string,
|
29
|
+
sanitize: sanitize,
|
30
|
+
allowed_image_hosts: @allowed_image_hosts,
|
31
|
+
).to_html
|
26
32
|
end
|
27
33
|
end
|
data/lib/govspeak/version.rb
CHANGED
data/lib/govspeak.rb
CHANGED
@@ -54,6 +54,7 @@ module Govspeak
|
|
54
54
|
|
55
55
|
@images = options.delete(:images) || []
|
56
56
|
@allowed_elements = options.delete(:allowed_elements) || []
|
57
|
+
@allowed_image_hosts = options.delete(:allowed_image_hosts) || []
|
57
58
|
@attachments = Array.wrap(options.delete(:attachments))
|
58
59
|
@links = Array.wrap(options.delete(:links))
|
59
60
|
@contacts = Array.wrap(options.delete(:contacts))
|
@@ -69,7 +70,8 @@ module Govspeak
|
|
69
70
|
def to_html
|
70
71
|
@to_html ||= begin
|
71
72
|
html = if @options[:sanitize]
|
72
|
-
HtmlSanitizer.new(kramdown_doc.to_html
|
73
|
+
HtmlSanitizer.new(kramdown_doc.to_html, allowed_image_hosts: @allowed_image_hosts)
|
74
|
+
.sanitize(allowed_elements: @allowed_elements)
|
73
75
|
else
|
74
76
|
kramdown_doc.to_html
|
75
77
|
end
|
@@ -136,7 +138,7 @@ module Govspeak
|
|
136
138
|
def footnote_definitions(source)
|
137
139
|
is_legislative_list = source.scan(/\$LegislativeList.*?\[\^\d\]*.*?\$EndLegislativeList/m).size.positive?
|
138
140
|
is_cta = source.scan(/\$CTA.*?\[\^\d\]*.*?\$CTA/m).size.positive?
|
139
|
-
footnotes = source.scan(
|
141
|
+
footnotes = source.scan(/^\s*\[\^(\d+)\]:(.*)/)
|
140
142
|
@acronyms = source.scan(/(?<=\*)\[(.*)\]:(.*)/)
|
141
143
|
if (is_legislative_list || is_cta) && footnotes.size.positive?
|
142
144
|
list_items = footnotes.map do |footnote|
|
data/test/govspeak_test.rb
CHANGED
@@ -1048,6 +1048,48 @@ Teston
|
|
1048
1048
|
)
|
1049
1049
|
end
|
1050
1050
|
|
1051
|
+
test_given_govspeak "
|
1052
|
+
$LegislativeList
|
1053
|
+
1. some text[^1]:
|
1054
|
+
$EndLegislativeList
|
1055
|
+
[^1]: footnote text
|
1056
|
+
" do
|
1057
|
+
assert_html_output %(
|
1058
|
+
<p>1. some text<sup id="fnref:1" role="doc-noteref"><a href="#fn:1" class="footnote" rel="footnote">[footnote 1]</a></sup>:</p>
|
1059
|
+
|
1060
|
+
<div class="footnotes" role="doc-endnotes">
|
1061
|
+
<ol>
|
1062
|
+
<li id="fn:1" role="doc-endnote">
|
1063
|
+
<p>
|
1064
|
+
footnote text<a href="#fnref:1" class="reversefootnote" role="doc-backlink" aria-label="go to where this is referenced">↩</a>
|
1065
|
+
</p>
|
1066
|
+
</li>
|
1067
|
+
</ol>
|
1068
|
+
</div>
|
1069
|
+
)
|
1070
|
+
end
|
1071
|
+
|
1072
|
+
test_given_govspeak "
|
1073
|
+
$LegislativeList
|
1074
|
+
1. some text[^1]: extra
|
1075
|
+
$EndLegislativeList
|
1076
|
+
[^1]: footnote text
|
1077
|
+
" do
|
1078
|
+
assert_html_output %(
|
1079
|
+
<p>1. some text<sup id="fnref:1" role="doc-noteref"><a href="#fn:1" class="footnote" rel="footnote">[footnote 1]</a></sup>: extra</p>
|
1080
|
+
|
1081
|
+
<div class="footnotes" role="doc-endnotes">
|
1082
|
+
<ol>
|
1083
|
+
<li id="fn:1" role="doc-endnote">
|
1084
|
+
<p>
|
1085
|
+
footnote text<a href="#fnref:1" class="reversefootnote" role="doc-backlink" aria-label="go to where this is referenced">↩</a>
|
1086
|
+
</p>
|
1087
|
+
</li>
|
1088
|
+
</ol>
|
1089
|
+
</div>
|
1090
|
+
)
|
1091
|
+
end
|
1092
|
+
|
1051
1093
|
# FIXME: this code is buggy and replaces abbreviations in HTML tags - removing the functionality for now
|
1052
1094
|
# test_given_govspeak "
|
1053
1095
|
# $LegislativeList
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: govspeak
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.8.
|
4
|
+
version: 6.8.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GOV.UK Dev
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-06-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionview
|
@@ -92,14 +92,14 @@ dependencies:
|
|
92
92
|
requirements:
|
93
93
|
- - ">="
|
94
94
|
- !ruby/object:Gem::Version
|
95
|
-
version: 2.3.
|
95
|
+
version: 2.3.1
|
96
96
|
type: :runtime
|
97
97
|
prerelease: false
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
99
99
|
requirements:
|
100
100
|
- - ">="
|
101
101
|
- !ruby/object:Gem::Version
|
102
|
-
version: 2.3.
|
102
|
+
version: 2.3.1
|
103
103
|
- !ruby/object:Gem::Dependency
|
104
104
|
name: nokogiri
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -190,14 +190,14 @@ dependencies:
|
|
190
190
|
requirements:
|
191
191
|
- - '='
|
192
192
|
- !ruby/object:Gem::Version
|
193
|
-
version: 4.
|
193
|
+
version: 4.5.0
|
194
194
|
type: :development
|
195
195
|
prerelease: false
|
196
196
|
version_requirements: !ruby/object:Gem::Requirement
|
197
197
|
requirements:
|
198
198
|
- - '='
|
199
199
|
- !ruby/object:Gem::Version
|
200
|
-
version: 4.
|
200
|
+
version: 4.5.0
|
201
201
|
- !ruby/object:Gem::Dependency
|
202
202
|
name: simplecov
|
203
203
|
requirement: !ruby/object:Gem::Requirement
|
@@ -327,29 +327,29 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
327
327
|
- !ruby/object:Gem::Version
|
328
328
|
version: '0'
|
329
329
|
requirements: []
|
330
|
-
rubygems_version: 3.3.
|
330
|
+
rubygems_version: 3.3.16
|
331
331
|
signing_key:
|
332
332
|
specification_version: 4
|
333
333
|
summary: Markup language for single domain
|
334
334
|
test_files:
|
335
|
-
- test/
|
335
|
+
- test/govspeak_attachment_link_test.rb
|
336
|
+
- test/test_helper.rb
|
337
|
+
- test/govspeak_button_test.rb
|
338
|
+
- test/govspeak_footnote_test.rb
|
339
|
+
- test/govspeak_images_test.rb
|
340
|
+
- test/govspeak_images_bang_test.rb
|
336
341
|
- test/blockquote_extra_quote_remover_test.rb
|
342
|
+
- test/html_sanitizer_test.rb
|
343
|
+
- test/govspeak_table_with_headers_test.rb
|
344
|
+
- test/govspeak_extract_contact_content_ids_test.rb
|
345
|
+
- test/html_validator_test.rb
|
346
|
+
- test/govspeak_contacts_test.rb
|
347
|
+
- test/govspeak_test.rb
|
348
|
+
- test/govspeak_attachments_image_test.rb
|
349
|
+
- test/govspeak_attachment_test.rb
|
337
350
|
- test/govspeak_link_extractor_test.rb
|
338
|
-
- test/govspeak_images_test.rb
|
339
351
|
- test/govspeak_link_test.rb
|
340
|
-
- test/govspeak_extract_contact_content_ids_test.rb
|
341
|
-
- test/govspeak_footnote_test.rb
|
342
352
|
- test/presenters/h_card_presenter_test.rb
|
343
353
|
- test/govspeak_attachments_inline_test.rb
|
354
|
+
- test/govspeak_test_helper.rb
|
344
355
|
- test/govspeak_structured_headers_test.rb
|
345
|
-
- test/test_helper.rb
|
346
|
-
- test/govspeak_button_test.rb
|
347
|
-
- test/govspeak_attachment_test.rb
|
348
|
-
- test/html_sanitizer_test.rb
|
349
|
-
- test/govspeak_contacts_test.rb
|
350
|
-
- test/govspeak_attachments_image_test.rb
|
351
|
-
- test/govspeak_images_bang_test.rb
|
352
|
-
- test/govspeak_test.rb
|
353
|
-
- test/govspeak_table_with_headers_test.rb
|
354
|
-
- test/html_validator_test.rb
|
355
|
-
- test/govspeak_attachment_link_test.rb
|