govspeak 6.5.11 → 6.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/govspeak.rb +2 -1
- data/lib/govspeak/html_sanitizer.rb +5 -4
- data/lib/govspeak/version.rb +1 -1
- data/test/govspeak_test.rb +5 -0
- data/test/html_sanitizer_test.rb +6 -0
- metadata +17 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6369a640dd1ca0303f548954b3cd69f176707200d83d460408eadbb7c7b35158
|
|
4
|
+
data.tar.gz: fb487bd7275c39da3b3ff34fb4bbb016c77e4666a778c42dd8098c0ef50b3ea5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 85fe44ebb3c921918bb22148c4d53394d3e5921b1c5b778815bb09120832e7820805555aa68756799a257a05c4fb5efdeb5df53a453009b2333db528fafa5f29
|
|
7
|
+
data.tar.gz: 82dc434b862384862420ea07e45d00e2020b5ea20fd7a52ee5196bb5a6786d4c3facd15e64917c0bfd700ac0a1c3aaaa7e761c6970640c60b118f40ca5a1f0e8
|
data/CHANGELOG.md
CHANGED
data/lib/govspeak.rb
CHANGED
|
@@ -53,6 +53,7 @@ module Govspeak
|
|
|
53
53
|
@source = source ? source.dup : ""
|
|
54
54
|
|
|
55
55
|
@images = options.delete(:images) || []
|
|
56
|
+
@allowed_elements = options.delete(:allowed_elements) || []
|
|
56
57
|
@attachments = Array.wrap(options.delete(:attachments))
|
|
57
58
|
@links = Array.wrap(options.delete(:links))
|
|
58
59
|
@contacts = Array.wrap(options.delete(:contacts))
|
|
@@ -66,7 +67,7 @@ module Govspeak
|
|
|
66
67
|
def to_html
|
|
67
68
|
@to_html ||= begin
|
|
68
69
|
html = if @options[:sanitize]
|
|
69
|
-
HtmlSanitizer.new(kramdown_doc.to_html).sanitize
|
|
70
|
+
HtmlSanitizer.new(kramdown_doc.to_html).sanitize(allowed_elements: @allowed_elements)
|
|
70
71
|
else
|
|
71
72
|
kramdown_doc.to_html
|
|
72
73
|
end
|
|
@@ -40,18 +40,19 @@ class Govspeak::HtmlSanitizer
|
|
|
40
40
|
@allowed_image_hosts = options[:allowed_image_hosts]
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
def sanitize
|
|
43
|
+
def sanitize(allowed_elements: [])
|
|
44
44
|
transformers = [TableCellTextAlignWhitelister.new]
|
|
45
45
|
if @allowed_image_hosts && @allowed_image_hosts.any?
|
|
46
46
|
transformers << ImageSourceWhitelister.new(@allowed_image_hosts)
|
|
47
47
|
end
|
|
48
|
-
|
|
48
|
+
|
|
49
|
+
Sanitize.clean(@dirty_html, Sanitize::Config.merge(sanitize_config(allowed_elements: allowed_elements), transformers: transformers))
|
|
49
50
|
end
|
|
50
51
|
|
|
51
|
-
def sanitize_config
|
|
52
|
+
def sanitize_config(allowed_elements: [])
|
|
52
53
|
Sanitize::Config.merge(
|
|
53
54
|
Sanitize::Config::RELAXED,
|
|
54
|
-
elements: Sanitize::Config::RELAXED[:elements] + %w[govspeak-embed-attachment govspeak-embed-attachment-link svg path],
|
|
55
|
+
elements: Sanitize::Config::RELAXED[:elements] + %w[govspeak-embed-attachment govspeak-embed-attachment-link svg path].concat(allowed_elements),
|
|
55
56
|
attributes: {
|
|
56
57
|
:all => Sanitize::Config::RELAXED[:attributes][:all] + %w[role aria-label],
|
|
57
58
|
"a" => Sanitize::Config::RELAXED[:attributes]["a"] + [:data],
|
data/lib/govspeak/version.rb
CHANGED
data/test/govspeak_test.rb
CHANGED
|
@@ -666,6 +666,11 @@ Teston
|
|
|
666
666
|
assert_equal "<script>doGoodThings();</script>", document.to_html.strip
|
|
667
667
|
end
|
|
668
668
|
|
|
669
|
+
test "it can exclude stipulated elements from sanitization" do
|
|
670
|
+
document = Govspeak::Document.new("<uncommon-element>some content</uncommon-element>", allowed_elements: %w[uncommon-element])
|
|
671
|
+
assert_equal "<uncommon-element>some content</uncommon-element>", document.to_html.strip
|
|
672
|
+
end
|
|
673
|
+
|
|
669
674
|
test "identifies a Govspeak document containing malicious HTML as invalid" do
|
|
670
675
|
document = Govspeak::Document.new("<script>doBadThings();</script>")
|
|
671
676
|
refute document.valid?
|
data/test/html_sanitizer_test.rb
CHANGED
|
@@ -96,4 +96,10 @@ class HtmlSanitizerTest < Minitest::Test
|
|
|
96
96
|
assert_equal "<table><thead><tr><th>thing</th></tr></thead><tbody><tr><td>thing</td></tr></tbody></table>", Govspeak::HtmlSanitizer.new(html).sanitize
|
|
97
97
|
end
|
|
98
98
|
end
|
|
99
|
+
|
|
100
|
+
test "excludes specified elements from sanitization" do
|
|
101
|
+
html = "<custom-allowed-element><p>text</p></custom-allowed-element>"
|
|
102
|
+
assert_equal "<p>text</p>", Govspeak::HtmlSanitizer.new(html).sanitize
|
|
103
|
+
assert_equal html, Govspeak::HtmlSanitizer.new(html).sanitize(allowed_elements: %w[custom-allowed-element])
|
|
104
|
+
end
|
|
99
105
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: govspeak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GOV.UK Dev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionview
|
|
@@ -372,24 +372,24 @@ signing_key:
|
|
|
372
372
|
specification_version: 4
|
|
373
373
|
summary: Markup language for single domain
|
|
374
374
|
test_files:
|
|
375
|
+
- test/test_helper.rb
|
|
376
|
+
- test/blockquote_extra_quote_remover_test.rb
|
|
375
377
|
- test/govspeak_images_bang_test.rb
|
|
376
|
-
- test/
|
|
378
|
+
- test/govspeak_contacts_test.rb
|
|
379
|
+
- test/govspeak_table_with_headers_test.rb
|
|
377
380
|
- test/govspeak_link_extractor_test.rb
|
|
378
|
-
- test/govspeak_attachments_inline_test.rb
|
|
379
|
-
- test/govspeak_button_test.rb
|
|
380
|
-
- test/govspeak_structured_headers_test.rb
|
|
381
381
|
- test/govspeak_attachments_image_test.rb
|
|
382
|
-
- test/
|
|
382
|
+
- test/html_validator_test.rb
|
|
383
|
+
- test/govspeak_button_test.rb
|
|
383
384
|
- test/govspeak_extract_contact_content_ids_test.rb
|
|
384
|
-
- test/
|
|
385
|
-
- test/govspeak_test.rb
|
|
386
|
-
- test/html_sanitizer_test.rb
|
|
385
|
+
- test/govspeak_test_helper.rb
|
|
387
386
|
- test/govspeak_footnote_test.rb
|
|
388
|
-
- test/blockquote_extra_quote_remover_test.rb
|
|
389
|
-
- test/test_helper.rb
|
|
390
|
-
- test/govspeak_table_with_headers_test.rb
|
|
391
|
-
- test/govspeak_images_test.rb
|
|
392
387
|
- test/govspeak_link_test.rb
|
|
393
|
-
- test/
|
|
394
|
-
- test/
|
|
395
|
-
- test/
|
|
388
|
+
- test/govspeak_structured_headers_test.rb
|
|
389
|
+
- test/html_sanitizer_test.rb
|
|
390
|
+
- test/govspeak_images_test.rb
|
|
391
|
+
- test/govspeak_test.rb
|
|
392
|
+
- test/govspeak_attachment_link_test.rb
|
|
393
|
+
- test/govspeak_attachment_test.rb
|
|
394
|
+
- test/presenters/h_card_presenter_test.rb
|
|
395
|
+
- test/govspeak_attachments_inline_test.rb
|