govspeak 6.8.0 → 6.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/govspeak/html_sanitizer.rb +11 -1
- data/lib/govspeak/html_validator.rb +12 -6
- data/lib/govspeak/version.rb +1 -1
- data/lib/govspeak.rb +3 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5613d3c42e9347e578dd2ed9d2164c08cc81cfc70f8ade79deb56fc77069056f
|
|
4
|
+
data.tar.gz: 1157c2a33c97ae726af931714252eaa460216f1254a47449c4db187fff197c1d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa8cca4a71fd2f9b029c545714ccf032ead1fe07389ce49571aa5f14093b95bd7ae05ddc2188bea959ea60ac59c042bc0b56729b8a197782291869e7e0cf947e
|
|
7
|
+
data.tar.gz: 12dcd4d62d0b6b16a651d001145f2aaa942991c972a00720d598464633f2eb8ead57d50dc0609ed1eb6a25a328399380dac55d97aa7101cdd52483b46b6c700c
|
data/CHANGELOG.md
CHANGED
|
@@ -46,7 +46,17 @@ class Govspeak::HtmlSanitizer
|
|
|
46
46
|
transformers << ImageSourceWhitelister.new(@allowed_image_hosts)
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
|
|
49
|
+
# It would be cleaner to move this `transformers` key into the `sanitize_config` method rather
|
|
50
|
+
# than having to use Sanitize::Config.merge() twice in succession. However, `sanitize_config`
|
|
51
|
+
# is a public method and it looks like other projects depend on it behaving the way it
|
|
52
|
+
# currently does – i.e. to return Sanitize config without any transformers.
|
|
53
|
+
# e.g. https://github.com/alphagov/hmrc-manuals-api/blob/4a83f78d0bb839520155623fd9b63b3b12a3b13a/app/validators/no_dangerous_html_in_text_fields_validator.rb#L44
|
|
54
|
+
config_with_transformers = Sanitize::Config.merge(
|
|
55
|
+
sanitize_config(allowed_elements: allowed_elements),
|
|
56
|
+
transformers: transformers,
|
|
57
|
+
)
|
|
58
|
+
|
|
59
|
+
Sanitize.clean(@dirty_html, config_with_transformers)
|
|
50
60
|
end
|
|
51
61
|
|
|
52
62
|
def sanitize_config(allowed_elements: [])
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
class Govspeak::HtmlValidator
|
|
2
2
|
attr_reader :govspeak_string
|
|
3
3
|
|
|
4
|
-
def initialize(govspeak_string,
|
|
4
|
+
def initialize(govspeak_string, options = {})
|
|
5
5
|
@govspeak_string = govspeak_string.dup.force_encoding(Encoding::UTF_8)
|
|
6
|
-
@
|
|
6
|
+
@allowed_image_hosts = options[:allowed_image_hosts]
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def invalid?
|
|
@@ -11,17 +11,23 @@ class Govspeak::HtmlValidator
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def valid?
|
|
14
|
-
dirty_html = govspeak_to_html
|
|
15
|
-
clean_html =
|
|
14
|
+
dirty_html = govspeak_to_html(sanitize: false)
|
|
15
|
+
clean_html = govspeak_to_html(sanitize: true)
|
|
16
16
|
normalise_html(dirty_html) == normalise_html(clean_html)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
private
|
|
20
|
+
|
|
19
21
|
# Make whitespace in html tags consistent
|
|
20
22
|
def normalise_html(html)
|
|
21
23
|
Nokogiri::HTML5.fragment(html).to_s
|
|
22
24
|
end
|
|
23
25
|
|
|
24
|
-
def govspeak_to_html
|
|
25
|
-
Govspeak::Document.new(
|
|
26
|
+
def govspeak_to_html(sanitize:)
|
|
27
|
+
Govspeak::Document.new(
|
|
28
|
+
govspeak_string,
|
|
29
|
+
sanitize: sanitize,
|
|
30
|
+
allowed_image_hosts: @allowed_image_hosts,
|
|
31
|
+
).to_html
|
|
26
32
|
end
|
|
27
33
|
end
|
data/lib/govspeak/version.rb
CHANGED
data/lib/govspeak.rb
CHANGED
|
@@ -54,6 +54,7 @@ module Govspeak
|
|
|
54
54
|
|
|
55
55
|
@images = options.delete(:images) || []
|
|
56
56
|
@allowed_elements = options.delete(:allowed_elements) || []
|
|
57
|
+
@allowed_image_hosts = options.delete(:allowed_image_hosts) || []
|
|
57
58
|
@attachments = Array.wrap(options.delete(:attachments))
|
|
58
59
|
@links = Array.wrap(options.delete(:links))
|
|
59
60
|
@contacts = Array.wrap(options.delete(:contacts))
|
|
@@ -69,7 +70,8 @@ module Govspeak
|
|
|
69
70
|
def to_html
|
|
70
71
|
@to_html ||= begin
|
|
71
72
|
html = if @options[:sanitize]
|
|
72
|
-
HtmlSanitizer.new(kramdown_doc.to_html
|
|
73
|
+
HtmlSanitizer.new(kramdown_doc.to_html, allowed_image_hosts: @allowed_image_hosts)
|
|
74
|
+
.sanitize(allowed_elements: @allowed_elements)
|
|
73
75
|
else
|
|
74
76
|
kramdown_doc.to_html
|
|
75
77
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: govspeak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.8.
|
|
4
|
+
version: 6.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GOV.UK Dev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-03-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionview
|
|
@@ -327,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
327
327
|
- !ruby/object:Gem::Version
|
|
328
328
|
version: '0'
|
|
329
329
|
requirements: []
|
|
330
|
-
rubygems_version: 3.3.
|
|
330
|
+
rubygems_version: 3.3.9
|
|
331
331
|
signing_key:
|
|
332
332
|
specification_version: 4
|
|
333
333
|
summary: Markup language for single domain
|