govspeak 6.8.0 → 6.8.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/govspeak/html_sanitizer.rb +11 -1
  4. data/lib/govspeak/html_validator.rb +12 -6
  5. data/lib/govspeak/version.rb +1 -1
  6. data/lib/govspeak.rb +3 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4de0ad0d505ecb467987eb27087a076411a0bd6de2fe535eb058b0550d17d09d
4
- data.tar.gz: 5b1cba9b7ecc6bc47d1f1646e0dfbb3ff3c2a5cee04a41079c8bb419b0b21610
3
+ metadata.gz: 5613d3c42e9347e578dd2ed9d2164c08cc81cfc70f8ade79deb56fc77069056f
4
+ data.tar.gz: 1157c2a33c97ae726af931714252eaa460216f1254a47449c4db187fff197c1d
5
5
  SHA512:
6
- metadata.gz: def9659344fe5ed585999686924483c0c8dbc6a130820b86fa427d3eee31b635f2ac64efd0e15a2e42d5102e0b709f15f13c5d70f9d76c90757241bb6734bd23
7
- data.tar.gz: 6ff2c9ae06337d1b8030cf823c8dab8983a99c0fab7abe7673e7c917347ff91be94834c6b00601397ecef2ada1837e58c69cf21419a872571e218bc55e64d695
6
+ metadata.gz: aa8cca4a71fd2f9b029c545714ccf032ead1fe07389ce49571aa5f14093b95bd7ae05ddc2188bea959ea60ac59c042bc0b56729b8a197782291869e7e0cf947e
7
+ data.tar.gz: 12dcd4d62d0b6b16a651d001145f2aaa942991c972a00720d598464633f2eb8ead57d50dc0609ed1eb6a25a328399380dac55d97aa7101cdd52483b46b6c700c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 6.8.1
2
+
3
+ * Fix a bug which resulted in validation errors on 'Start Button' elements [#237](https://github.com/alphagov/govspeak/pull/237)
4
+
1
5
  ## 6.8.0
2
6
 
3
7
  * Drop support for Ruby 2.6 which reaches End of Life (EOL) on 31/03/2022
data/lib/govspeak/html_sanitizer.rb CHANGED
@@ -46,7 +46,17 @@ class Govspeak::HtmlSanitizer
46
46
  transformers << ImageSourceWhitelister.new(@allowed_image_hosts)
47
47
  end
48
48
 
49
- Sanitize.clean(@dirty_html, Sanitize::Config.merge(sanitize_config(allowed_elements: allowed_elements), transformers: transformers))
49
+ # It would be cleaner to move this `transformers` key into the `sanitize_config` method rather
50
+ # than having to use Sanitize::Config.merge() twice in succession. However, `sanitize_config`
51
+ # is a public method and it looks like other projects depend on it behaving the way it
52
+ # currently does – i.e. to return Sanitize config without any transformers.
53
+ # e.g. https://github.com/alphagov/hmrc-manuals-api/blob/4a83f78d0bb839520155623fd9b63b3b12a3b13a/app/validators/no_dangerous_html_in_text_fields_validator.rb#L44
54
+ config_with_transformers = Sanitize::Config.merge(
55
+ sanitize_config(allowed_elements: allowed_elements),
56
+ transformers: transformers,
57
+ )
58
+
59
+ Sanitize.clean(@dirty_html, config_with_transformers)
50
60
  end
51
61
 
52
62
  def sanitize_config(allowed_elements: [])
data/lib/govspeak/html_validator.rb CHANGED
@@ -1,9 +1,9 @@
1
1
  class Govspeak::HtmlValidator
2
2
  attr_reader :govspeak_string
3
3
 
4
- def initialize(govspeak_string, sanitization_options = {})
4
+ def initialize(govspeak_string, options = {})
5
5
  @govspeak_string = govspeak_string.dup.force_encoding(Encoding::UTF_8)
6
- @sanitization_options = sanitization_options
6
+ @allowed_image_hosts = options[:allowed_image_hosts]
7
7
  end
8
8
 
9
9
  def invalid?
@@ -11,17 +11,23 @@ class Govspeak::HtmlValidator
11
11
  end
12
12
 
13
13
  def valid?
14
- dirty_html = govspeak_to_html
15
- clean_html = Govspeak::HtmlSanitizer.new(dirty_html, @sanitization_options).sanitize
14
+ dirty_html = govspeak_to_html(sanitize: false)
15
+ clean_html = govspeak_to_html(sanitize: true)
16
16
  normalise_html(dirty_html) == normalise_html(clean_html)
17
17
  end
18
18
 
19
+ private
20
+
19
21
  # Make whitespace in html tags consistent
20
22
  def normalise_html(html)
21
23
  Nokogiri::HTML5.fragment(html).to_s
22
24
  end
23
25
 
24
- def govspeak_to_html
25
- Govspeak::Document.new(govspeak_string, sanitize: false).to_html
26
+ def govspeak_to_html(sanitize:)
27
+ Govspeak::Document.new(
28
+ govspeak_string,
29
+ sanitize: sanitize,
30
+ allowed_image_hosts: @allowed_image_hosts,
31
+ ).to_html
26
32
  end
27
33
  end
data/lib/govspeak/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Govspeak
2
- VERSION = "6.8.0".freeze
2
+ VERSION = "6.8.1".freeze
3
3
  end
data/lib/govspeak.rb CHANGED
@@ -54,6 +54,7 @@ module Govspeak
54
54
 
55
55
  @images = options.delete(:images) || []
56
56
  @allowed_elements = options.delete(:allowed_elements) || []
57
+ @allowed_image_hosts = options.delete(:allowed_image_hosts) || []
57
58
  @attachments = Array.wrap(options.delete(:attachments))
58
59
  @links = Array.wrap(options.delete(:links))
59
60
  @contacts = Array.wrap(options.delete(:contacts))
@@ -69,7 +70,8 @@ module Govspeak
69
70
  def to_html
70
71
  @to_html ||= begin
71
72
  html = if @options[:sanitize]
72
- HtmlSanitizer.new(kramdown_doc.to_html).sanitize(allowed_elements: @allowed_elements)
73
+ HtmlSanitizer.new(kramdown_doc.to_html, allowed_image_hosts: @allowed_image_hosts)
74
+ .sanitize(allowed_elements: @allowed_elements)
73
75
  else
74
76
  kramdown_doc.to_html
75
77
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: govspeak
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.8.0
4
+ version: 6.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-17 00:00:00.000000000 Z
11
+ date: 2022-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionview
@@ -327,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
327
327
  - !ruby/object:Gem::Version
328
328
  version: '0'
329
329
  requirements: []
330
- rubygems_version: 3.3.7
330
+ rubygems_version: 3.3.9
331
331
  signing_key:
332
332
  specification_version: 4
333
333
  summary: Markup language for single domain