html-pipeline 2.12.0 → 2.13.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d08ceab233a694f9315d1733a1ab2a9509adcb5ab6845a28ba5aa09865e110d9
-  data.tar.gz: 6b8eef1085941d9e65ea9747ed402f519c886b54d393a5cd66326d1f01d1d433
+  metadata.gz: 98e2f770a5c65764d3f1876186ada3b9f3566997ec706c11a835216b9a5f2cb6
+  data.tar.gz: 7a839e8ec04a801868674916f2521d3d098dbace80e57b4f3ce3bc9997592b7b
 SHA512:
-  metadata.gz: 825524c21337d775d83c8cd4b99a353b0c295d49b2447d2dfc6f4f7b762f43c4b69891f608813ad2e8402b739b904878b13f948d8910f04c8e14e42d3c4a4cd6
-  data.tar.gz: e5e2b9740e9915e6054404dcd28f86aa8f931b4585647380f6e2d4c5b4bff75644549b27d77080c9d95b87596bb4a55ebf759855c9f9ca2dc0cbe80ec2b0e3fa
+  metadata.gz: 63e9bd15cf65b8765d1046d77f7a675d3dc44d8c82a717bec18722b38275753010c9793f3dec3fcf46f7ad5e4021e33b96280efa6324a3cb37092606c5c37f50
+  data.tar.gz: df99642a2bc048ce6d5f7e52dc1816c5589af7a7503b7f69f842fbc361d70e57601376b437cd56b40161d131d27eddc31b62230f6d7672ccfba3666afef6e1df

data/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+github: gjtorikian
+patreon: gjtorikian
+open_collective: garen-torikian
+issuehunt: gjtorikian

data/.travis.yml

@@ -13,6 +13,7 @@ addons:
 script: bundle exec rake
 
 gemfile:
+  - gemfiles/rails_6.gemfile
   - gemfiles/rails_5.gemfile
   - gemfiles/rails_4.gemfile
   - gemfiles/rails_3.gemfile
@@ -20,6 +21,7 @@ gemfile:
 rvm:
   - 2.4.6
   - 2.3.8
+  - 2.5.7
   - ruby-head
 
 matrix:
@@ -27,7 +29,15 @@ matrix:
   allow_failures:
     - rvm: ruby-head
   exclude:
+    - gemfile: gemfiles/rails_6.gemfile
+      rvm: 2.4.6
+    - gemfile: gemfiles/rails_6.gemfile
+      rvm: 2.3.8
+    - gemfile: gemfiles/rails_4.gemfile
+      rvm: 2.5.7
     - gemfile: gemfiles/rails_4.gemfile
       rvm: 2.4.6
+    - gemfile: gemfiles/rails_3.gemfile
+      rvm: 2.5.7
     - gemfile: gemfiles/rails_3.gemfile
       rvm: 2.4.6

data/Appraisals

@@ -13,3 +13,7 @@ end
 appraise 'rails-5' do
   gem 'rails', '~> 5.0.0'
 end
+
+appraise 'rails-6' do
+  gem 'rails', '~> 6.0.0'
+end

data/CHANGELOG.md

@@ -1,80 +1,161 @@
 # CHANGELOG
 
+## 2.12.3
+
+  * Bug fix in `SyntaxHighlightFilter` [#325](https://github.com/jch/html-pipeline/pull/325)
+
+## 2.12.2
+
+  * Allow unsafe option for Custom Renderer of `MarkdownFilter` [#322](https://github.com/jch/html-pipeline/pull/322)
+  * Test with minitest-focus
+
+## 2.12.1
+
+  * Allow Custom Renderer for `MarkdownFilter` [#318](https://github.com/jch/html-pipeline/pull/318)
+  * Test against more Rails versions
+
+## 2.12.0
+
+  * Team mention filter [#314](https://github.com/jch/html-pipeline/pull/314)
+
+## 2.11.1
+
+  * Avoid YARD warning: Unknown tag @mention [#309](https://github.com/jch/html-pipeline/pull/309)
+  * Freeze string literals in Ruby 2.3 and beyond [#313](https://github.com/jch/html-pipeline/pull/313)
+
+## 2.11.0
+
+  * Test against Ruby 2.4 [#310](https://github.com/jch/html-pipeline/pull/310)
+  * CamoFilter: use String#unpack to hexencode URLs [#256](https://github.com/jch/html-pipeline/pull/256)
+
+## 2.10.0
+
+  * Add XMPP URI [#307](https://github.com/jch/html-pipeline/pull/307)
+  * Stop testing against Ruby 2.2
+
+## 2.9.2
+
+  * Whitelist various inline semantic/formatting tags [#306](https://github.com/jch/html-pipeline/pull/306)
+
+## 2.9.1
+
+  * Render irc and ircs URLs [#191](https://github.com/jch/html-pipeline/pull/191)
+
+## 2.9.0
+
+  * Fix one more missing freeze [#300](https://github.com/jch/html-pipeline/pull/300)
+  * Adds `UNSAFE` option to CommonMarker usage where needed [#304](https://github.com/jch/html-pipeline/pull/304)
+
+## 2.8.4
+
+  * Freeze all elements in HTML::Pipeline::SanitizationFilter [#299](https://github.com/jch/html-pipeline/pull/299)
+
+## 2.8.3
+
+  * Whitelist some accessibility properties [#298](https://github.com/jch/html-pipeline/pull/298)
+
+## 2.8.2
+
+  * Update ruby-sanitize (fixes CVE-2018-3740)
+
+## 2.8.1
+
+  * Fix XSS vulnerability on table of content generation [#296](https://github.com/jch/html-pipeline/pull/296)
+
+## 2.8.0
+
+  * Ensure `<pre>` nodes are not removed after syntax highlighting [#295](https://github.com/jch/html-pipeline/pull/295)
+
+## 2.7.2
+
+  * Apply mention filter & emoji filter on node text [#290](https://github.com/jch/html-pipeline/pull/290)
+  * Disable processing @mentions in `<script>` tag [#292](https://github.com/jch/html-pipeline/pull/292)
+  * Update dependencies [#291](https://github.com/jch/html-pipeline/pull/291)
+
+## 2.7.1
+
+  * Output underlying load error when wrapping [#284](https://github.com/jch/html-pipeline/pull/284)
+
+## 2.7.0
+
+  * Let users set the common marker extensions [#279](https://github.com/jch/html-pipeline/pull/279)
+
 ## 2.6.0
-* Switch from github-markdown to CommonMark #274
-* Fixed a few warnings
+
+  * Switch from github-markdown to CommonMark [#274](https://github.com/jch/html-pipeline/pull/274)
+  * Fixed a few warnings
 
 ## 2.5.0
 
-* Ruby 2.4 support. Backwards compatible, but bumped minor version so projects can choose to lock at older version [#268](https://github.com/jch/html-pipeline/pull/268)
+  * Ruby 2.4 support. Backwards compatible, but bumped minor version so projects can choose to lock at older version [#268](https://github.com/jch/html-pipeline/pull/268)
 
 ## 2.4.2
 
-* Make EmojiFilter generated img tag HTML attributes configurable [#258](https://github.com/jch/html-pipeline/pull/258)
+  * Make EmojiFilter generated img tag HTML attributes configurable [#258](https://github.com/jch/html-pipeline/pull/258)
 
 ## 2.4.1
 
-* Regression in EmailReplyPipeline: unfiltered content is being omitted [#253](https://github.com/jch/html-pipeline/pull/253)
+  * Regression in EmailReplyPipeline: unfiltered content is being omitted [#253](https://github.com/jch/html-pipeline/pull/253)
 
 ## 2.4.0
 
-* Optionally filter email addresses [#247](https://github.com/jch/html-pipeline/pull/247)
+  * Optionally filter email addresses [#247](https://github.com/jch/html-pipeline/pull/247)
 
 ## 2.3.0
 
-* Add option to pass in an anchor icon, instead of using octicons [#244](https://github.com/jch/html-pipeline/pull/244)
+  * Add option to pass in an anchor icon, instead of using octicons [#244](https://github.com/jch/html-pipeline/pull/244)
 
 ## 2.2.4
 
-* Use entire namespace so MissingDependencyError constant is resolved [#243](https://github.com/jch/html-pipeline/pull/243)
+  * Use entire namespace so MissingDependencyError constant is resolved [#243](https://github.com/jch/html-pipeline/pull/243)
 
 ## 2.2.3
 
-* raise MissingDependencyError instead of aborting on missing dependency [#241](https://github.com/jch/html-pipeline/pull/241)
-* Fix typo [#239](https://github.com/jch/html-pipeline/pull/239)
-* Test against Ruby 2.3.0 on Travis CI [#238](https://github.com/jch/html-pipeline/pull/238)
-* use travis containers [#237](https://github.com/jch/html-pipeline/pull/237)
+  * raise MissingDependencyError instead of aborting on missing dependency [#241](https://github.com/jch/html-pipeline/pull/241)
+  * Fix typo [#239](https://github.com/jch/html-pipeline/pull/239)
+  * Test against Ruby 2.3.0 on Travis CI [#238](https://github.com/jch/html-pipeline/pull/238)
+  * use travis containers [#237](https://github.com/jch/html-pipeline/pull/237)
 
 ## 2.2.2
 
-* Fix for calling mention_link_filter with only one argument [#230](https://github.com/jch/html-pipeline/pull/230)
-* Add html-pipeline-linkify_github to 3rd Party Extensions in README [#228](https://github.com/jch/html-pipeline/pull/228)
+  * Fix for calling mention_link_filter with only one argument [#230](https://github.com/jch/html-pipeline/pull/230)
+  * Add html-pipeline-linkify_github to 3rd Party Extensions in README [#228](https://github.com/jch/html-pipeline/pull/228)
 
 ## 2.2.1
 
-* Soften Nokogiri dependency to versions ">= 1.4" [#208](https://github.com/jch/html-pipeline/pull/208)
+  * Soften Nokogiri dependency to versions ">= 1.4" [#208](https://github.com/jch/html-pipeline/pull/208)
 
 ## 2.2.0
 
-* Only allow cite attribute on blockquote and restrict schemes [#223](https://github.com/jch/html-pipeline/pull/223)
+  * Only allow cite attribute on blockquote and restrict schemes [#223](https://github.com/jch/html-pipeline/pull/223)
 
 ## 2.1.0
 
-* Whitelist schemes for longdesc [#221](https://github.com/jch/html-pipeline/pull/221)
-* Extract emoji image tag generation to own method [#195](https://github.com/jch/html-pipeline/pull/195)
-* Update README.md [#211](https://github.com/jch/html-pipeline/pull/211)
-* Add ImageFilter for image url to img tag conversion [#207](https://github.com/jch/html-pipeline/pull/207)
+  * Whitelist schemes for longdesc [#221](https://github.com/jch/html-pipeline/pull/221)
+  * Extract emoji image tag generation to own method [#195](https://github.com/jch/html-pipeline/pull/195)
+  * Update README.md [#211](https://github.com/jch/html-pipeline/pull/211)
+  * Add ImageFilter for image url to img tag conversion [#207](https://github.com/jch/html-pipeline/pull/207)
 
 ## 2.0
 
 **New**
 
-* Implement new EmojiFilter context option: ignored_ancestor_tags to accept more ignored tags. [#170](https://github.com/jch/html-pipeline/pull/170) @JuanitoFatas
-* Add GitHub flavor Markdown Task List extension [#162](https://github.com/jch/html-pipeline/pull/162) @simeonwillbanks
-* @mention allow for custom regex to identify usernames. [#157](https://github.com/jch/html-pipeline/pull/157) @brittballard
-* EmojiFilter now requires gemoji ~> 2. [#159](https://github.com/jch/html-pipeline/pull/159) @jch
+  * Implement new EmojiFilter context option: ignored_ancestor_tags to accept more ignored tags. [#170](https://github.com/jch/html-pipeline/pull/170) @JuanitoFatas
+  * Add GitHub flavor Markdown Task List extension [#162](https://github.com/jch/html-pipeline/pull/162) @simeonwillbanks
+  * @mention allow for custom regex to identify usernames. [#157](https://github.com/jch/html-pipeline/pull/157) @brittballard
+  * EmojiFilter now requires gemoji ~> 2. [#159](https://github.com/jch/html-pipeline/pull/159) @jch
 
 **Changes**
 
-* Restrict nokogiri to >= 1.4, <= 1.6.5 [#176](https://github.com/jch/html-pipeline/pull/176) @simeonwillbanks
-* MentionFilter#link_to_mentioned_user: Replace String introspection with Regexp match [#172](https://github.com/jch/html-pipeline/pull/172) @simeonwillbanks
-* Whitelist summary and details element. [#171](https://github.com/jch/html-pipeline/pull/171) @JuanitoFatas
-* Support ~login for MentionFilter. [#167](https://github.com/jch/html-pipeline/pull/167) @JuanitoFatas
-* Revert "Search for text nodes on DocumentFragments without root tags" [#158](https://github.com/jch/html-pipeline/pull/158) @jch
-* Drop support for ruby ree, 1.9.2, 1.9.3 [#156](https://github.com/jch/html-pipeline/pull/156) @jch
-* Skip EmojiFilter in `<tt>` tags [#147](https://github.com/jch/html-pipeline/pull/147) @moskvax
-* Use Linguist lexers [#153](https://github.com/jch/html-pipeline/pull/153) @pchaigno
-* Constrain Active Support >= 2, < 5 [#180](https://github.com/jch/html-pipeline/pull/180) @jch
+  * Restrict nokogiri to >= 1.4, <= 1.6.5 [#176](https://github.com/jch/html-pipeline/pull/176) @simeonwillbanks
+  * MentionFilter#link_to_mentioned_user: Replace String introspection with Regexp match [#172](https://github.com/jch/html-pipeline/pull/172) @simeonwillbanks
+  * Whitelist summary and details element. [#171](https://github.com/jch/html-pipeline/pull/171) @JuanitoFatas
+  * Support ~login for MentionFilter. [#167](https://github.com/jch/html-pipeline/pull/167) @JuanitoFatas
+  * Revert "Search for text nodes on DocumentFragments without root tags" [#158](https://github.com/jch/html-pipeline/pull/158) @jch
+  * Drop support for ruby ree, 1.9.2, 1.9.3 [#156](https://github.com/jch/html-pipeline/pull/156) @jch
+  * Skip EmojiFilter in `<tt>` tags [#147](https://github.com/jch/html-pipeline/pull/147) @moskvax
+  * Use Linguist lexers [#153](https://github.com/jch/html-pipeline/pull/153) @pchaigno
+  * Constrain Active Support >= 2, < 5 [#180](https://github.com/jch/html-pipeline/pull/180) @jch
 
 ## 1.11.0
 

data/Gemfile

@@ -22,4 +22,5 @@ group :test do
 
   gem 'escape_utils', '~> 1.0', require: false
   gem 'rouge', '~> 3.1', require: false
+  gem 'minitest-focus', '~> 1.1'
 end

data/README.md

@@ -1,9 +1,10 @@
 # HTML::Pipeline [![Build Status](https://travis-ci.org/jch/html-pipeline.svg?branch=master)](https://travis-ci.org/jch/html-pipeline)
 
-GitHub HTML processing filters and utilities. This module includes a small
+HTML processing filters and utilities. This module includes a small
 framework for defining DOM based content filters and applying them to user
-provided content. Read an introduction about this project in
-[this blog post](https://github.com/blog/1311-html-pipeline-chainable-content-filters).
+provided content.
+
+[This project was started at GitHub](https://github.com/blog/1311-html-pipeline-chainable-content-filters). While GitHub still uses a similar design and pattern for rendering content, this gem should be considered standalone and independent from GitHub.
 
 - [Installation](#installation)
 - [Usage](#usage)
@@ -32,7 +33,7 @@ And then execute:
 $ bundle
 ```
 
-Or install it yourself as:
+Or install it by yourself as:
 
 ```sh
 $ gem install html-pipeline
@@ -82,7 +83,7 @@ Prints:
 </code></pre>
 ```
 
-To generate CSS for HTML formatted code, use the [Rouge CSS Theme](https://github.com/jneen/rouge#css-theme-options) `#css` method. `rouge` is a dependency of the `SyntaxHighlightFilter`.
+To generate CSS for HTML formatted code, use the [Rouge CSS Theme](https://github.com/rouge-ruby/rouge#css-options) `#css` method. `rouge` is a dependency of the `SyntaxHighlightFilter`.
 
 Some filters take an optional **context** and/or **result** hash. These are
 used to pass around arguments and metadata between filters in a pipeline. For
@@ -163,7 +164,7 @@ EmojiPipeline = Pipeline.new [
 * `ImageMaxWidthFilter` - link to full size image for large images
 * `MarkdownFilter` - convert markdown to html
 * `PlainTextInputFilter` - html escape text and wrap the result in a div
-* `SanitizationFilter` - whitelist sanitize user markup
+* `SanitizationFilter` - allow sanitize user markup
 * `SyntaxHighlightFilter` - code syntax highlighter
 * `TextileFilter` - convert textile to html
 * `TableOfContentsFilter` - anchor headings with name attributes and generate Table of Contents html unordered list linking headings
@@ -329,9 +330,9 @@ html_fragment = "This is outside of an html element, but <strong>this isn't. :+1
 EmojiPipeline.call("<div>#{html_fragment}</div>") # <- Wrap your own html fragments to avoid escaping
 ```
 
-### 2. How do I customize a whitelist for `SanitizationFilter`s?
+### 2. How do I customize an allowlist for `SanitizationFilter`s?
 
-`SanitizationFilter::WHITELIST` is the default whitelist used if no `:whitelist`
+`SanitizationFilter::ALLOWLIST` is the default allowlist used if no `:allowlist`
 argument is given in the context. The default is a good starting template for
 you to add additional elements. You can either modify the constant's value, or
 re-define your own constant and pass that in via the context.
@@ -354,6 +355,8 @@ Thanks to all of [these contributors](https://github.com/jch/html-pipeline/graph
 
 Project is a member of the [OSS Manifesto](http://ossmanifesto.org/).
 
+The current maintainer is @gjtorikian
+
 ### Releasing A New Version
 
 This section is for gem maintainers to cut a new version of the gem.

data/lib/html/pipeline/autolink_filter.rb

@@ -8,6 +8,7 @@ module HTML
     #
     # Context options:
     #   :autolink  - boolean whether to autolink urls
+    #   :link_mode - :all, :urls or :email_addresses
     #   :link_attr - HTML attributes for the link that will be generated
     #   :skip_tags - HTML tags inside which autolinking will be skipped.
     #                See Rinku.skip_tags
@@ -22,7 +23,11 @@ module HTML
         flags = 0
         flags |= context[:flags] if context[:flags]
 
-        Rinku.auto_link(html, :urls, context[:link_attr], skip_tags, flags)
+        Rinku.auto_link(html, link_mode, context[:link_attr], skip_tags, flags)
+      end
+
+      def link_mode
+        context[:link_mode] || :urls
       end
     end
   end

data/lib/html/pipeline/camo_filter.rb

@@ -16,7 +16,7 @@ module HTML
     # Context options:
     #   :asset_proxy (required) - Base URL for constructed asset proxy URLs.
     #   :asset_proxy_secret_key (required) - The shared secret used to encode URLs.
-    #   :asset_proxy_whitelist - Array of host Strings or Regexps to skip
+    #   :asset_proxy_allowlist - Array of host Strings or Regexps to skip
     #                            src rewriting.
     #
     # This filter does not write additional information to the context.
@@ -37,7 +37,7 @@ module HTML
           end
 
           next if uri.host.nil?
-          next if asset_host_whitelisted?(uri.host)
+          next if asset_host_allowed?(uri.host)
 
           element['src'] = asset_proxy_url(original_src)
           element['data-canonical-src'] = original_src
@@ -76,11 +76,21 @@ module HTML
       end
 
       def asset_proxy_whitelist
-        context[:asset_proxy_whitelist] || []
+        warn "[DEPRECATION] 'asset_proxy_whitelist' is deprecated. Please use 'asset_proxy_allowlist' instead."
+        asset_proxy_allowlist
+      end
+
+      def asset_proxy_allowlist
+        context[:asset_proxy_allowlist] || context[:asset_proxy_whitelist] || []
       end
 
       def asset_host_whitelisted?(host)
-        asset_proxy_whitelist.any? do |test|
+        warn "[DEPRECATION] 'asset_host_whitelisted?' is deprecated. Please use 'asset_host_allowed?' instead."
+        asset_host_allowed?(host)
+      end
+
+      def asset_host_allowed?(host)
+        asset_proxy_allowlist.any? do |test|
           test.is_a?(String) ? host == test : test.match(host)
         end
       end

data/lib/html/pipeline/markdown_filter.rb

@@ -11,10 +11,12 @@ module HTML
     # Context options:
     #   :gfm      => false    Disable GFM line-end processing
     #   :commonmarker_extensions => [ :table, :strikethrough,
-    #      :tagfilter, :autolink ] Common marker extensions to include
+    #      :tagfilter, :autolink ] Commonmarker extensions to include
     #
     # This filter does not write any additional information to the context hash.
     class MarkdownFilter < TextFilter
+      DEFAULT_COMMONMARKER_EXTENSIONS = %i[table strikethrough tagfilter autolink].freeze
+
       def initialize(text, context = nil, result = nil)
         super text, context, result
         @text = @text.delete "\r"
@@ -23,14 +25,29 @@ module HTML
       # Convert Markdown to HTML using the best available implementation
       # and convert into a DocumentFragment.
       def call
-        options = [:GITHUB_PRE_LANG]
-        options << :HARDBREAKS if context[:gfm] != false
-        options << :UNSAFE if context[:unsafe]
         extensions = context.fetch(
           :commonmarker_extensions,
-          %i[table strikethrough tagfilter autolink]
+          DEFAULT_COMMONMARKER_EXTENSIONS
         )
-        html = CommonMarker.render_html(@text, options, extensions)
+        html = if (renderer = context[:commonmarker_renderer])
+          unless renderer < CommonMarker::HtmlRenderer
+            raise ArgumentError, "`commonmark_renderer` must be derived from `CommonMarker::HtmlRenderer`"
+          end
+          parse_options = :DEFAULT
+          parse_options = [:UNSAFE] if context[:unsafe]
+
+          render_options = [:GITHUB_PRE_LANG]
+          render_options << :HARDBREAKS if context[:gfm] != false
+          render_options = [:UNSAFE] if context[:unsafe]
+
+          doc = CommonMarker.render_doc(@text, parse_options, extensions)
+          renderer.new(options: render_options, extensions: extensions).render(doc)
+        else
+          options = [:GITHUB_PRE_LANG]
+          options << :HARDBREAKS if context[:gfm] != false
+          options << :UNSAFE if context[:unsafe]
+          CommonMarker.render_html(@text, options, extensions)
+        end
         html.rstrip!
         html
       end

data/lib/html/pipeline/sanitization_filter.rb

@@ -4,7 +4,7 @@ HTML::Pipeline.require_dependency('sanitize', 'SanitizationFilter')
 
 module HTML
   class Pipeline
-    # HTML filter with sanization routines and whitelists. This module defines
+    # HTML filter with sanization routines and allowlists. This module defines
     # what HTML is allowed in user provided content and fixes up issues with
     # unbalanced tags and whatnot.
     #
@@ -13,13 +13,13 @@ module HTML
     # https://github.com/rgrove/sanitize/#readme
     #
     # Context options:
-    #   :whitelist      - The sanitizer whitelist configuration to use. This
+    #   :allowlist      - The sanitizer allowlist configuration to use. This
     #                     can be one of the options constants defined in this
     #                     class or a custom sanitize options hash.
     #   :anchor_schemes - The URL schemes to allow in <a href> attributes. The
     #                     default set is provided in the ANCHOR_SCHEMES
     #                     constant in this class. If passed, this overrides any
-    #                     schemes specified in the whitelist configuration.
+    #                     schemes specified in the allowlist configuration.
     #
     # This filter does not write additional information to the context.
     class SanitizationFilter < Filter
@@ -37,9 +37,9 @@ module HTML
       # These schemes are the only ones allowed in <a href> attributes by default.
       ANCHOR_SCHEMES = ['http', 'https', 'mailto', 'xmpp', :relative, 'github-windows', 'github-mac', 'irc', 'ircs'].freeze
 
-      # The main sanitization whitelist. Only these elements and attributes are
+      # The main sanitization allowlist. Only these elements and attributes are
       # allowed through by default.
-      WHITELIST = {
+      ALLOWLIST = {
         elements: %w[
           h1 h2 h3 h4 h5 h6 h7 h8 br b i strong em a pre code img tt
           div ins del sup sub p ol ul table thead tbody tfoot blockquote
@@ -68,8 +68,8 @@ module HTML
                   hspace ismap label lang
                   maxlength media method
                   multiple name nohref noshade
-                  nowrap open prompt readonly rel rev
-                  rows rowspan rules scope
+                  nowrap open progress prompt readonly rel rev
+                  role rows rowspan rules scope
                   selected shape size span
                   start summary tabindex target
                   title type usemap valign value
@@ -108,10 +108,10 @@ module HTML
         ].freeze
       }.freeze
 
-      # A more limited sanitization whitelist. This includes all attributes,
-      # protocols, and transformers from WHITELIST but with a more locked down
+      # A more limited sanitization allowlist. This includes all attributes,
+      # protocols, and transformers from ALLOWLIST but with a more locked down
       # set of allowed elements.
-      LIMITED = WHITELIST.merge(
+      LIMITED = ALLOWLIST.merge(
         elements: %w[b i strong em a pre code img ins del sup sub mark abbr p ol ul li]
       )
 
@@ -120,19 +120,24 @@ module HTML
 
       # Sanitize markup using the Sanitize library.
       def call
-        Sanitize.clean_node!(doc, whitelist)
+        Sanitize.clean_node!(doc, allowlist)
       end
 
-      # The whitelist to use when sanitizing. This can be passed in the context
-      # hash to the filter but defaults to WHITELIST constant value above.
       def whitelist
-        whitelist = context[:whitelist] || WHITELIST
+        warn "[DEPRECATION] 'whitelist' is deprecated. Please use 'allowlist' instead."
+        allowlist
+      end
+
+      # The allowlist to use when sanitizing. This can be passed in the context
+      # hash to the filter but defaults to ALLOWLIST constant value above.
+      def allowlist
+        allowlist = context[:allowlist] || context[:whitelist] || ALLOWLIST
         anchor_schemes = context[:anchor_schemes]
-        return whitelist unless anchor_schemes
-        whitelist = whitelist.dup
-        whitelist[:protocols] = (whitelist[:protocols] || {}).dup
-        whitelist[:protocols]['a'] = (whitelist[:protocols]['a'] || {}).merge('href' => anchor_schemes)
-        whitelist
+        return allowlist unless anchor_schemes
+        allowlist = allowlist.dup
+        allowlist[:protocols] = (allowlist[:protocols] || {}).dup
+        allowlist[:protocols]['a'] = (allowlist[:protocols]['a'] || {}).merge('href' => anchor_schemes)
+        allowlist
       end
     end
   end

data/lib/html/pipeline/syntax_highlight_filter.rb

@@ -4,8 +4,15 @@ HTML::Pipeline.require_dependency('rouge', 'SyntaxHighlightFilter')
 
 module HTML
   class Pipeline
-    # HTML Filter that syntax highlights code blocks wrapped
-    # in <pre lang="...">.
+    # HTML Filter that syntax highlights text inside code blocks.
+    #
+    # Context options:
+    #
+    #   :highlight => String represents the language to pick lexer. Defaults to empty string.
+    #   :scope => String represents the class attribute adds to pre element after.
+    #             Defaults to "highlight highlight-css" if highlights a css code block.
+    #
+    # This filter does not write any additional information to the context hash.
     class SyntaxHighlightFilter < Filter
       def initialize(*args)
         super(*args)
@@ -17,23 +24,20 @@ module HTML
           default = context[:highlight] && context[:highlight].to_s
           next unless lang = node['lang'] || default
           next unless lexer = lexer_for(lang)
-          text = node.inner_text
 
-          html = highlight_with_timeout_handling(text, lang)
+          text = node.inner_text
+          html = highlight_with_timeout_handling(text, lexer)
           next if html.nil?
 
           node.inner_html = html
-          klass = node['class']
-          scope = context[:scope] || "highlight-#{lang}"
-          klass = [klass, scope].compact.join ' '
-
-          node['class'] = klass
+          scope = context.fetch(:scope) { 'highlight' }
+          node['class'] = "#{scope} #{scope}-#{lang}"
         end
         doc
       end
 
-      def highlight_with_timeout_handling(text, lang)
-        Rouge.highlight(text, lang, @formatter)
+      def highlight_with_timeout_handling(text, lexer)
+        Rouge.highlight(text, lexer, @formatter)
       rescue Timeout::Error => _
         nil
       end

data/lib/html/pipeline/version.rb

@@ -2,6 +2,6 @@
 
 module HTML
   class Pipeline
-    VERSION = '2.12.0'.freeze
+    VERSION = '2.13.1'
   end
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 2.12.0
+  version: 2.13.1
 platform: ruby
 authors:
 - Ryan Tomayko
 - Jerry Cheung
 - Garen J. Torikian
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-12 00:00:00.000000000 Z
+date: 2020-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -49,6 +49,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".travis.yml"
 - Appraisals
@@ -106,9 +107,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Helpers for processing content through a chain of filters
 test_files: []