html-pipeline 2.12.0 → 2.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d08ceab233a694f9315d1733a1ab2a9509adcb5ab6845a28ba5aa09865e110d9
-  data.tar.gz: 6b8eef1085941d9e65ea9747ed402f519c886b54d393a5cd66326d1f01d1d433
+  metadata.gz: a897e9a165c69f5823336a5ca9cf92205c191ad6f90ae0d283be3234a9fefcc4
+  data.tar.gz: a0fb7f552a185bc2ffeb4aba3c8c50a5659b0277763ec0dcbbf28b6f4ce3bfc6
 SHA512:
-  metadata.gz: 825524c21337d775d83c8cd4b99a353b0c295d49b2447d2dfc6f4f7b762f43c4b69891f608813ad2e8402b739b904878b13f948d8910f04c8e14e42d3c4a4cd6
-  data.tar.gz: e5e2b9740e9915e6054404dcd28f86aa8f931b4585647380f6e2d4c5b4bff75644549b27d77080c9d95b87596bb4a55ebf759855c9f9ca2dc0cbe80ec2b0e3fa
+  metadata.gz: c90bcf04d6113d1c9d7a33a4f0dc235dc9d4e302fa1683e36e4c34e96777a307bd5b76b23bad07a02b6bdea8e5577e90e90a57f346e579bbcc6d287f4023623d
+  data.tar.gz: 2ea63f52f5365e66d9742d12d28c248794ad7289bd8e68e7b963e42041c1c7ef30be936cd364ed79cb66c43da73c45e9905b90148cae41ecaab5156aa797b0f6

data/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+github: gjtorikian
+patreon: gjtorikian
+open_collective: garen-torikian
+issuehunt: gjtorikian

data/.travis.yml

@@ -13,6 +13,7 @@ addons:
 script: bundle exec rake
 
 gemfile:
+  - gemfiles/rails_6.gemfile
   - gemfiles/rails_5.gemfile
   - gemfiles/rails_4.gemfile
   - gemfiles/rails_3.gemfile
@@ -20,6 +21,7 @@ gemfile:
 rvm:
   - 2.4.6
   - 2.3.8
+  - 2.5.7
   - ruby-head
 
 matrix:
@@ -27,7 +29,15 @@ matrix:
   allow_failures:
     - rvm: ruby-head
   exclude:
+    - gemfile: gemfiles/rails_6.gemfile
+      rvm: 2.4.6
+    - gemfile: gemfiles/rails_6.gemfile
+      rvm: 2.3.8
+    - gemfile: gemfiles/rails_4.gemfile
+      rvm: 2.5.7
     - gemfile: gemfiles/rails_4.gemfile
       rvm: 2.4.6
+    - gemfile: gemfiles/rails_3.gemfile
+      rvm: 2.5.7
     - gemfile: gemfiles/rails_3.gemfile
       rvm: 2.4.6

data/Appraisals

@@ -13,3 +13,7 @@ end
 appraise 'rails-5' do
   gem 'rails', '~> 5.0.0'
 end
+
+appraise 'rails-6' do
+  gem 'rails', '~> 6.0.0'
+end

data/CHANGELOG.md

@@ -1,80 +1,161 @@
 # CHANGELOG
 
+## 2.12.3
+
+  * Bug fix in `SyntaxHighlightFilter` [#325](https://github.com/jch/html-pipeline/pull/325)
+
+## 2.12.2
+
+  * Allow unsafe option for Custom Renderer of `MarkdownFilter` [#322](https://github.com/jch/html-pipeline/pull/322)
+  * Test with minitest-focus
+
+## 2.12.1
+
+  * Allow Custom Renderer for `MarkdownFilter` [#318](https://github.com/jch/html-pipeline/pull/318)
+  * Test against more Rails versions
+
+## 2.12.0
+
+  * Team mention filter [#314](https://github.com/jch/html-pipeline/pull/314)
+
+## 2.11.1
+
+  * Avoid YARD warning: Unknown tag @mention [#309](https://github.com/jch/html-pipeline/pull/309)
+  * Freeze string literals in Ruby 2.3 and beyond [#313](https://github.com/jch/html-pipeline/pull/313)
+
+## 2.11.0
+
+  * Test against Ruby 2.4 [#310](https://github.com/jch/html-pipeline/pull/310)
+  * CamoFilter: use String#unpack to hexencode URLs [#256](https://github.com/jch/html-pipeline/pull/256)
+
+## 2.10.0
+
+  * Add XMPP URI [#307](https://github.com/jch/html-pipeline/pull/307)
+  * Stop testing against Ruby 2.2
+
+## 2.9.2
+
+  * Whitelist various inline semantic/formatting tags [#306](https://github.com/jch/html-pipeline/pull/306)
+
+## 2.9.1
+
+  * Render irc and ircs URLs [#191](https://github.com/jch/html-pipeline/pull/191)
+
+## 2.9.0
+
+  * Fix one more missing freeze [#300](https://github.com/jch/html-pipeline/pull/300)
+  * Adds `UNSAFE` option to CommonMarker usage where needed [#304](https://github.com/jch/html-pipeline/pull/304)
+
+## 2.8.4
+
+  * Freeze all elements in HTML::Pipeline::SanitizationFilter [#299](https://github.com/jch/html-pipeline/pull/299)
+
+## 2.8.3
+
+  * Whitelist some accessibility properties [#298](https://github.com/jch/html-pipeline/pull/298)
+
+## 2.8.2
+
+  * Update ruby-sanitize (fixes CVE-2018-3740)
+
+## 2.8.1
+
+  * Fix XSS vulnerability on table of content generation [#296](https://github.com/jch/html-pipeline/pull/296)
+
+## 2.8.0
+
+  * Ensure `<pre>` nodes are not removed after syntax highlighting [#295](https://github.com/jch/html-pipeline/pull/295)
+
+## 2.7.2
+
+  * Apply mention filter & emoji filter on node text [#290](https://github.com/jch/html-pipeline/pull/290)
+  * Disable processing @mentions in `<script>` tag [#292](https://github.com/jch/html-pipeline/pull/292)
+  * Update dependencies [#291](https://github.com/jch/html-pipeline/pull/291)
+
+## 2.7.1
+
+  * Output underlying load error when wrapping [#284](https://github.com/jch/html-pipeline/pull/284)
+
+## 2.7.0
+
+  * Let users set the common marker extensions [#279](https://github.com/jch/html-pipeline/pull/279)
+
 ## 2.6.0
-* Switch from github-markdown to CommonMark #274
-* Fixed a few warnings
+
+  * Switch from github-markdown to CommonMark [#274](https://github.com/jch/html-pipeline/pull/274)
+  * Fixed a few warnings
 
 ## 2.5.0
 
-* Ruby 2.4 support. Backwards compatible, but bumped minor version so projects can choose to lock at older version [#268](https://github.com/jch/html-pipeline/pull/268)
+  * Ruby 2.4 support. Backwards compatible, but bumped minor version so projects can choose to lock at older version [#268](https://github.com/jch/html-pipeline/pull/268)
 
 ## 2.4.2
 
-* Make EmojiFilter generated img tag HTML attributes configurable [#258](https://github.com/jch/html-pipeline/pull/258)
+  * Make EmojiFilter generated img tag HTML attributes configurable [#258](https://github.com/jch/html-pipeline/pull/258)
 
 ## 2.4.1
 
-* Regression in EmailReplyPipeline: unfiltered content is being omitted [#253](https://github.com/jch/html-pipeline/pull/253)
+  * Regression in EmailReplyPipeline: unfiltered content is being omitted [#253](https://github.com/jch/html-pipeline/pull/253)
 
 ## 2.4.0
 
-* Optionally filter email addresses [#247](https://github.com/jch/html-pipeline/pull/247)
+  * Optionally filter email addresses [#247](https://github.com/jch/html-pipeline/pull/247)
 
 ## 2.3.0
 
-* Add option to pass in an anchor icon, instead of using octicons [#244](https://github.com/jch/html-pipeline/pull/244)
+  * Add option to pass in an anchor icon, instead of using octicons [#244](https://github.com/jch/html-pipeline/pull/244)
 
 ## 2.2.4
 
-* Use entire namespace so MissingDependencyError constant is resolved [#243](https://github.com/jch/html-pipeline/pull/243)
+  * Use entire namespace so MissingDependencyError constant is resolved [#243](https://github.com/jch/html-pipeline/pull/243)
 
 ## 2.2.3
 
-* raise MissingDependencyError instead of aborting on missing dependency [#241](https://github.com/jch/html-pipeline/pull/241)
-* Fix typo [#239](https://github.com/jch/html-pipeline/pull/239)
-* Test against Ruby 2.3.0 on Travis CI [#238](https://github.com/jch/html-pipeline/pull/238)
-* use travis containers [#237](https://github.com/jch/html-pipeline/pull/237)
+  * raise MissingDependencyError instead of aborting on missing dependency [#241](https://github.com/jch/html-pipeline/pull/241)
+  * Fix typo [#239](https://github.com/jch/html-pipeline/pull/239)
+  * Test against Ruby 2.3.0 on Travis CI [#238](https://github.com/jch/html-pipeline/pull/238)
+  * use travis containers [#237](https://github.com/jch/html-pipeline/pull/237)
 
 ## 2.2.2
 
-* Fix for calling mention_link_filter with only one argument [#230](https://github.com/jch/html-pipeline/pull/230)
-* Add html-pipeline-linkify_github to 3rd Party Extensions in README [#228](https://github.com/jch/html-pipeline/pull/228)
+  * Fix for calling mention_link_filter with only one argument [#230](https://github.com/jch/html-pipeline/pull/230)
+  * Add html-pipeline-linkify_github to 3rd Party Extensions in README [#228](https://github.com/jch/html-pipeline/pull/228)
 
 ## 2.2.1
 
-* Soften Nokogiri dependency to versions ">= 1.4" [#208](https://github.com/jch/html-pipeline/pull/208)
+  * Soften Nokogiri dependency to versions ">= 1.4" [#208](https://github.com/jch/html-pipeline/pull/208)
 
 ## 2.2.0
 
-* Only allow cite attribute on blockquote and restrict schemes [#223](https://github.com/jch/html-pipeline/pull/223)
+  * Only allow cite attribute on blockquote and restrict schemes [#223](https://github.com/jch/html-pipeline/pull/223)
 
 ## 2.1.0
 
-* Whitelist schemes for longdesc [#221](https://github.com/jch/html-pipeline/pull/221)
-* Extract emoji image tag generation to own method [#195](https://github.com/jch/html-pipeline/pull/195)
-* Update README.md [#211](https://github.com/jch/html-pipeline/pull/211)
-* Add ImageFilter for image url to img tag conversion [#207](https://github.com/jch/html-pipeline/pull/207)
+  * Whitelist schemes for longdesc [#221](https://github.com/jch/html-pipeline/pull/221)
+  * Extract emoji image tag generation to own method [#195](https://github.com/jch/html-pipeline/pull/195)
+  * Update README.md [#211](https://github.com/jch/html-pipeline/pull/211)
+  * Add ImageFilter for image url to img tag conversion [#207](https://github.com/jch/html-pipeline/pull/207)
 
 ## 2.0
 
 **New**
 
-* Implement new EmojiFilter context option: ignored_ancestor_tags to accept more ignored tags. [#170](https://github.com/jch/html-pipeline/pull/170) @JuanitoFatas
-* Add GitHub flavor Markdown Task List extension [#162](https://github.com/jch/html-pipeline/pull/162) @simeonwillbanks
-* @mention allow for custom regex to identify usernames. [#157](https://github.com/jch/html-pipeline/pull/157) @brittballard
-* EmojiFilter now requires gemoji ~> 2. [#159](https://github.com/jch/html-pipeline/pull/159) @jch
+  * Implement new EmojiFilter context option: ignored_ancestor_tags to accept more ignored tags. [#170](https://github.com/jch/html-pipeline/pull/170) @JuanitoFatas
+  * Add GitHub flavor Markdown Task List extension [#162](https://github.com/jch/html-pipeline/pull/162) @simeonwillbanks
+  * @mention allow for custom regex to identify usernames. [#157](https://github.com/jch/html-pipeline/pull/157) @brittballard
+  * EmojiFilter now requires gemoji ~> 2. [#159](https://github.com/jch/html-pipeline/pull/159) @jch
 
 **Changes**
 
-* Restrict nokogiri to >= 1.4, <= 1.6.5 [#176](https://github.com/jch/html-pipeline/pull/176) @simeonwillbanks
-* MentionFilter#link_to_mentioned_user: Replace String introspection with Regexp match [#172](https://github.com/jch/html-pipeline/pull/172) @simeonwillbanks
-* Whitelist summary and details element. [#171](https://github.com/jch/html-pipeline/pull/171) @JuanitoFatas
-* Support ~login for MentionFilter. [#167](https://github.com/jch/html-pipeline/pull/167) @JuanitoFatas
-* Revert "Search for text nodes on DocumentFragments without root tags" [#158](https://github.com/jch/html-pipeline/pull/158) @jch
-* Drop support for ruby ree, 1.9.2, 1.9.3 [#156](https://github.com/jch/html-pipeline/pull/156) @jch
-* Skip EmojiFilter in `<tt>` tags [#147](https://github.com/jch/html-pipeline/pull/147) @moskvax
-* Use Linguist lexers [#153](https://github.com/jch/html-pipeline/pull/153) @pchaigno
-* Constrain Active Support >= 2, < 5 [#180](https://github.com/jch/html-pipeline/pull/180) @jch
+  * Restrict nokogiri to >= 1.4, <= 1.6.5 [#176](https://github.com/jch/html-pipeline/pull/176) @simeonwillbanks
+  * MentionFilter#link_to_mentioned_user: Replace String introspection with Regexp match [#172](https://github.com/jch/html-pipeline/pull/172) @simeonwillbanks
+  * Whitelist summary and details element. [#171](https://github.com/jch/html-pipeline/pull/171) @JuanitoFatas
+  * Support ~login for MentionFilter. [#167](https://github.com/jch/html-pipeline/pull/167) @JuanitoFatas
+  * Revert "Search for text nodes on DocumentFragments without root tags" [#158](https://github.com/jch/html-pipeline/pull/158) @jch
+  * Drop support for ruby ree, 1.9.2, 1.9.3 [#156](https://github.com/jch/html-pipeline/pull/156) @jch
+  * Skip EmojiFilter in `<tt>` tags [#147](https://github.com/jch/html-pipeline/pull/147) @moskvax
+  * Use Linguist lexers [#153](https://github.com/jch/html-pipeline/pull/153) @pchaigno
+  * Constrain Active Support >= 2, < 5 [#180](https://github.com/jch/html-pipeline/pull/180) @jch
 
 ## 1.11.0
 

data/Gemfile

@@ -22,4 +22,5 @@ group :test do
 
   gem 'escape_utils', '~> 1.0', require: false
   gem 'rouge', '~> 3.1', require: false
+  gem 'minitest-focus', '~> 1.1'
 end

data/README.md

@@ -1,9 +1,10 @@
 # HTML::Pipeline [![Build Status](https://travis-ci.org/jch/html-pipeline.svg?branch=master)](https://travis-ci.org/jch/html-pipeline)
 
-GitHub HTML processing filters and utilities. This module includes a small
+HTML processing filters and utilities. This module includes a small
 framework for defining DOM based content filters and applying them to user
-provided content. Read an introduction about this project in
-[this blog post](https://github.com/blog/1311-html-pipeline-chainable-content-filters).
+provided content.
+
+[This project was started at GitHub](https://github.com/blog/1311-html-pipeline-chainable-content-filters). While GitHub still uses a similar design and pattern for rendering content, this gem should be considered standalone and independent from GitHub.
 
 - [Installation](#installation)
 - [Usage](#usage)
@@ -82,7 +83,7 @@ Prints:
 </code></pre>
 ```
 
-To generate CSS for HTML formatted code, use the [Rouge CSS Theme](https://github.com/jneen/rouge#css-theme-options) `#css` method. `rouge` is a dependency of the `SyntaxHighlightFilter`.
+To generate CSS for HTML formatted code, use the [Rouge CSS Theme](https://github.com/rouge-ruby/rouge#css-options) `#css` method. `rouge` is a dependency of the `SyntaxHighlightFilter`.
 
 Some filters take an optional **context** and/or **result** hash. These are
 used to pass around arguments and metadata between filters in a pipeline. For
@@ -354,6 +355,8 @@ Thanks to all of [these contributors](https://github.com/jch/html-pipeline/graph
 
 Project is a member of the [OSS Manifesto](http://ossmanifesto.org/).
 
+The current maintainer is @gjtorikian
+
 ### Releasing A New Version
 
 This section is for gem maintainers to cut a new version of the gem.

data/lib/html/pipeline/autolink_filter.rb

@@ -8,6 +8,7 @@ module HTML
     #
     # Context options:
     #   :autolink  - boolean whether to autolink urls
+    #   :link_mode - :all, :urls or :email_addresses
     #   :link_attr - HTML attributes for the link that will be generated
     #   :skip_tags - HTML tags inside which autolinking will be skipped.
     #                See Rinku.skip_tags
@@ -22,7 +23,11 @@ module HTML
         flags = 0
         flags |= context[:flags] if context[:flags]
 
-        Rinku.auto_link(html, :urls, context[:link_attr], skip_tags, flags)
+        Rinku.auto_link(html, link_mode, context[:link_attr], skip_tags, flags)
+      end
+
+      def link_mode
+        context[:link_mode] || :urls
       end
     end
   end

data/lib/html/pipeline/markdown_filter.rb

@@ -11,10 +11,12 @@ module HTML
     # Context options:
     #   :gfm      => false    Disable GFM line-end processing
     #   :commonmarker_extensions => [ :table, :strikethrough,
-    #      :tagfilter, :autolink ] Common marker extensions to include
+    #      :tagfilter, :autolink ] Commonmarker extensions to include
     #
     # This filter does not write any additional information to the context hash.
     class MarkdownFilter < TextFilter
+      DEFAULT_COMMONMARKER_EXTENSIONS = %i[table strikethrough tagfilter autolink].freeze
+
       def initialize(text, context = nil, result = nil)
         super text, context, result
         @text = @text.delete "\r"
@@ -23,14 +25,29 @@ module HTML
       # Convert Markdown to HTML using the best available implementation
       # and convert into a DocumentFragment.
       def call
-        options = [:GITHUB_PRE_LANG]
-        options << :HARDBREAKS if context[:gfm] != false
-        options << :UNSAFE if context[:unsafe]
         extensions = context.fetch(
           :commonmarker_extensions,
-          %i[table strikethrough tagfilter autolink]
+          DEFAULT_COMMONMARKER_EXTENSIONS
         )
-        html = CommonMarker.render_html(@text, options, extensions)
+        html = if (renderer = context[:commonmarker_renderer])
+          unless renderer < CommonMarker::HtmlRenderer
+            raise ArgumentError, "`commonmark_renderer` must be derived from `CommonMarker::HtmlRenderer`"
+          end
+          parse_options = :DEFAULT
+          parse_options = [:UNSAFE] if context[:unsafe]
+
+          render_options = [:GITHUB_PRE_LANG]
+          render_options << :HARDBREAKS if context[:gfm] != false
+          render_options = [:UNSAFE] if context[:unsafe]
+
+          doc = CommonMarker.render_doc(@text, parse_options, extensions)
+          renderer.new(options: render_options, extensions: extensions).render(doc)
+        else
+          options = [:GITHUB_PRE_LANG]
+          options << :HARDBREAKS if context[:gfm] != false
+          options << :UNSAFE if context[:unsafe]
+          CommonMarker.render_html(@text, options, extensions)
+        end
         html.rstrip!
         html
       end

data/lib/html/pipeline/sanitization_filter.rb

@@ -69,7 +69,7 @@ module HTML
                   maxlength media method
                   multiple name nohref noshade
                   nowrap open prompt readonly rel rev
-                  rows rowspan rules scope
+                  role rows rowspan rules scope
                   selected shape size span
                   start summary tabindex target
                   title type usemap valign value

data/lib/html/pipeline/syntax_highlight_filter.rb

@@ -4,8 +4,15 @@ HTML::Pipeline.require_dependency('rouge', 'SyntaxHighlightFilter')
 
 module HTML
   class Pipeline
-    # HTML Filter that syntax highlights code blocks wrapped
-    # in <pre lang="...">.
+    # HTML Filter that syntax highlights text inside code blocks.
+    #
+    # Context options:
+    #
+    #   :highlight => String represents the language to pick lexer. Defaults to empty string.
+    #   :scope => String represents the class attribute adds to pre element after.
+    #             Defaults to "highlight highlight-css" if highlights a css code block.
+    #
+    # This filter does not write any additional information to the context hash.
     class SyntaxHighlightFilter < Filter
       def initialize(*args)
         super(*args)
@@ -17,23 +24,20 @@ module HTML
           default = context[:highlight] && context[:highlight].to_s
           next unless lang = node['lang'] || default
           next unless lexer = lexer_for(lang)
-          text = node.inner_text
 
-          html = highlight_with_timeout_handling(text, lang)
+          text = node.inner_text
+          html = highlight_with_timeout_handling(text, lexer)
           next if html.nil?
 
           node.inner_html = html
-          klass = node['class']
-          scope = context[:scope] || "highlight-#{lang}"
-          klass = [klass, scope].compact.join ' '
-
-          node['class'] = klass
+          scope = context.fetch(:scope) { 'highlight' }
+          node['class'] = "#{scope} #{scope}-#{lang}"
         end
         doc
       end
 
-      def highlight_with_timeout_handling(text, lang)
-        Rouge.highlight(text, lang, @formatter)
+      def highlight_with_timeout_handling(text, lexer)
+        Rouge.highlight(text, lexer, @formatter)
       rescue Timeout::Error => _
         nil
       end

data/lib/html/pipeline/version.rb

@@ -2,6 +2,6 @@
 
 module HTML
   class Pipeline
-    VERSION = '2.12.0'.freeze
+    VERSION = '2.14.0'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 2.12.0
+  version: 2.14.0
 platform: ruby
 authors:
 - Ryan Tomayko
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-12 00:00:00.000000000 Z
+date: 2020-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -49,6 +49,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".travis.yml"
 - Appraisals
@@ -106,8 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Helpers for processing content through a chain of filters