html-pipeline 2.12.1 → 2.13.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +4 -0
- data/CHANGELOG.md +14 -0
- data/Gemfile +1 -0
- data/README.md +11 -8
- data/lib/html/pipeline/autolink_filter.rb +6 -1
- data/lib/html/pipeline/camo_filter.rb +14 -4
- data/lib/html/pipeline/markdown_filter.rb +1 -0
- data/lib/html/pipeline/sanitization_filter.rb +24 -19
- data/lib/html/pipeline/syntax_highlight_filter.rb +15 -11
- data/lib/html/pipeline/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 33b990d538fedcc5cfba4af72d2559a512e4ee624db46fd69f6512f5f7125579
|
|
4
|
+
data.tar.gz: f42006e2e85a96bfd2abad353ebc730f830bcc2dfbab05952cd1a875017f0ed5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3591baf92c161af1b0b592bdce211aa80fad0a82a516f17831526dcc632983f290651be7e9912ef89bd2f4bb4782773d1035dbf4e9e0f832212a1ab4af2c1b30
|
|
7
|
+
data.tar.gz: d7147a563129eedada76f3e7d3ee89daf03cd4ece33efe6fcf99a9c622c5928ae867c2eeb7c0b77a6d6b812d89496ea3024040229f924856e3adb60096b37445
|
data/.github/FUNDING.yml
ADDED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
# CHANGELOG
|
|
2
2
|
|
|
3
|
+
## 2.12.3
|
|
4
|
+
|
|
5
|
+
* Bug fix in `SyntaxHighlightFilter` [#325](https://github.com/jch/html-pipeline/pull/325)
|
|
6
|
+
|
|
7
|
+
## 2.12.2
|
|
8
|
+
|
|
9
|
+
* Allow unsafe option for Custom Renderer of `MarkdownFilter` [#322](https://github.com/jch/html-pipeline/pull/322)
|
|
10
|
+
* Test with minitest-focus
|
|
11
|
+
|
|
12
|
+
## 2.12.1
|
|
13
|
+
|
|
14
|
+
* Allow Custom Renderer for `MarkdownFilter` [#318](https://github.com/jch/html-pipeline/pull/318)
|
|
15
|
+
* Test against more Rails versions
|
|
16
|
+
|
|
3
17
|
## 2.12.0
|
|
4
18
|
|
|
5
19
|
* Team mention filter [#314](https://github.com/jch/html-pipeline/pull/314)
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# HTML::Pipeline [](https://travis-ci.org/jch/html-pipeline)
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
HTML processing filters and utilities. This module includes a small
|
|
4
4
|
framework for defining DOM based content filters and applying them to user
|
|
5
|
-
provided content.
|
|
6
|
-
|
|
5
|
+
provided content.
|
|
6
|
+
|
|
7
|
+
[This project was started at GitHub](https://github.com/blog/1311-html-pipeline-chainable-content-filters). While GitHub still uses a similar design and pattern for rendering content, this gem should be considered standalone and independent from GitHub.
|
|
7
8
|
|
|
8
9
|
- [Installation](#installation)
|
|
9
10
|
- [Usage](#usage)
|
|
@@ -32,7 +33,7 @@ And then execute:
|
|
|
32
33
|
$ bundle
|
|
33
34
|
```
|
|
34
35
|
|
|
35
|
-
Or install it yourself as:
|
|
36
|
+
Or install it by yourself as:
|
|
36
37
|
|
|
37
38
|
```sh
|
|
38
39
|
$ gem install html-pipeline
|
|
@@ -82,7 +83,7 @@ Prints:
|
|
|
82
83
|
</code></pre>
|
|
83
84
|
```
|
|
84
85
|
|
|
85
|
-
To generate CSS for HTML formatted code, use the [Rouge CSS Theme](https://github.com/
|
|
86
|
+
To generate CSS for HTML formatted code, use the [Rouge CSS Theme](https://github.com/rouge-ruby/rouge#css-options) `#css` method. `rouge` is a dependency of the `SyntaxHighlightFilter`.
|
|
86
87
|
|
|
87
88
|
Some filters take an optional **context** and/or **result** hash. These are
|
|
88
89
|
used to pass around arguments and metadata between filters in a pipeline. For
|
|
@@ -163,7 +164,7 @@ EmojiPipeline = Pipeline.new [
|
|
|
163
164
|
* `ImageMaxWidthFilter` - link to full size image for large images
|
|
164
165
|
* `MarkdownFilter` - convert markdown to html
|
|
165
166
|
* `PlainTextInputFilter` - html escape text and wrap the result in a div
|
|
166
|
-
* `SanitizationFilter` -
|
|
167
|
+
* `SanitizationFilter` - allow sanitize user markup
|
|
167
168
|
* `SyntaxHighlightFilter` - code syntax highlighter
|
|
168
169
|
* `TextileFilter` - convert textile to html
|
|
169
170
|
* `TableOfContentsFilter` - anchor headings with name attributes and generate Table of Contents html unordered list linking headings
|
|
@@ -329,9 +330,9 @@ html_fragment = "This is outside of an html element, but <strong>this isn't. :+1
|
|
|
329
330
|
EmojiPipeline.call("<div>#{html_fragment}</div>") # <- Wrap your own html fragments to avoid escaping
|
|
330
331
|
```
|
|
331
332
|
|
|
332
|
-
### 2. How do I customize
|
|
333
|
+
### 2. How do I customize an allowlist for `SanitizationFilter`s?
|
|
333
334
|
|
|
334
|
-
`SanitizationFilter::
|
|
335
|
+
`SanitizationFilter::ALLOWLIST` is the default allowlist used if no `:allowlist`
|
|
335
336
|
argument is given in the context. The default is a good starting template for
|
|
336
337
|
you to add additional elements. You can either modify the constant's value, or
|
|
337
338
|
re-define your own constant and pass that in via the context.
|
|
@@ -354,6 +355,8 @@ Thanks to all of [these contributors](https://github.com/jch/html-pipeline/graph
|
|
|
354
355
|
|
|
355
356
|
Project is a member of the [OSS Manifesto](http://ossmanifesto.org/).
|
|
356
357
|
|
|
358
|
+
The current maintainer is @gjtorikian
|
|
359
|
+
|
|
357
360
|
### Releasing A New Version
|
|
358
361
|
|
|
359
362
|
This section is for gem maintainers to cut a new version of the gem.
|
|
@@ -8,6 +8,7 @@ module HTML
|
|
|
8
8
|
#
|
|
9
9
|
# Context options:
|
|
10
10
|
# :autolink - boolean whether to autolink urls
|
|
11
|
+
# :link_mode - :all, :urls or :email_addresses
|
|
11
12
|
# :link_attr - HTML attributes for the link that will be generated
|
|
12
13
|
# :skip_tags - HTML tags inside which autolinking will be skipped.
|
|
13
14
|
# See Rinku.skip_tags
|
|
@@ -22,7 +23,11 @@ module HTML
|
|
|
22
23
|
flags = 0
|
|
23
24
|
flags |= context[:flags] if context[:flags]
|
|
24
25
|
|
|
25
|
-
Rinku.auto_link(html,
|
|
26
|
+
Rinku.auto_link(html, link_mode, context[:link_attr], skip_tags, flags)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def link_mode
|
|
30
|
+
context[:link_mode] || :urls
|
|
26
31
|
end
|
|
27
32
|
end
|
|
28
33
|
end
|
|
@@ -16,7 +16,7 @@ module HTML
|
|
|
16
16
|
# Context options:
|
|
17
17
|
# :asset_proxy (required) - Base URL for constructed asset proxy URLs.
|
|
18
18
|
# :asset_proxy_secret_key (required) - The shared secret used to encode URLs.
|
|
19
|
-
# :
|
|
19
|
+
# :asset_proxy_allowlist - Array of host Strings or Regexps to skip
|
|
20
20
|
# src rewriting.
|
|
21
21
|
#
|
|
22
22
|
# This filter does not write additional information to the context.
|
|
@@ -37,7 +37,7 @@ module HTML
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
next if uri.host.nil?
|
|
40
|
-
next if
|
|
40
|
+
next if asset_host_allowed?(uri.host)
|
|
41
41
|
|
|
42
42
|
element['src'] = asset_proxy_url(original_src)
|
|
43
43
|
element['data-canonical-src'] = original_src
|
|
@@ -76,11 +76,21 @@ module HTML
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def asset_proxy_whitelist
|
|
79
|
-
|
|
79
|
+
warn "[DEPRECATION] 'asset_proxy_whitelist' is deprecated. Please use 'asset_proxy_allowlist' instead."
|
|
80
|
+
asset_proxy_allowlist
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def asset_proxy_allowlist
|
|
84
|
+
context[:asset_proxy_allowlist] || context[:asset_proxy_whitelist] || []
|
|
80
85
|
end
|
|
81
86
|
|
|
82
87
|
def asset_host_whitelisted?(host)
|
|
83
|
-
|
|
88
|
+
warn "[DEPRECATION] 'asset_host_whitelisted?' is deprecated. Please use 'asset_host_allowed?' instead."
|
|
89
|
+
asset_host_allowed?(host)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def asset_host_allowed?(host)
|
|
93
|
+
asset_proxy_allowlist.any? do |test|
|
|
84
94
|
test.is_a?(String) ? host == test : test.match(host)
|
|
85
95
|
end
|
|
86
96
|
end
|
|
@@ -38,6 +38,7 @@ module HTML
|
|
|
38
38
|
|
|
39
39
|
render_options = [:GITHUB_PRE_LANG]
|
|
40
40
|
render_options << :HARDBREAKS if context[:gfm] != false
|
|
41
|
+
render_options << :UNSAFE if context[:unsafe]
|
|
41
42
|
|
|
42
43
|
doc = CommonMarker.render_doc(@text, parse_options, extensions)
|
|
43
44
|
renderer.new(options: render_options, extensions: extensions).render(doc)
|
|
@@ -4,7 +4,7 @@ HTML::Pipeline.require_dependency('sanitize', 'SanitizationFilter')
|
|
|
4
4
|
|
|
5
5
|
module HTML
|
|
6
6
|
class Pipeline
|
|
7
|
-
# HTML filter with sanization routines and
|
|
7
|
+
# HTML filter with sanization routines and allowlists. This module defines
|
|
8
8
|
# what HTML is allowed in user provided content and fixes up issues with
|
|
9
9
|
# unbalanced tags and whatnot.
|
|
10
10
|
#
|
|
@@ -13,13 +13,13 @@ module HTML
|
|
|
13
13
|
# https://github.com/rgrove/sanitize/#readme
|
|
14
14
|
#
|
|
15
15
|
# Context options:
|
|
16
|
-
# :
|
|
16
|
+
# :allowlist - The sanitizer allowlist configuration to use. This
|
|
17
17
|
# can be one of the options constants defined in this
|
|
18
18
|
# class or a custom sanitize options hash.
|
|
19
19
|
# :anchor_schemes - The URL schemes to allow in <a href> attributes. The
|
|
20
20
|
# default set is provided in the ANCHOR_SCHEMES
|
|
21
21
|
# constant in this class. If passed, this overrides any
|
|
22
|
-
# schemes specified in the
|
|
22
|
+
# schemes specified in the allowlist configuration.
|
|
23
23
|
#
|
|
24
24
|
# This filter does not write additional information to the context.
|
|
25
25
|
class SanitizationFilter < Filter
|
|
@@ -37,9 +37,9 @@ module HTML
|
|
|
37
37
|
# These schemes are the only ones allowed in <a href> attributes by default.
|
|
38
38
|
ANCHOR_SCHEMES = ['http', 'https', 'mailto', 'xmpp', :relative, 'github-windows', 'github-mac', 'irc', 'ircs'].freeze
|
|
39
39
|
|
|
40
|
-
# The main sanitization
|
|
40
|
+
# The main sanitization allowlist. Only these elements and attributes are
|
|
41
41
|
# allowed through by default.
|
|
42
|
-
|
|
42
|
+
ALLOWLIST = {
|
|
43
43
|
elements: %w[
|
|
44
44
|
h1 h2 h3 h4 h5 h6 h7 h8 br b i strong em a pre code img tt
|
|
45
45
|
div ins del sup sub p ol ul table thead tbody tfoot blockquote
|
|
@@ -68,8 +68,8 @@ module HTML
|
|
|
68
68
|
hspace ismap label lang
|
|
69
69
|
maxlength media method
|
|
70
70
|
multiple name nohref noshade
|
|
71
|
-
nowrap open prompt readonly rel rev
|
|
72
|
-
rows rowspan rules scope
|
|
71
|
+
nowrap open progress prompt readonly rel rev
|
|
72
|
+
role rows rowspan rules scope
|
|
73
73
|
selected shape size span
|
|
74
74
|
start summary tabindex target
|
|
75
75
|
title type usemap valign value
|
|
@@ -108,10 +108,10 @@ module HTML
|
|
|
108
108
|
].freeze
|
|
109
109
|
}.freeze
|
|
110
110
|
|
|
111
|
-
# A more limited sanitization
|
|
112
|
-
# protocols, and transformers from
|
|
111
|
+
# A more limited sanitization allowlist. This includes all attributes,
|
|
112
|
+
# protocols, and transformers from ALLOWLIST but with a more locked down
|
|
113
113
|
# set of allowed elements.
|
|
114
|
-
LIMITED =
|
|
114
|
+
LIMITED = ALLOWLIST.merge(
|
|
115
115
|
elements: %w[b i strong em a pre code img ins del sup sub mark abbr p ol ul li]
|
|
116
116
|
)
|
|
117
117
|
|
|
@@ -120,19 +120,24 @@ module HTML
|
|
|
120
120
|
|
|
121
121
|
# Sanitize markup using the Sanitize library.
|
|
122
122
|
def call
|
|
123
|
-
Sanitize.clean_node!(doc,
|
|
123
|
+
Sanitize.clean_node!(doc, allowlist)
|
|
124
124
|
end
|
|
125
125
|
|
|
126
|
-
# The whitelist to use when sanitizing. This can be passed in the context
|
|
127
|
-
# hash to the filter but defaults to WHITELIST constant value above.
|
|
128
126
|
def whitelist
|
|
129
|
-
|
|
127
|
+
warn "[DEPRECATION] 'whitelist' is deprecated. Please use 'allowlist' instead."
|
|
128
|
+
allowlist
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
# The allowlist to use when sanitizing. This can be passed in the context
|
|
132
|
+
# hash to the filter but defaults to ALLOWLIST constant value above.
|
|
133
|
+
def allowlist
|
|
134
|
+
allowlist = context[:allowlist] || context[:whitelist] || ALLOWLIST
|
|
130
135
|
anchor_schemes = context[:anchor_schemes]
|
|
131
|
-
return
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
+
return allowlist unless anchor_schemes
|
|
137
|
+
allowlist = allowlist.dup
|
|
138
|
+
allowlist[:protocols] = (allowlist[:protocols] || {}).dup
|
|
139
|
+
allowlist[:protocols]['a'] = (allowlist[:protocols]['a'] || {}).merge('href' => anchor_schemes)
|
|
140
|
+
allowlist
|
|
136
141
|
end
|
|
137
142
|
end
|
|
138
143
|
end
|
|
@@ -4,8 +4,15 @@ HTML::Pipeline.require_dependency('rouge', 'SyntaxHighlightFilter')
|
|
|
4
4
|
|
|
5
5
|
module HTML
|
|
6
6
|
class Pipeline
|
|
7
|
-
# HTML Filter that syntax highlights code blocks
|
|
8
|
-
#
|
|
7
|
+
# HTML Filter that syntax highlights text inside code blocks.
|
|
8
|
+
#
|
|
9
|
+
# Context options:
|
|
10
|
+
#
|
|
11
|
+
# :highlight => String represents the language to pick lexer. Defaults to empty string.
|
|
12
|
+
# :scope => String represents the class attribute adds to pre element after.
|
|
13
|
+
# Defaults to "highlight highlight-css" if highlights a css code block.
|
|
14
|
+
#
|
|
15
|
+
# This filter does not write any additional information to the context hash.
|
|
9
16
|
class SyntaxHighlightFilter < Filter
|
|
10
17
|
def initialize(*args)
|
|
11
18
|
super(*args)
|
|
@@ -17,23 +24,20 @@ module HTML
|
|
|
17
24
|
default = context[:highlight] && context[:highlight].to_s
|
|
18
25
|
next unless lang = node['lang'] || default
|
|
19
26
|
next unless lexer = lexer_for(lang)
|
|
20
|
-
text = node.inner_text
|
|
21
27
|
|
|
22
|
-
|
|
28
|
+
text = node.inner_text
|
|
29
|
+
html = highlight_with_timeout_handling(text, lexer)
|
|
23
30
|
next if html.nil?
|
|
24
31
|
|
|
25
32
|
node.inner_html = html
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
klass = [klass, scope].compact.join ' '
|
|
29
|
-
|
|
30
|
-
node['class'] = klass
|
|
33
|
+
scope = context.fetch(:scope) { 'highlight' }
|
|
34
|
+
node['class'] = "#{scope} #{scope}-#{lang}"
|
|
31
35
|
end
|
|
32
36
|
doc
|
|
33
37
|
end
|
|
34
38
|
|
|
35
|
-
def highlight_with_timeout_handling(text,
|
|
36
|
-
Rouge.highlight(text,
|
|
39
|
+
def highlight_with_timeout_handling(text, lexer)
|
|
40
|
+
Rouge.highlight(text, lexer, @formatter)
|
|
37
41
|
rescue Timeout::Error => _
|
|
38
42
|
nil
|
|
39
43
|
end
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: html-pipeline
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.13.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Tomayko
|
|
8
8
|
- Jerry Cheung
|
|
9
9
|
- Garen J. Torikian
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2020-12-04 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -49,6 +49,7 @@ executables: []
|
|
|
49
49
|
extensions: []
|
|
50
50
|
extra_rdoc_files: []
|
|
51
51
|
files:
|
|
52
|
+
- ".github/FUNDING.yml"
|
|
52
53
|
- ".gitignore"
|
|
53
54
|
- ".travis.yml"
|
|
54
55
|
- Appraisals
|
|
@@ -106,8 +107,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
106
107
|
- !ruby/object:Gem::Version
|
|
107
108
|
version: '0'
|
|
108
109
|
requirements: []
|
|
109
|
-
rubygems_version: 3.
|
|
110
|
-
signing_key:
|
|
110
|
+
rubygems_version: 3.1.2
|
|
111
|
+
signing_key:
|
|
111
112
|
specification_version: 4
|
|
112
113
|
summary: Helpers for processing content through a chain of filters
|
|
113
114
|
test_files: []
|