html-pipeline 2.14.0 → 2.14.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a897e9a165c69f5823336a5ca9cf92205c191ad6f90ae0d283be3234a9fefcc4
-  data.tar.gz: a0fb7f552a185bc2ffeb4aba3c8c50a5659b0277763ec0dcbbf28b6f4ce3bfc6
+  metadata.gz: 31dccde8e42137b77ce845059270d4a9e67dd5d9583041574c64accb8828559a
+  data.tar.gz: 1e47ca071dfa2d7f2c1126e55cab52278f25772613a4ce4b3f67c98344ef731e
 SHA512:
-  metadata.gz: c90bcf04d6113d1c9d7a33a4f0dc235dc9d4e302fa1683e36e4c34e96777a307bd5b76b23bad07a02b6bdea8e5577e90e90a57f346e579bbcc6d287f4023623d
-  data.tar.gz: 2ea63f52f5365e66d9742d12d28c248794ad7289bd8e68e7b963e42041c1c7ef30be936cd364ed79cb66c43da73c45e9905b90148cae41ecaab5156aa797b0f6
+  metadata.gz: 79e9a69864c3b4bf43d2cedf04fda1d43b9f163ea8d32583a88951f4c5d38215146b61ed6b6d92d01594f143f0b36284b9dd96df99bbe8697f2f13bfc0574fc8
+  data.tar.gz: 25588dfaec753952ba7ccd77cf50e61bd09eec67e3fc4ccfdd5a50bfd142db9f0e1980c9061947843af308852295321303a0f182e3c55cb692f1bd100d8e3adc

data/README.md

@@ -33,7 +33,7 @@ And then execute:
 $ bundle
 ```
 
-Or install it yourself as:
+Or install it by yourself as:
 
 ```sh
 $ gem install html-pipeline
@@ -164,7 +164,7 @@ EmojiPipeline = Pipeline.new [
 * `ImageMaxWidthFilter` - link to full size image for large images
 * `MarkdownFilter` - convert markdown to html
 * `PlainTextInputFilter` - html escape text and wrap the result in a div
-* `SanitizationFilter` - whitelist sanitize user markup
+* `SanitizationFilter` - allow sanitize user markup
 * `SyntaxHighlightFilter` - code syntax highlighter
 * `TextileFilter` - convert textile to html
 * `TableOfContentsFilter` - anchor headings with name attributes and generate Table of Contents html unordered list linking headings
@@ -330,9 +330,9 @@ html_fragment = "This is outside of an html element, but <strong>this isn't. :+1
 EmojiPipeline.call("<div>#{html_fragment}</div>") # <- Wrap your own html fragments to avoid escaping
 ```
 
-### 2. How do I customize a whitelist for `SanitizationFilter`s?
+### 2. How do I customize an allowlist for `SanitizationFilter`s?
 
-`SanitizationFilter::WHITELIST` is the default whitelist used if no `:whitelist`
+`SanitizationFilter::ALLOWLIST` is the default allowlist used if no `:allowlist`
 argument is given in the context. The default is a good starting template for
 you to add additional elements. You can either modify the constant's value, or
 re-define your own constant and pass that in via the context.

data/lib/html/pipeline/camo_filter.rb

@@ -16,7 +16,7 @@ module HTML
     # Context options:
     #   :asset_proxy (required) - Base URL for constructed asset proxy URLs.
     #   :asset_proxy_secret_key (required) - The shared secret used to encode URLs.
-    #   :asset_proxy_whitelist - Array of host Strings or Regexps to skip
+    #   :asset_proxy_allowlist - Array of host Strings or Regexps to skip
     #                            src rewriting.
     #
     # This filter does not write additional information to the context.
@@ -37,7 +37,7 @@ module HTML
           end
 
           next if uri.host.nil?
-          next if asset_host_whitelisted?(uri.host)
+          next if asset_host_allowed?(uri.host)
 
           element['src'] = asset_proxy_url(original_src)
           element['data-canonical-src'] = original_src
@@ -76,11 +76,21 @@ module HTML
       end
 
       def asset_proxy_whitelist
-        context[:asset_proxy_whitelist] || []
+        warn "[DEPRECATION] 'asset_proxy_whitelist' is deprecated. Please use 'asset_proxy_allowlist' instead."
+        asset_proxy_allowlist
+      end
+
+      def asset_proxy_allowlist
+        context[:asset_proxy_allowlist] || context[:asset_proxy_whitelist] || []
       end
 
       def asset_host_whitelisted?(host)
-        asset_proxy_whitelist.any? do |test|
+        warn "[DEPRECATION] 'asset_host_whitelisted?' is deprecated. Please use 'asset_host_allowed?' instead."
+        asset_host_allowed?(host)
+      end
+
+      def asset_host_allowed?(host)
+        asset_proxy_allowlist.any? do |test|
           test.is_a?(String) ? host == test : test.match(host)
         end
       end

data/lib/html/pipeline/markdown_filter.rb

@@ -38,7 +38,7 @@ module HTML
 
           render_options = [:GITHUB_PRE_LANG]
           render_options << :HARDBREAKS if context[:gfm] != false
-          render_options = [:UNSAFE] if context[:unsafe]
+          render_options << :UNSAFE if context[:unsafe]
 
           doc = CommonMarker.render_doc(@text, parse_options, extensions)
           renderer.new(options: render_options, extensions: extensions).render(doc)

data/lib/html/pipeline/sanitization_filter.rb

@@ -4,7 +4,7 @@ HTML::Pipeline.require_dependency('sanitize', 'SanitizationFilter')
 
 module HTML
   class Pipeline
-    # HTML filter with sanization routines and whitelists. This module defines
+    # HTML filter with sanization routines and allowlists. This module defines
     # what HTML is allowed in user provided content and fixes up issues with
     # unbalanced tags and whatnot.
     #
@@ -13,13 +13,13 @@ module HTML
     # https://github.com/rgrove/sanitize/#readme
     #
     # Context options:
-    #   :whitelist      - The sanitizer whitelist configuration to use. This
+    #   :allowlist      - The sanitizer allowlist configuration to use. This
     #                     can be one of the options constants defined in this
     #                     class or a custom sanitize options hash.
     #   :anchor_schemes - The URL schemes to allow in <a href> attributes. The
     #                     default set is provided in the ANCHOR_SCHEMES
     #                     constant in this class. If passed, this overrides any
-    #                     schemes specified in the whitelist configuration.
+    #                     schemes specified in the allowlist configuration.
     #
     # This filter does not write additional information to the context.
     class SanitizationFilter < Filter
@@ -37,9 +37,9 @@ module HTML
       # These schemes are the only ones allowed in <a href> attributes by default.
       ANCHOR_SCHEMES = ['http', 'https', 'mailto', 'xmpp', :relative, 'github-windows', 'github-mac', 'irc', 'ircs'].freeze
 
-      # The main sanitization whitelist. Only these elements and attributes are
+      # The main sanitization allowlist. Only these elements and attributes are
       # allowed through by default.
-      WHITELIST = {
+      ALLOWLIST = {
         elements: %w[
           h1 h2 h3 h4 h5 h6 h7 h8 br b i strong em a pre code img tt
           div ins del sup sub p ol ul table thead tbody tfoot blockquote
@@ -68,7 +68,7 @@ module HTML
                   hspace ismap label lang
                   maxlength media method
                   multiple name nohref noshade
-                  nowrap open prompt readonly rel rev
+                  nowrap open progress prompt readonly rel rev
                   role rows rowspan rules scope
                   selected shape size span
                   start summary tabindex target
@@ -108,10 +108,10 @@ module HTML
         ].freeze
       }.freeze
 
-      # A more limited sanitization whitelist. This includes all attributes,
-      # protocols, and transformers from WHITELIST but with a more locked down
+      # A more limited sanitization allowlist. This includes all attributes,
+      # protocols, and transformers from ALLOWLIST but with a more locked down
       # set of allowed elements.
-      LIMITED = WHITELIST.merge(
+      LIMITED = ALLOWLIST.merge(
         elements: %w[b i strong em a pre code img ins del sup sub mark abbr p ol ul li]
       )
 
@@ -120,19 +120,24 @@ module HTML
 
       # Sanitize markup using the Sanitize library.
       def call
-        Sanitize.clean_node!(doc, whitelist)
+        Sanitize.clean_node!(doc, allowlist)
       end
 
-      # The whitelist to use when sanitizing. This can be passed in the context
-      # hash to the filter but defaults to WHITELIST constant value above.
       def whitelist
-        whitelist = context[:whitelist] || WHITELIST
+        warn "[DEPRECATION] 'whitelist' is deprecated. Please use 'allowlist' instead."
+        allowlist
+      end
+
+      # The allowlist to use when sanitizing. This can be passed in the context
+      # hash to the filter but defaults to ALLOWLIST constant value above.
+      def allowlist
+        allowlist = context[:allowlist] || context[:whitelist] || ALLOWLIST
         anchor_schemes = context[:anchor_schemes]
-        return whitelist unless anchor_schemes
-        whitelist = whitelist.dup
-        whitelist[:protocols] = (whitelist[:protocols] || {}).dup
-        whitelist[:protocols]['a'] = (whitelist[:protocols]['a'] || {}).merge('href' => anchor_schemes)
-        whitelist
+        return allowlist unless anchor_schemes
+        allowlist = allowlist.dup
+        allowlist[:protocols] = (allowlist[:protocols] || {}).dup
+        allowlist[:protocols]['a'] = (allowlist[:protocols]['a'] || {}).merge('href' => anchor_schemes)
+        allowlist
       end
     end
   end

data/lib/html/pipeline/version.rb

@@ -2,6 +2,6 @@
 
 module HTML
   class Pipeline
-    VERSION = '2.14.0'
+    VERSION = '2.14.1'
   end
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 2.14.0
+  version: 2.14.1
 platform: ruby
 authors:
 - Ryan Tomayko
 - Jerry Cheung
 - Garen J. Torikian
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-11 00:00:00.000000000 Z
+date: 2022-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -107,8 +107,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Helpers for processing content through a chain of filters
 test_files: []