html-pipeline 3.2.0 → 3.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8252d2015129b2ee071b6c094a773afecd796a75d0ab3d24aaa18b997be8f1f
-  data.tar.gz: 3ace3231f84d7f5a82b4921d2ee600a4ae069440adb15e4ee527eda290b00637
+  metadata.gz: 6e66a69a9e35bc5703f036d091740bdc654f98cfaf38870761797699ed28199b
+  data.tar.gz: 7624bb08357fa9f358cb4947dbf5742916a3e620fa7db2d5296e9aba414e40f5
 SHA512:
-  metadata.gz: be71b5590d6599b2a2c8d6dfdb98b27e61701a07bbc1a0aa14982459bfd65d8aec69228318834c939a6357dff03c982e739d2a39a83853e12016049e2ddd13e2
-  data.tar.gz: b90b25b60016557c21eef5ee431c21890f5580589fabfafbe36e530ff3dc63cd3e3a83cf835c757cf8b7398e58c2f290096cf7ef8173177a27457b15871fe5e9
+  metadata.gz: 19083c1093cf8908028e8ea5233c97005a25072b5d77e9c28368570d477ff09cba5f6ae78e93e3633b766b9dcaeccc7bd746aacecbfdf480cd467306b230c1af
+  data.tar.gz: 74e3afc29616225353448945af5a3ee516a8cea67924e865edf89a65b92cf77d56196b2be50ccd6fce6d5d343ed4cc7181b3b6b7d2a146dbb281a1165ba66ef3

data/.github/workflows/publish.yml

@@ -1,4 +1,4 @@
-name: Release
+name: Tag and Release
 
 on:
   workflow_dispatch:
@@ -7,13 +7,18 @@ on:
       - main
     paths:
       - "lib/html_pipeline/version.rb"
+  pull_request_target:
+    types:
+      - closed
 
 jobs:
   ruby:
     uses: yettoapp/actions/.github/workflows/ruby_gem_release.yml@main
     secrets:
       rubygems_api_key: ${{ secrets.RUBYGEMS_API_BOT_KEY }}
-      gh_token: ${{ secrets.PUBLIC_PUSH_TO_PROTECTED_BRANCH }}
+      gh_token: ${{ secrets.GITHUB_TOKEN }}
     with:
       gem_name: html-pipeline
       version_filepath: lib/html_pipeline/version.rb
+      prepare: ${{ github.event_name == 'push' }}
+      release: ${{ github.event_name == 'workflow_dispatch' || ((github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'release'))) }}

data/.gitignore

@@ -17,4 +17,4 @@ test/tmp
 test/version_tmp
 tmp
 exec/*
-vendor/gems
+vendor/cache/

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+# [v3.2.2] - 09-08-2024
+## What's Changed
+* Add support for @ prefix on MentionFilter base_url by @jeremysmithco in https://github.com/gjtorikian/html-pipeline/pull/411
+* Bugfix: sanitization-only filters should still work by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/414
+
+## New Contributors
+* @jeremysmithco made their first contribution in https://github.com/gjtorikian/html-pipeline/pull/411
+
+**Full Changelog**: https://github.com/gjtorikian/html-pipeline/compare/v3.2.1...v3.2.2
+# [v3.2.1] - 16-07-2024
+## What's Changed
+* Update commonmarker requirement from ~> 1.0.0.pre7 to ~> 1.1.2 in the bundler-dependencies group by @dependabot in https://github.com/gjtorikian/html-pipeline/pull/404
+* Remove superfluous sanitization by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/408
+
+
+**Full Changelog**: https://github.com/gjtorikian/html-pipeline/compare/v3.2.0...v3.2.1
+## [v3.2.0] - 30-04-2024
+## What's Changed
+* Pass context along to every part of the pipeline by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/403
+
+
+**Full Changelog**: https://github.com/gjtorikian/html-pipeline/compare/v3.1.1...v3.2.0
 ## [v3.1.1] - 09-04-2024
 ## What's Changed
 * Correct missing method implementation by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/401

data/Gemfile

@@ -25,7 +25,7 @@ group :development do
 end
 
 group :test do
-  gem "commonmarker", "~> 1.0.0.pre7", require: false
+  gem "commonmarker", "~> 2.0.1", require: false
   gem "gemoji", "~> 4.1", require: false
   gem "gemojione", "~> 4.3", require: false
 

data/README.md

@@ -171,9 +171,9 @@ The `ConvertFilter` takes text and turns it into HTML. `@text`, `@config`, and `
 
 ### Sanitization
 
-Because the web can be a scary place, HTML is automatically sanitized after the `ConvertFilter` runs and before the `NodeFilter`s are processed. This is to prevent malicious or unexpected input from entering the pipeline.
+Because the web can be a scary place, **HTML is automatically sanitized** after the `ConvertFilter` runs and before the `NodeFilter`s are processed. This is to prevent malicious or unexpected input from entering the pipeline.
 
-The sanitization process takes a hash configuration of settings. See the [Selma](https://www.github.com/gjtorikian/selma) documentation for more information on how to configure these settings.
+The sanitization process takes a hash configuration of settings. See the [Selma](https://www.github.com/gjtorikian/selma) documentation for more information on how to configure these settings. Note that users must correctly configure the sanitization configuration if they expect to use it correctly in conjunction with handlers which manipulate HTML.
 
 A default sanitization config is provided by this library (`HTMLPipeline::SanitizationFilter::DEFAULT_CONFIG`). A sample custom sanitization allowlist might look like this:
 
@@ -224,7 +224,7 @@ For more examples of customizing the sanitization process to include the tags yo
 
 `NodeFilters`s can operate either on HTML elements or text nodes using CSS selectors. Each `NodeFilter` must define a method named `selector` which provides an instance of `Selma::Selector`. If elements are being manipulated, `handle_element` must be defined, taking one argument, `element`; if text nodes are being manipulated, `handle_text_chunk` must be defined, taking one argument, `text_chunk`. `@config`, and `@result` are available to use, and any changes made to these ivars are passed on to the next filter.
 
-`NodeFilter` also has an optional method, `after_initialize`, which is run after the filter initializes. This can be useful in setting up a custom state for `result` to take advantage of.
+`NodeFilter` also has an optional method, `after_initialize`, which is run after the filter initializes. This can be useful in setting up a fresh custom state for `result` to start from each time the pipeline is called.
 
 Here's an example `NodeFilter` that adds a base url to images that are root relative:
 
@@ -343,34 +343,6 @@ service.subscribe "call_text_filters.html_pipeline" do |event, start, ending, tr
 end
 ```
 
-## Third Party Extensions
-
-If you have an idea for a filter, propose it as
-[an issue](https://github.com/gjtorikian/html-pipeline/issues) first. This allows us to discuss
-whether the filter is a common enough use case to belong in this gem, or should be
-built as an external gem.
-
-Here are some extensions people have built:
-
-- [html-pipeline-asciidoc_filter](https://github.com/asciidoctor/html-pipeline-asciidoc_filter)
-- [jekyll-html-pipeline](https://github.com/gjtorikian/jekyll-html-pipeline)
-- [nanoc-html-pipeline](https://github.com/burnto/nanoc-html-pipeline)
-- [html-pipeline-bitly](https://github.com/dewski/html-pipeline-bitly)
-- [html-pipeline-cite](https://github.com/lifted-studios/html-pipeline-cite)
-- [tilt-html-pipeline](https://github.com/bradgessler/tilt-html-pipeline)
-- [html-pipeline-wiki-link'](https://github.com/lifted-studios/html-pipeline-wiki-link) - WikiMedia-style wiki links
-- [task_list](https://github.com/github/task_list) - GitHub flavor Markdown Task List
-- [html-pipeline-nico_link](https://github.com/rutan/html-pipeline-nico_link) - An HTMLPipeline filter for [niconico](http://www.nicovideo.jp) description links
-- [html-pipeline-gitlab](https://gitlab.com/gitlab-org/html-pipeline-gitlab) - This gem implements various filters for html-pipeline used by GitLab
-- [html-pipeline-youtube](https://github.com/st0012/html-pipeline-youtube) - An HTMLPipeline filter for YouTube links
-- [html-pipeline-flickr](https://github.com/st0012/html-pipeline-flickr) - An HTMLPipeline filter for Flickr links
-- [html-pipeline-vimeo](https://github.com/dlackty/html-pipeline-vimeo) - An HTMLPipeline filter for Vimeo links
-- [html-pipeline-hashtag](https://github.com/mr-dxdy/html-pipeline-hashtag) - An HTMLPipeline filter for hashtags
-- [html-pipeline-linkify_github](https://github.com/jollygoodcode/html-pipeline-linkify_github) - An HTMLPipeline filter to autolink GitHub urls
-- [html-pipeline-redcarpet_filter](https://github.com/bmikol/html-pipeline-redcarpet_filter) - Render Markdown source text into Markdown HTML using Redcarpet
-- [html-pipeline-typogruby_filter](https://github.com/bmikol/html-pipeline-typogruby_filter) - Add Typogruby text filters to your HTMLPipeline
-- [korgi](https://github.com/jodeci/korgi) - HTMLPipeline filters for links to Rails resources
-
 ## FAQ
 
 ### 1. Why doesn't my pipeline work when there's no root element in the document?

data/html-pipeline.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |gem|
     "rubygems_mfa_required" => "true",
   }
 
-  gem.add_dependency("selma", "~> 0.1")
+  gem.add_dependency("selma", "~> 0.4")
   gem.add_dependency("zeitwerk", "~> 2.5")
 
   gem.post_install_message = <<~MSG

data/lib/html_pipeline/convert_filter/markdown_filter.rb

@@ -12,7 +12,7 @@ class HTMLPipeline
     #   :markdown[:extensions] => Commonmarker extensions options
     class MarkdownFilter < ConvertFilter
       def initialize(context: {}, result: {})
-        super(context: context, result: result)
+        super
       end
 
       # Convert Commonmark to HTML using the best available implementation.

data/lib/html_pipeline/convert_filter.rb

@@ -5,7 +5,7 @@ class HTMLPipeline
     attr_reader :text, :html
 
     def initialize(context: {}, result: {})
-      super(context: context, result: result)
+      super
     end
 
     class << self

data/lib/html_pipeline/node_filter/mention_filter.rb

@@ -115,7 +115,8 @@ class HTMLPipeline
         result[:mentioned_usernames] |= [login]
 
         url = base_url.dup
-        url << "/" unless %r{[/~]\z}.match?(url)
+        excluded_prefixes = %r{[/(?:~|@]\z}
+        url << "/" unless excluded_prefixes.match?(url)
 
         "<a href=\"#{url << login}\" class=\"user-mention\">" \
           "@#{login}" \

data/lib/html_pipeline/node_filter/syntax_highlight_filter.rb

@@ -15,7 +15,7 @@ class HTMLPipeline
     # This filter does not write any additional information to the context hash.
     class SyntaxHighlightFilter < NodeFilter
       def initialize(context: {}, result: {})
-        super(context: context, result: result)
+        super
         # TODO: test the optionality of this
         @formatter = context[:formatter] || Rouge::Formatters::HTML.new
       end

data/lib/html_pipeline/node_filter/team_mention_filter.rb

@@ -94,7 +94,8 @@ class HTMLPipeline
         result[:mentioned_teams] |= [team]
 
         url = base_url.dup
-        url << "/" unless %r{[/~]\z}.match?(url)
+        excluded_prefixes = %r{[/(?:~|@]\z}
+        url << "/" unless excluded_prefixes.match?(url)
 
         "<a href=\"#{url << org}/#{team}\" class=\"team-mention\">" \
           "@#{org}/#{team}" \

data/lib/html_pipeline/text_filter.rb

@@ -5,7 +5,7 @@ class HTMLPipeline
     attr_reader :text
 
     def initialize(context: {}, result: {})
-      super(context: context, result: result)
+      super
     end
 
     class << self

data/lib/html_pipeline/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class HTMLPipeline
-  VERSION = "3.2.0"
+  VERSION = "3.2.2"
 end

data/lib/html_pipeline.rb

@@ -175,11 +175,20 @@ class HTMLPipeline
       end
     end
 
-    unless @node_filters.empty?
+    rewriter_options = {
+      memory: {
+        max_allowed_memory_usage: 5242880, # arbitrary limit of 5MB
+      },
+    }
+
+    if @node_filters.empty?
+      instrument("sanitization.html_pipeline", payload) do
+        result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, options: rewriter_options).rewrite(html)
+      end
+    else
       instrument("call_node_filters.html_pipeline", payload) do
         @node_filters.each { |filter| filter.context = (filter.context || {}).merge(context) }
-        result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters).rewrite(html)
-        html = result[:output]
+        result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters, options: rewriter_options).rewrite(html)
         payload = default_payload({
           node_filters: @node_filters.map { |f| f.class.name },
           context: context,
@@ -188,10 +197,6 @@ class HTMLPipeline
       end
     end
 
-    instrument("sanitization.html_pipeline", payload) do
-      result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters).rewrite(html)
-    end
-
     result = result.merge(@node_filters.collect(&:result).reduce({}, :merge))
     @node_filters.each(&:reset!)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.2.2
 platform: ruby
 authors:
 - Garen J. Torikian
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-30 00:00:00.000000000 Z
+date: 2024-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: selma
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.4'
   force_ruby_platform: false
 - !ruby/object:Gem::Dependency
   name: zeitwerk
@@ -112,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 3.3.22
 requirements: []
 rubygems_version: 3.4.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Helpers for processing content through a chain of filters
 test_files: []