RubyGems - html-pipeline - Versions diffs - 2.1.0 → 2.2.0 - Mend

html-pipeline 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/html/pipeline/sanitization_filter.rb +30 -22
data/lib/html/pipeline/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ef883e1a02e6690f3f708437f0750d38be6e26a7
-  data.tar.gz: c821156250cf94cbbf7a5d219bb6d10b3df77dbf
+  metadata.gz: 9d515d3d9dbc769c66a3ae66ef926e3830cca11c
+  data.tar.gz: 5fd602dedaedd903cb4743a7899dae8f5a5100cb
 SHA512:
-  metadata.gz: 066dbba5d1a4c96b94a4eab74f0e6e1f81156362e05dec76e1b798489a8bdfb87db150bbe093b4c9e11cddc791a483d1bfbcc3ef2d0e43dec4df6f8d96b57f2c
-  data.tar.gz: 14e260bd46d314003cfd680d87f59660b584911e6646890a437afdfcf5e384f25bc06004d681886d3ae249ef3ff20ed8ddfc377e86ec5bfc0a4a5f585993d17a
+  metadata.gz: c13a51e0c20a6913765edf1fc8db5471f393e172eb23289df2c6274ac8c5164cda15a6fe8a84570ac2f85c0d783bb8d2f9d5e3c8573ce14864353bc6b7ed43a8
+  data.tar.gz: dea7bfd41ded48841ce1781338c7a1455c4548423d0d9231e2b1bab2477d850615caf2cad77d7ad02c205330d7d24a923fd3c59d9bedc88f65c78a2a3501fcd3

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 # CHANGELOG
+## 2.2.0
+* Only allow cite attribute on blockquote and restrict schemes [#223](https://github.com/jch/html-pipeline/pull/223)
 ## 2.1.0
 * Whitelist schemes for longdesc [#221](https://github.com/jch/html-pipeline/pull/221)

data/lib/html/pipeline/sanitization_filter.rb CHANGED Viewed

@@ -49,30 +49,38 @@ module HTML
         ),
         :remove_contents => ['script'],
         :attributes => {
-          'a' => ['href'],
-          'img' => ['src', 'longdesc'],
-          'div' => ['itemscope', 'itemtype'],
-          :all  => ['abbr', 'accept', 'accept-charset',
-                    'accesskey', 'action', 'align', 'alt', 'axis',
-                    'border', 'cellpadding', 'cellspacing', 'char',
-                    'charoff', 'charset', 'checked', 'cite',
-                    'clear', 'cols', 'colspan', 'color',
-                    'compact', 'coords', 'datetime', 'dir',
-                    'disabled', 'enctype', 'for', 'frame',
-                    'headers', 'height', 'hreflang',
-                    'hspace', 'ismap', 'label', 'lang',
-                    'maxlength', 'media', 'method',
-                    'multiple', 'name', 'nohref', 'noshade',
-                    'nowrap', 'open', 'prompt', 'readonly', 'rel', 'rev',
-                    'rows', 'rowspan', 'rules', 'scope',
-                    'selected', 'shape', 'size', 'span',
-                    'start', 'summary', 'tabindex', 'target',
-                    'title', 'type', 'usemap', 'valign', 'value',
-                    'vspace', 'width', 'itemprop']
+          'a'          => ['href'],
+          'img'        => ['src', 'longdesc'],
+          'div'        => ['itemscope', 'itemtype'],
+          'blockquote' => ['cite'],
+          'del'        => ['cite'],
+          'ins'        => ['cite'],
+          'q'          => ['cite'],
+          :all         => ['abbr', 'accept', 'accept-charset',
+                           'accesskey', 'action', 'align', 'alt', 'axis',
+                           'border', 'cellpadding', 'cellspacing', 'char',
+                           'charoff', 'charset', 'checked',
+                           'clear', 'cols', 'colspan', 'color',
+                           'compact', 'coords', 'datetime', 'dir',
+                           'disabled', 'enctype', 'for', 'frame',
+                           'headers', 'height', 'hreflang',
+                           'hspace', 'ismap', 'label', 'lang',
+                           'maxlength', 'media', 'method',
+                           'multiple', 'name', 'nohref', 'noshade',
+                           'nowrap', 'open', 'prompt', 'readonly', 'rel', 'rev',
+                           'rows', 'rowspan', 'rules', 'scope',
+                           'selected', 'shape', 'size', 'span',
+                           'start', 'summary', 'tabindex', 'target',
+                           'title', 'type', 'usemap', 'valign', 'value',
+                           'vspace', 'width', 'itemprop']
         },
         :protocols => {
-          'a'   => {'href' => ANCHOR_SCHEMES},
-          'img' => {
+          'a'          => {'href' => ANCHOR_SCHEMES},
+          'blockquote' => {'cite' => ['http', 'https', :relative]},
+          'del'        => {'cite' => ['http', 'https', :relative]},
+          'ins'        => {'cite' => ['http', 'https', :relative]},
+          'q'          => {'cite' => ['http', 'https', :relative]},
+          'img'        => {
             'src'      => ['http', 'https', :relative],
             'longdesc' => ['http', 'https', :relative]
           }

data/lib/html/pipeline/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module HTML
   class Pipeline
-    VERSION = "2.1.0"
+    VERSION = "2.2.0"
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Ryan Tomayko
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-09-22 00:00:00.000000000 Z
+date: 2015-09-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri