html-pipeline 3.2.0 → 3.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8252d2015129b2ee071b6c094a773afecd796a75d0ab3d24aaa18b997be8f1f
-  data.tar.gz: 3ace3231f84d7f5a82b4921d2ee600a4ae069440adb15e4ee527eda290b00637
+  metadata.gz: 7d505d0765630595363061d97d8f189a2712fc56b89371542a225d35421af386
+  data.tar.gz: 9d10f5ad3c9d39fe65d6e3b22cd59070997e5774353806affde0a957a52f5812
 SHA512:
-  metadata.gz: be71b5590d6599b2a2c8d6dfdb98b27e61701a07bbc1a0aa14982459bfd65d8aec69228318834c939a6357dff03c982e739d2a39a83853e12016049e2ddd13e2
-  data.tar.gz: b90b25b60016557c21eef5ee431c21890f5580589fabfafbe36e530ff3dc63cd3e3a83cf835c757cf8b7398e58c2f290096cf7ef8173177a27457b15871fe5e9
+  metadata.gz: 63b53387dfbb3bc7a9be29f0e6de9930daa773254dc885d0561b59a8d8ff50317ddabe62c364253b6da7142b3c4d169f72ce43f217ec50d18aee450513e88f13
+  data.tar.gz: 948027919009faea3009e0e222491aeae865db4875602a40bbf5a458f8b712f633b6e66d386e95acadbb129bcba33f63afdddbc89b73758cc1b544855eb5b227

data/.github/workflows/publish.yml

@@ -1,4 +1,4 @@
-name: Release
+name: Tag and Release
 
 on:
   workflow_dispatch:
@@ -7,13 +7,18 @@ on:
       - main
     paths:
       - "lib/html_pipeline/version.rb"
+  pull_request_target:
+    types:
+      - closed
 
 jobs:
   ruby:
     uses: yettoapp/actions/.github/workflows/ruby_gem_release.yml@main
     secrets:
       rubygems_api_key: ${{ secrets.RUBYGEMS_API_BOT_KEY }}
-      gh_token: ${{ secrets.PUBLIC_PUSH_TO_PROTECTED_BRANCH }}
+      gh_token: ${{ secrets.GITHUB_TOKEN }}
     with:
       gem_name: html-pipeline
       version_filepath: lib/html_pipeline/version.rb
+      prepare: ${{ github.event_name == 'push' }}
+      release: ${{ github.event_name == 'workflow_dispatch' || ((github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'release'))) }}

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+# [v3.2.1] - 16-07-2024
+## What's Changed
+* Update commonmarker requirement from ~> 1.0.0.pre7 to ~> 1.1.2 in the bundler-dependencies group by @dependabot in https://github.com/gjtorikian/html-pipeline/pull/404
+* Remove superfluous sanitization by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/408
+
+
+**Full Changelog**: https://github.com/gjtorikian/html-pipeline/compare/v3.2.0...v3.2.1
+## [v3.2.0] - 30-04-2024
+## What's Changed
+* Pass context along to every part of the pipeline by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/403
+
+
+**Full Changelog**: https://github.com/gjtorikian/html-pipeline/compare/v3.1.1...v3.2.0
 ## [v3.1.1] - 09-04-2024
 ## What's Changed
 * Correct missing method implementation by @gjtorikian in https://github.com/gjtorikian/html-pipeline/pull/401

data/Gemfile

@@ -25,7 +25,7 @@ group :development do
 end
 
 group :test do
-  gem "commonmarker", "~> 1.0.0.pre7", require: false
+  gem "commonmarker", "~> 1.1.2", require: false
   gem "gemoji", "~> 4.1", require: false
   gem "gemojione", "~> 4.3", require: false
 

data/README.md

@@ -171,9 +171,9 @@ The `ConvertFilter` takes text and turns it into HTML. `@text`, `@config`, and `
 
 ### Sanitization
 
-Because the web can be a scary place, HTML is automatically sanitized after the `ConvertFilter` runs and before the `NodeFilter`s are processed. This is to prevent malicious or unexpected input from entering the pipeline.
+Because the web can be a scary place, **HTML is automatically sanitized** after the `ConvertFilter` runs and before the `NodeFilter`s are processed. This is to prevent malicious or unexpected input from entering the pipeline.
 
-The sanitization process takes a hash configuration of settings. See the [Selma](https://www.github.com/gjtorikian/selma) documentation for more information on how to configure these settings.
+The sanitization process takes a hash configuration of settings. See the [Selma](https://www.github.com/gjtorikian/selma) documentation for more information on how to configure these settings. Note that users must correctly configure the sanitization configuration if they expect to use it correctly in conjunction with handlers which manipulate HTML.
 
 A default sanitization config is provided by this library (`HTMLPipeline::SanitizationFilter::DEFAULT_CONFIG`). A sample custom sanitization allowlist might look like this:
 
@@ -224,7 +224,7 @@ For more examples of customizing the sanitization process to include the tags yo
 
 `NodeFilters`s can operate either on HTML elements or text nodes using CSS selectors. Each `NodeFilter` must define a method named `selector` which provides an instance of `Selma::Selector`. If elements are being manipulated, `handle_element` must be defined, taking one argument, `element`; if text nodes are being manipulated, `handle_text_chunk` must be defined, taking one argument, `text_chunk`. `@config`, and `@result` are available to use, and any changes made to these ivars are passed on to the next filter.
 
-`NodeFilter` also has an optional method, `after_initialize`, which is run after the filter initializes. This can be useful in setting up a custom state for `result` to take advantage of.
+`NodeFilter` also has an optional method, `after_initialize`, which is run after the filter initializes. This can be useful in setting up a fresh custom state for `result` to start from each time the pipeline is called.
 
 Here's an example `NodeFilter` that adds a base url to images that are root relative:
 

data/html-pipeline.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |gem|
     "rubygems_mfa_required" => "true",
   }
 
-  gem.add_dependency("selma", "~> 0.1")
+  gem.add_dependency("selma", "~> 0.4")
   gem.add_dependency("zeitwerk", "~> 2.5")
 
   gem.post_install_message = <<~MSG

data/lib/html_pipeline/convert_filter/markdown_filter.rb

@@ -12,7 +12,7 @@ class HTMLPipeline
     #   :markdown[:extensions] => Commonmarker extensions options
     class MarkdownFilter < ConvertFilter
       def initialize(context: {}, result: {})
-        super(context: context, result: result)
+        super
       end
 
       # Convert Commonmark to HTML using the best available implementation.

data/lib/html_pipeline/convert_filter.rb

@@ -5,7 +5,7 @@ class HTMLPipeline
     attr_reader :text, :html
 
     def initialize(context: {}, result: {})
-      super(context: context, result: result)
+      super
     end
 
     class << self

data/lib/html_pipeline/node_filter/syntax_highlight_filter.rb

@@ -15,7 +15,7 @@ class HTMLPipeline
     # This filter does not write any additional information to the context hash.
     class SyntaxHighlightFilter < NodeFilter
       def initialize(context: {}, result: {})
-        super(context: context, result: result)
+        super
         # TODO: test the optionality of this
         @formatter = context[:formatter] || Rouge::Formatters::HTML.new
       end

data/lib/html_pipeline/text_filter.rb

@@ -5,7 +5,7 @@ class HTMLPipeline
     attr_reader :text
 
     def initialize(context: {}, result: {})
-      super(context: context, result: result)
+      super
     end
 
     class << self

data/lib/html_pipeline/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class HTMLPipeline
-  VERSION = "3.2.0"
+  VERSION = "3.2.1"
 end

data/lib/html_pipeline.rb

@@ -175,11 +175,20 @@ class HTMLPipeline
       end
     end
 
-    unless @node_filters.empty?
+    rewriter_options = {
+      memory: {
+        max_allowed_memory_usage: 5242880, # arbitrary limit of 5MB
+      },
+    }
+
+    if @node_filters.empty?
+      instrument("sanitization.html_pipeline", payload) do
+        result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters, options: rewriter_options).rewrite(html)
+      end unless @convert_filter.nil? # no html, so no sanitization
+    else
       instrument("call_node_filters.html_pipeline", payload) do
         @node_filters.each { |filter| filter.context = (filter.context || {}).merge(context) }
-        result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters).rewrite(html)
-        html = result[:output]
+        result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters, options: rewriter_options).rewrite(html)
         payload = default_payload({
           node_filters: @node_filters.map { |f| f.class.name },
           context: context,
@@ -188,10 +197,6 @@ class HTMLPipeline
       end
     end
 
-    instrument("sanitization.html_pipeline", payload) do
-      result[:output] = Selma::Rewriter.new(sanitizer: @sanitization_config, handlers: @node_filters).rewrite(html)
-    end
-
     result = result.merge(@node_filters.collect(&:result).reduce({}, :merge))
     @node_filters.each(&:reset!)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: html-pipeline
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.2.1
 platform: ruby
 authors:
 - Garen J. Torikian
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-30 00:00:00.000000000 Z
+date: 2024-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: selma
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.4'
   force_ruby_platform: false
 - !ruby/object:Gem::Dependency
   name: zeitwerk