loofah 1.2.0 → 1.2.1

data/CHANGELOG.rdoc

@@ -1,5 +1,10 @@
 = Changelog
 
+== 1.2.1 (2012-04-14)
+
+* Declaring encoding in html5/scrub.rb. Without this, use of the ruby -KU option would cause havoc. (#32)
+
+
 == 1.2.0 (2011-08-08)
 
 Enhancements:
@@ -7,6 +12,7 @@ Enhancements:
 * Loofah::Helpers.sanitize_css is a replacement for Rails's built-in sanitize_css helper.
 * Improving ActionView integration.
 
+
 == 1.1.0 (2011-08-08)
 
 Enhancements:
@@ -16,6 +22,7 @@ Enhancements:
 * Whitelists (which are not part of the public API) are now Sets (were previously Arrays).
 * Don't explode when encountering UTF-8 URIs. (#25, #29)
 
+
 == 1.0.0 (2010-10-26)
 
 Notes:
@@ -23,6 +30,7 @@ Notes:
 * Moved ActiveRecord functionality into `loofah-activerecord` gem.
 * Removed DEPRECATIONS.rdoc documenting 0.3.0 API changes.
 
+
 == 0.4.7 (2010-03-09)
 
 Enhancements:
@@ -35,6 +43,7 @@ Enhancements:
 * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text
   will return unescaped HTML entities by passing :encode_special_chars => false.
 
+
 == 0.4.4, 0.4.5, 0.4.6 (2010-02-01)
 
 Enhancements:
@@ -45,6 +54,7 @@ Bug fixes:
 
 * Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17
 
+
 == 0.4.3 (2010-01-29)
 
 Enhancements:
@@ -58,6 +68,7 @@ Miscellaneous:
   since the use of Bundler breaks the previously-documented method. To
   be safe, always use an initializer file.
 
+
 == 0.4.2 (2010-01-22)
 
 Enhancements:
@@ -76,12 +87,14 @@ Miscellaneous:
 * Mailing list is now loofah@librelist.com / http://librelist.com
 * IRC channel is now \#loofah on freenode.
 
+
 == 0.4.1 (2009-11-23)
 
 Bugfix:
 
 * Manifest fixed. Whoops.
 
+
 == 0.4.0 (2009-11-21)
 
 Enhancements:
@@ -91,12 +104,15 @@ Enhancements:
 * Added :nofollow HTML scrubber (thanks Luke Melia!)
 * Built-in scrubbing methods refactored to use Scrubber.
 
+
+
 == 0.3.1 (2009-10-12)
 
 Bug fixes:
 
 * Scrubbed Documents properly render html, head and body tags when serialized.
 
+
 == 0.3.0 (2009-10-06)
 
 Enhancements:
@@ -111,6 +127,7 @@ Deprecations:
   sanitize_document have been deprecated. See DEPRECATED.rdoc for
   details on the equivalent calls with the post-0.2 API.
 
+
 == 0.2.2 (2009-09-30)
 
 Enhancements:
@@ -118,6 +135,7 @@ Enhancements:
 * ActiveRecord extension scrubs fields in a before_validation callback
   (was previously in a before_save)
 
+
 == 0.2.1 (2009-09-19)
 
 Enhancements:
@@ -132,6 +150,7 @@ Bugfixes:
 * init.rb fixed to support installation as a Rails plugin. GH #6
   (Thanks Josh Nichols!)
 
+
 == 0.2.0 (2009-09-11)
 
 * Swank new API.
@@ -141,10 +160,12 @@ Bugfixes:
 * Deprecated the Dryopteris sanitization methods. Will be removed in 0.3.0.
 * Documentation! Hey!
 
+
 == 0.1.2 (2009-04-30)
 
 * Added whitewashing -- removal of all attributes and namespaced nodes. You know, for microsofty HTML.
 
+
 == 0.1.0 (2009-02-10)
 
 * Birthday!

data/README.rdoc

@@ -77,8 +77,8 @@ or by implementing a method.
 
 Generally speaking, unless you expect to have a DOCTYPE and a single
 root node, you don't have a *document*, you have a *fragment*. For
-HTML, another rule of thumb is that *documents* have \<html\>
-and \<body\> tags, and *fragments* usually do not.
+HTML, another rule of thumb is that *documents* have +html+ and +body+
+tags, and *fragments* usually do not.
 
 HTML fragments should be parsed with Loofah.fragment. The result won't
 be wrapped in +html+ or +body+ tags, won't have a DOCTYPE declaration,
@@ -235,7 +235,7 @@ the Rails ActionView helpers of the same name.
 
 == Requirements
 
-* Nokogiri >= 1.3.3
+* Nokogiri >= 1.4.4
 
 == Installation
 

data/Rakefile

@@ -59,3 +59,10 @@ task :fix_css do
   puts "* fixing css"
   File.open("doc/rdoc.css", "a") { |f| f.write better_css }
 end
+
+desc "generate and upload docs to rubyforge"
+task :doc_upload_to_rubyforge => :docs do
+  Dir.chdir "doc" do
+    system "rsync -avz --delete * rubyforge.org:/var/www/gforge-projects/loofah/loofah"
+  end
+end

data/lib/loofah/helpers.rb

@@ -55,11 +55,11 @@ module Loofah
       #
       #  To use by default, call this in an application initializer:
       #
-      #      ActionView::Helpers::SanitizeHelper.full_sanitizer = ::Loofah::Helpers::ActionView::FullSanitizer.new
+      #    ActionView::Helpers::SanitizeHelper.full_sanitizer = ::Loofah::Helpers::ActionView::FullSanitizer.new
       #
       #  Or, to generally opt-in to Loofah's view sanitizers:
       #
-      #      Loofah::Helpers::ActionView.set_as_default_sanitizer
+      #    Loofah::Helpers::ActionView.set_as_default_sanitizer
       #
       class FullSanitizer
         def sanitize html, *args
@@ -72,11 +72,11 @@ module Loofah
       #
       #  To use by default, call this in an application initializer:
       #
-      #      ActionView::Helpers::SanitizeHelper.white_list_sanitizer = ::Loofah::Helpers::ActionView::WhiteListSanitizer.new
+      #    ActionView::Helpers::SanitizeHelper.white_list_sanitizer = ::Loofah::Helpers::ActionView::WhiteListSanitizer.new
       #
       #  Or, to generally opt-in to Loofah's view sanitizers:
       #
-      #      Loofah::Helpers::ActionView.set_as_default_sanitizer
+      #    Loofah::Helpers::ActionView.set_as_default_sanitizer
       #
       class WhiteListSanitizer
         def sanitize html, *args

data/lib/loofah/html5/scrub.rb

@@ -1,3 +1,5 @@
+#encoding: US-ASCII
+
 require 'cgi'
 
 module Loofah

data/lib/loofah/metahelpers.rb

@@ -1,5 +1,5 @@
 module Loofah
-  module MetaHelpers
+  module MetaHelpers # :nodoc:
     def self.add_downcased_set_members_to_all_set_constants mojule
       mojule.constants.each do |constant_sym|
         constant = mojule.const_get constant_sym

data/lib/loofah.rb

@@ -29,7 +29,7 @@ require 'loofah/helpers'
 #
 module Loofah
   # The version of Loofah you are using
-  VERSION = '1.2.0'
+  VERSION = '1.2.1'
 
   class << self
     # Shortcut for Loofah::HTML::Document.parse

data/test/html5/test_sanitizer.rb

@@ -199,16 +199,6 @@ class Html5TestSanitizer < Loofah::TestCase
       output = "<rect fill='  #fff'></rect>"
       check_sanitization(input, output, output, output)
     end
-
-    define_method "test_uri_ref_with_space_in_svg_attribute_#{attr_name}" do
-      input = "<rect fill='url(\n#foo)' />"
-      rexml = "<rect fill='url(\n#foo)'></rect>"
-    end
-
-    define_method "test_absolute_uri_ref_with_space_in_svg_attribute_#{attr_name}" do
-      input = "<rect fill=\"url(\nhttp://bad.com/)\" />"
-      rexml = "<rect fill=' '></rect>"
-    end
   end
 end
 

metadata

@@ -1,196 +1,159 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: loofah
-version: !ruby/object:Gem::Version 
-  hash: 31
+version: !ruby/object:Gem::Version
+  version: 1.2.1
   prerelease: 
-  segments: 
-  - 1
-  - 2
-  - 0
-  version: 1.2.0
 platform: ruby
-authors: 
+authors:
 - Mike Dalessio
 - Bryan Helmkamp
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-08-08 00:00:00 -04:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  requirement: &id001 !ruby/object:Gem::Requirement 
+date: 2012-04-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: &7093760 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 4
-        - 4
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.4.4
-  name: nokogiri
-  version_requirements: *id001
-  prerelease: false
   type: :runtime
-- !ruby/object:Gem::Dependency 
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 0
-        - 8
-        version: "0.8"
-  name: rake
-  version_requirements: *id002
   prerelease: false
+  version_requirements: *7093760
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &7093180 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0.8'
   type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  prerelease: false
+  version_requirements: *7093180
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: &7107880 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 2
-        - 2
-        version: "2.2"
-  name: minitest
-  version_requirements: *id003
-  prerelease: false
+      - !ruby/object:Gem::Version
+        version: '2.2'
   type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  prerelease: false
+  version_requirements: *7107880
+- !ruby/object:Gem::Dependency
+  name: rr
+  requirement: &7106860 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 0
-        version: "1.0"
-  name: rr
-  version_requirements: *id004
-  prerelease: false
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  name: json
-  version_requirements: *id005
   prerelease: false
-  type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: *7106860
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: &7103340 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  name: hoe-gemspec
-  version_requirements: *id006
-  prerelease: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  name: hoe-debugging
-  version_requirements: *id007
   prerelease: false
-  type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id008 !ruby/object:Gem::Requirement 
+  version_requirements: *7103340
+- !ruby/object:Gem::Dependency
+  name: hoe-gemspec
+  requirement: &7101160 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  name: hoe-bundler
-  version_requirements: *id008
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
   prerelease: false
+  version_requirements: *7101160
+- !ruby/object:Gem::Dependency
+  name: hoe-debugging
+  requirement: &7115900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  prerelease: false
+  version_requirements: *7115900
+- !ruby/object:Gem::Dependency
+  name: hoe-bundler
+  requirement: &7115180 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  name: hoe-git
-  version_requirements: *id009
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
   prerelease: false
+  version_requirements: *7115180
+- !ruby/object:Gem::Dependency
+  name: hoe-git
+  requirement: &7114520 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-- !ruby/object:Gem::Dependency 
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  prerelease: false
+  version_requirements: *7114520
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: &7113560 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 2
-        - 10
-        version: "2.10"
-  name: hoe
-  version_requirements: *id010
-  prerelease: false
+      - !ruby/object:Gem::Version
+        version: '2.12'
   type: :development
-description: |-
-  Loofah is a general library for manipulating and transforming HTML/XML
-  documents and fragments. It's built on top of Nokogiri and libxml2, so
-  it's fast and has a nice API.
-  
+  prerelease: false
+  version_requirements: *7113560
+description: ! 'Loofah is a general library for manipulating and transforming HTML/XML
+
+  documents and fragments. It''s built on top of Nokogiri and libxml2, so
+
+  it''s fast and has a nice API.
+
+
   Loofah excels at HTML sanitization (XSS prevention). It includes some
-  nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
-  most likely won't make your codes less secure. (These statements have
+
+  nice HTML sanitizers, which are based on HTML5lib''s whitelist, so it
+
+  most likely won''t make your codes less secure. (These statements have
+
   not been evaluated by Netexperts.)
-  
+
+
   ActiveRecord extensions for sanitization are available in the
+
   `loofah-activerecord` gem (see
-  http://github.com/flavorjones/loofah-activerecord).
-email: 
+
+  http://github.com/flavorjones/loofah-activerecord).'
+email:
 - mike.dalessio@gmail.com
 - bryan@brynary.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - MIT-LICENSE.txt
 - Manifest.txt
-- CHANGELOG.rdoc
 - README.rdoc
-files: 
+- CHANGELOG.rdoc
+files:
 - CHANGELOG.rdoc
 - Gemfile
 - MIT-LICENSE.txt
@@ -228,50 +191,42 @@ files:
 - test/unit/test_scrubber.rb
 - test/unit/test_scrubbers.rb
 - .gemtest
-has_rdoc: true
 homepage: http://github.com/flavorjones/loofah
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - --main
 - README.rdoc
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: loofah
-rubygems_version: 1.6.0
+rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
-summary: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments
-test_files: 
-- test/unit/test_scrubber.rb
-- test/unit/test_helpers.rb
-- test/unit/test_api.rb
-- test/unit/test_scrubbers.rb
-- test/unit/test_encoding.rb
+summary: Loofah is a general library for manipulating and transforming HTML/XML documents
+  and fragments
+test_files:
 - test/html5/test_sanitizer.rb
+- test/integration/test_html.rb
 - test/integration/test_helpers.rb
-- test/integration/test_scrubbers.rb
 - test/integration/test_ad_hoc.rb
+- test/integration/test_scrubbers.rb
 - test/integration/test_xml.rb
-- test/integration/test_html.rb
+- test/unit/test_scrubber.rb
+- test/unit/test_helpers.rb
+- test/unit/test_scrubbers.rb
+- test/unit/test_api.rb
+- test/unit/test_encoding.rb