loofah 2.1.0.rc1 → 2.1.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.rdoc +3 -1
  3. data/Gemfile +2 -1
  4. data/lib/loofah.rb +1 -1
  5. data/test/assets/testdata_sanitizer_tests1.dat +1 -0
  6. data/test/html5/test_sanitizer.rb +4 -4
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a709ec5b5b8064cd96fd216b5ac5ece3db3c2099
4
- data.tar.gz: 212f9cb43700926714c873d2dd6ee661bcdb832a
3
+ metadata.gz: 85837747376afb9af97cc5e429abaa8616dcba29
4
+ data.tar.gz: d7e675aee95ea69c34aa1b962871c938153a9262
5
5
  SHA512:
6
- metadata.gz: 31120a6cb665a25b264707c6a85aff7a14beab7269e20a3d4403a72ae0b2bf625b6942df6178e92e419b1859c7e48255f19c407003f031773426cf158a953d14
7
- data.tar.gz: 21386a195c02a5faa3d52ff14f82534a087da91f009260d215bc07c8a46976803f424b2ddf4969756e7f63dec40ee0a270aac6d0549d9362fb87756da13b532d
6
+ metadata.gz: a67c17f6bb5b7d13708ba3495a85db7ff6435ef65deaef3c40d4316305f17afdb6c094e2913ad686e2a27bbcabfc82c88dc9955d8f89ca66b0788c3c86435018
7
+ data.tar.gz: 11a8c2f97e85b270cfae7a8da66410bf698bf77ec7e81943d869200da8291f2139a4f9d7dd1dfffbb255a50e7fe6c0c8d4094a8eb710875d737d649d1e0b978d
data/CHANGELOG.rdoc CHANGED
@@ -1,10 +1,12 @@
1
1
  = Changelog
2
2
 
3
- == 2.1.0.rc1 / 2015-08-17
3
+ == 2.1.0.rc2 / 2016-01-11
4
4
 
5
5
  Notes:
6
6
 
7
7
  * Re-implemented CSS parsing and sanitization using the {crass}[https://github.com/rgrove/crass] library. #91
8
+ * Updated tests to ensure support for libxml 2.9.3.
9
+
8
10
 
9
11
  Bug fixes:
10
12
 
data/Gemfile CHANGED
@@ -4,7 +4,8 @@
4
4
 
5
5
  source "https://rubygems.org/"
6
6
 
7
- gem "nokogiri", ">=1.5.9"
7
+ #gem "nokogiri", ">=1.5.9"
8
+ gem "nokogiri", :path => "../nokogiri"
8
9
  gem "crass", "~>1.0.2"
9
10
 
10
11
  gem "rdoc", "~>4.0", :group => [:development, :test]
data/lib/loofah.rb CHANGED
@@ -27,7 +27,7 @@ require 'loofah/html/document_fragment'
27
27
  #
28
28
  module Loofah
29
29
  # The version of Loofah you are using
30
- VERSION = '2.1.0.rc1'
30
+ VERSION = '2.1.0.rc2'
31
31
 
32
32
  class << self
33
33
  # Shortcut for Loofah::HTML::Document.parse
data/test/assets/testdata_sanitizer_tests1.dat CHANGED
@@ -345,6 +345,7 @@
345
345
  "name": "should_sanitize_script_tag_with_multiple_open_brackets",
346
346
  "input": "<<script>alert(\"XSS\");//<</script>",
347
347
  "output": "alert(\"XSS\");//",
348
+ "xhtml": "&lt;&lt;script&gt;alert('XSS');//&lt;&lt;/script&gt;",
348
349
  "rexml": "Ill-formed XHTML!"
349
350
  },
350
351
 
data/test/html5/test_sanitizer.rb CHANGED
@@ -251,14 +251,14 @@ class Html5TestSanitizer < Loofah::TestCase
251
251
  def test_upper_case_css_property
252
252
  html = "<div style=\"COLOR: BLUE; NOTAPROPERTY: RED;\">asdf</div>"
253
253
  sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_xml)
254
- assert_match /COLOR:\s*BLUE/i, sane.at_css("div")["style"]
255
- refute_match /NOTAPROPERTY/i, sane.at_css("div")["style"]
254
+ assert_match(/COLOR:\s*BLUE/i, sane.at_css("div")["style"])
255
+ refute_match(/NOTAPROPERTY/i, sane.at_css("div")["style"])
256
256
  end
257
257
 
258
258
  def test_many_properties_some_allowed
259
259
  html = "<div style=\"background: bold notaproperty center alsonotaproperty 10px;\">asdf</div>"
260
260
  sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_xml)
261
- assert_match /bold\s+center\s+10px/, sane.at_css("div")["style"]
261
+ assert_match(/bold\s+center\s+10px/, sane.at_css("div")["style"])
262
262
  end
263
263
 
264
264
  def test_many_properties_non_allowed
@@ -270,7 +270,7 @@ class Html5TestSanitizer < Loofah::TestCase
270
270
  def test_svg_properties
271
271
  html = "<line style='stroke-width: 10px;'></line>"
272
272
  sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_xml)
273
- assert_match /stroke-width:\s*10px/, sane.at_css("line")["style"]
273
+ assert_match(/stroke-width:\s*10px/, sane.at_css("line")["style"])
274
274
  end
275
275
  end
276
276
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0.rc1
4
+ version: 2.1.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-08-17 00:00:00.000000000 Z
12
+ date: 2016-01-11 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: nokogiri
@@ -171,14 +171,14 @@ dependencies:
171
171
  requirements:
172
172
  - - "~>"
173
173
  - !ruby/object:Gem::Version
174
- version: '3.13'
174
+ version: '3.14'
175
175
  type: :development
176
176
  prerelease: false
177
177
  version_requirements: !ruby/object:Gem::Requirement
178
178
  requirements:
179
179
  - - "~>"
180
180
  - !ruby/object:Gem::Version
181
- version: '3.13'
181
+ version: '3.14'
182
182
  description: |-
183
183
  Loofah is a general library for manipulating and transforming HTML/XML
184
184
  documents and fragments. It's built on top of Nokogiri and libxml2, so
@@ -262,7 +262,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
262
262
  version: 1.3.1
263
263
  requirements: []
264
264
  rubyforge_project:
265
- rubygems_version: 2.4.6
265
+ rubygems_version: 2.4.8
266
266
  signing_key:
267
267
  specification_version: 4
268
268
  summary: Loofah is a general library for manipulating and transforming HTML/XML documents