loofah 2.13.0 → 2.16.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of loofah might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/README.md +4 -5
- data/lib/loofah/elements.rb +5 -2
- data/lib/loofah/html5/safelist.rb +9 -0
- data/lib/loofah/instance_methods.rb +4 -4
- data/lib/loofah/scrubbers.rb +7 -2
- data/lib/loofah/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d40096a6907f19cebf6b6b9a2ef87ce523b2716fba9c8d6fccedb9b482acfcef
|
4
|
+
data.tar.gz: 30988f4bfef885607cfa24cd727a5512be1133e7ce10e92af386f16b4e290fb1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2e717a4402933b4a2a47ba39b2cd2da8daf5194ffacb9c803290a1946a251794339529ad847202ff0573753bd702f8b9e646b50cf9672ec163dbebc2dd9bdcaf
|
7
|
+
data.tar.gz: 0f3546b919f5a808f8e7a8fe32112ccb5759d86aa42becb82fe42fe7afeacaf5fe39af5cd7a49be627dfd17746b6ea16c5798a13b18b369cb75661b51401e30f
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,26 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 2.16.0 / 2022-04-01
|
4
|
+
|
5
|
+
### Features
|
6
|
+
|
7
|
+
* Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
8
|
+
|
9
|
+
|
10
|
+
## 2.15.0 / 2022-03-14
|
11
|
+
|
12
|
+
### Features
|
13
|
+
|
14
|
+
* Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [@brendon](https://github.com/brendon)!)
|
15
|
+
|
16
|
+
|
17
|
+
## 2.14.0 / 2022-02-11
|
18
|
+
|
19
|
+
### Features
|
20
|
+
|
21
|
+
* The `#to_text` method on `Loofah::HTML::{Document,DocumentFragment}` replaces `<br>` line break elements with a newline. [[#225](https://github.com/flavorjones/loofah/issues/225)]
|
22
|
+
|
23
|
+
|
3
24
|
## 2.13.0 / 2021-12-10
|
4
25
|
|
5
26
|
### Bug fixes
|
data/README.md
CHANGED
@@ -133,13 +133,12 @@ and `text` to return plain text:
|
|
133
133
|
doc.text # => "ohai! div is safe "
|
134
134
|
```
|
135
135
|
|
136
|
-
Also, `to_text` is available, which does the right thing with
|
137
|
-
whitespace around block-level elements.
|
136
|
+
Also, `to_text` is available, which does the right thing with whitespace around block-level and line break elements.
|
138
137
|
|
139
138
|
``` ruby
|
140
|
-
doc = Loofah.fragment("<h1>Title</h1><div>Content</div>")
|
141
|
-
doc.text # => "
|
142
|
-
doc.to_text # => "\nTitle\n\nContent\n"
|
139
|
+
doc = Loofah.fragment("<h1>Title</h1><div>Content<br>Next line</div>")
|
140
|
+
doc.text # => "TitleContentNext line" # probably not what you want
|
141
|
+
doc.to_text # => "\nTitle\n\nContent\nNext line\n" # better
|
143
142
|
```
|
144
143
|
|
145
144
|
### Loofah::XML::Document and Loofah::XML::DocumentFragment
|
data/lib/loofah/elements.rb
CHANGED
@@ -70,8 +70,6 @@ module Loofah
|
|
70
70
|
video
|
71
71
|
]
|
72
72
|
|
73
|
-
STRICT_BLOCK_LEVEL = STRICT_BLOCK_LEVEL_HTML4 + STRICT_BLOCK_LEVEL_HTML5
|
74
|
-
|
75
73
|
# The following elements may also be considered block-level
|
76
74
|
# elements since they may contain block-level elements
|
77
75
|
LOOSE_BLOCK_LEVEL = Set.new %w[dd
|
@@ -86,7 +84,12 @@ module Loofah
|
|
86
84
|
tr
|
87
85
|
]
|
88
86
|
|
87
|
+
# Elements that aren't block but should generate a newline in #to_text
|
88
|
+
INLINE_LINE_BREAK = Set.new(["br"])
|
89
|
+
|
90
|
+
STRICT_BLOCK_LEVEL = STRICT_BLOCK_LEVEL_HTML4 + STRICT_BLOCK_LEVEL_HTML5
|
89
91
|
BLOCK_LEVEL = STRICT_BLOCK_LEVEL + LOOSE_BLOCK_LEVEL
|
92
|
+
LINEBREAKERS = BLOCK_LEVEL + INLINE_LINE_BREAK
|
90
93
|
end
|
91
94
|
|
92
95
|
::Loofah::MetaHelpers.add_downcased_set_members_to_all_set_constants ::Loofah::Elements
|
@@ -148,6 +148,7 @@ module Loofah
|
|
148
148
|
"annotation-xml",
|
149
149
|
"maction",
|
150
150
|
"math",
|
151
|
+
"menclose",
|
151
152
|
"merror",
|
152
153
|
"mfenced",
|
153
154
|
"mfrac",
|
@@ -161,6 +162,7 @@ module Loofah
|
|
161
162
|
"mprescripts",
|
162
163
|
"mroot",
|
163
164
|
"mrow",
|
165
|
+
"ms",
|
164
166
|
"mspace",
|
165
167
|
"msqrt",
|
166
168
|
"mstyle",
|
@@ -313,6 +315,7 @@ module Loofah
|
|
313
315
|
"columnspacing",
|
314
316
|
"columnspan",
|
315
317
|
"depth",
|
318
|
+
"dir",
|
316
319
|
"display",
|
317
320
|
"displaystyle",
|
318
321
|
"encoding",
|
@@ -323,19 +326,24 @@ module Loofah
|
|
323
326
|
"fontweight",
|
324
327
|
"frame",
|
325
328
|
"height",
|
329
|
+
"href",
|
326
330
|
"linethickness",
|
331
|
+
"lquote",
|
327
332
|
"lspace",
|
328
333
|
"mathbackground",
|
329
334
|
"mathcolor",
|
335
|
+
"mathsize",
|
330
336
|
"mathvariant",
|
331
337
|
"maxsize",
|
332
338
|
"minsize",
|
339
|
+
"notation",
|
333
340
|
"open",
|
334
341
|
"other",
|
335
342
|
"rowalign",
|
336
343
|
"rowlines",
|
337
344
|
"rowspacing",
|
338
345
|
"rowspan",
|
346
|
+
"rquote",
|
339
347
|
"rspace",
|
340
348
|
"scriptlevel",
|
341
349
|
"selection",
|
@@ -766,6 +774,7 @@ module Loofah
|
|
766
774
|
"rsync",
|
767
775
|
"rtsp",
|
768
776
|
"sftp",
|
777
|
+
"sms",
|
769
778
|
"ssh",
|
770
779
|
"tag",
|
771
780
|
"tel",
|
@@ -112,11 +112,11 @@ module Loofah
|
|
112
112
|
# Returns a plain-text version of the markup contained by the
|
113
113
|
# fragment, with HTML entities encoded.
|
114
114
|
#
|
115
|
-
# This method is slower than #
|
116
|
-
# whitespace around block elements.
|
115
|
+
# This method is slower than #text, but is clever about
|
116
|
+
# whitespace around block elements and line break elements.
|
117
117
|
#
|
118
|
-
# Loofah.document("<h1>Title</h1><div>Content</div>").to_text
|
119
|
-
# # => "\nTitle\n\nContent\n"
|
118
|
+
# Loofah.document("<h1>Title</h1><div>Content<br>Next line</div>").to_text
|
119
|
+
# # => "\nTitle\n\nContent\nNext line\n"
|
120
120
|
#
|
121
121
|
def to_text(options = {})
|
122
122
|
Loofah.remove_extraneous_whitespace self.dup.scrub!(:newline_block_elements).text(options)
|
data/lib/loofah/scrubbers.rb
CHANGED
@@ -240,8 +240,13 @@ module Loofah
|
|
240
240
|
end
|
241
241
|
|
242
242
|
def scrub(node)
|
243
|
-
return CONTINUE unless Loofah::Elements::
|
244
|
-
|
243
|
+
return CONTINUE unless Loofah::Elements::LINEBREAKERS.include?(node.name)
|
244
|
+
replacement = if Loofah::Elements::INLINE_LINE_BREAK.include?(node.name)
|
245
|
+
"\n"
|
246
|
+
else
|
247
|
+
"\n#{node.content}\n"
|
248
|
+
end
|
249
|
+
node.add_next_sibling Nokogiri::XML::Text.new(replacement, node.document)
|
245
250
|
node.remove
|
246
251
|
end
|
247
252
|
end
|
data/lib/loofah/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.16.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2022-04-01 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: crass
|
@@ -199,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
199
199
|
- !ruby/object:Gem::Version
|
200
200
|
version: '0'
|
201
201
|
requirements: []
|
202
|
-
rubygems_version: 3.
|
202
|
+
rubygems_version: 3.3.5
|
203
203
|
signing_key:
|
204
204
|
specification_version: 4
|
205
205
|
summary: Loofah is a general library for manipulating and transforming HTML/XML documents
|