loofah 2.14.0 → 2.17.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of loofah might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/lib/loofah/html5/safelist.rb +66 -1
- data/lib/loofah/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7312c8a91f201016ceb465888c38c9a6e4f93ba362f1112a3f9d657bdb31e759
|
4
|
+
data.tar.gz: 47f2057c2ebce823f44ae997cdd5f3eba672d14c25ebd3176a54dd241573e7a5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a5ba0f513d4cb58450f3fdcbe178d266f51ae9f07ae0e8a64813b348c987c292aed10078a2de71ef0311efcd916b2e9c3b29df20eef61e8f242b2f4192a25748
|
7
|
+
data.tar.gz: 544bae277ff7a5ccf8d2f2820fec7db49d6157a4cf31d95d209d74e3de99e76fa0e2bd720c903830191f49756e62fa2d6fc6c0b23a1c76882b43f1e38372e4a5
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,26 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 2.17.0 / 2022-04-28
|
4
|
+
|
5
|
+
### Features
|
6
|
+
|
7
|
+
* Allow ARIA attributes. [[#232](https://github.com/flavorjones/loofah/issues/232), [#233](https://github.com/flavorjones/loofah/issues/233)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
8
|
+
|
9
|
+
|
10
|
+
## 2.16.0 / 2022-04-01
|
11
|
+
|
12
|
+
### Features
|
13
|
+
|
14
|
+
* Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
15
|
+
|
16
|
+
|
17
|
+
## 2.15.0 / 2022-03-14
|
18
|
+
|
19
|
+
### Features
|
20
|
+
|
21
|
+
* Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [@brendon](https://github.com/brendon)!)
|
22
|
+
|
23
|
+
|
3
24
|
## 2.14.0 / 2022-02-11
|
4
25
|
|
5
26
|
### Features
|
@@ -148,6 +148,7 @@ module Loofah
|
|
148
148
|
"annotation-xml",
|
149
149
|
"maction",
|
150
150
|
"math",
|
151
|
+
"menclose",
|
151
152
|
"merror",
|
152
153
|
"mfenced",
|
153
154
|
"mfrac",
|
@@ -161,6 +162,7 @@ module Loofah
|
|
161
162
|
"mprescripts",
|
162
163
|
"mroot",
|
163
164
|
"mrow",
|
165
|
+
"ms",
|
164
166
|
"mspace",
|
165
167
|
"msqrt",
|
166
168
|
"mstyle",
|
@@ -313,6 +315,7 @@ module Loofah
|
|
313
315
|
"columnspacing",
|
314
316
|
"columnspan",
|
315
317
|
"depth",
|
318
|
+
"dir",
|
316
319
|
"display",
|
317
320
|
"displaystyle",
|
318
321
|
"encoding",
|
@@ -323,19 +326,24 @@ module Loofah
|
|
323
326
|
"fontweight",
|
324
327
|
"frame",
|
325
328
|
"height",
|
329
|
+
"href",
|
326
330
|
"linethickness",
|
331
|
+
"lquote",
|
327
332
|
"lspace",
|
328
333
|
"mathbackground",
|
329
334
|
"mathcolor",
|
335
|
+
"mathsize",
|
330
336
|
"mathvariant",
|
331
337
|
"maxsize",
|
332
338
|
"minsize",
|
339
|
+
"notation",
|
333
340
|
"open",
|
334
341
|
"other",
|
335
342
|
"rowalign",
|
336
343
|
"rowlines",
|
337
344
|
"rowspacing",
|
338
345
|
"rowspan",
|
346
|
+
"rquote",
|
339
347
|
"rspace",
|
340
348
|
"scriptlevel",
|
341
349
|
"selection",
|
@@ -504,6 +512,62 @@ module Loofah
|
|
504
512
|
"zoomAndPan",
|
505
513
|
])
|
506
514
|
|
515
|
+
ARIA_ATTRIBUTES = Set.new([
|
516
|
+
"aria-activedescendant",
|
517
|
+
"aria-atomic",
|
518
|
+
"aria-autocomplete",
|
519
|
+
"aria-braillelabel",
|
520
|
+
"aria-brailleroledescription",
|
521
|
+
"aria-busy",
|
522
|
+
"aria-checked",
|
523
|
+
"aria-colcount",
|
524
|
+
"aria-colindex",
|
525
|
+
"aria-colindextext",
|
526
|
+
"aria-colspan",
|
527
|
+
"aria-controls",
|
528
|
+
"aria-current",
|
529
|
+
"aria-describedby",
|
530
|
+
"aria-description",
|
531
|
+
"aria-details",
|
532
|
+
"aria-disabled",
|
533
|
+
"aria-dropeffect",
|
534
|
+
"aria-errormessage",
|
535
|
+
"aria-expanded",
|
536
|
+
"aria-flowto",
|
537
|
+
"aria-grabbed",
|
538
|
+
"aria-haspopup",
|
539
|
+
"aria-hidden",
|
540
|
+
"aria-invalid",
|
541
|
+
"aria-keyshortcuts",
|
542
|
+
"aria-label",
|
543
|
+
"aria-labelledby",
|
544
|
+
"aria-level",
|
545
|
+
"aria-live",
|
546
|
+
"aria-multiline",
|
547
|
+
"aria-multiselectable",
|
548
|
+
"aria-orientation",
|
549
|
+
"aria-owns",
|
550
|
+
"aria-placeholder",
|
551
|
+
"aria-posinset",
|
552
|
+
"aria-pressed",
|
553
|
+
"aria-readonly",
|
554
|
+
"aria-relevant",
|
555
|
+
"aria-required",
|
556
|
+
"aria-roledescription",
|
557
|
+
"aria-rowcount",
|
558
|
+
"aria-rowindex",
|
559
|
+
"aria-rowindextext",
|
560
|
+
"aria-rowspan",
|
561
|
+
"aria-selected",
|
562
|
+
"aria-setsize",
|
563
|
+
"aria-sort",
|
564
|
+
"aria-valuemax",
|
565
|
+
"aria-valuemin",
|
566
|
+
"aria-valuenow",
|
567
|
+
"aria-valuetext",
|
568
|
+
"role",
|
569
|
+
])
|
570
|
+
|
507
571
|
ATTR_VAL_IS_URI = Set.new([
|
508
572
|
"action",
|
509
573
|
"cite",
|
@@ -766,6 +830,7 @@ module Loofah
|
|
766
830
|
"rsync",
|
767
831
|
"rtsp",
|
768
832
|
"sftp",
|
833
|
+
"sms",
|
769
834
|
"ssh",
|
770
835
|
"tag",
|
771
836
|
"tel",
|
@@ -786,7 +851,7 @@ module Loofah
|
|
786
851
|
|
787
852
|
# subclasses may define their own versions of these constants
|
788
853
|
ALLOWED_ELEMENTS = ACCEPTABLE_ELEMENTS + MATHML_ELEMENTS + SVG_ELEMENTS
|
789
|
-
ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES
|
854
|
+
ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES + ARIA_ATTRIBUTES
|
790
855
|
ALLOWED_CSS_PROPERTIES = ACCEPTABLE_CSS_PROPERTIES
|
791
856
|
ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS
|
792
857
|
ALLOWED_CSS_FUNCTIONS = ACCEPTABLE_CSS_FUNCTIONS
|
data/lib/loofah/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.17.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-04-28 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: crass
|