loofah 2.14.0 → 2.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/lib/loofah/html5/safelist.rb +66 -1
- data/lib/loofah/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7312c8a91f201016ceb465888c38c9a6e4f93ba362f1112a3f9d657bdb31e759
|
|
4
|
+
data.tar.gz: 47f2057c2ebce823f44ae997cdd5f3eba672d14c25ebd3176a54dd241573e7a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a5ba0f513d4cb58450f3fdcbe178d266f51ae9f07ae0e8a64813b348c987c292aed10078a2de71ef0311efcd916b2e9c3b29df20eef61e8f242b2f4192a25748
|
|
7
|
+
data.tar.gz: 544bae277ff7a5ccf8d2f2820fec7db49d6157a4cf31d95d209d74e3de99e76fa0e2bd720c903830191f49756e62fa2d6fc6c0b23a1c76882b43f1e38372e4a5
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,26 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 2.17.0 / 2022-04-28
|
|
4
|
+
|
|
5
|
+
### Features
|
|
6
|
+
|
|
7
|
+
* Allow ARIA attributes. [[#232](https://github.com/flavorjones/loofah/issues/232), [#233](https://github.com/flavorjones/loofah/issues/233)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## 2.16.0 / 2022-04-01
|
|
11
|
+
|
|
12
|
+
### Features
|
|
13
|
+
|
|
14
|
+
* Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
## 2.15.0 / 2022-03-14
|
|
18
|
+
|
|
19
|
+
### Features
|
|
20
|
+
|
|
21
|
+
* Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [@brendon](https://github.com/brendon)!)
|
|
22
|
+
|
|
23
|
+
|
|
3
24
|
## 2.14.0 / 2022-02-11
|
|
4
25
|
|
|
5
26
|
### Features
|
|
@@ -148,6 +148,7 @@ module Loofah
|
|
|
148
148
|
"annotation-xml",
|
|
149
149
|
"maction",
|
|
150
150
|
"math",
|
|
151
|
+
"menclose",
|
|
151
152
|
"merror",
|
|
152
153
|
"mfenced",
|
|
153
154
|
"mfrac",
|
|
@@ -161,6 +162,7 @@ module Loofah
|
|
|
161
162
|
"mprescripts",
|
|
162
163
|
"mroot",
|
|
163
164
|
"mrow",
|
|
165
|
+
"ms",
|
|
164
166
|
"mspace",
|
|
165
167
|
"msqrt",
|
|
166
168
|
"mstyle",
|
|
@@ -313,6 +315,7 @@ module Loofah
|
|
|
313
315
|
"columnspacing",
|
|
314
316
|
"columnspan",
|
|
315
317
|
"depth",
|
|
318
|
+
"dir",
|
|
316
319
|
"display",
|
|
317
320
|
"displaystyle",
|
|
318
321
|
"encoding",
|
|
@@ -323,19 +326,24 @@ module Loofah
|
|
|
323
326
|
"fontweight",
|
|
324
327
|
"frame",
|
|
325
328
|
"height",
|
|
329
|
+
"href",
|
|
326
330
|
"linethickness",
|
|
331
|
+
"lquote",
|
|
327
332
|
"lspace",
|
|
328
333
|
"mathbackground",
|
|
329
334
|
"mathcolor",
|
|
335
|
+
"mathsize",
|
|
330
336
|
"mathvariant",
|
|
331
337
|
"maxsize",
|
|
332
338
|
"minsize",
|
|
339
|
+
"notation",
|
|
333
340
|
"open",
|
|
334
341
|
"other",
|
|
335
342
|
"rowalign",
|
|
336
343
|
"rowlines",
|
|
337
344
|
"rowspacing",
|
|
338
345
|
"rowspan",
|
|
346
|
+
"rquote",
|
|
339
347
|
"rspace",
|
|
340
348
|
"scriptlevel",
|
|
341
349
|
"selection",
|
|
@@ -504,6 +512,62 @@ module Loofah
|
|
|
504
512
|
"zoomAndPan",
|
|
505
513
|
])
|
|
506
514
|
|
|
515
|
+
ARIA_ATTRIBUTES = Set.new([
|
|
516
|
+
"aria-activedescendant",
|
|
517
|
+
"aria-atomic",
|
|
518
|
+
"aria-autocomplete",
|
|
519
|
+
"aria-braillelabel",
|
|
520
|
+
"aria-brailleroledescription",
|
|
521
|
+
"aria-busy",
|
|
522
|
+
"aria-checked",
|
|
523
|
+
"aria-colcount",
|
|
524
|
+
"aria-colindex",
|
|
525
|
+
"aria-colindextext",
|
|
526
|
+
"aria-colspan",
|
|
527
|
+
"aria-controls",
|
|
528
|
+
"aria-current",
|
|
529
|
+
"aria-describedby",
|
|
530
|
+
"aria-description",
|
|
531
|
+
"aria-details",
|
|
532
|
+
"aria-disabled",
|
|
533
|
+
"aria-dropeffect",
|
|
534
|
+
"aria-errormessage",
|
|
535
|
+
"aria-expanded",
|
|
536
|
+
"aria-flowto",
|
|
537
|
+
"aria-grabbed",
|
|
538
|
+
"aria-haspopup",
|
|
539
|
+
"aria-hidden",
|
|
540
|
+
"aria-invalid",
|
|
541
|
+
"aria-keyshortcuts",
|
|
542
|
+
"aria-label",
|
|
543
|
+
"aria-labelledby",
|
|
544
|
+
"aria-level",
|
|
545
|
+
"aria-live",
|
|
546
|
+
"aria-multiline",
|
|
547
|
+
"aria-multiselectable",
|
|
548
|
+
"aria-orientation",
|
|
549
|
+
"aria-owns",
|
|
550
|
+
"aria-placeholder",
|
|
551
|
+
"aria-posinset",
|
|
552
|
+
"aria-pressed",
|
|
553
|
+
"aria-readonly",
|
|
554
|
+
"aria-relevant",
|
|
555
|
+
"aria-required",
|
|
556
|
+
"aria-roledescription",
|
|
557
|
+
"aria-rowcount",
|
|
558
|
+
"aria-rowindex",
|
|
559
|
+
"aria-rowindextext",
|
|
560
|
+
"aria-rowspan",
|
|
561
|
+
"aria-selected",
|
|
562
|
+
"aria-setsize",
|
|
563
|
+
"aria-sort",
|
|
564
|
+
"aria-valuemax",
|
|
565
|
+
"aria-valuemin",
|
|
566
|
+
"aria-valuenow",
|
|
567
|
+
"aria-valuetext",
|
|
568
|
+
"role",
|
|
569
|
+
])
|
|
570
|
+
|
|
507
571
|
ATTR_VAL_IS_URI = Set.new([
|
|
508
572
|
"action",
|
|
509
573
|
"cite",
|
|
@@ -766,6 +830,7 @@ module Loofah
|
|
|
766
830
|
"rsync",
|
|
767
831
|
"rtsp",
|
|
768
832
|
"sftp",
|
|
833
|
+
"sms",
|
|
769
834
|
"ssh",
|
|
770
835
|
"tag",
|
|
771
836
|
"tel",
|
|
@@ -786,7 +851,7 @@ module Loofah
|
|
|
786
851
|
|
|
787
852
|
# subclasses may define their own versions of these constants
|
|
788
853
|
ALLOWED_ELEMENTS = ACCEPTABLE_ELEMENTS + MATHML_ELEMENTS + SVG_ELEMENTS
|
|
789
|
-
ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES
|
|
854
|
+
ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES + ARIA_ATTRIBUTES
|
|
790
855
|
ALLOWED_CSS_PROPERTIES = ACCEPTABLE_CSS_PROPERTIES
|
|
791
856
|
ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS
|
|
792
857
|
ALLOWED_CSS_FUNCTIONS = ACCEPTABLE_CSS_FUNCTIONS
|
data/lib/loofah/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: loofah
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.17.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Dalessio
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2022-
|
|
12
|
+
date: 2022-04-28 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: crass
|