loofah 2.14.0 → 2.17.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +21 -0
  3. data/lib/loofah/html5/safelist.rb +66 -1
  4. data/lib/loofah/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 95836cdfac672774704d62557836c319edf8c1ffd17323b61c749aabbb71f6b6
4
- data.tar.gz: ddc0bc8f3dc588cc4a69651debacb404cedc02e047f585bde0758ec4186d6018
3
+ metadata.gz: 7312c8a91f201016ceb465888c38c9a6e4f93ba362f1112a3f9d657bdb31e759
4
+ data.tar.gz: 47f2057c2ebce823f44ae997cdd5f3eba672d14c25ebd3176a54dd241573e7a5
5
5
  SHA512:
6
- metadata.gz: 05b043ea1e8de851488dc084cae3f596816b54549cfc4f9a1d5fd675093d8dc06956e6880286adcdcffe5aca6d29e46a97052cc526cc7b3667277ff8a9575ba7
7
- data.tar.gz: fd0fbee37a8150709ba178889d96532a4b2efdd402ccc2d922c2022a88f04188ebc221037d522cf7af67eaf3f1c4d74acba1de37ca2f70e1d0214afff69f6f85
6
+ metadata.gz: a5ba0f513d4cb58450f3fdcbe178d266f51ae9f07ae0e8a64813b348c987c292aed10078a2de71ef0311efcd916b2e9c3b29df20eef61e8f242b2f4192a25748
7
+ data.tar.gz: 544bae277ff7a5ccf8d2f2820fec7db49d6157a4cf31d95d209d74e3de99e76fa0e2bd720c903830191f49756e62fa2d6fc6c0b23a1c76882b43f1e38372e4a5
data/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  # Changelog
2
2
 
3
+ ## 2.17.0 / 2022-04-28
4
+
5
+ ### Features
6
+
7
+ * Allow ARIA attributes. [[#232](https://github.com/flavorjones/loofah/issues/232), [#233](https://github.com/flavorjones/loofah/issues/233)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
8
+
9
+
10
+ ## 2.16.0 / 2022-04-01
11
+
12
+ ### Features
13
+
14
+ * Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
15
+
16
+
17
+ ## 2.15.0 / 2022-03-14
18
+
19
+ ### Features
20
+
21
+ * Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [@brendon](https://github.com/brendon)!)
22
+
23
+
3
24
  ## 2.14.0 / 2022-02-11
4
25
 
5
26
  ### Features
data/lib/loofah/html5/safelist.rb CHANGED
@@ -148,6 +148,7 @@ module Loofah
148
148
  "annotation-xml",
149
149
  "maction",
150
150
  "math",
151
+ "menclose",
151
152
  "merror",
152
153
  "mfenced",
153
154
  "mfrac",
@@ -161,6 +162,7 @@ module Loofah
161
162
  "mprescripts",
162
163
  "mroot",
163
164
  "mrow",
165
+ "ms",
164
166
  "mspace",
165
167
  "msqrt",
166
168
  "mstyle",
@@ -313,6 +315,7 @@ module Loofah
313
315
  "columnspacing",
314
316
  "columnspan",
315
317
  "depth",
318
+ "dir",
316
319
  "display",
317
320
  "displaystyle",
318
321
  "encoding",
@@ -323,19 +326,24 @@ module Loofah
323
326
  "fontweight",
324
327
  "frame",
325
328
  "height",
329
+ "href",
326
330
  "linethickness",
331
+ "lquote",
327
332
  "lspace",
328
333
  "mathbackground",
329
334
  "mathcolor",
335
+ "mathsize",
330
336
  "mathvariant",
331
337
  "maxsize",
332
338
  "minsize",
339
+ "notation",
333
340
  "open",
334
341
  "other",
335
342
  "rowalign",
336
343
  "rowlines",
337
344
  "rowspacing",
338
345
  "rowspan",
346
+ "rquote",
339
347
  "rspace",
340
348
  "scriptlevel",
341
349
  "selection",
@@ -504,6 +512,62 @@ module Loofah
504
512
  "zoomAndPan",
505
513
  ])
506
514
 
515
+ ARIA_ATTRIBUTES = Set.new([
516
+ "aria-activedescendant",
517
+ "aria-atomic",
518
+ "aria-autocomplete",
519
+ "aria-braillelabel",
520
+ "aria-brailleroledescription",
521
+ "aria-busy",
522
+ "aria-checked",
523
+ "aria-colcount",
524
+ "aria-colindex",
525
+ "aria-colindextext",
526
+ "aria-colspan",
527
+ "aria-controls",
528
+ "aria-current",
529
+ "aria-describedby",
530
+ "aria-description",
531
+ "aria-details",
532
+ "aria-disabled",
533
+ "aria-dropeffect",
534
+ "aria-errormessage",
535
+ "aria-expanded",
536
+ "aria-flowto",
537
+ "aria-grabbed",
538
+ "aria-haspopup",
539
+ "aria-hidden",
540
+ "aria-invalid",
541
+ "aria-keyshortcuts",
542
+ "aria-label",
543
+ "aria-labelledby",
544
+ "aria-level",
545
+ "aria-live",
546
+ "aria-multiline",
547
+ "aria-multiselectable",
548
+ "aria-orientation",
549
+ "aria-owns",
550
+ "aria-placeholder",
551
+ "aria-posinset",
552
+ "aria-pressed",
553
+ "aria-readonly",
554
+ "aria-relevant",
555
+ "aria-required",
556
+ "aria-roledescription",
557
+ "aria-rowcount",
558
+ "aria-rowindex",
559
+ "aria-rowindextext",
560
+ "aria-rowspan",
561
+ "aria-selected",
562
+ "aria-setsize",
563
+ "aria-sort",
564
+ "aria-valuemax",
565
+ "aria-valuemin",
566
+ "aria-valuenow",
567
+ "aria-valuetext",
568
+ "role",
569
+ ])
570
+
507
571
  ATTR_VAL_IS_URI = Set.new([
508
572
  "action",
509
573
  "cite",
@@ -766,6 +830,7 @@ module Loofah
766
830
  "rsync",
767
831
  "rtsp",
768
832
  "sftp",
833
+ "sms",
769
834
  "ssh",
770
835
  "tag",
771
836
  "tel",
@@ -786,7 +851,7 @@ module Loofah
786
851
 
787
852
  # subclasses may define their own versions of these constants
788
853
  ALLOWED_ELEMENTS = ACCEPTABLE_ELEMENTS + MATHML_ELEMENTS + SVG_ELEMENTS
789
- ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES
854
+ ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES + ARIA_ATTRIBUTES
790
855
  ALLOWED_CSS_PROPERTIES = ACCEPTABLE_CSS_PROPERTIES
791
856
  ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS
792
857
  ALLOWED_CSS_FUNCTIONS = ACCEPTABLE_CSS_FUNCTIONS
data/lib/loofah/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  module Loofah
3
3
  # The version of Loofah you are using
4
- VERSION = "2.14.0"
4
+ VERSION = "2.17.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.14.0
4
+ version: 2.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2022-02-11 00:00:00.000000000 Z
12
+ date: 2022-04-28 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: crass