loofah 2.14.0 → 2.18.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of loofah might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/README.md +1 -1
- data/lib/loofah/html5/safelist.rb +67 -1
- data/lib/loofah/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 187d7d426a2923ded1dd7ac225935029e5c140a93d7e73d32108737dfdf8ce9e
|
4
|
+
data.tar.gz: 9506581bec512a6c38489019966a2067d01a28b76b1472bb5b865cd04bea3ebf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 67ee54e2fc329df7dc146e2fa2a9c82ea83e126145d9192d0e82e8efdf2fc46495b186aca31265d3f56f0348de54d945f6055958a39ad7666caee0e128226f6d
|
7
|
+
data.tar.gz: 786b5da54c4ea19b48123849fc350d0c6b18cdafc076c0875590d2944f9f01ff1825a9714d40abf22400b31ea9deb571ba5bacfb263622abe7301abf3d5eb936
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,33 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 2.18.0 / 2022-05-11
|
4
|
+
|
5
|
+
### Features
|
6
|
+
|
7
|
+
* Allow CSS property `aspect-ratio`. [[#236](https://github.com/flavorjones/loofah/issues/236)] (Thanks, [@louim](https://github.com/louim)!)
|
8
|
+
|
9
|
+
|
10
|
+
## 2.17.0 / 2022-04-28
|
11
|
+
|
12
|
+
### Features
|
13
|
+
|
14
|
+
* Allow ARIA attributes. [[#232](https://github.com/flavorjones/loofah/issues/232), [#233](https://github.com/flavorjones/loofah/issues/233)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
15
|
+
|
16
|
+
|
17
|
+
## 2.16.0 / 2022-04-01
|
18
|
+
|
19
|
+
### Features
|
20
|
+
|
21
|
+
* Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
|
22
|
+
|
23
|
+
|
24
|
+
## 2.15.0 / 2022-03-14
|
25
|
+
|
26
|
+
### Features
|
27
|
+
|
28
|
+
* Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [@brendon](https://github.com/brendon)!)
|
29
|
+
|
30
|
+
|
3
31
|
## 2.14.0 / 2022-02-11
|
4
32
|
|
5
33
|
### Features
|
data/README.md
CHANGED
@@ -348,7 +348,7 @@ And a big shout-out to Corey Innis for the name, and feedback on the API.
|
|
348
348
|
|
349
349
|
## Thank You
|
350
350
|
|
351
|
-
The following people have generously
|
351
|
+
The following people have generously funded Loofah:
|
352
352
|
|
353
353
|
* Bill Harding
|
354
354
|
|
@@ -148,6 +148,7 @@ module Loofah
|
|
148
148
|
"annotation-xml",
|
149
149
|
"maction",
|
150
150
|
"math",
|
151
|
+
"menclose",
|
151
152
|
"merror",
|
152
153
|
"mfenced",
|
153
154
|
"mfrac",
|
@@ -161,6 +162,7 @@ module Loofah
|
|
161
162
|
"mprescripts",
|
162
163
|
"mroot",
|
163
164
|
"mrow",
|
165
|
+
"ms",
|
164
166
|
"mspace",
|
165
167
|
"msqrt",
|
166
168
|
"mstyle",
|
@@ -313,6 +315,7 @@ module Loofah
|
|
313
315
|
"columnspacing",
|
314
316
|
"columnspan",
|
315
317
|
"depth",
|
318
|
+
"dir",
|
316
319
|
"display",
|
317
320
|
"displaystyle",
|
318
321
|
"encoding",
|
@@ -323,19 +326,24 @@ module Loofah
|
|
323
326
|
"fontweight",
|
324
327
|
"frame",
|
325
328
|
"height",
|
329
|
+
"href",
|
326
330
|
"linethickness",
|
331
|
+
"lquote",
|
327
332
|
"lspace",
|
328
333
|
"mathbackground",
|
329
334
|
"mathcolor",
|
335
|
+
"mathsize",
|
330
336
|
"mathvariant",
|
331
337
|
"maxsize",
|
332
338
|
"minsize",
|
339
|
+
"notation",
|
333
340
|
"open",
|
334
341
|
"other",
|
335
342
|
"rowalign",
|
336
343
|
"rowlines",
|
337
344
|
"rowspacing",
|
338
345
|
"rowspan",
|
346
|
+
"rquote",
|
339
347
|
"rspace",
|
340
348
|
"scriptlevel",
|
341
349
|
"selection",
|
@@ -504,6 +512,62 @@ module Loofah
|
|
504
512
|
"zoomAndPan",
|
505
513
|
])
|
506
514
|
|
515
|
+
ARIA_ATTRIBUTES = Set.new([
|
516
|
+
"aria-activedescendant",
|
517
|
+
"aria-atomic",
|
518
|
+
"aria-autocomplete",
|
519
|
+
"aria-braillelabel",
|
520
|
+
"aria-brailleroledescription",
|
521
|
+
"aria-busy",
|
522
|
+
"aria-checked",
|
523
|
+
"aria-colcount",
|
524
|
+
"aria-colindex",
|
525
|
+
"aria-colindextext",
|
526
|
+
"aria-colspan",
|
527
|
+
"aria-controls",
|
528
|
+
"aria-current",
|
529
|
+
"aria-describedby",
|
530
|
+
"aria-description",
|
531
|
+
"aria-details",
|
532
|
+
"aria-disabled",
|
533
|
+
"aria-dropeffect",
|
534
|
+
"aria-errormessage",
|
535
|
+
"aria-expanded",
|
536
|
+
"aria-flowto",
|
537
|
+
"aria-grabbed",
|
538
|
+
"aria-haspopup",
|
539
|
+
"aria-hidden",
|
540
|
+
"aria-invalid",
|
541
|
+
"aria-keyshortcuts",
|
542
|
+
"aria-label",
|
543
|
+
"aria-labelledby",
|
544
|
+
"aria-level",
|
545
|
+
"aria-live",
|
546
|
+
"aria-multiline",
|
547
|
+
"aria-multiselectable",
|
548
|
+
"aria-orientation",
|
549
|
+
"aria-owns",
|
550
|
+
"aria-placeholder",
|
551
|
+
"aria-posinset",
|
552
|
+
"aria-pressed",
|
553
|
+
"aria-readonly",
|
554
|
+
"aria-relevant",
|
555
|
+
"aria-required",
|
556
|
+
"aria-roledescription",
|
557
|
+
"aria-rowcount",
|
558
|
+
"aria-rowindex",
|
559
|
+
"aria-rowindextext",
|
560
|
+
"aria-rowspan",
|
561
|
+
"aria-selected",
|
562
|
+
"aria-setsize",
|
563
|
+
"aria-sort",
|
564
|
+
"aria-valuemax",
|
565
|
+
"aria-valuemin",
|
566
|
+
"aria-valuenow",
|
567
|
+
"aria-valuetext",
|
568
|
+
"role",
|
569
|
+
])
|
570
|
+
|
507
571
|
ATTR_VAL_IS_URI = Set.new([
|
508
572
|
"action",
|
509
573
|
"cite",
|
@@ -553,6 +617,7 @@ module Loofah
|
|
553
617
|
"align-content",
|
554
618
|
"align-items",
|
555
619
|
"align-self",
|
620
|
+
"aspect-ratio",
|
556
621
|
"background-color",
|
557
622
|
"border-bottom-color",
|
558
623
|
"border-collapse",
|
@@ -766,6 +831,7 @@ module Loofah
|
|
766
831
|
"rsync",
|
767
832
|
"rtsp",
|
768
833
|
"sftp",
|
834
|
+
"sms",
|
769
835
|
"ssh",
|
770
836
|
"tag",
|
771
837
|
"tel",
|
@@ -786,7 +852,7 @@ module Loofah
|
|
786
852
|
|
787
853
|
# subclasses may define their own versions of these constants
|
788
854
|
ALLOWED_ELEMENTS = ACCEPTABLE_ELEMENTS + MATHML_ELEMENTS + SVG_ELEMENTS
|
789
|
-
ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES
|
855
|
+
ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES + ARIA_ATTRIBUTES
|
790
856
|
ALLOWED_CSS_PROPERTIES = ACCEPTABLE_CSS_PROPERTIES
|
791
857
|
ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS
|
792
858
|
ALLOWED_CSS_FUNCTIONS = ACCEPTABLE_CSS_FUNCTIONS
|
data/lib/loofah/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-05-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: crass
|