loofah 2.17.0 → 2.19.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +14 -0
  3. data/README.md +1 -1
  4. data/lib/loofah/html5/safelist.rb +173 -18
  5. data/lib/loofah/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7312c8a91f201016ceb465888c38c9a6e4f93ba362f1112a3f9d657bdb31e759
4
- data.tar.gz: 47f2057c2ebce823f44ae997cdd5f3eba672d14c25ebd3176a54dd241573e7a5
3
+ metadata.gz: 3d59ed56910860de60170e919b3ab77b382f00eadc5d37518a7a395edabc8a4f
4
+ data.tar.gz: d0ed6a2362ec8b366f4739a67c2197a24c45e0681cba6e5bd6b7b55617d492dc
5
5
  SHA512:
6
- metadata.gz: a5ba0f513d4cb58450f3fdcbe178d266f51ae9f07ae0e8a64813b348c987c292aed10078a2de71ef0311efcd916b2e9c3b29df20eef61e8f242b2f4192a25748
7
- data.tar.gz: 544bae277ff7a5ccf8d2f2820fec7db49d6157a4cf31d95d209d74e3de99e76fa0e2bd720c903830191f49756e62fa2d6fc6c0b23a1c76882b43f1e38372e4a5
6
+ metadata.gz: dabaf4204cf846132d0b2962cef11534e3043ae8b2be39cbf23dea2fabc3722d83fba8805a5453fca6f2ec80f13c48c62726751f6acf06d3fdfd427297f07968
7
+ data.tar.gz: 84d3442b65227346d62df8ea24ef0febe3212b1a1bdb61266f22cafc356467637f2a3a050d4c52672d55e081a3e040d2cb423961d571cf364978265398742f47
data/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # Changelog
2
2
 
3
+ ## 2.19.0 / 2022-09-14
4
+
5
+ ### Features
6
+
7
+ * Allow SVG 1.0 color keyword names in CSS attributes. These colors are part of the [CSS Color Module Level 3](https://www.w3.org/TR/css-color-3/#svg-color) recommendation released 2022-01-18. [[#243](https://github.com/flavorjones/loofah/issues/243)]
8
+
9
+
10
+ ## 2.18.0 / 2022-05-11
11
+
12
+ ### Features
13
+
14
+ * Allow CSS property `aspect-ratio`. [[#236](https://github.com/flavorjones/loofah/issues/236)] (Thanks, [@louim](https://github.com/louim)!)
15
+
16
+
3
17
  ## 2.17.0 / 2022-04-28
4
18
 
5
19
  ### Features
data/README.md CHANGED
@@ -348,7 +348,7 @@ And a big shout-out to Corey Innis for the name, and feedback on the API.
348
348
 
349
349
  ## Thank You
350
350
 
351
- The following people have generously donated via the [Pledgie](http://pledgie.com) badge on the [Loofah github page](https://github.com/flavorjones/loofah):
351
+ The following people have generously funded Loofah:
352
352
 
353
353
  * Bill Harding
354
354
 
data/lib/loofah/html5/safelist.rb CHANGED
@@ -617,6 +617,7 @@ module Loofah
617
617
  "align-content",
618
618
  "align-items",
619
619
  "align-self",
620
+ "aspect-ratio",
620
621
  "background-color",
621
622
  "border-bottom-color",
622
623
  "border-collapse",
@@ -683,23 +684,16 @@ module Loofah
683
684
 
684
685
  ACCEPTABLE_CSS_KEYWORDS = Set.new([
685
686
  "!important",
686
- "aqua",
687
687
  "auto",
688
- "black",
689
688
  "block",
690
- "blue",
691
689
  "bold",
692
690
  "both",
693
691
  "bottom",
694
- "brown",
695
692
  "center",
696
693
  "collapse",
697
694
  "dashed",
698
695
  "dotted",
699
696
  "double",
700
- "fuchsia",
701
- "gray",
702
- "green",
703
697
  "groove",
704
698
  "hidden",
705
699
  "inherit",
@@ -707,35 +701,196 @@ module Loofah
707
701
  "inset",
708
702
  "italic",
709
703
  "left",
710
- "lime",
711
- "maroon",
712
704
  "medium",
713
- "navy",
714
705
  "none",
715
706
  "normal",
716
707
  "nowrap",
717
- "olive",
718
708
  "outset",
719
709
  "pointer",
720
- "purple",
721
- "red",
722
710
  "revert",
723
711
  "ridge",
724
712
  "right",
725
713
  "separate",
726
- "silver",
727
714
  "solid",
728
- "teal",
729
715
  "thick",
730
716
  "thin",
731
717
  "top",
732
718
  "transparent",
733
719
  "underline",
734
720
  "unset",
735
- "white",
736
- "yellow",
737
721
  ])
738
722
 
723
+ # https://www.w3.org/TR/css-color-3/#html4
724
+ ACCEPTABLE_CSS_COLORS = Set.new([
725
+ "aqua",
726
+ "black",
727
+ "blue",
728
+ "fuchsia",
729
+ "gray",
730
+ "green",
731
+ "lime",
732
+ "maroon",
733
+ "navy",
734
+ "olive",
735
+ "purple",
736
+ "red",
737
+ "silver",
738
+ "teal",
739
+ "white",
740
+ "yellow",
741
+ ])
742
+
743
+ # https://www.w3.org/TR/css-color-3/#svg-color
744
+ ACCEPTABLE_CSS_EXTENDED_COLORS = Set.new([
745
+ "aliceblue",
746
+ "antiquewhite",
747
+ "aqua",
748
+ "aquamarine",
749
+ "azure",
750
+ "beige",
751
+ "bisque",
752
+ "black",
753
+ "blanchedalmond",
754
+ "blue",
755
+ "blueviolet",
756
+ "brown",
757
+ "burlywood",
758
+ "cadetblue",
759
+ "chartreuse",
760
+ "chocolate",
761
+ "coral",
762
+ "cornflowerblue",
763
+ "cornsilk",
764
+ "crimson",
765
+ "cyan",
766
+ "darkblue",
767
+ "darkcyan",
768
+ "darkgoldenrod",
769
+ "darkgray",
770
+ "darkgreen",
771
+ "darkgrey",
772
+ "darkkhaki",
773
+ "darkmagenta",
774
+ "darkolivegreen",
775
+ "darkorange",
776
+ "darkorchid",
777
+ "darkred",
778
+ "darksalmon",
779
+ "darkseagreen",
780
+ "darkslateblue",
781
+ "darkslategray",
782
+ "darkslategrey",
783
+ "darkturquoise",
784
+ "darkviolet",
785
+ "deeppink",
786
+ "deepskyblue",
787
+ "dimgray",
788
+ "dimgrey",
789
+ "dodgerblue",
790
+ "firebrick",
791
+ "floralwhite",
792
+ "forestgreen",
793
+ "fuchsia",
794
+ "gainsboro",
795
+ "ghostwhite",
796
+ "gold",
797
+ "goldenrod",
798
+ "gray",
799
+ "green",
800
+ "greenyellow",
801
+ "grey",
802
+ "honeydew",
803
+ "hotpink",
804
+ "indianred",
805
+ "indigo",
806
+ "ivory",
807
+ "khaki",
808
+ "lavender",
809
+ "lavenderblush",
810
+ "lawngreen",
811
+ "lemonchiffon",
812
+ "lightblue",
813
+ "lightcoral",
814
+ "lightcyan",
815
+ "lightgoldenrodyellow",
816
+ "lightgray",
817
+ "lightgreen",
818
+ "lightgrey",
819
+ "lightpink",
820
+ "lightsalmon",
821
+ "lightseagreen",
822
+ "lightskyblue",
823
+ "lightslategray",
824
+ "lightslategrey",
825
+ "lightsteelblue",
826
+ "lightyellow",
827
+ "lime",
828
+ "limegreen",
829
+ "linen",
830
+ "magenta",
831
+ "maroon",
832
+ "mediumaquamarine",
833
+ "mediumblue",
834
+ "mediumorchid",
835
+ "mediumpurple",
836
+ "mediumseagreen",
837
+ "mediumslateblue",
838
+ "mediumspringgreen",
839
+ "mediumturquoise",
840
+ "mediumvioletred",
841
+ "midnightblue",
842
+ "mintcream",
843
+ "mistyrose",
844
+ "moccasin",
845
+ "navajowhite",
846
+ "navy",
847
+ "oldlace",
848
+ "olive",
849
+ "olivedrab",
850
+ "orange",
851
+ "orangered",
852
+ "orchid",
853
+ "palegoldenrod",
854
+ "palegreen",
855
+ "paleturquoise",
856
+ "palevioletred",
857
+ "papayawhip",
858
+ "peachpuff",
859
+ "peru",
860
+ "pink",
861
+ "plum",
862
+ "powderblue",
863
+ "purple",
864
+ "red",
865
+ "rosybrown",
866
+ "royalblue",
867
+ "saddlebrown",
868
+ "salmon",
869
+ "sandybrown",
870
+ "seagreen",
871
+ "seashell",
872
+ "sienna",
873
+ "silver",
874
+ "skyblue",
875
+ "slateblue",
876
+ "slategray",
877
+ "slategrey",
878
+ "snow",
879
+ "springgreen",
880
+ "steelblue",
881
+ "tan",
882
+ "teal",
883
+ "thistle",
884
+ "tomato",
885
+ "turquoise",
886
+ "violet",
887
+ "wheat",
888
+ "white",
889
+ "whitesmoke",
890
+ "yellow",
891
+ "yellowgreen",
892
+ ])
893
+
739
894
  # see https://www.quackit.com/css/functions/
740
895
  # omit `url` and `image` from that list
741
896
  ACCEPTABLE_CSS_FUNCTIONS = Set.new([
@@ -853,7 +1008,7 @@ module Loofah
853
1008
  ALLOWED_ELEMENTS = ACCEPTABLE_ELEMENTS + MATHML_ELEMENTS + SVG_ELEMENTS
854
1009
  ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES + ARIA_ATTRIBUTES
855
1010
  ALLOWED_CSS_PROPERTIES = ACCEPTABLE_CSS_PROPERTIES
856
- ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS
1011
+ ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS + ACCEPTABLE_CSS_COLORS + ACCEPTABLE_CSS_EXTENDED_COLORS
857
1012
  ALLOWED_CSS_FUNCTIONS = ACCEPTABLE_CSS_FUNCTIONS
858
1013
  ALLOWED_SVG_PROPERTIES = ACCEPTABLE_SVG_PROPERTIES
859
1014
  ALLOWED_PROTOCOLS = ACCEPTABLE_PROTOCOLS
data/lib/loofah/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  module Loofah
3
3
  # The version of Loofah you are using
4
- VERSION = "2.17.0"
4
+ VERSION = "2.19.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.17.0
4
+ version: 2.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2022-04-28 00:00:00.000000000 Z
12
+ date: 2022-09-14 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: crass
@@ -199,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
199
199
  - !ruby/object:Gem::Version
200
200
  version: '0'
201
201
  requirements: []
202
- rubygems_version: 3.3.5
202
+ rubygems_version: 3.3.7
203
203
  signing_key:
204
204
  specification_version: 4
205
205
  summary: Loofah is a general library for manipulating and transforming HTML/XML documents