loofah 2.2.3 → 2.19.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of loofah might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +212 -31
- data/README.md +18 -24
- data/lib/loofah/elements.rb +79 -75
- data/lib/loofah/helpers.rb +18 -7
- data/lib/loofah/html/document.rb +1 -0
- data/lib/loofah/html/document_fragment.rb +4 -2
- data/lib/loofah/html5/libxml2_workarounds.rb +8 -7
- data/lib/loofah/html5/safelist.rb +1043 -0
- data/lib/loofah/html5/scrub.rb +73 -48
- data/lib/loofah/instance_methods.rb +14 -8
- data/lib/loofah/metahelpers.rb +2 -1
- data/lib/loofah/scrubber.rb +8 -7
- data/lib/loofah/scrubbers.rb +19 -13
- data/lib/loofah/version.rb +5 -0
- data/lib/loofah/xml/document.rb +1 -0
- data/lib/loofah/xml/document_fragment.rb +2 -1
- data/lib/loofah.rb +35 -18
- metadata +52 -138
- data/.gemtest +0 -0
- data/Gemfile +0 -22
- data/Manifest.txt +0 -40
- data/Rakefile +0 -79
- data/benchmark/benchmark.rb +0 -149
- data/benchmark/fragment.html +0 -96
- data/benchmark/helper.rb +0 -73
- data/benchmark/www.slashdot.com.html +0 -2560
- data/lib/loofah/html5/whitelist.rb +0 -186
- data/test/assets/msword.html +0 -63
- data/test/assets/testdata_sanitizer_tests1.dat +0 -502
- data/test/helper.rb +0 -18
- data/test/html5/test_sanitizer.rb +0 -382
- data/test/integration/test_ad_hoc.rb +0 -204
- data/test/integration/test_helpers.rb +0 -43
- data/test/integration/test_html.rb +0 -72
- data/test/integration/test_scrubbers.rb +0 -400
- data/test/integration/test_xml.rb +0 -55
- data/test/unit/test_api.rb +0 -142
- data/test/unit/test_encoding.rb +0 -20
- data/test/unit/test_helpers.rb +0 -62
- data/test/unit/test_scrubber.rb +0 -229
- data/test/unit/test_scrubbers.rb +0 -14
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.19.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
@@ -9,22 +9,8 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2022-09-14 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
-
- !ruby/object:Gem::Dependency
|
15
|
-
name: nokogiri
|
16
|
-
requirement: !ruby/object:Gem::Requirement
|
17
|
-
requirements:
|
18
|
-
- - ">="
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: 1.5.9
|
21
|
-
type: :runtime
|
22
|
-
prerelease: false
|
23
|
-
version_requirements: !ruby/object:Gem::Requirement
|
24
|
-
requirements:
|
25
|
-
- - ">="
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
version: 1.5.9
|
28
14
|
- !ruby/object:Gem::Dependency
|
29
15
|
name: crass
|
30
16
|
requirement: !ruby/object:Gem::Requirement
|
@@ -40,237 +26,166 @@ dependencies:
|
|
40
26
|
- !ruby/object:Gem::Version
|
41
27
|
version: 1.0.2
|
42
28
|
- !ruby/object:Gem::Dependency
|
43
|
-
name:
|
29
|
+
name: nokogiri
|
44
30
|
requirement: !ruby/object:Gem::Requirement
|
45
31
|
requirements:
|
46
32
|
- - ">="
|
47
33
|
- !ruby/object:Gem::Version
|
48
|
-
version:
|
49
|
-
type: :
|
34
|
+
version: 1.5.9
|
35
|
+
type: :runtime
|
50
36
|
prerelease: false
|
51
37
|
version_requirements: !ruby/object:Gem::Requirement
|
52
38
|
requirements:
|
53
39
|
- - ">="
|
54
40
|
- !ruby/object:Gem::Version
|
55
|
-
version:
|
41
|
+
version: 1.5.9
|
56
42
|
- !ruby/object:Gem::Dependency
|
57
|
-
name:
|
43
|
+
name: hoe-markdown
|
58
44
|
requirement: !ruby/object:Gem::Requirement
|
59
45
|
requirements:
|
60
46
|
- - "~>"
|
61
47
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
48
|
+
version: '1.3'
|
63
49
|
type: :development
|
64
50
|
prerelease: false
|
65
51
|
version_requirements: !ruby/object:Gem::Requirement
|
66
52
|
requirements:
|
67
53
|
- - "~>"
|
68
54
|
- !ruby/object:Gem::Version
|
69
|
-
version: '
|
55
|
+
version: '1.3'
|
70
56
|
- !ruby/object:Gem::Dependency
|
71
|
-
name:
|
57
|
+
name: json
|
72
58
|
requirement: !ruby/object:Gem::Requirement
|
73
59
|
requirements:
|
74
60
|
- - "~>"
|
75
61
|
- !ruby/object:Gem::Version
|
76
|
-
version:
|
62
|
+
version: '2.2'
|
77
63
|
type: :development
|
78
64
|
prerelease: false
|
79
65
|
version_requirements: !ruby/object:Gem::Requirement
|
80
66
|
requirements:
|
81
67
|
- - "~>"
|
82
68
|
- !ruby/object:Gem::Version
|
83
|
-
version:
|
84
|
-
- !ruby/object:Gem::Dependency
|
85
|
-
name: json
|
86
|
-
requirement: !ruby/object:Gem::Requirement
|
87
|
-
requirements:
|
88
|
-
- - ">="
|
89
|
-
- !ruby/object:Gem::Version
|
90
|
-
version: '0'
|
91
|
-
type: :development
|
92
|
-
prerelease: false
|
93
|
-
version_requirements: !ruby/object:Gem::Requirement
|
94
|
-
requirements:
|
95
|
-
- - ">="
|
96
|
-
- !ruby/object:Gem::Version
|
97
|
-
version: '0'
|
69
|
+
version: '2.2'
|
98
70
|
- !ruby/object:Gem::Dependency
|
99
|
-
name:
|
71
|
+
name: minitest
|
100
72
|
requirement: !ruby/object:Gem::Requirement
|
101
73
|
requirements:
|
102
|
-
- - "
|
74
|
+
- - "~>"
|
103
75
|
- !ruby/object:Gem::Version
|
104
|
-
version: '
|
76
|
+
version: '5.14'
|
105
77
|
type: :development
|
106
78
|
prerelease: false
|
107
79
|
version_requirements: !ruby/object:Gem::Requirement
|
108
80
|
requirements:
|
109
|
-
- - "
|
81
|
+
- - "~>"
|
110
82
|
- !ruby/object:Gem::Version
|
111
|
-
version: '
|
83
|
+
version: '5.14'
|
112
84
|
- !ruby/object:Gem::Dependency
|
113
|
-
name:
|
85
|
+
name: rake
|
114
86
|
requirement: !ruby/object:Gem::Requirement
|
115
87
|
requirements:
|
116
|
-
- - "
|
88
|
+
- - "~>"
|
117
89
|
- !ruby/object:Gem::Version
|
118
|
-
version: '0'
|
90
|
+
version: '13.0'
|
119
91
|
type: :development
|
120
92
|
prerelease: false
|
121
93
|
version_requirements: !ruby/object:Gem::Requirement
|
122
94
|
requirements:
|
123
|
-
- - "
|
95
|
+
- - "~>"
|
124
96
|
- !ruby/object:Gem::Version
|
125
|
-
version: '0'
|
97
|
+
version: '13.0'
|
126
98
|
- !ruby/object:Gem::Dependency
|
127
|
-
name:
|
99
|
+
name: rdoc
|
128
100
|
requirement: !ruby/object:Gem::Requirement
|
129
101
|
requirements:
|
130
102
|
- - ">="
|
131
103
|
- !ruby/object:Gem::Version
|
132
|
-
version: '0'
|
133
|
-
|
134
|
-
prerelease: false
|
135
|
-
version_requirements: !ruby/object:Gem::Requirement
|
136
|
-
requirements:
|
137
|
-
- - ">="
|
138
|
-
- !ruby/object:Gem::Version
|
139
|
-
version: '0'
|
140
|
-
- !ruby/object:Gem::Dependency
|
141
|
-
name: hoe-git
|
142
|
-
requirement: !ruby/object:Gem::Requirement
|
143
|
-
requirements:
|
144
|
-
- - ">="
|
104
|
+
version: '4.0'
|
105
|
+
- - "<"
|
145
106
|
- !ruby/object:Gem::Version
|
146
|
-
version: '
|
107
|
+
version: '7'
|
147
108
|
type: :development
|
148
109
|
prerelease: false
|
149
110
|
version_requirements: !ruby/object:Gem::Requirement
|
150
111
|
requirements:
|
151
112
|
- - ">="
|
152
113
|
- !ruby/object:Gem::Version
|
153
|
-
version: '0'
|
154
|
-
-
|
155
|
-
name: concourse
|
156
|
-
requirement: !ruby/object:Gem::Requirement
|
157
|
-
requirements:
|
158
|
-
- - ">="
|
159
|
-
- !ruby/object:Gem::Version
|
160
|
-
version: 0.15.0
|
161
|
-
type: :development
|
162
|
-
prerelease: false
|
163
|
-
version_requirements: !ruby/object:Gem::Requirement
|
164
|
-
requirements:
|
165
|
-
- - ">="
|
114
|
+
version: '4.0'
|
115
|
+
- - "<"
|
166
116
|
- !ruby/object:Gem::Version
|
167
|
-
version:
|
117
|
+
version: '7'
|
168
118
|
- !ruby/object:Gem::Dependency
|
169
|
-
name:
|
119
|
+
name: rr
|
170
120
|
requirement: !ruby/object:Gem::Requirement
|
171
121
|
requirements:
|
172
|
-
- - "
|
173
|
-
- !ruby/object:Gem::Version
|
174
|
-
version: '4.0'
|
175
|
-
- - "<"
|
122
|
+
- - "~>"
|
176
123
|
- !ruby/object:Gem::Version
|
177
|
-
version:
|
124
|
+
version: 1.2.0
|
178
125
|
type: :development
|
179
126
|
prerelease: false
|
180
127
|
version_requirements: !ruby/object:Gem::Requirement
|
181
128
|
requirements:
|
182
|
-
- - "
|
183
|
-
- !ruby/object:Gem::Version
|
184
|
-
version: '4.0'
|
185
|
-
- - "<"
|
129
|
+
- - "~>"
|
186
130
|
- !ruby/object:Gem::Version
|
187
|
-
version:
|
131
|
+
version: 1.2.0
|
188
132
|
- !ruby/object:Gem::Dependency
|
189
|
-
name:
|
133
|
+
name: rubocop
|
190
134
|
requirement: !ruby/object:Gem::Requirement
|
191
135
|
requirements:
|
192
136
|
- - "~>"
|
193
137
|
- !ruby/object:Gem::Version
|
194
|
-
version: '
|
138
|
+
version: '1.1'
|
195
139
|
type: :development
|
196
140
|
prerelease: false
|
197
141
|
version_requirements: !ruby/object:Gem::Requirement
|
198
142
|
requirements:
|
199
143
|
- - "~>"
|
200
144
|
- !ruby/object:Gem::Version
|
201
|
-
version: '
|
145
|
+
version: '1.1'
|
202
146
|
description: |-
|
203
|
-
Loofah is a general library for manipulating and transforming HTML/XML
|
204
|
-
documents and fragments. It's built on top of Nokogiri and libxml2, so
|
205
|
-
it's fast and has a nice API.
|
147
|
+
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
|
206
148
|
|
207
|
-
Loofah excels at HTML sanitization (XSS prevention). It includes some
|
208
|
-
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
|
209
|
-
most likely won't make your codes less secure. (These statements have
|
210
|
-
not been evaluated by Netexperts.)
|
149
|
+
Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)
|
211
150
|
|
212
|
-
ActiveRecord extensions for sanitization are available in the
|
213
|
-
[`loofah-activerecord` gem](https://github.com/flavorjones/loofah-activerecord).
|
151
|
+
ActiveRecord extensions for sanitization are available in the [`loofah-activerecord` gem](https://github.com/flavorjones/loofah-activerecord).
|
214
152
|
email:
|
215
153
|
- mike.dalessio@gmail.com
|
216
154
|
- bryan@brynary.com
|
217
155
|
executables: []
|
218
156
|
extensions: []
|
219
|
-
extra_rdoc_files:
|
220
|
-
- CHANGELOG.md
|
221
|
-
- MIT-LICENSE.txt
|
222
|
-
- Manifest.txt
|
223
|
-
- README.md
|
224
|
-
- SECURITY.md
|
157
|
+
extra_rdoc_files: []
|
225
158
|
files:
|
226
|
-
- ".gemtest"
|
227
159
|
- CHANGELOG.md
|
228
|
-
- Gemfile
|
229
160
|
- MIT-LICENSE.txt
|
230
|
-
- Manifest.txt
|
231
161
|
- README.md
|
232
|
-
- Rakefile
|
233
162
|
- SECURITY.md
|
234
|
-
- benchmark/benchmark.rb
|
235
|
-
- benchmark/fragment.html
|
236
|
-
- benchmark/helper.rb
|
237
|
-
- benchmark/www.slashdot.com.html
|
238
163
|
- lib/loofah.rb
|
239
164
|
- lib/loofah/elements.rb
|
240
165
|
- lib/loofah/helpers.rb
|
241
166
|
- lib/loofah/html/document.rb
|
242
167
|
- lib/loofah/html/document_fragment.rb
|
243
168
|
- lib/loofah/html5/libxml2_workarounds.rb
|
169
|
+
- lib/loofah/html5/safelist.rb
|
244
170
|
- lib/loofah/html5/scrub.rb
|
245
|
-
- lib/loofah/html5/whitelist.rb
|
246
171
|
- lib/loofah/instance_methods.rb
|
247
172
|
- lib/loofah/metahelpers.rb
|
248
173
|
- lib/loofah/scrubber.rb
|
249
174
|
- lib/loofah/scrubbers.rb
|
175
|
+
- lib/loofah/version.rb
|
250
176
|
- lib/loofah/xml/document.rb
|
251
177
|
- lib/loofah/xml/document_fragment.rb
|
252
|
-
- test/assets/msword.html
|
253
|
-
- test/assets/testdata_sanitizer_tests1.dat
|
254
|
-
- test/helper.rb
|
255
|
-
- test/html5/test_sanitizer.rb
|
256
|
-
- test/integration/test_ad_hoc.rb
|
257
|
-
- test/integration/test_helpers.rb
|
258
|
-
- test/integration/test_html.rb
|
259
|
-
- test/integration/test_scrubbers.rb
|
260
|
-
- test/integration/test_xml.rb
|
261
|
-
- test/unit/test_api.rb
|
262
|
-
- test/unit/test_encoding.rb
|
263
|
-
- test/unit/test_helpers.rb
|
264
|
-
- test/unit/test_scrubber.rb
|
265
|
-
- test/unit/test_scrubbers.rb
|
266
178
|
homepage: https://github.com/flavorjones/loofah
|
267
179
|
licenses:
|
268
180
|
- MIT
|
269
|
-
metadata:
|
181
|
+
metadata:
|
182
|
+
homepage_uri: https://github.com/flavorjones/loofah
|
183
|
+
source_code_uri: https://github.com/flavorjones/loofah
|
184
|
+
bug_tracker_uri: https://github.com/flavorjones/loofah/issues
|
185
|
+
changelog_uri: https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md
|
186
|
+
documentation_uri: https://www.rubydoc.info/gems/loofah/
|
270
187
|
post_install_message:
|
271
|
-
rdoc_options:
|
272
|
-
- "--main"
|
273
|
-
- README.md
|
188
|
+
rdoc_options: []
|
274
189
|
require_paths:
|
275
190
|
- lib
|
276
191
|
required_ruby_version: !ruby/object:Gem::Requirement
|
@@ -284,10 +199,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
284
199
|
- !ruby/object:Gem::Version
|
285
200
|
version: '0'
|
286
201
|
requirements: []
|
287
|
-
|
288
|
-
rubygems_version: 2.7.7
|
202
|
+
rubygems_version: 3.3.7
|
289
203
|
signing_key:
|
290
204
|
specification_version: 4
|
291
205
|
summary: Loofah is a general library for manipulating and transforming HTML/XML documents
|
292
|
-
and fragments
|
206
|
+
and fragments, built on top of Nokogiri
|
293
207
|
test_files: []
|
data/.gemtest
DELETED
File without changes
|
data/Gemfile
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
# -*- ruby -*-
|
2
|
-
|
3
|
-
# DO NOT EDIT THIS FILE. Instead, edit Rakefile, and run `rake bundler:gemfile`.
|
4
|
-
|
5
|
-
source "https://rubygems.org/"
|
6
|
-
|
7
|
-
gem "nokogiri", ">=1.5.9"
|
8
|
-
gem "crass", "~>1.0.2"
|
9
|
-
|
10
|
-
gem "rake", ">=0.8", :group => [:development, :test]
|
11
|
-
gem "minitest", "~>2.2", :group => [:development, :test]
|
12
|
-
gem "rr", "~>1.2.0", :group => [:development, :test]
|
13
|
-
gem "json", ">=0", :group => [:development, :test]
|
14
|
-
gem "hoe-gemspec", ">=0", :group => [:development, :test]
|
15
|
-
gem "hoe-debugging", ">=0", :group => [:development, :test]
|
16
|
-
gem "hoe-bundler", ">=0", :group => [:development, :test]
|
17
|
-
gem "hoe-git", ">=0", :group => [:development, :test]
|
18
|
-
gem "concourse", ">=0.15.0", :group => [:development, :test]
|
19
|
-
gem "rdoc", "~>4.0", :group => [:development, :test]
|
20
|
-
gem "hoe", "~>3.16", :group => [:development, :test]
|
21
|
-
|
22
|
-
# vim: syntax=ruby
|
data/Manifest.txt
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
.gemtest
|
2
|
-
CHANGELOG.md
|
3
|
-
Gemfile
|
4
|
-
MIT-LICENSE.txt
|
5
|
-
Manifest.txt
|
6
|
-
README.md
|
7
|
-
Rakefile
|
8
|
-
SECURITY.md
|
9
|
-
benchmark/benchmark.rb
|
10
|
-
benchmark/fragment.html
|
11
|
-
benchmark/helper.rb
|
12
|
-
benchmark/www.slashdot.com.html
|
13
|
-
lib/loofah.rb
|
14
|
-
lib/loofah/elements.rb
|
15
|
-
lib/loofah/helpers.rb
|
16
|
-
lib/loofah/html/document.rb
|
17
|
-
lib/loofah/html/document_fragment.rb
|
18
|
-
lib/loofah/html5/libxml2_workarounds.rb
|
19
|
-
lib/loofah/html5/scrub.rb
|
20
|
-
lib/loofah/html5/whitelist.rb
|
21
|
-
lib/loofah/instance_methods.rb
|
22
|
-
lib/loofah/metahelpers.rb
|
23
|
-
lib/loofah/scrubber.rb
|
24
|
-
lib/loofah/scrubbers.rb
|
25
|
-
lib/loofah/xml/document.rb
|
26
|
-
lib/loofah/xml/document_fragment.rb
|
27
|
-
test/assets/msword.html
|
28
|
-
test/assets/testdata_sanitizer_tests1.dat
|
29
|
-
test/helper.rb
|
30
|
-
test/html5/test_sanitizer.rb
|
31
|
-
test/integration/test_ad_hoc.rb
|
32
|
-
test/integration/test_helpers.rb
|
33
|
-
test/integration/test_html.rb
|
34
|
-
test/integration/test_scrubbers.rb
|
35
|
-
test/integration/test_xml.rb
|
36
|
-
test/unit/test_api.rb
|
37
|
-
test/unit/test_encoding.rb
|
38
|
-
test/unit/test_helpers.rb
|
39
|
-
test/unit/test_scrubber.rb
|
40
|
-
test/unit/test_scrubbers.rb
|
data/Rakefile
DELETED
@@ -1,79 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
gem 'hoe', '>= 2.3.0'
|
3
|
-
require 'hoe'
|
4
|
-
require 'concourse'
|
5
|
-
|
6
|
-
Hoe.plugin :git
|
7
|
-
Hoe.plugin :gemspec
|
8
|
-
Hoe.plugin :bundler
|
9
|
-
Hoe.plugin :debugging
|
10
|
-
|
11
|
-
Hoe.spec "loofah" do
|
12
|
-
developer "Mike Dalessio", "mike.dalessio@gmail.com"
|
13
|
-
developer "Bryan Helmkamp", "bryan@brynary.com"
|
14
|
-
|
15
|
-
self.extra_rdoc_files = FileList["*.md"]
|
16
|
-
self.history_file = "CHANGELOG.md"
|
17
|
-
self.readme_file = "README.md"
|
18
|
-
self.license "MIT"
|
19
|
-
|
20
|
-
extra_deps << ["nokogiri", ">=1.5.9"]
|
21
|
-
extra_deps << ["crass", "~> 1.0.2"]
|
22
|
-
|
23
|
-
extra_dev_deps << ["rake", ">=0.8"]
|
24
|
-
extra_dev_deps << ["minitest", "~>2.2"]
|
25
|
-
extra_dev_deps << ["rr", "~>1.2.0"]
|
26
|
-
extra_dev_deps << ["json", ">=0"]
|
27
|
-
extra_dev_deps << ["hoe-gemspec", ">=0"]
|
28
|
-
extra_dev_deps << ["hoe-debugging", ">=0"]
|
29
|
-
extra_dev_deps << ["hoe-bundler", ">=0"]
|
30
|
-
extra_dev_deps << ["hoe-git", ">=0"]
|
31
|
-
extra_dev_deps << ["concourse", ">=0.15.0"]
|
32
|
-
end
|
33
|
-
|
34
|
-
task :gemspec do
|
35
|
-
system %q(rake debug_gem | grep -v "^\(in " > loofah.gemspec)
|
36
|
-
end
|
37
|
-
|
38
|
-
task :redocs => :fix_css
|
39
|
-
task :docs => :fix_css
|
40
|
-
task :fix_css do
|
41
|
-
better_css = <<-EOT
|
42
|
-
.method-description pre {
|
43
|
-
margin : 1em 0 ;
|
44
|
-
}
|
45
|
-
|
46
|
-
.method-description ul {
|
47
|
-
padding : .5em 0 .5em 2em ;
|
48
|
-
}
|
49
|
-
|
50
|
-
.method-description p {
|
51
|
-
margin-top : .5em ;
|
52
|
-
}
|
53
|
-
|
54
|
-
#main ul, div#documentation ul {
|
55
|
-
list-style-type : disc ! IMPORTANT ;
|
56
|
-
list-style-position : inside ! IMPORTANT ;
|
57
|
-
}
|
58
|
-
|
59
|
-
h2 + ul {
|
60
|
-
margin-top : 1em;
|
61
|
-
}
|
62
|
-
EOT
|
63
|
-
puts "* fixing css"
|
64
|
-
File.open("doc/rdoc.css", "a") { |f| f.write better_css }
|
65
|
-
end
|
66
|
-
|
67
|
-
desc "generate and upload docs to rubyforge"
|
68
|
-
task :doc_upload_to_rubyforge => :docs do
|
69
|
-
Dir.chdir "doc" do
|
70
|
-
system "rsync -avz --delete * rubyforge.org:/var/www/gforge-projects/loofah/loofah"
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
desc "generate whitelists from W3C specifications"
|
75
|
-
task :generate_whitelists do
|
76
|
-
load "tasks/generate-whitelists"
|
77
|
-
end
|
78
|
-
|
79
|
-
Concourse.new("loofah").create_tasks!
|
data/benchmark/benchmark.rb
DELETED
@@ -1,149 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require "#{File.dirname(__FILE__)}/helper.rb"
|
3
|
-
|
4
|
-
def compare_scrub_methods
|
5
|
-
snip = "<div>foo</div><foo>fuxx <b>quux</b></foo><script>i have a chair</script>"
|
6
|
-
puts "starting with:\n#{snip}"
|
7
|
-
puts
|
8
|
-
puts RailsSanitize.new.sanitize(snip) # => Rails.sanitize / scrub!(:prune).to_s
|
9
|
-
puts Loofah::Helpers.sanitize(snip)
|
10
|
-
puts "--"
|
11
|
-
puts RailsSanitize.new.strip_tags(snip) # => Rails.strip_tags / parse().text
|
12
|
-
puts Loofah::Helpers.strip_tags(snip)
|
13
|
-
puts "--"
|
14
|
-
puts Sanitize.clean(snip, Sanitize::Config::RELAXED) # => scrub!(:strip).to_s
|
15
|
-
puts Loofah.scrub_fragment(snip, :strip).to_s
|
16
|
-
puts "--"
|
17
|
-
puts HTML5libSanitize.new.sanitize(snip) # => scrub!(:escape).to_s
|
18
|
-
puts Loofah.scrub_fragment(snip, :escape).to_s
|
19
|
-
puts "--"
|
20
|
-
puts HTMLFilter.new.filter(snip)
|
21
|
-
puts Loofah.scrub_fragment(snip, :strip).to_s
|
22
|
-
puts
|
23
|
-
end
|
24
|
-
|
25
|
-
module TestSet
|
26
|
-
def test_set options={}
|
27
|
-
scale = options[:rehearse] ? 10 : 1
|
28
|
-
puts self.class.name
|
29
|
-
|
30
|
-
n = 100 / scale
|
31
|
-
puts " Large document, #{BIG_FILE.length} bytes (x#{n})"
|
32
|
-
bench BIG_FILE, n, false
|
33
|
-
puts
|
34
|
-
|
35
|
-
n = 1000 / scale
|
36
|
-
puts " Small fragment, #{FRAGMENT.length} bytes (x#{n})"
|
37
|
-
bench FRAGMENT, n, true
|
38
|
-
puts
|
39
|
-
|
40
|
-
n = 10_000 / scale
|
41
|
-
puts " Text snippet, #{SNIPPET.length} bytes (x#{n})"
|
42
|
-
bench SNIPPET, n, true
|
43
|
-
puts
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
class HeadToHead < Measure
|
48
|
-
end
|
49
|
-
|
50
|
-
class HeadToHeadRailsSanitize < Measure
|
51
|
-
include TestSet
|
52
|
-
def bench(content, ntimes, fragment_p)
|
53
|
-
clear_measure
|
54
|
-
|
55
|
-
measure "Loofah::Helpers.sanitize", ntimes do
|
56
|
-
Loofah::Helpers.sanitize content
|
57
|
-
end
|
58
|
-
|
59
|
-
sanitizer = RailsSanitize.new
|
60
|
-
measure "ActionView sanitize", ntimes do
|
61
|
-
sanitizer.sanitize(content)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
class HeadToHeadRailsStripTags < Measure
|
67
|
-
include TestSet
|
68
|
-
def bench(content, ntimes, fragment_p)
|
69
|
-
clear_measure
|
70
|
-
|
71
|
-
measure "Loofah::Helpers.strip_tags", ntimes do
|
72
|
-
Loofah::Helpers.strip_tags content
|
73
|
-
end
|
74
|
-
|
75
|
-
sanitizer = RailsSanitize.new
|
76
|
-
measure "ActionView strip_tags", ntimes do
|
77
|
-
sanitizer.strip_tags(content)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
class HeadToHeadSanitizerSanitize < Measure
|
83
|
-
include TestSet
|
84
|
-
def bench(content, ntimes, fragment_p)
|
85
|
-
clear_measure
|
86
|
-
|
87
|
-
measure "Loofah :strip", ntimes do
|
88
|
-
if fragment_p
|
89
|
-
Loofah.scrub_fragment(content, :strip).to_s
|
90
|
-
else
|
91
|
-
Loofah.scrub_document(content, :strip).to_s
|
92
|
-
end
|
93
|
-
end
|
94
|
-
|
95
|
-
measure "Sanitize.clean", ntimes do
|
96
|
-
Sanitize.clean(content, Sanitize::Config::RELAXED)
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
class HeadToHeadHtml5LibSanitize < Measure
|
102
|
-
include TestSet
|
103
|
-
def bench(content, ntimes, fragment_p)
|
104
|
-
clear_measure
|
105
|
-
|
106
|
-
measure "Loofah :escape", ntimes do
|
107
|
-
if fragment_p
|
108
|
-
Loofah.scrub_fragment(content, :escape).to_s
|
109
|
-
else
|
110
|
-
Loofah.scrub_document(content, :escape).to_s
|
111
|
-
end
|
112
|
-
end
|
113
|
-
|
114
|
-
html5_sanitizer = HTML5libSanitize.new
|
115
|
-
measure "HTML5lib.sanitize", ntimes do
|
116
|
-
html5_sanitizer.sanitize(content)
|
117
|
-
end
|
118
|
-
end
|
119
|
-
end
|
120
|
-
|
121
|
-
class HeadToHeadHTMLFilter < Measure
|
122
|
-
include TestSet
|
123
|
-
def bench(content, ntimes, fragment_p)
|
124
|
-
clear_measure
|
125
|
-
|
126
|
-
measure "Loofah::Helpers.sanitize", ntimes do
|
127
|
-
Loofah::Helpers.sanitize content
|
128
|
-
end
|
129
|
-
|
130
|
-
sanitizer = HTMLFilter.new
|
131
|
-
measure "HTMLFilter.filter", ntimes do
|
132
|
-
sanitizer.filter(content)
|
133
|
-
end
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
puts "Nokogiri version: #{Nokogiri::VERSION_INFO.inspect}"
|
138
|
-
puts "Loofah version: #{Loofah::VERSION.inspect}"
|
139
|
-
|
140
|
-
benches = []
|
141
|
-
benches << HeadToHeadRailsSanitize.new
|
142
|
-
benches << HeadToHeadRailsStripTags.new
|
143
|
-
benches << HeadToHeadSanitizerSanitize.new
|
144
|
-
benches << HeadToHeadHtml5LibSanitize.new
|
145
|
-
benches << HeadToHeadHTMLFilter.new
|
146
|
-
puts "---------- rehearsal ----------"
|
147
|
-
benches.each { |bench| bench.test_set :rehearse => true }
|
148
|
-
puts "---------- realsies ----------"
|
149
|
-
benches.each { |bench| bench.test_set }
|