loofah 2.2.3 → 2.19.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of loofah might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +212 -31
- data/README.md +18 -24
- data/lib/loofah/elements.rb +79 -75
- data/lib/loofah/helpers.rb +18 -7
- data/lib/loofah/html/document.rb +1 -0
- data/lib/loofah/html/document_fragment.rb +4 -2
- data/lib/loofah/html5/libxml2_workarounds.rb +8 -7
- data/lib/loofah/html5/safelist.rb +1043 -0
- data/lib/loofah/html5/scrub.rb +73 -48
- data/lib/loofah/instance_methods.rb +14 -8
- data/lib/loofah/metahelpers.rb +2 -1
- data/lib/loofah/scrubber.rb +8 -7
- data/lib/loofah/scrubbers.rb +19 -13
- data/lib/loofah/version.rb +5 -0
- data/lib/loofah/xml/document.rb +1 -0
- data/lib/loofah/xml/document_fragment.rb +2 -1
- data/lib/loofah.rb +35 -18
- metadata +52 -138
- data/.gemtest +0 -0
- data/Gemfile +0 -22
- data/Manifest.txt +0 -40
- data/Rakefile +0 -79
- data/benchmark/benchmark.rb +0 -149
- data/benchmark/fragment.html +0 -96
- data/benchmark/helper.rb +0 -73
- data/benchmark/www.slashdot.com.html +0 -2560
- data/lib/loofah/html5/whitelist.rb +0 -186
- data/test/assets/msword.html +0 -63
- data/test/assets/testdata_sanitizer_tests1.dat +0 -502
- data/test/helper.rb +0 -18
- data/test/html5/test_sanitizer.rb +0 -382
- data/test/integration/test_ad_hoc.rb +0 -204
- data/test/integration/test_helpers.rb +0 -43
- data/test/integration/test_html.rb +0 -72
- data/test/integration/test_scrubbers.rb +0 -400
- data/test/integration/test_xml.rb +0 -55
- data/test/unit/test_api.rb +0 -142
- data/test/unit/test_encoding.rb +0 -20
- data/test/unit/test_helpers.rb +0 -62
- data/test/unit/test_scrubber.rb +0 -229
- data/test/unit/test_scrubbers.rb +0 -14
data/benchmark/fragment.html
DELETED
@@ -1,96 +0,0 @@
|
|
1
|
-
<div id="top_parent"></div>
|
2
|
-
|
3
|
-
<div id="jump">
|
4
|
-
<a href="#main-articles">Stories</a>
|
5
|
-
<br>
|
6
|
-
<a href="#blocks">Slash Boxes</a>
|
7
|
-
<br>
|
8
|
-
<a href="#comments">Comments</a>
|
9
|
-
</div>
|
10
|
-
<a name="topothepage"></a>
|
11
|
-
<div id="doc3" class="yui-t6 index2 mainpage ac ">
|
12
|
-
<div id="hd" >
|
13
|
-
<div id="logo" >
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
<h1><a href="//slashdot.org"><span>Slashdot</span></a></h1>
|
18
|
-
<div id="slogan"><h2>News for nerds, stuff that matters</h2></div>
|
19
|
-
</div>
|
20
|
-
<a href="#articles" class="hidden">Jump to articles</a>
|
21
|
-
<div class="nav">
|
22
|
-
<ul>
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
<li><a href="//slashdot.org/submit.pl" title="Submit a story to Slashdot">Submit Story</a></li>
|
27
|
-
<li><a href="//slashdot.org/help" title="Frequently asked questions on Slashdot">Help</a></li>
|
28
|
-
<li><a href="//slashdot.org/login.pl" onclick="show_login_box(); return false;">Log In</a></li>
|
29
|
-
|
30
|
-
</ul>
|
31
|
-
</div>
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
<div id="fh_picker_search" style="display: block;">
|
38
|
-
<form method="get" action="//slashdot.org/index2.pl">
|
39
|
-
<fieldset class="mode-filter mode-anon">
|
40
|
-
<legend>Search</legend>
|
41
|
-
|
42
|
-
|
43
|
-
<input class="query" type="text" name="fhfilter" value="" id="searchquery"> <input type="button" class="setfhfilter" value="Filter" id="viewsearch" style="display:none"> <input type="submit" class="setsearchfilter" value="Search" id="fhsearch" style="display:none">
|
44
|
-
<noscript><input type="submit" class="setsearchfilter" value="Search"></noscript>
|
45
|
-
|
46
|
-
<script type="text/javascript">
|
47
|
-
var slash_search;
|
48
|
-
$(function(){
|
49
|
-
if (has_hose()) {
|
50
|
-
var $search_text = $any('searchquery'),
|
51
|
-
$panel = $search_text.closest('fieldset');
|
52
|
-
$search_buttons = $('#viewsearch,#fhsearch'),
|
53
|
-
ws = /\s+/;
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
// The search buttons set the firehose option named by their class.
|
58
|
-
$search_buttons.
|
59
|
-
click(function(){
|
60
|
-
var which=this.className;
|
61
|
-
$search_text.each(function(){
|
62
|
-
firehose_set_options(which, this.value);
|
63
|
-
});
|
64
|
-
return false;
|
65
|
-
});
|
66
|
-
|
67
|
-
// Provide a globally available function that does whatever clicking the search button would do.
|
68
|
-
slash_search = function( query ){
|
69
|
-
query!==undefined && $search_text.val(query);
|
70
|
-
$search_buttons.filter(':visible:first').click();
|
71
|
-
};
|
72
|
-
|
73
|
-
$search_text.
|
74
|
-
keydown(function( e ){ // ESCAPE restores the filter in-effect.
|
75
|
-
if ( e.which == $.ui.keyCode.ESCAPE ) {
|
76
|
-
$search_text.val(firehose_settings.fhfilter||'');
|
77
|
-
return true;
|
78
|
-
}
|
79
|
-
if ( e.which == $.ui.keyCode.ENTER ) {
|
80
|
-
slash_search();
|
81
|
-
return false;
|
82
|
-
}
|
83
|
-
});
|
84
|
-
|
85
|
-
$(document).
|
86
|
-
bind('firehose-setting-setfhfilter firehose-setting-setsearchfilter', function( e, new_query ){
|
87
|
-
$('fieldset input[type=text]').each(function(){
|
88
|
-
$(this).blur().val(new_query);
|
89
|
-
});
|
90
|
-
}).
|
91
|
-
bind('set-options.firehose', function( e, data ){
|
92
|
-
data.select_section && $panel.toggleClass('mode-filter', data.id!=='unsaved');
|
93
|
-
});
|
94
|
-
}
|
95
|
-
});
|
96
|
-
</script>
|
data/benchmark/helper.rb
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'open-uri'
|
3
|
-
require 'hpricot'
|
4
|
-
require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
|
5
|
-
require 'benchmark'
|
6
|
-
require "action_view"
|
7
|
-
require "action_controller/vendor/html-scanner"
|
8
|
-
require "sanitize"
|
9
|
-
require 'hitimes'
|
10
|
-
require 'htmlfilter'
|
11
|
-
|
12
|
-
unless defined?(HTMLFilter)
|
13
|
-
HTMLFilter = HtmlFilter
|
14
|
-
end
|
15
|
-
|
16
|
-
class RailsSanitize
|
17
|
-
include ActionView::Helpers::SanitizeHelper
|
18
|
-
extend ActionView::Helpers::SanitizeHelper::ClassMethods
|
19
|
-
end
|
20
|
-
|
21
|
-
class HTML5libSanitize
|
22
|
-
require 'html5/html5parser'
|
23
|
-
require 'html5/liberalxmlparser'
|
24
|
-
require 'html5/treewalkers'
|
25
|
-
require 'html5/treebuilders'
|
26
|
-
require 'html5/serializer'
|
27
|
-
require 'html5/sanitizer'
|
28
|
-
|
29
|
-
include HTML5
|
30
|
-
|
31
|
-
def sanitize(html)
|
32
|
-
HTMLParser.parse_fragment(html, {
|
33
|
-
:tokenizer => HTMLSanitizer,
|
34
|
-
:encoding => 'utf-8',
|
35
|
-
:tree => TreeBuilders::REXML::TreeBuilder
|
36
|
-
}).to_s
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
BIG_FILE = File.read(File.join(File.dirname(__FILE__), "www.slashdot.com.html"))
|
41
|
-
FRAGMENT = File.read(File.join(File.dirname(__FILE__), "fragment.html"))
|
42
|
-
SNIPPET = "This is typical form field input in <b>length and content."
|
43
|
-
|
44
|
-
class Measure
|
45
|
-
def initialize
|
46
|
-
clear_measure
|
47
|
-
end
|
48
|
-
|
49
|
-
def clear_measure
|
50
|
-
@first_time = true
|
51
|
-
@baseline = nil
|
52
|
-
end
|
53
|
-
|
54
|
-
def measure(name, ntimes)
|
55
|
-
if @first_time
|
56
|
-
printf " %-30s %7s %8s %5s\n", "", "total", "single", "rel"
|
57
|
-
@first_time = false
|
58
|
-
end
|
59
|
-
timer = Hitimes::TimedMetric.new(name)
|
60
|
-
timer.start
|
61
|
-
ntimes.times do |j|
|
62
|
-
yield
|
63
|
-
end
|
64
|
-
timer.stop
|
65
|
-
if @baseline
|
66
|
-
printf " %30s %7.3f (%8.6f) %5.2fx\n", timer.name, timer.sum, timer.sum / ntimes, timer.sum / @baseline
|
67
|
-
else
|
68
|
-
@baseline = timer.sum
|
69
|
-
printf " %30s %7.3f (%8.6f) %5s\n", timer.name, timer.sum, timer.sum / ntimes, "-"
|
70
|
-
end
|
71
|
-
timer.sum
|
72
|
-
end
|
73
|
-
end
|