loofah 2.2.3 → 2.19.1

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: loofah
 version: !ruby/object:Gem::Version
-  version: 2.2.3
+  version: 2.19.1
 platform: ruby
 authors:
 - Mike Dalessio
@@ -9,22 +9,8 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-30 00:00:00.000000000 Z
+date: 2022-12-12 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: nokogiri
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.5.9
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.5.9
 - !ruby/object:Gem::Dependency
   name: crass
   requirement: !ruby/object:Gem::Requirement
@@ -40,237 +26,166 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.0.2
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
-  type: :development
+        version: 1.5.9
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: 1.5.9
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: hoe-markdown
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: rr
+  name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: '2.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
-  name: hoe-gemspec
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.14'
 - !ruby/object:Gem::Dependency
-  name: hoe-debugging
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
-  name: hoe-bundler
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: hoe-git
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
+        version: '4.0'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: concourse
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.15.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
+        version: '4.0'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: '7'
 - !ruby/object:Gem::Dependency
-  name: rdoc
+  name: rr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
-  name: hoe
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.17'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.17'
+        version: '1.1'
 description: |-
-  Loofah is a general library for manipulating and transforming HTML/XML
-  documents and fragments. It's built on top of Nokogiri and libxml2, so
-  it's fast and has a nice API.
+  Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
 
-  Loofah excels at HTML sanitization (XSS prevention). It includes some
-  nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
-  most likely won't make your codes less secure. (These statements have
-  not been evaluated by Netexperts.)
+  Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)
 
-  ActiveRecord extensions for sanitization are available in the
-  [`loofah-activerecord` gem](https://github.com/flavorjones/loofah-activerecord).
+  ActiveRecord extensions for sanitization are available in the [`loofah-activerecord` gem](https://github.com/flavorjones/loofah-activerecord).
 email:
 - mike.dalessio@gmail.com
 - bryan@brynary.com
 executables: []
 extensions: []
-extra_rdoc_files:
-- CHANGELOG.md
-- MIT-LICENSE.txt
-- Manifest.txt
-- README.md
-- SECURITY.md
+extra_rdoc_files: []
 files:
-- ".gemtest"
 - CHANGELOG.md
-- Gemfile
 - MIT-LICENSE.txt
-- Manifest.txt
 - README.md
-- Rakefile
 - SECURITY.md
-- benchmark/benchmark.rb
-- benchmark/fragment.html
-- benchmark/helper.rb
-- benchmark/www.slashdot.com.html
 - lib/loofah.rb
 - lib/loofah/elements.rb
 - lib/loofah/helpers.rb
 - lib/loofah/html/document.rb
 - lib/loofah/html/document_fragment.rb
 - lib/loofah/html5/libxml2_workarounds.rb
+- lib/loofah/html5/safelist.rb
 - lib/loofah/html5/scrub.rb
-- lib/loofah/html5/whitelist.rb
 - lib/loofah/instance_methods.rb
 - lib/loofah/metahelpers.rb
 - lib/loofah/scrubber.rb
 - lib/loofah/scrubbers.rb
+- lib/loofah/version.rb
 - lib/loofah/xml/document.rb
 - lib/loofah/xml/document_fragment.rb
-- test/assets/msword.html
-- test/assets/testdata_sanitizer_tests1.dat
-- test/helper.rb
-- test/html5/test_sanitizer.rb
-- test/integration/test_ad_hoc.rb
-- test/integration/test_helpers.rb
-- test/integration/test_html.rb
-- test/integration/test_scrubbers.rb
-- test/integration/test_xml.rb
-- test/unit/test_api.rb
-- test/unit/test_encoding.rb
-- test/unit/test_helpers.rb
-- test/unit/test_scrubber.rb
-- test/unit/test_scrubbers.rb
 homepage: https://github.com/flavorjones/loofah
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/flavorjones/loofah
+  source_code_uri: https://github.com/flavorjones/loofah
+  bug_tracker_uri: https://github.com/flavorjones/loofah/issues
+  changelog_uri: https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/loofah/
 post_install_message: 
-rdoc_options:
-- "--main"
-- README.md
+rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
@@ -284,10 +199,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Loofah is a general library for manipulating and transforming HTML/XML documents
-  and fragments
+  and fragments, built on top of Nokogiri
 test_files: []

data/Gemfile

@@ -1,22 +0,0 @@
-# -*- ruby -*-
-
-# DO NOT EDIT THIS FILE. Instead, edit Rakefile, and run `rake bundler:gemfile`.
-
-source "https://rubygems.org/"
-
-gem "nokogiri", ">=1.5.9"
-gem "crass", "~>1.0.2"
-
-gem "rake", ">=0.8", :group => [:development, :test]
-gem "minitest", "~>2.2", :group => [:development, :test]
-gem "rr", "~>1.2.0", :group => [:development, :test]
-gem "json", ">=0", :group => [:development, :test]
-gem "hoe-gemspec", ">=0", :group => [:development, :test]
-gem "hoe-debugging", ">=0", :group => [:development, :test]
-gem "hoe-bundler", ">=0", :group => [:development, :test]
-gem "hoe-git", ">=0", :group => [:development, :test]
-gem "concourse", ">=0.15.0", :group => [:development, :test]
-gem "rdoc", "~>4.0", :group => [:development, :test]
-gem "hoe", "~>3.16", :group => [:development, :test]
-
-# vim: syntax=ruby

data/Manifest.txt

@@ -1,40 +0,0 @@
-.gemtest
-CHANGELOG.md
-Gemfile
-MIT-LICENSE.txt
-Manifest.txt
-README.md
-Rakefile
-SECURITY.md
-benchmark/benchmark.rb
-benchmark/fragment.html
-benchmark/helper.rb
-benchmark/www.slashdot.com.html
-lib/loofah.rb
-lib/loofah/elements.rb
-lib/loofah/helpers.rb
-lib/loofah/html/document.rb
-lib/loofah/html/document_fragment.rb
-lib/loofah/html5/libxml2_workarounds.rb
-lib/loofah/html5/scrub.rb
-lib/loofah/html5/whitelist.rb
-lib/loofah/instance_methods.rb
-lib/loofah/metahelpers.rb
-lib/loofah/scrubber.rb
-lib/loofah/scrubbers.rb
-lib/loofah/xml/document.rb
-lib/loofah/xml/document_fragment.rb
-test/assets/msword.html
-test/assets/testdata_sanitizer_tests1.dat
-test/helper.rb
-test/html5/test_sanitizer.rb
-test/integration/test_ad_hoc.rb
-test/integration/test_helpers.rb
-test/integration/test_html.rb
-test/integration/test_scrubbers.rb
-test/integration/test_xml.rb
-test/unit/test_api.rb
-test/unit/test_encoding.rb
-test/unit/test_helpers.rb
-test/unit/test_scrubber.rb
-test/unit/test_scrubbers.rb

data/Rakefile

@@ -1,79 +0,0 @@
-require 'rubygems'
-gem 'hoe', '>= 2.3.0'
-require 'hoe'
-require 'concourse'
-
-Hoe.plugin :git
-Hoe.plugin :gemspec
-Hoe.plugin :bundler
-Hoe.plugin :debugging
-
-Hoe.spec "loofah" do
-  developer "Mike Dalessio", "mike.dalessio@gmail.com"
-  developer "Bryan Helmkamp", "bryan@brynary.com"
-
-  self.extra_rdoc_files = FileList["*.md"]
-  self.history_file     = "CHANGELOG.md"
-  self.readme_file      = "README.md"
-  self.license          "MIT"
-
-  extra_deps     << ["nokogiri", ">=1.5.9"]
-  extra_deps     << ["crass", "~> 1.0.2"]
-
-  extra_dev_deps << ["rake", ">=0.8"]
-  extra_dev_deps << ["minitest", "~>2.2"]
-  extra_dev_deps << ["rr", "~>1.2.0"]
-  extra_dev_deps << ["json", ">=0"]
-  extra_dev_deps << ["hoe-gemspec", ">=0"]
-  extra_dev_deps << ["hoe-debugging", ">=0"]
-  extra_dev_deps << ["hoe-bundler", ">=0"]
-  extra_dev_deps << ["hoe-git", ">=0"]
-  extra_dev_deps << ["concourse", ">=0.15.0"]
-end
-
-task :gemspec do
-  system %q(rake debug_gem | grep -v "^\(in " > loofah.gemspec)
-end
-
-task :redocs => :fix_css
-task :docs => :fix_css
-task :fix_css do
-  better_css = <<-EOT
-    .method-description pre {
-      margin                    : 1em 0 ;
-    }
-
-    .method-description ul {
-      padding                   : .5em 0 .5em 2em ;
-    }
-
-    .method-description p {
-      margin-top                : .5em ;
-    }
-
-    #main ul, div#documentation ul {
-      list-style-type           : disc ! IMPORTANT ;
-      list-style-position       : inside ! IMPORTANT ;
-    }
-
-    h2 + ul {
-      margin-top                : 1em;
-    }
-  EOT
-  puts "* fixing css"
-  File.open("doc/rdoc.css", "a") { |f| f.write better_css }
-end
-
-desc "generate and upload docs to rubyforge"
-task :doc_upload_to_rubyforge => :docs do
-  Dir.chdir "doc" do
-    system "rsync -avz --delete * rubyforge.org:/var/www/gforge-projects/loofah/loofah"
-  end
-end
-
-desc "generate whitelists from W3C specifications"
-task :generate_whitelists do
-  load "tasks/generate-whitelists"
-end
-
-Concourse.new("loofah").create_tasks!

data/benchmark/benchmark.rb

@@ -1,149 +0,0 @@
-#!/usr/bin/env ruby
-require "#{File.dirname(__FILE__)}/helper.rb"
-
-def compare_scrub_methods
-  snip = "<div>foo</div><foo>fuxx <b>quux</b></foo><script>i have a chair</script>"
-  puts "starting with:\n#{snip}"
-  puts
-  puts RailsSanitize.new.sanitize(snip) # => Rails.sanitize / scrub!(:prune).to_s
-  puts Loofah::Helpers.sanitize(snip)
-  puts "--"
-  puts RailsSanitize.new.strip_tags(snip) # => Rails.strip_tags / parse().text
-  puts Loofah::Helpers.strip_tags(snip)
-  puts "--"
-  puts Sanitize.clean(snip, Sanitize::Config::RELAXED) # => scrub!(:strip).to_s
-  puts Loofah.scrub_fragment(snip, :strip).to_s
-  puts "--"
-  puts HTML5libSanitize.new.sanitize(snip) # => scrub!(:escape).to_s
-  puts Loofah.scrub_fragment(snip, :escape).to_s
-  puts "--"
-  puts HTMLFilter.new.filter(snip)
-  puts Loofah.scrub_fragment(snip, :strip).to_s
-  puts
-end
-
-module TestSet
-  def test_set options={}
-    scale = options[:rehearse] ? 10 : 1
-    puts self.class.name
-
-    n = 100 / scale
-    puts "  Large document, #{BIG_FILE.length} bytes (x#{n})"
-    bench BIG_FILE, n, false
-    puts
-
-    n = 1000 / scale
-    puts "  Small fragment, #{FRAGMENT.length} bytes (x#{n})"
-    bench FRAGMENT, n, true
-    puts
-
-    n = 10_000 / scale
-    puts "  Text snippet, #{SNIPPET.length} bytes (x#{n})"
-    bench SNIPPET, n, true
-    puts
-  end
-end
-
-class HeadToHead < Measure
-end
-
-class HeadToHeadRailsSanitize < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-
-    measure "Loofah::Helpers.sanitize", ntimes do
-      Loofah::Helpers.sanitize content
-    end
-
-    sanitizer = RailsSanitize.new
-    measure "ActionView sanitize", ntimes do
-      sanitizer.sanitize(content)
-    end
-  end
-end
-
-class HeadToHeadRailsStripTags < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-
-    measure "Loofah::Helpers.strip_tags", ntimes do
-      Loofah::Helpers.strip_tags content
-    end
-
-    sanitizer = RailsSanitize.new
-    measure "ActionView strip_tags", ntimes do
-      sanitizer.strip_tags(content)
-    end
-  end
-end
-
-class HeadToHeadSanitizerSanitize < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-
-    measure "Loofah :strip", ntimes do
-      if fragment_p
-        Loofah.scrub_fragment(content, :strip).to_s
-      else
-        Loofah.scrub_document(content, :strip).to_s
-      end
-    end
-
-    measure "Sanitize.clean", ntimes do
-      Sanitize.clean(content, Sanitize::Config::RELAXED)
-    end
-  end
-end
-
-class HeadToHeadHtml5LibSanitize < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-
-    measure "Loofah :escape", ntimes do
-      if fragment_p
-        Loofah.scrub_fragment(content, :escape).to_s
-      else
-        Loofah.scrub_document(content, :escape).to_s
-      end
-    end
-
-    html5_sanitizer = HTML5libSanitize.new
-    measure "HTML5lib.sanitize", ntimes do
-      html5_sanitizer.sanitize(content)
-    end
-  end
-end
-
-class HeadToHeadHTMLFilter < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-
-    measure "Loofah::Helpers.sanitize", ntimes do
-      Loofah::Helpers.sanitize content
-    end
-
-    sanitizer = HTMLFilter.new
-    measure "HTMLFilter.filter", ntimes do
-      sanitizer.filter(content)
-    end
-  end
-end
-
-puts "Nokogiri version: #{Nokogiri::VERSION_INFO.inspect}"
-puts "Loofah version: #{Loofah::VERSION.inspect}"
-
-benches = []
-benches << HeadToHeadRailsSanitize.new
-benches << HeadToHeadRailsStripTags.new
-benches << HeadToHeadSanitizerSanitize.new
-benches << HeadToHeadHtml5LibSanitize.new
-benches << HeadToHeadHTMLFilter.new
-puts "---------- rehearsal ----------"
-benches.each { |bench| bench.test_set :rehearse => true }
-puts "---------- realsies ----------"
-benches.each { |bench| bench.test_set }