loofah 2.2.3 → 2.19.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +221 -31
- data/README.md +18 -24
- data/lib/loofah/elements.rb +79 -75
- data/lib/loofah/helpers.rb +18 -7
- data/lib/loofah/html/document.rb +1 -0
- data/lib/loofah/html/document_fragment.rb +4 -2
- data/lib/loofah/html5/libxml2_workarounds.rb +8 -7
- data/lib/loofah/html5/safelist.rb +1042 -0
- data/lib/loofah/html5/scrub.rb +150 -55
- data/lib/loofah/instance_methods.rb +14 -8
- data/lib/loofah/metahelpers.rb +2 -1
- data/lib/loofah/scrubber.rb +12 -7
- data/lib/loofah/scrubbers.rb +21 -19
- data/lib/loofah/version.rb +5 -0
- data/lib/loofah/xml/document.rb +1 -0
- data/lib/loofah/xml/document_fragment.rb +2 -1
- data/lib/loofah.rb +35 -18
- metadata +52 -138
- data/.gemtest +0 -0
- data/Gemfile +0 -22
- data/Manifest.txt +0 -40
- data/Rakefile +0 -79
- data/benchmark/benchmark.rb +0 -149
- data/benchmark/fragment.html +0 -96
- data/benchmark/helper.rb +0 -73
- data/benchmark/www.slashdot.com.html +0 -2560
- data/lib/loofah/html5/whitelist.rb +0 -186
- data/test/assets/msword.html +0 -63
- data/test/assets/testdata_sanitizer_tests1.dat +0 -502
- data/test/helper.rb +0 -18
- data/test/html5/test_sanitizer.rb +0 -382
- data/test/integration/test_ad_hoc.rb +0 -204
- data/test/integration/test_helpers.rb +0 -43
- data/test/integration/test_html.rb +0 -72
- data/test/integration/test_scrubbers.rb +0 -400
- data/test/integration/test_xml.rb +0 -55
- data/test/unit/test_api.rb +0 -142
- data/test/unit/test_encoding.rb +0 -20
- data/test/unit/test_helpers.rb +0 -62
- data/test/unit/test_scrubber.rb +0 -229
- data/test/unit/test_scrubbers.rb +0 -14
data/benchmark/fragment.html
DELETED
@@ -1,96 +0,0 @@
|
|
1
|
-
<div id="top_parent"></div>
|
2
|
-
|
3
|
-
<div id="jump">
|
4
|
-
<a href="#main-articles">Stories</a>
|
5
|
-
<br>
|
6
|
-
<a href="#blocks">Slash Boxes</a>
|
7
|
-
<br>
|
8
|
-
<a href="#comments">Comments</a>
|
9
|
-
</div>
|
10
|
-
<a name="topothepage"></a>
|
11
|
-
<div id="doc3" class="yui-t6 index2 mainpage ac ">
|
12
|
-
<div id="hd" >
|
13
|
-
<div id="logo" >
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
<h1><a href="//slashdot.org"><span>Slashdot</span></a></h1>
|
18
|
-
<div id="slogan"><h2>News for nerds, stuff that matters</h2></div>
|
19
|
-
</div>
|
20
|
-
<a href="#articles" class="hidden">Jump to articles</a>
|
21
|
-
<div class="nav">
|
22
|
-
<ul>
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
<li><a href="//slashdot.org/submit.pl" title="Submit a story to Slashdot">Submit Story</a></li>
|
27
|
-
<li><a href="//slashdot.org/help" title="Frequently asked questions on Slashdot">Help</a></li>
|
28
|
-
<li><a href="//slashdot.org/login.pl" onclick="show_login_box(); return false;">Log In</a></li>
|
29
|
-
|
30
|
-
</ul>
|
31
|
-
</div>
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
<div id="fh_picker_search" style="display: block;">
|
38
|
-
<form method="get" action="//slashdot.org/index2.pl">
|
39
|
-
<fieldset class="mode-filter mode-anon">
|
40
|
-
<legend>Search</legend>
|
41
|
-
|
42
|
-
|
43
|
-
<input class="query" type="text" name="fhfilter" value="" id="searchquery"> <input type="button" class="setfhfilter" value="Filter" id="viewsearch" style="display:none"> <input type="submit" class="setsearchfilter" value="Search" id="fhsearch" style="display:none">
|
44
|
-
<noscript><input type="submit" class="setsearchfilter" value="Search"></noscript>
|
45
|
-
|
46
|
-
<script type="text/javascript">
|
47
|
-
var slash_search;
|
48
|
-
$(function(){
|
49
|
-
if (has_hose()) {
|
50
|
-
var $search_text = $any('searchquery'),
|
51
|
-
$panel = $search_text.closest('fieldset');
|
52
|
-
$search_buttons = $('#viewsearch,#fhsearch'),
|
53
|
-
ws = /\s+/;
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
// The search buttons set the firehose option named by their class.
|
58
|
-
$search_buttons.
|
59
|
-
click(function(){
|
60
|
-
var which=this.className;
|
61
|
-
$search_text.each(function(){
|
62
|
-
firehose_set_options(which, this.value);
|
63
|
-
});
|
64
|
-
return false;
|
65
|
-
});
|
66
|
-
|
67
|
-
// Provide a globally available function that does whatever clicking the search button would do.
|
68
|
-
slash_search = function( query ){
|
69
|
-
query!==undefined && $search_text.val(query);
|
70
|
-
$search_buttons.filter(':visible:first').click();
|
71
|
-
};
|
72
|
-
|
73
|
-
$search_text.
|
74
|
-
keydown(function( e ){ // ESCAPE restores the filter in-effect.
|
75
|
-
if ( e.which == $.ui.keyCode.ESCAPE ) {
|
76
|
-
$search_text.val(firehose_settings.fhfilter||'');
|
77
|
-
return true;
|
78
|
-
}
|
79
|
-
if ( e.which == $.ui.keyCode.ENTER ) {
|
80
|
-
slash_search();
|
81
|
-
return false;
|
82
|
-
}
|
83
|
-
});
|
84
|
-
|
85
|
-
$(document).
|
86
|
-
bind('firehose-setting-setfhfilter firehose-setting-setsearchfilter', function( e, new_query ){
|
87
|
-
$('fieldset input[type=text]').each(function(){
|
88
|
-
$(this).blur().val(new_query);
|
89
|
-
});
|
90
|
-
}).
|
91
|
-
bind('set-options.firehose', function( e, data ){
|
92
|
-
data.select_section && $panel.toggleClass('mode-filter', data.id!=='unsaved');
|
93
|
-
});
|
94
|
-
}
|
95
|
-
});
|
96
|
-
</script>
|
data/benchmark/helper.rb
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'open-uri'
|
3
|
-
require 'hpricot'
|
4
|
-
require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
|
5
|
-
require 'benchmark'
|
6
|
-
require "action_view"
|
7
|
-
require "action_controller/vendor/html-scanner"
|
8
|
-
require "sanitize"
|
9
|
-
require 'hitimes'
|
10
|
-
require 'htmlfilter'
|
11
|
-
|
12
|
-
unless defined?(HTMLFilter)
|
13
|
-
HTMLFilter = HtmlFilter
|
14
|
-
end
|
15
|
-
|
16
|
-
class RailsSanitize
|
17
|
-
include ActionView::Helpers::SanitizeHelper
|
18
|
-
extend ActionView::Helpers::SanitizeHelper::ClassMethods
|
19
|
-
end
|
20
|
-
|
21
|
-
class HTML5libSanitize
|
22
|
-
require 'html5/html5parser'
|
23
|
-
require 'html5/liberalxmlparser'
|
24
|
-
require 'html5/treewalkers'
|
25
|
-
require 'html5/treebuilders'
|
26
|
-
require 'html5/serializer'
|
27
|
-
require 'html5/sanitizer'
|
28
|
-
|
29
|
-
include HTML5
|
30
|
-
|
31
|
-
def sanitize(html)
|
32
|
-
HTMLParser.parse_fragment(html, {
|
33
|
-
:tokenizer => HTMLSanitizer,
|
34
|
-
:encoding => 'utf-8',
|
35
|
-
:tree => TreeBuilders::REXML::TreeBuilder
|
36
|
-
}).to_s
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
BIG_FILE = File.read(File.join(File.dirname(__FILE__), "www.slashdot.com.html"))
|
41
|
-
FRAGMENT = File.read(File.join(File.dirname(__FILE__), "fragment.html"))
|
42
|
-
SNIPPET = "This is typical form field input in <b>length and content."
|
43
|
-
|
44
|
-
class Measure
|
45
|
-
def initialize
|
46
|
-
clear_measure
|
47
|
-
end
|
48
|
-
|
49
|
-
def clear_measure
|
50
|
-
@first_time = true
|
51
|
-
@baseline = nil
|
52
|
-
end
|
53
|
-
|
54
|
-
def measure(name, ntimes)
|
55
|
-
if @first_time
|
56
|
-
printf " %-30s %7s %8s %5s\n", "", "total", "single", "rel"
|
57
|
-
@first_time = false
|
58
|
-
end
|
59
|
-
timer = Hitimes::TimedMetric.new(name)
|
60
|
-
timer.start
|
61
|
-
ntimes.times do |j|
|
62
|
-
yield
|
63
|
-
end
|
64
|
-
timer.stop
|
65
|
-
if @baseline
|
66
|
-
printf " %30s %7.3f (%8.6f) %5.2fx\n", timer.name, timer.sum, timer.sum / ntimes, timer.sum / @baseline
|
67
|
-
else
|
68
|
-
@baseline = timer.sum
|
69
|
-
printf " %30s %7.3f (%8.6f) %5s\n", timer.name, timer.sum, timer.sum / ntimes, "-"
|
70
|
-
end
|
71
|
-
timer.sum
|
72
|
-
end
|
73
|
-
end
|