loofah 2.2.3 → 2.21.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +269 -31
- data/README.md +109 -124
- data/lib/loofah/concerns.rb +207 -0
- data/lib/loofah/elements.rb +85 -79
- data/lib/loofah/helpers.rb +37 -20
- data/lib/loofah/{html → html4}/document.rb +6 -7
- data/lib/loofah/html4/document_fragment.rb +15 -0
- data/lib/loofah/html5/document.rb +17 -0
- data/lib/loofah/html5/document_fragment.rb +15 -0
- data/lib/loofah/html5/libxml2_workarounds.rb +10 -8
- data/lib/loofah/html5/safelist.rb +1055 -0
- data/lib/loofah/html5/scrub.rb +153 -58
- data/lib/loofah/metahelpers.rb +11 -6
- data/lib/loofah/scrubber.rb +22 -15
- data/lib/loofah/scrubbers.rb +66 -55
- data/lib/loofah/version.rb +6 -0
- data/lib/loofah/xml/document.rb +2 -0
- data/lib/loofah/xml/document_fragment.rb +4 -7
- data/lib/loofah.rb +131 -38
- metadata +28 -216
- data/.gemtest +0 -0
- data/Gemfile +0 -22
- data/Manifest.txt +0 -40
- data/Rakefile +0 -79
- data/benchmark/benchmark.rb +0 -149
- data/benchmark/fragment.html +0 -96
- data/benchmark/helper.rb +0 -73
- data/benchmark/www.slashdot.com.html +0 -2560
- data/lib/loofah/html/document_fragment.rb +0 -40
- data/lib/loofah/html5/whitelist.rb +0 -186
- data/lib/loofah/instance_methods.rb +0 -127
- data/test/assets/msword.html +0 -63
- data/test/assets/testdata_sanitizer_tests1.dat +0 -502
- data/test/helper.rb +0 -18
- data/test/html5/test_sanitizer.rb +0 -382
- data/test/integration/test_ad_hoc.rb +0 -204
- data/test/integration/test_helpers.rb +0 -43
- data/test/integration/test_html.rb +0 -72
- data/test/integration/test_scrubbers.rb +0 -400
- data/test/integration/test_xml.rb +0 -55
- data/test/unit/test_api.rb +0 -142
- data/test/unit/test_encoding.rb +0 -20
- data/test/unit/test_helpers.rb +0 -62
- data/test/unit/test_scrubber.rb +0 -229
- data/test/unit/test_scrubbers.rb +0 -14
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.21.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
@@ -9,22 +9,8 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-05-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
-
- !ruby/object:Gem::Dependency
|
15
|
-
name: nokogiri
|
16
|
-
requirement: !ruby/object:Gem::Requirement
|
17
|
-
requirements:
|
18
|
-
- - ">="
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: 1.5.9
|
21
|
-
type: :runtime
|
22
|
-
prerelease: false
|
23
|
-
version_requirements: !ruby/object:Gem::Requirement
|
24
|
-
requirements:
|
25
|
-
- - ">="
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
version: 1.5.9
|
28
14
|
- !ruby/object:Gem::Dependency
|
29
15
|
name: crass
|
30
16
|
requirement: !ruby/object:Gem::Requirement
|
@@ -40,237 +26,64 @@ dependencies:
|
|
40
26
|
- !ruby/object:Gem::Version
|
41
27
|
version: 1.0.2
|
42
28
|
- !ruby/object:Gem::Dependency
|
43
|
-
name:
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
45
|
-
requirements:
|
46
|
-
- - ">="
|
47
|
-
- !ruby/object:Gem::Version
|
48
|
-
version: '0.8'
|
49
|
-
type: :development
|
50
|
-
prerelease: false
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
52
|
-
requirements:
|
53
|
-
- - ">="
|
54
|
-
- !ruby/object:Gem::Version
|
55
|
-
version: '0.8'
|
56
|
-
- !ruby/object:Gem::Dependency
|
57
|
-
name: minitest
|
58
|
-
requirement: !ruby/object:Gem::Requirement
|
59
|
-
requirements:
|
60
|
-
- - "~>"
|
61
|
-
- !ruby/object:Gem::Version
|
62
|
-
version: '2.2'
|
63
|
-
type: :development
|
64
|
-
prerelease: false
|
65
|
-
version_requirements: !ruby/object:Gem::Requirement
|
66
|
-
requirements:
|
67
|
-
- - "~>"
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '2.2'
|
70
|
-
- !ruby/object:Gem::Dependency
|
71
|
-
name: rr
|
72
|
-
requirement: !ruby/object:Gem::Requirement
|
73
|
-
requirements:
|
74
|
-
- - "~>"
|
75
|
-
- !ruby/object:Gem::Version
|
76
|
-
version: 1.2.0
|
77
|
-
type: :development
|
78
|
-
prerelease: false
|
79
|
-
version_requirements: !ruby/object:Gem::Requirement
|
80
|
-
requirements:
|
81
|
-
- - "~>"
|
82
|
-
- !ruby/object:Gem::Version
|
83
|
-
version: 1.2.0
|
84
|
-
- !ruby/object:Gem::Dependency
|
85
|
-
name: json
|
86
|
-
requirement: !ruby/object:Gem::Requirement
|
87
|
-
requirements:
|
88
|
-
- - ">="
|
89
|
-
- !ruby/object:Gem::Version
|
90
|
-
version: '0'
|
91
|
-
type: :development
|
92
|
-
prerelease: false
|
93
|
-
version_requirements: !ruby/object:Gem::Requirement
|
94
|
-
requirements:
|
95
|
-
- - ">="
|
96
|
-
- !ruby/object:Gem::Version
|
97
|
-
version: '0'
|
98
|
-
- !ruby/object:Gem::Dependency
|
99
|
-
name: hoe-gemspec
|
100
|
-
requirement: !ruby/object:Gem::Requirement
|
101
|
-
requirements:
|
102
|
-
- - ">="
|
103
|
-
- !ruby/object:Gem::Version
|
104
|
-
version: '0'
|
105
|
-
type: :development
|
106
|
-
prerelease: false
|
107
|
-
version_requirements: !ruby/object:Gem::Requirement
|
108
|
-
requirements:
|
109
|
-
- - ">="
|
110
|
-
- !ruby/object:Gem::Version
|
111
|
-
version: '0'
|
112
|
-
- !ruby/object:Gem::Dependency
|
113
|
-
name: hoe-debugging
|
114
|
-
requirement: !ruby/object:Gem::Requirement
|
115
|
-
requirements:
|
116
|
-
- - ">="
|
117
|
-
- !ruby/object:Gem::Version
|
118
|
-
version: '0'
|
119
|
-
type: :development
|
120
|
-
prerelease: false
|
121
|
-
version_requirements: !ruby/object:Gem::Requirement
|
122
|
-
requirements:
|
123
|
-
- - ">="
|
124
|
-
- !ruby/object:Gem::Version
|
125
|
-
version: '0'
|
126
|
-
- !ruby/object:Gem::Dependency
|
127
|
-
name: hoe-bundler
|
128
|
-
requirement: !ruby/object:Gem::Requirement
|
129
|
-
requirements:
|
130
|
-
- - ">="
|
131
|
-
- !ruby/object:Gem::Version
|
132
|
-
version: '0'
|
133
|
-
type: :development
|
134
|
-
prerelease: false
|
135
|
-
version_requirements: !ruby/object:Gem::Requirement
|
136
|
-
requirements:
|
137
|
-
- - ">="
|
138
|
-
- !ruby/object:Gem::Version
|
139
|
-
version: '0'
|
140
|
-
- !ruby/object:Gem::Dependency
|
141
|
-
name: hoe-git
|
142
|
-
requirement: !ruby/object:Gem::Requirement
|
143
|
-
requirements:
|
144
|
-
- - ">="
|
145
|
-
- !ruby/object:Gem::Version
|
146
|
-
version: '0'
|
147
|
-
type: :development
|
148
|
-
prerelease: false
|
149
|
-
version_requirements: !ruby/object:Gem::Requirement
|
150
|
-
requirements:
|
151
|
-
- - ">="
|
152
|
-
- !ruby/object:Gem::Version
|
153
|
-
version: '0'
|
154
|
-
- !ruby/object:Gem::Dependency
|
155
|
-
name: concourse
|
156
|
-
requirement: !ruby/object:Gem::Requirement
|
157
|
-
requirements:
|
158
|
-
- - ">="
|
159
|
-
- !ruby/object:Gem::Version
|
160
|
-
version: 0.15.0
|
161
|
-
type: :development
|
162
|
-
prerelease: false
|
163
|
-
version_requirements: !ruby/object:Gem::Requirement
|
164
|
-
requirements:
|
165
|
-
- - ">="
|
166
|
-
- !ruby/object:Gem::Version
|
167
|
-
version: 0.15.0
|
168
|
-
- !ruby/object:Gem::Dependency
|
169
|
-
name: rdoc
|
29
|
+
name: nokogiri
|
170
30
|
requirement: !ruby/object:Gem::Requirement
|
171
31
|
requirements:
|
172
32
|
- - ">="
|
173
33
|
- !ruby/object:Gem::Version
|
174
|
-
version:
|
175
|
-
|
176
|
-
- !ruby/object:Gem::Version
|
177
|
-
version: '7'
|
178
|
-
type: :development
|
34
|
+
version: 1.5.9
|
35
|
+
type: :runtime
|
179
36
|
prerelease: false
|
180
37
|
version_requirements: !ruby/object:Gem::Requirement
|
181
38
|
requirements:
|
182
39
|
- - ">="
|
183
40
|
- !ruby/object:Gem::Version
|
184
|
-
version:
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
- !ruby/object:Gem::Dependency
|
189
|
-
name: hoe
|
190
|
-
requirement: !ruby/object:Gem::Requirement
|
191
|
-
requirements:
|
192
|
-
- - "~>"
|
193
|
-
- !ruby/object:Gem::Version
|
194
|
-
version: '3.17'
|
195
|
-
type: :development
|
196
|
-
prerelease: false
|
197
|
-
version_requirements: !ruby/object:Gem::Requirement
|
198
|
-
requirements:
|
199
|
-
- - "~>"
|
200
|
-
- !ruby/object:Gem::Version
|
201
|
-
version: '3.17'
|
202
|
-
description: |-
|
203
|
-
Loofah is a general library for manipulating and transforming HTML/XML
|
204
|
-
documents and fragments. It's built on top of Nokogiri and libxml2, so
|
205
|
-
it's fast and has a nice API.
|
206
|
-
|
207
|
-
Loofah excels at HTML sanitization (XSS prevention). It includes some
|
208
|
-
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
|
209
|
-
most likely won't make your codes less secure. (These statements have
|
210
|
-
not been evaluated by Netexperts.)
|
41
|
+
version: 1.5.9
|
42
|
+
description: |
|
43
|
+
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments,
|
44
|
+
built on top of Nokogiri.
|
211
45
|
|
212
|
-
|
213
|
-
|
46
|
+
Loofah also includes some HTML sanitizers based on `html5lib`'s safelist, which are a specific
|
47
|
+
application of the general transformation functionality.
|
214
48
|
email:
|
215
49
|
- mike.dalessio@gmail.com
|
216
50
|
- bryan@brynary.com
|
217
51
|
executables: []
|
218
52
|
extensions: []
|
219
|
-
extra_rdoc_files:
|
220
|
-
- CHANGELOG.md
|
221
|
-
- MIT-LICENSE.txt
|
222
|
-
- Manifest.txt
|
223
|
-
- README.md
|
224
|
-
- SECURITY.md
|
53
|
+
extra_rdoc_files: []
|
225
54
|
files:
|
226
|
-
- ".gemtest"
|
227
55
|
- CHANGELOG.md
|
228
|
-
- Gemfile
|
229
56
|
- MIT-LICENSE.txt
|
230
|
-
- Manifest.txt
|
231
57
|
- README.md
|
232
|
-
- Rakefile
|
233
58
|
- SECURITY.md
|
234
|
-
- benchmark/benchmark.rb
|
235
|
-
- benchmark/fragment.html
|
236
|
-
- benchmark/helper.rb
|
237
|
-
- benchmark/www.slashdot.com.html
|
238
59
|
- lib/loofah.rb
|
60
|
+
- lib/loofah/concerns.rb
|
239
61
|
- lib/loofah/elements.rb
|
240
62
|
- lib/loofah/helpers.rb
|
241
|
-
- lib/loofah/
|
242
|
-
- lib/loofah/
|
63
|
+
- lib/loofah/html4/document.rb
|
64
|
+
- lib/loofah/html4/document_fragment.rb
|
65
|
+
- lib/loofah/html5/document.rb
|
66
|
+
- lib/loofah/html5/document_fragment.rb
|
243
67
|
- lib/loofah/html5/libxml2_workarounds.rb
|
68
|
+
- lib/loofah/html5/safelist.rb
|
244
69
|
- lib/loofah/html5/scrub.rb
|
245
|
-
- lib/loofah/html5/whitelist.rb
|
246
|
-
- lib/loofah/instance_methods.rb
|
247
70
|
- lib/loofah/metahelpers.rb
|
248
71
|
- lib/loofah/scrubber.rb
|
249
72
|
- lib/loofah/scrubbers.rb
|
73
|
+
- lib/loofah/version.rb
|
250
74
|
- lib/loofah/xml/document.rb
|
251
75
|
- lib/loofah/xml/document_fragment.rb
|
252
|
-
- test/assets/msword.html
|
253
|
-
- test/assets/testdata_sanitizer_tests1.dat
|
254
|
-
- test/helper.rb
|
255
|
-
- test/html5/test_sanitizer.rb
|
256
|
-
- test/integration/test_ad_hoc.rb
|
257
|
-
- test/integration/test_helpers.rb
|
258
|
-
- test/integration/test_html.rb
|
259
|
-
- test/integration/test_scrubbers.rb
|
260
|
-
- test/integration/test_xml.rb
|
261
|
-
- test/unit/test_api.rb
|
262
|
-
- test/unit/test_encoding.rb
|
263
|
-
- test/unit/test_helpers.rb
|
264
|
-
- test/unit/test_scrubber.rb
|
265
|
-
- test/unit/test_scrubbers.rb
|
266
76
|
homepage: https://github.com/flavorjones/loofah
|
267
77
|
licenses:
|
268
78
|
- MIT
|
269
|
-
metadata:
|
79
|
+
metadata:
|
80
|
+
homepage_uri: https://github.com/flavorjones/loofah
|
81
|
+
source_code_uri: https://github.com/flavorjones/loofah
|
82
|
+
bug_tracker_uri: https://github.com/flavorjones/loofah/issues
|
83
|
+
changelog_uri: https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md
|
84
|
+
documentation_uri: https://www.rubydoc.info/gems/loofah/
|
270
85
|
post_install_message:
|
271
|
-
rdoc_options:
|
272
|
-
- "--main"
|
273
|
-
- README.md
|
86
|
+
rdoc_options: []
|
274
87
|
require_paths:
|
275
88
|
- lib
|
276
89
|
required_ruby_version: !ruby/object:Gem::Requirement
|
@@ -284,10 +97,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
284
97
|
- !ruby/object:Gem::Version
|
285
98
|
version: '0'
|
286
99
|
requirements: []
|
287
|
-
|
288
|
-
rubygems_version: 2.7.7
|
100
|
+
rubygems_version: 3.4.10
|
289
101
|
signing_key:
|
290
102
|
specification_version: 4
|
291
103
|
summary: Loofah is a general library for manipulating and transforming HTML/XML documents
|
292
|
-
and fragments
|
104
|
+
and fragments, built on top of Nokogiri.
|
293
105
|
test_files: []
|
data/.gemtest
DELETED
File without changes
|
data/Gemfile
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
# -*- ruby -*-
|
2
|
-
|
3
|
-
# DO NOT EDIT THIS FILE. Instead, edit Rakefile, and run `rake bundler:gemfile`.
|
4
|
-
|
5
|
-
source "https://rubygems.org/"
|
6
|
-
|
7
|
-
gem "nokogiri", ">=1.5.9"
|
8
|
-
gem "crass", "~>1.0.2"
|
9
|
-
|
10
|
-
gem "rake", ">=0.8", :group => [:development, :test]
|
11
|
-
gem "minitest", "~>2.2", :group => [:development, :test]
|
12
|
-
gem "rr", "~>1.2.0", :group => [:development, :test]
|
13
|
-
gem "json", ">=0", :group => [:development, :test]
|
14
|
-
gem "hoe-gemspec", ">=0", :group => [:development, :test]
|
15
|
-
gem "hoe-debugging", ">=0", :group => [:development, :test]
|
16
|
-
gem "hoe-bundler", ">=0", :group => [:development, :test]
|
17
|
-
gem "hoe-git", ">=0", :group => [:development, :test]
|
18
|
-
gem "concourse", ">=0.15.0", :group => [:development, :test]
|
19
|
-
gem "rdoc", "~>4.0", :group => [:development, :test]
|
20
|
-
gem "hoe", "~>3.16", :group => [:development, :test]
|
21
|
-
|
22
|
-
# vim: syntax=ruby
|
data/Manifest.txt
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
.gemtest
|
2
|
-
CHANGELOG.md
|
3
|
-
Gemfile
|
4
|
-
MIT-LICENSE.txt
|
5
|
-
Manifest.txt
|
6
|
-
README.md
|
7
|
-
Rakefile
|
8
|
-
SECURITY.md
|
9
|
-
benchmark/benchmark.rb
|
10
|
-
benchmark/fragment.html
|
11
|
-
benchmark/helper.rb
|
12
|
-
benchmark/www.slashdot.com.html
|
13
|
-
lib/loofah.rb
|
14
|
-
lib/loofah/elements.rb
|
15
|
-
lib/loofah/helpers.rb
|
16
|
-
lib/loofah/html/document.rb
|
17
|
-
lib/loofah/html/document_fragment.rb
|
18
|
-
lib/loofah/html5/libxml2_workarounds.rb
|
19
|
-
lib/loofah/html5/scrub.rb
|
20
|
-
lib/loofah/html5/whitelist.rb
|
21
|
-
lib/loofah/instance_methods.rb
|
22
|
-
lib/loofah/metahelpers.rb
|
23
|
-
lib/loofah/scrubber.rb
|
24
|
-
lib/loofah/scrubbers.rb
|
25
|
-
lib/loofah/xml/document.rb
|
26
|
-
lib/loofah/xml/document_fragment.rb
|
27
|
-
test/assets/msword.html
|
28
|
-
test/assets/testdata_sanitizer_tests1.dat
|
29
|
-
test/helper.rb
|
30
|
-
test/html5/test_sanitizer.rb
|
31
|
-
test/integration/test_ad_hoc.rb
|
32
|
-
test/integration/test_helpers.rb
|
33
|
-
test/integration/test_html.rb
|
34
|
-
test/integration/test_scrubbers.rb
|
35
|
-
test/integration/test_xml.rb
|
36
|
-
test/unit/test_api.rb
|
37
|
-
test/unit/test_encoding.rb
|
38
|
-
test/unit/test_helpers.rb
|
39
|
-
test/unit/test_scrubber.rb
|
40
|
-
test/unit/test_scrubbers.rb
|
data/Rakefile
DELETED
@@ -1,79 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
gem 'hoe', '>= 2.3.0'
|
3
|
-
require 'hoe'
|
4
|
-
require 'concourse'
|
5
|
-
|
6
|
-
Hoe.plugin :git
|
7
|
-
Hoe.plugin :gemspec
|
8
|
-
Hoe.plugin :bundler
|
9
|
-
Hoe.plugin :debugging
|
10
|
-
|
11
|
-
Hoe.spec "loofah" do
|
12
|
-
developer "Mike Dalessio", "mike.dalessio@gmail.com"
|
13
|
-
developer "Bryan Helmkamp", "bryan@brynary.com"
|
14
|
-
|
15
|
-
self.extra_rdoc_files = FileList["*.md"]
|
16
|
-
self.history_file = "CHANGELOG.md"
|
17
|
-
self.readme_file = "README.md"
|
18
|
-
self.license "MIT"
|
19
|
-
|
20
|
-
extra_deps << ["nokogiri", ">=1.5.9"]
|
21
|
-
extra_deps << ["crass", "~> 1.0.2"]
|
22
|
-
|
23
|
-
extra_dev_deps << ["rake", ">=0.8"]
|
24
|
-
extra_dev_deps << ["minitest", "~>2.2"]
|
25
|
-
extra_dev_deps << ["rr", "~>1.2.0"]
|
26
|
-
extra_dev_deps << ["json", ">=0"]
|
27
|
-
extra_dev_deps << ["hoe-gemspec", ">=0"]
|
28
|
-
extra_dev_deps << ["hoe-debugging", ">=0"]
|
29
|
-
extra_dev_deps << ["hoe-bundler", ">=0"]
|
30
|
-
extra_dev_deps << ["hoe-git", ">=0"]
|
31
|
-
extra_dev_deps << ["concourse", ">=0.15.0"]
|
32
|
-
end
|
33
|
-
|
34
|
-
task :gemspec do
|
35
|
-
system %q(rake debug_gem | grep -v "^\(in " > loofah.gemspec)
|
36
|
-
end
|
37
|
-
|
38
|
-
task :redocs => :fix_css
|
39
|
-
task :docs => :fix_css
|
40
|
-
task :fix_css do
|
41
|
-
better_css = <<-EOT
|
42
|
-
.method-description pre {
|
43
|
-
margin : 1em 0 ;
|
44
|
-
}
|
45
|
-
|
46
|
-
.method-description ul {
|
47
|
-
padding : .5em 0 .5em 2em ;
|
48
|
-
}
|
49
|
-
|
50
|
-
.method-description p {
|
51
|
-
margin-top : .5em ;
|
52
|
-
}
|
53
|
-
|
54
|
-
#main ul, div#documentation ul {
|
55
|
-
list-style-type : disc ! IMPORTANT ;
|
56
|
-
list-style-position : inside ! IMPORTANT ;
|
57
|
-
}
|
58
|
-
|
59
|
-
h2 + ul {
|
60
|
-
margin-top : 1em;
|
61
|
-
}
|
62
|
-
EOT
|
63
|
-
puts "* fixing css"
|
64
|
-
File.open("doc/rdoc.css", "a") { |f| f.write better_css }
|
65
|
-
end
|
66
|
-
|
67
|
-
desc "generate and upload docs to rubyforge"
|
68
|
-
task :doc_upload_to_rubyforge => :docs do
|
69
|
-
Dir.chdir "doc" do
|
70
|
-
system "rsync -avz --delete * rubyforge.org:/var/www/gforge-projects/loofah/loofah"
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
desc "generate whitelists from W3C specifications"
|
75
|
-
task :generate_whitelists do
|
76
|
-
load "tasks/generate-whitelists"
|
77
|
-
end
|
78
|
-
|
79
|
-
Concourse.new("loofah").create_tasks!
|
data/benchmark/benchmark.rb
DELETED
@@ -1,149 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require "#{File.dirname(__FILE__)}/helper.rb"
|
3
|
-
|
4
|
-
def compare_scrub_methods
|
5
|
-
snip = "<div>foo</div><foo>fuxx <b>quux</b></foo><script>i have a chair</script>"
|
6
|
-
puts "starting with:\n#{snip}"
|
7
|
-
puts
|
8
|
-
puts RailsSanitize.new.sanitize(snip) # => Rails.sanitize / scrub!(:prune).to_s
|
9
|
-
puts Loofah::Helpers.sanitize(snip)
|
10
|
-
puts "--"
|
11
|
-
puts RailsSanitize.new.strip_tags(snip) # => Rails.strip_tags / parse().text
|
12
|
-
puts Loofah::Helpers.strip_tags(snip)
|
13
|
-
puts "--"
|
14
|
-
puts Sanitize.clean(snip, Sanitize::Config::RELAXED) # => scrub!(:strip).to_s
|
15
|
-
puts Loofah.scrub_fragment(snip, :strip).to_s
|
16
|
-
puts "--"
|
17
|
-
puts HTML5libSanitize.new.sanitize(snip) # => scrub!(:escape).to_s
|
18
|
-
puts Loofah.scrub_fragment(snip, :escape).to_s
|
19
|
-
puts "--"
|
20
|
-
puts HTMLFilter.new.filter(snip)
|
21
|
-
puts Loofah.scrub_fragment(snip, :strip).to_s
|
22
|
-
puts
|
23
|
-
end
|
24
|
-
|
25
|
-
module TestSet
|
26
|
-
def test_set options={}
|
27
|
-
scale = options[:rehearse] ? 10 : 1
|
28
|
-
puts self.class.name
|
29
|
-
|
30
|
-
n = 100 / scale
|
31
|
-
puts " Large document, #{BIG_FILE.length} bytes (x#{n})"
|
32
|
-
bench BIG_FILE, n, false
|
33
|
-
puts
|
34
|
-
|
35
|
-
n = 1000 / scale
|
36
|
-
puts " Small fragment, #{FRAGMENT.length} bytes (x#{n})"
|
37
|
-
bench FRAGMENT, n, true
|
38
|
-
puts
|
39
|
-
|
40
|
-
n = 10_000 / scale
|
41
|
-
puts " Text snippet, #{SNIPPET.length} bytes (x#{n})"
|
42
|
-
bench SNIPPET, n, true
|
43
|
-
puts
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
class HeadToHead < Measure
|
48
|
-
end
|
49
|
-
|
50
|
-
class HeadToHeadRailsSanitize < Measure
|
51
|
-
include TestSet
|
52
|
-
def bench(content, ntimes, fragment_p)
|
53
|
-
clear_measure
|
54
|
-
|
55
|
-
measure "Loofah::Helpers.sanitize", ntimes do
|
56
|
-
Loofah::Helpers.sanitize content
|
57
|
-
end
|
58
|
-
|
59
|
-
sanitizer = RailsSanitize.new
|
60
|
-
measure "ActionView sanitize", ntimes do
|
61
|
-
sanitizer.sanitize(content)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
class HeadToHeadRailsStripTags < Measure
|
67
|
-
include TestSet
|
68
|
-
def bench(content, ntimes, fragment_p)
|
69
|
-
clear_measure
|
70
|
-
|
71
|
-
measure "Loofah::Helpers.strip_tags", ntimes do
|
72
|
-
Loofah::Helpers.strip_tags content
|
73
|
-
end
|
74
|
-
|
75
|
-
sanitizer = RailsSanitize.new
|
76
|
-
measure "ActionView strip_tags", ntimes do
|
77
|
-
sanitizer.strip_tags(content)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
class HeadToHeadSanitizerSanitize < Measure
|
83
|
-
include TestSet
|
84
|
-
def bench(content, ntimes, fragment_p)
|
85
|
-
clear_measure
|
86
|
-
|
87
|
-
measure "Loofah :strip", ntimes do
|
88
|
-
if fragment_p
|
89
|
-
Loofah.scrub_fragment(content, :strip).to_s
|
90
|
-
else
|
91
|
-
Loofah.scrub_document(content, :strip).to_s
|
92
|
-
end
|
93
|
-
end
|
94
|
-
|
95
|
-
measure "Sanitize.clean", ntimes do
|
96
|
-
Sanitize.clean(content, Sanitize::Config::RELAXED)
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
class HeadToHeadHtml5LibSanitize < Measure
|
102
|
-
include TestSet
|
103
|
-
def bench(content, ntimes, fragment_p)
|
104
|
-
clear_measure
|
105
|
-
|
106
|
-
measure "Loofah :escape", ntimes do
|
107
|
-
if fragment_p
|
108
|
-
Loofah.scrub_fragment(content, :escape).to_s
|
109
|
-
else
|
110
|
-
Loofah.scrub_document(content, :escape).to_s
|
111
|
-
end
|
112
|
-
end
|
113
|
-
|
114
|
-
html5_sanitizer = HTML5libSanitize.new
|
115
|
-
measure "HTML5lib.sanitize", ntimes do
|
116
|
-
html5_sanitizer.sanitize(content)
|
117
|
-
end
|
118
|
-
end
|
119
|
-
end
|
120
|
-
|
121
|
-
class HeadToHeadHTMLFilter < Measure
|
122
|
-
include TestSet
|
123
|
-
def bench(content, ntimes, fragment_p)
|
124
|
-
clear_measure
|
125
|
-
|
126
|
-
measure "Loofah::Helpers.sanitize", ntimes do
|
127
|
-
Loofah::Helpers.sanitize content
|
128
|
-
end
|
129
|
-
|
130
|
-
sanitizer = HTMLFilter.new
|
131
|
-
measure "HTMLFilter.filter", ntimes do
|
132
|
-
sanitizer.filter(content)
|
133
|
-
end
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
puts "Nokogiri version: #{Nokogiri::VERSION_INFO.inspect}"
|
138
|
-
puts "Loofah version: #{Loofah::VERSION.inspect}"
|
139
|
-
|
140
|
-
benches = []
|
141
|
-
benches << HeadToHeadRailsSanitize.new
|
142
|
-
benches << HeadToHeadRailsStripTags.new
|
143
|
-
benches << HeadToHeadSanitizerSanitize.new
|
144
|
-
benches << HeadToHeadHtml5LibSanitize.new
|
145
|
-
benches << HeadToHeadHTMLFilter.new
|
146
|
-
puts "---------- rehearsal ----------"
|
147
|
-
benches.each { |bench| bench.test_set :rehearse => true }
|
148
|
-
puts "---------- realsies ----------"
|
149
|
-
benches.each { |bench| bench.test_set }
|
data/benchmark/fragment.html
DELETED
@@ -1,96 +0,0 @@
|
|
1
|
-
<div id="top_parent"></div>
|
2
|
-
|
3
|
-
<div id="jump">
|
4
|
-
<a href="#main-articles">Stories</a>
|
5
|
-
<br>
|
6
|
-
<a href="#blocks">Slash Boxes</a>
|
7
|
-
<br>
|
8
|
-
<a href="#comments">Comments</a>
|
9
|
-
</div>
|
10
|
-
<a name="topothepage"></a>
|
11
|
-
<div id="doc3" class="yui-t6 index2 mainpage ac ">
|
12
|
-
<div id="hd" >
|
13
|
-
<div id="logo" >
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
<h1><a href="//slashdot.org"><span>Slashdot</span></a></h1>
|
18
|
-
<div id="slogan"><h2>News for nerds, stuff that matters</h2></div>
|
19
|
-
</div>
|
20
|
-
<a href="#articles" class="hidden">Jump to articles</a>
|
21
|
-
<div class="nav">
|
22
|
-
<ul>
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
<li><a href="//slashdot.org/submit.pl" title="Submit a story to Slashdot">Submit Story</a></li>
|
27
|
-
<li><a href="//slashdot.org/help" title="Frequently asked questions on Slashdot">Help</a></li>
|
28
|
-
<li><a href="//slashdot.org/login.pl" onclick="show_login_box(); return false;">Log In</a></li>
|
29
|
-
|
30
|
-
</ul>
|
31
|
-
</div>
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
<div id="fh_picker_search" style="display: block;">
|
38
|
-
<form method="get" action="//slashdot.org/index2.pl">
|
39
|
-
<fieldset class="mode-filter mode-anon">
|
40
|
-
<legend>Search</legend>
|
41
|
-
|
42
|
-
|
43
|
-
<input class="query" type="text" name="fhfilter" value="" id="searchquery"> <input type="button" class="setfhfilter" value="Filter" id="viewsearch" style="display:none"> <input type="submit" class="setsearchfilter" value="Search" id="fhsearch" style="display:none">
|
44
|
-
<noscript><input type="submit" class="setsearchfilter" value="Search"></noscript>
|
45
|
-
|
46
|
-
<script type="text/javascript">
|
47
|
-
var slash_search;
|
48
|
-
$(function(){
|
49
|
-
if (has_hose()) {
|
50
|
-
var $search_text = $any('searchquery'),
|
51
|
-
$panel = $search_text.closest('fieldset');
|
52
|
-
$search_buttons = $('#viewsearch,#fhsearch'),
|
53
|
-
ws = /\s+/;
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
// The search buttons set the firehose option named by their class.
|
58
|
-
$search_buttons.
|
59
|
-
click(function(){
|
60
|
-
var which=this.className;
|
61
|
-
$search_text.each(function(){
|
62
|
-
firehose_set_options(which, this.value);
|
63
|
-
});
|
64
|
-
return false;
|
65
|
-
});
|
66
|
-
|
67
|
-
// Provide a globally available function that does whatever clicking the search button would do.
|
68
|
-
slash_search = function( query ){
|
69
|
-
query!==undefined && $search_text.val(query);
|
70
|
-
$search_buttons.filter(':visible:first').click();
|
71
|
-
};
|
72
|
-
|
73
|
-
$search_text.
|
74
|
-
keydown(function( e ){ // ESCAPE restores the filter in-effect.
|
75
|
-
if ( e.which == $.ui.keyCode.ESCAPE ) {
|
76
|
-
$search_text.val(firehose_settings.fhfilter||'');
|
77
|
-
return true;
|
78
|
-
}
|
79
|
-
if ( e.which == $.ui.keyCode.ENTER ) {
|
80
|
-
slash_search();
|
81
|
-
return false;
|
82
|
-
}
|
83
|
-
});
|
84
|
-
|
85
|
-
$(document).
|
86
|
-
bind('firehose-setting-setfhfilter firehose-setting-setsearchfilter', function( e, new_query ){
|
87
|
-
$('fieldset input[type=text]').each(function(){
|
88
|
-
$(this).blur().val(new_query);
|
89
|
-
});
|
90
|
-
}).
|
91
|
-
bind('set-options.firehose', function( e, data ){
|
92
|
-
data.select_section && $panel.toggleClass('mode-filter', data.id!=='unsaved');
|
93
|
-
});
|
94
|
-
}
|
95
|
-
});
|
96
|
-
</script>
|