loofah 2.21.4 → 2.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +5 -1
- data/lib/loofah/scrubbers.rb +68 -0
- data/lib/loofah/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '09399c4b678f5d51f0089e553e0504cd5e997374801b0ff18e99a3c18cf42c7e'
|
4
|
+
data.tar.gz: 61f4d3825963ec3346189675b57074fe8ca8350939113ddde05a03be655c0dc9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 508cada7b06e26b50bc9801a5f2f833f99f77525eda86c1b4ef036fd81453caff7e6fdc6964c2e591c7ab5d634da4178b87ab2f804d18fb08b9dd12dd4e0f7fb
|
7
|
+
data.tar.gz: 6fbd6b84c763ad90154c8ae545de46683e3ee40c2c75109b9b73b56d81179d992927e5ff54b76c8c22ce019b5901840f9873b152f9558381375171f452738ca2
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,13 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 2.22.0 / 2023-11-13
|
4
|
+
|
5
|
+
### Added
|
6
|
+
|
7
|
+
* A `:targetblank` HTML scrubber which ensures all hyperlinks have `target="_blank"`. [#275] @stefannibrasil and @thdaraujo
|
8
|
+
* A `:noreferrer` HTML scrubber which ensures all hyperlinks have `rel=noreferrer`, similar to the `:nofollow` and `:noopener` scrubbers. [#277] @wynksaiddestroy
|
9
|
+
|
10
|
+
|
3
11
|
## 2.21.4 / 2023-10-10
|
4
12
|
|
5
13
|
### Fixed
|
data/README.md
CHANGED
@@ -29,6 +29,7 @@ Active Record extensions for HTML sanitization are available in the [`loofah-act
|
|
29
29
|
* _Whitewash_ the markup, removing all attributes and namespaced nodes.
|
30
30
|
* Other common HTML transformations are built-in:
|
31
31
|
* Add the _nofollow_ attribute to all hyperlinks.
|
32
|
+
* Add the _target=\_blank_ attribute to all hyperlinks.
|
32
33
|
* Remove _unprintable_ characters from text nodes.
|
33
34
|
* Format markup as plain text, with (or without) sensible whitespace handling around block elements.
|
34
35
|
* Replace Rails's `strip_tags` and `sanitize` view helper methods.
|
@@ -229,8 +230,11 @@ doc.scrub!(:whitewash) # removes unknown/unsafe/namespaced tags and their chi
|
|
229
230
|
Loofah also comes with some common transformation tasks:
|
230
231
|
|
231
232
|
``` ruby
|
232
|
-
doc.scrub!(:nofollow) #
|
233
|
+
doc.scrub!(:nofollow) # adds rel="nofollow" attribute to links
|
234
|
+
doc.scrub!(:noopener) # adds rel="noopener" attribute to links
|
235
|
+
doc.scrub!(:noreferrer) # adds rel="noreferrer" attribute to links
|
233
236
|
doc.scrub!(:unprintable) # removes unprintable characters from text nodes
|
237
|
+
doc.scrub!(:targetblank) # adds target="_blank" attribute to links
|
234
238
|
```
|
235
239
|
|
236
240
|
See `Loofah::Scrubbers` for more details and example usage.
|
data/lib/loofah/scrubbers.rb
CHANGED
@@ -61,6 +61,15 @@ module Loofah
|
|
61
61
|
# => "ohai! <a href='http://www.myswarmysite.com/' rel="nofollow">I like your blog post</a>"
|
62
62
|
#
|
63
63
|
#
|
64
|
+
# === Loofah::Scrubbers::TargetBlank / scrub!(:targetblank)
|
65
|
+
#
|
66
|
+
# +:targetblank+ adds a target="_blank" attribute to all links
|
67
|
+
#
|
68
|
+
# link_farmers_markup = "ohai! <a href='http://www.myswarmysite.com/'>I like your blog post</a>"
|
69
|
+
# Loofah.html5_fragment(link_farmers_markup).scrub!(:targetblank)
|
70
|
+
# => "ohai! <a href='http://www.myswarmysite.com/' target="_blank">I like your blog post</a>"
|
71
|
+
#
|
72
|
+
#
|
64
73
|
# === Loofah::Scrubbers::NoOpener / scrub!(:noopener)
|
65
74
|
#
|
66
75
|
# +:noopener+ adds a rel="noopener" attribute to all links
|
@@ -69,6 +78,14 @@ module Loofah
|
|
69
78
|
# Loofah.html5_fragment(link_farmers_markup).scrub!(:noopener)
|
70
79
|
# => "ohai! <a href='http://www.myswarmysite.com/' rel="noopener">I like your blog post</a>"
|
71
80
|
#
|
81
|
+
# === Loofah::Scrubbers::NoReferrer / scrub!(:noreferrer)
|
82
|
+
#
|
83
|
+
# +:noreferrer+ adds a rel="noreferrer" attribute to all links
|
84
|
+
#
|
85
|
+
# link_farmers_markup = "ohai! <a href='http://www.myswarmysite.com/'>I like your blog post</a>"
|
86
|
+
# Loofah.html5_fragment(link_farmers_markup).scrub!(:noreferrer)
|
87
|
+
# => "ohai! <a href='http://www.myswarmysite.com/' rel="noreferrer">I like your blog post</a>"
|
88
|
+
#
|
72
89
|
#
|
73
90
|
# === Loofah::Scrubbers::Unprintable / scrub!(:unprintable)
|
74
91
|
#
|
@@ -213,6 +230,33 @@ module Loofah
|
|
213
230
|
end
|
214
231
|
end
|
215
232
|
|
233
|
+
#
|
234
|
+
# === scrub!(:targetblank)
|
235
|
+
#
|
236
|
+
# +:targetblank+ adds a target="_blank" attribute to all links.
|
237
|
+
# If there is a target already set, replaces it with target="_blank".
|
238
|
+
#
|
239
|
+
# link_farmers_markup = "ohai! <a href='http://www.myswarmysite.com/'>I like your blog post</a>"
|
240
|
+
# Loofah.html5_fragment(link_farmers_markup).scrub!(:targetblank)
|
241
|
+
# => "ohai! <a href='http://www.myswarmysite.com/' target="_blank">I like your blog post</a>"
|
242
|
+
#
|
243
|
+
# On modern browsers, setting target="_blank" on anchor elements implicitly provides the same
|
244
|
+
# behavior as setting rel="noopener".
|
245
|
+
#
|
246
|
+
class TargetBlank < Scrubber
|
247
|
+
def initialize # rubocop:disable Lint/MissingSuper
|
248
|
+
@direction = :top_down
|
249
|
+
end
|
250
|
+
|
251
|
+
def scrub(node)
|
252
|
+
return CONTINUE unless (node.type == Nokogiri::XML::Node::ELEMENT_NODE) && (node.name == "a")
|
253
|
+
|
254
|
+
node.set_attribute("target", "_blank")
|
255
|
+
|
256
|
+
STOP
|
257
|
+
end
|
258
|
+
end
|
259
|
+
|
216
260
|
#
|
217
261
|
# === scrub!(:noopener)
|
218
262
|
#
|
@@ -235,6 +279,28 @@ module Loofah
|
|
235
279
|
end
|
236
280
|
end
|
237
281
|
|
282
|
+
#
|
283
|
+
# === scrub!(:noreferrer)
|
284
|
+
#
|
285
|
+
# +:noreferrer+ adds a rel="noreferrer" attribute to all links
|
286
|
+
#
|
287
|
+
# link_farmers_markup = "ohai! <a href='http://www.myswarmysite.com/'>I like your blog post</a>"
|
288
|
+
# Loofah.html5_fragment(link_farmers_markup).scrub!(:noreferrer)
|
289
|
+
# => "ohai! <a href='http://www.myswarmysite.com/' rel="noreferrer">I like your blog post</a>"
|
290
|
+
#
|
291
|
+
class NoReferrer < Scrubber
|
292
|
+
def initialize # rubocop:disable Lint/MissingSuper
|
293
|
+
@direction = :top_down
|
294
|
+
end
|
295
|
+
|
296
|
+
def scrub(node)
|
297
|
+
return CONTINUE unless (node.type == Nokogiri::XML::Node::ELEMENT_NODE) && (node.name == "a")
|
298
|
+
|
299
|
+
append_attribute(node, "rel", "noreferrer")
|
300
|
+
STOP
|
301
|
+
end
|
302
|
+
end
|
303
|
+
|
238
304
|
# This class probably isn't useful publicly, but is used for #to_text's current implemention
|
239
305
|
class NewlineBlockElements < Scrubber # :nodoc:
|
240
306
|
def initialize # rubocop:disable Lint/MissingSuper
|
@@ -292,6 +358,8 @@ module Loofah
|
|
292
358
|
strip: Strip,
|
293
359
|
nofollow: NoFollow,
|
294
360
|
noopener: NoOpener,
|
361
|
+
noreferrer: NoReferrer,
|
362
|
+
targetblank: TargetBlank,
|
295
363
|
newline_block_elements: NewlineBlockElements,
|
296
364
|
unprintable: Unprintable,
|
297
365
|
}
|
data/lib/loofah/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.22.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2023-
|
12
|
+
date: 2023-11-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: crass
|
@@ -97,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
97
97
|
- !ruby/object:Gem::Version
|
98
98
|
version: '0'
|
99
99
|
requirements: []
|
100
|
-
rubygems_version: 3.
|
100
|
+
rubygems_version: 3.4.19
|
101
101
|
signing_key:
|
102
102
|
specification_version: 4
|
103
103
|
summary: Loofah is a general library for manipulating and transforming HTML/XML documents
|