RubyGems - loofah - Versions diffs - 2.7.0 → 2.9.0 - Mend

loofah 2.7.0 → 2.9.0

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (15) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/README.md +7 -4
data/lib/loofah.rb +13 -15
data/lib/loofah/html5/safelist.rb +12 -0
data/lib/loofah/html5/scrub.rb +40 -23
data/lib/loofah/version.rb +5 -0
metadata +23 -106
data/Gemfile +0 -24
data/Manifest.txt +0 -25
data/Rakefile +0 -97
data/benchmark/benchmark.rb +0 -154
data/benchmark/fragment.html +0 -96
data/benchmark/helper.rb +0 -73
data/benchmark/www.slashdot.com.html +0 -2560

data/Gemfile DELETED

@@ -1,24 +0,0 @@
-# -*- ruby -*-
-# DO NOT EDIT THIS FILE. Instead, edit Rakefile, and run `rake bundler:gemfile`.
-source "https://rubygems.org/"
-gem "nokogiri", ">=1.5.9"
-gem "crass", "~>1.0.2"
-gem "rake", "~>12.3", :group => [:development, :test]
-gem "minitest", "~>2.2", :group => [:development, :test]
-gem "rr", "~>1.2.0", :group => [:development, :test]
-gem "json", "~>2.3.0", :group => [:development, :test]
-gem "hoe-gemspec", "~>1.0", :group => [:development, :test]
-gem "hoe-debugging", "~>2.0", :group => [:development, :test]
-gem "hoe-bundler", "~>1.5", :group => [:development, :test]
-gem "hoe-git", "~>1.6", :group => [:development, :test]
-gem "hoe-markdown", "~>1.2", :group => [:development, :test]
-gem "concourse", ">=0.26.0", :group => [:development, :test]
-gem "rubocop", ">=0.76.0", :group => [:development, :test]
-gem "rdoc", ">=4.0", "<7", :group => [:development, :test]
-gem "hoe", "~>3.22", :group => [:development, :test]
-# vim: syntax=ruby

data/Manifest.txt DELETED

@@ -1,25 +0,0 @@
-CHANGELOG.md
-Gemfile
-MIT-LICENSE.txt
-Manifest.txt
-README.md
-Rakefile
-SECURITY.md
-benchmark/benchmark.rb
-benchmark/fragment.html
-benchmark/helper.rb
-benchmark/www.slashdot.com.html
-lib/loofah.rb
-lib/loofah/elements.rb
-lib/loofah/helpers.rb
-lib/loofah/html/document.rb
-lib/loofah/html/document_fragment.rb
-lib/loofah/html5/libxml2_workarounds.rb
-lib/loofah/html5/safelist.rb
-lib/loofah/html5/scrub.rb
-lib/loofah/instance_methods.rb
-lib/loofah/metahelpers.rb
-lib/loofah/scrubber.rb
-lib/loofah/scrubbers.rb
-lib/loofah/xml/document.rb
-lib/loofah/xml/document_fragment.rb

data/Rakefile DELETED

@@ -1,97 +0,0 @@
-require "rubygems"
-require "hoe"
-require "concourse"
-Hoe.plugin :git
-Hoe.plugin :gemspec
-Hoe.plugin :bundler
-Hoe.plugin :debugging
-Hoe.plugin :markdown
-Hoe.spec "loofah" do
-  developer "Mike Dalessio", "mike.dalessio@gmail.com"
-  developer "Bryan Helmkamp", "bryan@brynary.com"
-  self.license "MIT"
-  self.urls = {
-    "home" => "https://github.com/flavorjones/loofah",
-    "bugs" => "https://github.com/flavorjones/loofah/issues",
-    "doco" => "https://www.rubydoc.info/gems/loofah/",
-    "clog" => "https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md",
-    "code" => "https://github.com/flavorjones/loofah",
-  }
-  extra_deps << ["nokogiri", ">=1.5.9"]
-  extra_deps << ["crass", "~> 1.0.2"]
-  extra_dev_deps << ["rake", "~> 12.3"]
-  extra_dev_deps << ["minitest", "~>2.2"]
-  extra_dev_deps << ["rr", "~>1.2.0"]
-  extra_dev_deps << ["json", "~> 2.3.0"]
-  extra_dev_deps << ["hoe-gemspec", "~> 1.0"]
-  extra_dev_deps << ["hoe-debugging", "~> 2.0"]
-  extra_dev_deps << ["hoe-bundler", "~> 1.5"]
-  extra_dev_deps << ["hoe-git", "~> 1.6"]
-  extra_dev_deps << ["hoe-markdown", "~> 1.2"]
-  extra_dev_deps << ["concourse", ">=0.26.0"]
-  extra_dev_deps << ["rubocop", ">=0.76.0"]
-end
-task :gemspec do
-  system %q(rake debug_gem | grep -v "^\(in " > loofah.gemspec)
-end
-task :redocs => :fix_css
-task :docs => :fix_css
-task :fix_css do
-  better_css = <<-EOT
-    .method-description pre {
-      margin                    : 1em 0 ;
-    }
-    .method-description ul {
-      padding                   : .5em 0 .5em 2em ;
-    }
-    .method-description p {
-      margin-top                : .5em ;
-    }
-    #main ul, div#documentation ul {
-      list-style-type           : disc ! IMPORTANT ;
-      list-style-position       : inside ! IMPORTANT ;
-    }
-    h2 + ul {
-      margin-top                : 1em;
-    }
-  EOT
-  puts "* fixing css"
-  File.open("doc/rdoc.css", "a") { |f| f.write better_css }
-end
-desc "generate and upload docs to rubyforge"
-task :doc_upload_to_rubyforge => :docs do
-  Dir.chdir "doc" do
-    system "rsync -avz --delete * rubyforge.org:/var/www/gforge-projects/loofah/loofah"
-  end
-end
-desc "generate safelists from W3C specifications"
-task :generate_safelists do
-  load "tasks/generate-safelists"
-end
-task :rubocop => [:rubocop_security, :rubocop_frozen_string_literals]
-task :rubocop_security do
-  sh "rubocop lib --only Security"
-end
-task :rubocop_frozen_string_literals do
-  sh "rubocop lib --auto-correct --only Style/FrozenStringLiteralComment"
-end
-Rake::Task[:test].prerequisites << :rubocop
-Concourse.new("loofah", fly_target: "ci") do |c|
-  c.add_pipeline "loofah", "loofah.yml"
-  c.add_pipeline "loofah-pr", "loofah-pr.yml"
-end

data/benchmark/benchmark.rb DELETED

@@ -1,154 +0,0 @@
-#!/usr/bin/env ruby
-require "#{File.dirname(__FILE__)}/helper.rb"
-def compare_scrub_methods
-  snip = "<div>foo</div><foo>fuxx <b>quux</b></foo><script>i have a chair</script>"
-  puts "starting with:\n#{snip}"
-  puts
-  puts RailsSanitize.new.sanitize(snip) # => Rails.sanitize / scrub!(:prune).to_s
-  puts Loofah::Helpers.sanitize(snip)
-  puts "--"
-  puts RailsSanitize.new.strip_tags(snip) # => Rails.strip_tags / parse().text
-  puts Loofah::Helpers.strip_tags(snip)
-  puts "--"
-  puts Sanitize.clean(snip, Sanitize::Config::RELAXED) # => scrub!(:strip).to_s
-  puts Loofah.scrub_fragment(snip, :strip).to_s
-  puts "--"
-  puts HTML5libSanitize.new.sanitize(snip) # => scrub!(:escape).to_s
-  puts Loofah.scrub_fragment(snip, :escape).to_s
-  puts "--"
-  puts HTMLFilter.new.filter(snip)
-  puts Loofah.scrub_fragment(snip, :strip).to_s
-  puts
-end
-module TestSet
-  def test_set(options = {})
-    scale = options[:rehearse] ? 10 : 1
-    puts self.class.name
-    n = 100 / scale
-    puts "  Large document, #{BIG_FILE.length} bytes (x#{n})"
-    bench BIG_FILE, n, false
-    puts
-    n = 1000 / scale
-    puts "  Small fragment, #{FRAGMENT.length} bytes (x#{n})"
-    bench FRAGMENT, n, true
-    puts
-    n = 10_000 / scale
-    puts "  Text snippet, #{SNIPPET.length} bytes (x#{n})"
-    bench SNIPPET, n, true
-    puts
-  end
-end
-class HeadToHead < Measure
-end
-class HeadToHeadRailsSanitize < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-    measure "Loofah::Helpers.sanitize", ntimes do
-      Loofah::Helpers.sanitize content
-    end
-    sanitizer = RailsSanitize.new
-    measure "ActionView sanitize", ntimes do
-      sanitizer.sanitize(content)
-    end
-  end
-end
-class HeadToHeadRailsStripTags < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-    measure "Loofah::Helpers.strip_tags", ntimes do
-      Loofah::Helpers.strip_tags content
-    end
-    sanitizer = RailsSanitize.new
-    measure "ActionView strip_tags", ntimes do
-      sanitizer.strip_tags(content)
-    end
-  end
-end
-class HeadToHeadSanitizerSanitize < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-    measure "Loofah :strip", ntimes do
-      if fragment_p
-        Loofah.scrub_fragment(content, :strip).to_s
-      else
-        Loofah.scrub_document(content, :strip).to_s
-      end
-    end
-    measure "Sanitize.clean", ntimes do
-      Sanitize.clean(content, Sanitize::Config::RELAXED)
-    end
-  end
-end
-class HeadToHeadHtml5LibSanitize < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-    measure "Loofah :escape", ntimes do
-      if fragment_p
-        Loofah.scrub_fragment(content, :escape).to_s
-      else
-        Loofah.scrub_document(content, :escape).to_s
-      end
-    end
-    html5_sanitizer = HTML5libSanitize.new
-    measure "HTML5lib.sanitize", ntimes do
-      html5_sanitizer.sanitize(content)
-    end
-  end
-end
-class HeadToHeadHTMLFilter < Measure
-  include TestSet
-  def bench(content, ntimes, fragment_p)
-    clear_measure
-    measure "Loofah::Helpers.sanitize", ntimes do
-      Loofah::Helpers.sanitize content
-    end
-    sanitizer = HTMLFilter.new
-    measure "HTMLFilter.filter", ntimes do
-      sanitizer.filter(content)
-    end
-  end
-end
-puts "Nokogiri version: #{Nokogiri::VERSION_INFO.inspect}"
-puts "Loofah version: #{Loofah::VERSION.inspect}"
-benches = []
-benches << HeadToHeadRailsSanitize.new
-benches << HeadToHeadRailsStripTags.new
-benches << HeadToHeadSanitizerSanitize.new
-benches << HeadToHeadHtml5LibSanitize.new
-benches << HeadToHeadHTMLFilter.new
-puts "---------- rehearsal ----------"
-benches.each { |bench| bench.test_set :rehearse => true }
-puts "---------- realsies ----------"
-benches.each { |bench| bench.test_set }

data/benchmark/fragment.html DELETED

@@ -1,96 +0,0 @@
-<div id="top_parent"></div>
-<div id="jump">
-        <a href="#main-articles">Stories</a>
-        <br>
-        <a href="#blocks">Slash Boxes</a>
-        <br>
-        <a href="#comments">Comments</a>
-</div>
-<a name="topothepage"></a>
-<div id="doc3" class="yui-t6 index2 mainpage ac   ">
-	<div id="hd" >
-		<div id="logo" >
-			<h1><a href="//slashdot.org"><span>Slashdot</span></a></h1>
-			<div id="slogan"><h2>News for nerds, stuff that matters</h2></div>
-		</div>
-		<a href="#articles" class="hidden">Jump to articles</a>
-		<div class="nav">
-			<ul>
-				<li><a href="//slashdot.org/submit.pl" title="Submit a story to Slashdot">Submit Story</a></li>
-                                <li><a href="//slashdot.org/help" title="Frequently asked questions on Slashdot">Help</a></li>
-				<li><a href="//slashdot.org/login.pl" onclick="show_login_box(); return false;">Log In</a></li>
-			</ul>
-		</div>
-		<div id="fh_picker_search" style="display: block;">
-		<form method="get" action="//slashdot.org/index2.pl">
-			<fieldset class="mode-filter mode-anon">
-				<legend>Search</legend>
-				<input class="query" type="text" name="fhfilter" value="" id="searchquery">						<input type="button" class="setfhfilter" value="Filter" id="viewsearch" style="display:none">					<input type="submit" class="setsearchfilter" value="Search" id="fhsearch" style="display:none">
-					<noscript><input type="submit" class="setsearchfilter" value="Search"></noscript>
-					<script type="text/javascript">
-					var slash_search;
-						$(function(){
-							if (has_hose()) {
-							var	$search_text	= $any('searchquery'),
-								$panel			= $search_text.closest('fieldset');
-								$search_buttons	= $('#viewsearch,#fhsearch'),
-								ws				= /\s+/;
-							// The search buttons set the firehose option named by their class.
-							$search_buttons.
-								click(function(){
-									var which=this.className;
-									$search_text.each(function(){
-										firehose_set_options(which, this.value);
-									});
-									return false;
-								});
-							// Provide a globally available function that does whatever clicking the search button would do.
-							slash_search = function( query ){
-								query!==undefined && $search_text.val(query);
-								$search_buttons.filter(':visible:first').click();
-							};
-							$search_text.
-								keydown(function( e ){	// ESCAPE restores the filter in-effect.
-									if ( e.which == $.ui.keyCode.ESCAPE ) {
-										$search_text.val(firehose_settings.fhfilter||'');
-										return true;
-									}
-									if ( e.which == $.ui.keyCode.ENTER ) {
-										slash_search();
-										return false;
-									}
-								});
-							$(document).
-								bind('firehose-setting-setfhfilter firehose-setting-setsearchfilter', function( e, new_query ){
-									$('fieldset input[type=text]').each(function(){
-										$(this).blur().val(new_query);
-									});
-								}).
-								bind('set-options.firehose', function( e, data ){
-									data.select_section && $panel.toggleClass('mode-filter', data.id!=='unsaved');
-								});
-						}
-					});
-					</script>

data/benchmark/helper.rb DELETED

@@ -1,73 +0,0 @@
-require "rubygems"
-require "open-uri"
-require "hpricot"
-require File.expand_path(File.dirname(__FILE__) + "/../lib/loofah")
-require "benchmark"
-require "action_view"
-require "action_controller/vendor/html-scanner"
-require "sanitize"
-require "hitimes"
-require "htmlfilter"
-unless defined?(HTMLFilter)
-  HTMLFilter = HtmlFilter
-end
-class RailsSanitize
-  include ActionView::Helpers::SanitizeHelper
-  extend ActionView::Helpers::SanitizeHelper::ClassMethods
-end
-class HTML5libSanitize
-  require "html5/html5parser"
-  require "html5/liberalxmlparser"
-  require "html5/treewalkers"
-  require "html5/treebuilders"
-  require "html5/serializer"
-  require "html5/sanitizer"
-  include HTML5
-  def sanitize(html)
-    HTMLParser.parse_fragment(html, {
-      :tokenizer => HTMLSanitizer,
-      :encoding => "utf-8",
-      :tree => TreeBuilders::REXML::TreeBuilder,
-    }).to_s
-  end
-end
-BIG_FILE = File.read(File.join(File.dirname(__FILE__), "www.slashdot.com.html"))
-FRAGMENT = File.read(File.join(File.dirname(__FILE__), "fragment.html"))
-SNIPPET = "This is typical form field input in <b>length and content."
-class Measure
-  def initialize
-    clear_measure
-  end
-  def clear_measure
-    @first_time = true
-    @baseline = nil
-  end
-  def measure(name, ntimes)
-    if @first_time
-      printf "  %-30s %7s  %8s  %5s\n", "", "total", "single", "rel"
-      @first_time = false
-    end
-    timer = Hitimes::TimedMetric.new(name)
-    timer.start
-    ntimes.times do |j|
-      yield
-    end
-    timer.stop
-    if @baseline
-      printf "  %30s %7.3f (%8.6f) %5.2fx\n", timer.name, timer.sum, timer.sum / ntimes, timer.sum / @baseline
-    else
-      @baseline = timer.sum
-      printf "  %30s %7.3f (%8.6f) %5s\n", timer.name, timer.sum, timer.sum / ntimes, "-"
-    end
-    timer.sum
-  end
-end