loofah 2.9.0 → 2.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10f6e8ff06a760da3400cdf8660e6768cfc2e7bbcb34a3ae6aaadea5e29ff924
-  data.tar.gz: 7e0accdb26147612bd7da3abc8fa98a6fac850dbb7a0ee99d20375400de4b877
+  metadata.gz: 492fed0592f752787d888878678d74836accb7d07f2f778d9fdd714a9d311f5e
+  data.tar.gz: 94c3bfdf1bbf5d04f062119461bfeafa751131c780c2297bf892af6aab64607b
 SHA512:
-  metadata.gz: 11b0f4dcad5a9f38444e9eebd45cb09705e536468c901c03d792711133536812f8b0579533eb54a305311d5303fdd4cf510761a9a0d42d0af46bb153d3402a3c
-  data.tar.gz: d6032694eaaaddd47c02868ecb037dc2673b5ebd749a7d8846c2a55e13744f9455a66b41ec16a4cf3c4905e6019df3493972ec462cd04404365ebe202e15e211
+  metadata.gz: 58ce037d69172bb6d85acdf4faa0281e82e84ee7ef38212f6897971f7a0aeec2e4d151a6c93d8ec0bcb5e6f7522cc1d1d231c5810ce8b4875651777da3ceb3b7
+  data.tar.gz: ab4f6f053fb29ea9415683c3fa81f8ddcde147381314bc5bc87ccf105a97858846028ae7bb21987b3fc56cfa5c9beed769149b3a8cdc282db5c2bca827c5a57b

data/CHANGELOG.md

@@ -1,11 +1,22 @@
 # Changelog
 
-### 2.9.0 / 2021-01-14
+## 2.9.1 / 2021-04-07
+
+### Bug fixes
+
+* Fix a regression in v2.9.0 which inappropriately removed CSS properties with quoted string values. [[#202](https://github.com/flavorjones/loofah/issues/202)]
+
+
+## 2.9.0 / 2021-01-14
+
+### Features
 
 * Handle CSS functions in a CSS shorthand property (like `background`). [[#199](https://github.com/flavorjones/loofah/issues/199), [#200](https://github.com/flavorjones/loofah/issues/200)]
 
 
-### 2.8.0 / 2020-11-25
+## 2.8.0 / 2020-11-25
+
+### Features
 
 * Allow CSS properties `order`, `flex-direction`, `flex-grow`, `flex-wrap`, `flex-shrink`, `flex-flow`, `flex-basis`, `flex`, `justify-content`, `align-self`, `align-items`, and `align-content`. [[#197](https://github.com/flavorjones/loofah/issues/197)] (Thanks, [@miguelperez](https://github.com/miguelperez)!)
 

data/README.md

@@ -1,12 +1,12 @@
 # Loofah
 
 * https://github.com/flavorjones/loofah
-* Docs: http://rubydoc.info/github/flavorjones/loofah/master/frames
+* Docs: http://rubydoc.info/github/flavorjones/loofah/main/frames
 * Mailing list: [loofah-talk@googlegroups.com](https://groups.google.com/forum/#!forum/loofah-talk)
 
 ## Status
 
-[![Concourse CI](https://ci.nokogiri.org/api/v1/teams/nokogiri-core/pipelines/loofah/jobs/ruby-2.5/badge)](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/loofah?groups=master)
+[![Concourse CI](https://ci.nokogiri.org/api/v1/teams/nokogiri-core/pipelines/loofah/jobs/ruby-3.0/badge)](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/loofah)
 [![Code Climate](https://codeclimate.com/github/flavorjones/loofah.svg)](https://codeclimate.com/github/flavorjones/loofah)
 [![Tidelift dependencies](https://tidelift.com/badges/package/rubygems/loofah)](https://tidelift.com/subscription/pkg/rubygems-loofah?utm_source=rubygems-loofah&utm_medium=referral&utm_campaign=readme)
 
@@ -211,7 +211,7 @@ end
 Loofah.xml_document(File.read('plague.xml')).scrub!(bring_out_your_dead)
 ```
 
-=== Built-In HTML Scrubbers
+### Built-In HTML Scrubbers
 
 Loofah comes with a set of sanitizing scrubbers that use HTML5lib's
 safelist algorithm:

data/lib/loofah/html5/scrub.rb

@@ -9,6 +9,7 @@ module Loofah
       CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(ch|cm|r?em|ex|in|lh|mm|pc|pt|px|Q|vmax|vmin|vw|vh|%|,|\))?)\z/
       CRASS_SEMICOLON = { node: :semicolon, raw: ";" }
       CSS_IMPORTANT = '!important'
+      CSS_PROPERTY_STRING_WITHOUT_EMBEDDED_QUOTES = /\A(["'])?[^"']+\1\z/
 
       class << self
         def allowed_element?(element_name)
@@ -92,7 +93,11 @@ module Loofah
               when :whitespace
                 nil
               when :string
-                nil
+                if child[:raw] =~ CSS_PROPERTY_STRING_WITHOUT_EMBEDDED_QUOTES
+                  Crass::Parser.stringify(child)
+                else
+                  nil
+                end
               when :function
                 if SafeList::ALLOWED_CSS_FUNCTIONS.include?(child[:name].downcase)
                   Crass::Parser.stringify(child)

data/lib/loofah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Loofah
   # The version of Loofah you are using
-  VERSION = "2.9.0"
+  VERSION = "2.9.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: loofah
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.9.1
 platform: ruby
 authors:
 - Mike Dalessio
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-14 00:00:00.000000000 Z
+date: 2021-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -196,7 +196,7 @@ metadata:
   homepage_uri: https://github.com/flavorjones/loofah
   source_code_uri: https://github.com/flavorjones/loofah
   bug_tracker_uri: https://github.com/flavorjones/loofah/issues
-  changelog_uri: https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md
   documentation_uri: https://www.rubydoc.info/gems/loofah/
 post_install_message: 
 rdoc_options: []