loofah 1.2.0 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of loofah might be problematic. Click here for more details.

data/CHANGELOG.rdoc CHANGED
@@ -1,5 +1,10 @@
1
1
  = Changelog
2
2
 
3
+ == 1.2.1 (2012-04-14)
4
+
5
+ * Declaring encoding in html5/scrub.rb. Without this, use of the ruby -KU option would cause havoc. (#32)
6
+
7
+
3
8
  == 1.2.0 (2011-08-08)
4
9
 
5
10
  Enhancements:
@@ -7,6 +12,7 @@ Enhancements:
7
12
  * Loofah::Helpers.sanitize_css is a replacement for Rails's built-in sanitize_css helper.
8
13
  * Improving ActionView integration.
9
14
 
15
+
10
16
  == 1.1.0 (2011-08-08)
11
17
 
12
18
  Enhancements:
@@ -16,6 +22,7 @@ Enhancements:
16
22
  * Whitelists (which are not part of the public API) are now Sets (were previously Arrays).
17
23
  * Don't explode when encountering UTF-8 URIs. (#25, #29)
18
24
 
25
+
19
26
  == 1.0.0 (2010-10-26)
20
27
 
21
28
  Notes:
@@ -23,6 +30,7 @@ Notes:
23
30
  * Moved ActiveRecord functionality into `loofah-activerecord` gem.
24
31
  * Removed DEPRECATIONS.rdoc documenting 0.3.0 API changes.
25
32
 
33
+
26
34
  == 0.4.7 (2010-03-09)
27
35
 
28
36
  Enhancements:
@@ -35,6 +43,7 @@ Enhancements:
35
43
  * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text
36
44
  will return unescaped HTML entities by passing :encode_special_chars => false.
37
45
 
46
+
38
47
  == 0.4.4, 0.4.5, 0.4.6 (2010-02-01)
39
48
 
40
49
  Enhancements:
@@ -45,6 +54,7 @@ Bug fixes:
45
54
 
46
55
  * Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17
47
56
 
57
+
48
58
  == 0.4.3 (2010-01-29)
49
59
 
50
60
  Enhancements:
@@ -58,6 +68,7 @@ Miscellaneous:
58
68
  since the use of Bundler breaks the previously-documented method. To
59
69
  be safe, always use an initializer file.
60
70
 
71
+
61
72
  == 0.4.2 (2010-01-22)
62
73
 
63
74
  Enhancements:
@@ -76,12 +87,14 @@ Miscellaneous:
76
87
  * Mailing list is now loofah@librelist.com / http://librelist.com
77
88
  * IRC channel is now \#loofah on freenode.
78
89
 
90
+
79
91
  == 0.4.1 (2009-11-23)
80
92
 
81
93
  Bugfix:
82
94
 
83
95
  * Manifest fixed. Whoops.
84
96
 
97
+
85
98
  == 0.4.0 (2009-11-21)
86
99
 
87
100
  Enhancements:
@@ -91,12 +104,15 @@ Enhancements:
91
104
  * Added :nofollow HTML scrubber (thanks Luke Melia!)
92
105
  * Built-in scrubbing methods refactored to use Scrubber.
93
106
 
107
+
108
+
94
109
  == 0.3.1 (2009-10-12)
95
110
 
96
111
  Bug fixes:
97
112
 
98
113
  * Scrubbed Documents properly render html, head and body tags when serialized.
99
114
 
115
+
100
116
  == 0.3.0 (2009-10-06)
101
117
 
102
118
  Enhancements:
@@ -111,6 +127,7 @@ Deprecations:
111
127
  sanitize_document have been deprecated. See DEPRECATED.rdoc for
112
128
  details on the equivalent calls with the post-0.2 API.
113
129
 
130
+
114
131
  == 0.2.2 (2009-09-30)
115
132
 
116
133
  Enhancements:
@@ -118,6 +135,7 @@ Enhancements:
118
135
  * ActiveRecord extension scrubs fields in a before_validation callback
119
136
  (was previously in a before_save)
120
137
 
138
+
121
139
  == 0.2.1 (2009-09-19)
122
140
 
123
141
  Enhancements:
@@ -132,6 +150,7 @@ Bugfixes:
132
150
  * init.rb fixed to support installation as a Rails plugin. GH #6
133
151
  (Thanks Josh Nichols!)
134
152
 
153
+
135
154
  == 0.2.0 (2009-09-11)
136
155
 
137
156
  * Swank new API.
@@ -141,10 +160,12 @@ Bugfixes:
141
160
  * Deprecated the Dryopteris sanitization methods. Will be removed in 0.3.0.
142
161
  * Documentation! Hey!
143
162
 
163
+
144
164
  == 0.1.2 (2009-04-30)
145
165
 
146
166
  * Added whitewashing -- removal of all attributes and namespaced nodes. You know, for microsofty HTML.
147
167
 
168
+
148
169
  == 0.1.0 (2009-02-10)
149
170
 
150
171
  * Birthday!
data/README.rdoc CHANGED
@@ -77,8 +77,8 @@ or by implementing a method.
77
77
 
78
78
  Generally speaking, unless you expect to have a DOCTYPE and a single
79
79
  root node, you don't have a *document*, you have a *fragment*. For
80
- HTML, another rule of thumb is that *documents* have \<html\>
81
- and \<body\> tags, and *fragments* usually do not.
80
+ HTML, another rule of thumb is that *documents* have +html+ and +body+
81
+ tags, and *fragments* usually do not.
82
82
 
83
83
  HTML fragments should be parsed with Loofah.fragment. The result won't
84
84
  be wrapped in +html+ or +body+ tags, won't have a DOCTYPE declaration,
@@ -235,7 +235,7 @@ the Rails ActionView helpers of the same name.
235
235
 
236
236
  == Requirements
237
237
 
238
- * Nokogiri >= 1.3.3
238
+ * Nokogiri >= 1.4.4
239
239
 
240
240
  == Installation
241
241
 
data/Rakefile CHANGED
@@ -59,3 +59,10 @@ task :fix_css do
59
59
  puts "* fixing css"
60
60
  File.open("doc/rdoc.css", "a") { |f| f.write better_css }
61
61
  end
62
+
63
+ desc "generate and upload docs to rubyforge"
64
+ task :doc_upload_to_rubyforge => :docs do
65
+ Dir.chdir "doc" do
66
+ system "rsync -avz --delete * rubyforge.org:/var/www/gforge-projects/loofah/loofah"
67
+ end
68
+ end
@@ -55,11 +55,11 @@ module Loofah
55
55
  #
56
56
  # To use by default, call this in an application initializer:
57
57
  #
58
- # ActionView::Helpers::SanitizeHelper.full_sanitizer = ::Loofah::Helpers::ActionView::FullSanitizer.new
58
+ # ActionView::Helpers::SanitizeHelper.full_sanitizer = ::Loofah::Helpers::ActionView::FullSanitizer.new
59
59
  #
60
60
  # Or, to generally opt-in to Loofah's view sanitizers:
61
61
  #
62
- # Loofah::Helpers::ActionView.set_as_default_sanitizer
62
+ # Loofah::Helpers::ActionView.set_as_default_sanitizer
63
63
  #
64
64
  class FullSanitizer
65
65
  def sanitize html, *args
@@ -72,11 +72,11 @@ module Loofah
72
72
  #
73
73
  # To use by default, call this in an application initializer:
74
74
  #
75
- # ActionView::Helpers::SanitizeHelper.white_list_sanitizer = ::Loofah::Helpers::ActionView::WhiteListSanitizer.new
75
+ # ActionView::Helpers::SanitizeHelper.white_list_sanitizer = ::Loofah::Helpers::ActionView::WhiteListSanitizer.new
76
76
  #
77
77
  # Or, to generally opt-in to Loofah's view sanitizers:
78
78
  #
79
- # Loofah::Helpers::ActionView.set_as_default_sanitizer
79
+ # Loofah::Helpers::ActionView.set_as_default_sanitizer
80
80
  #
81
81
  class WhiteListSanitizer
82
82
  def sanitize html, *args
@@ -1,3 +1,5 @@
1
+ #encoding: US-ASCII
2
+
1
3
  require 'cgi'
2
4
 
3
5
  module Loofah
@@ -1,5 +1,5 @@
1
1
  module Loofah
2
- module MetaHelpers
2
+ module MetaHelpers # :nodoc:
3
3
  def self.add_downcased_set_members_to_all_set_constants mojule
4
4
  mojule.constants.each do |constant_sym|
5
5
  constant = mojule.const_get constant_sym
data/lib/loofah.rb CHANGED
@@ -29,7 +29,7 @@ require 'loofah/helpers'
29
29
  #
30
30
  module Loofah
31
31
  # The version of Loofah you are using
32
- VERSION = '1.2.0'
32
+ VERSION = '1.2.1'
33
33
 
34
34
  class << self
35
35
  # Shortcut for Loofah::HTML::Document.parse
@@ -199,16 +199,6 @@ class Html5TestSanitizer < Loofah::TestCase
199
199
  output = "<rect fill=' #fff'></rect>"
200
200
  check_sanitization(input, output, output, output)
201
201
  end
202
-
203
- define_method "test_uri_ref_with_space_in_svg_attribute_#{attr_name}" do
204
- input = "<rect fill='url(\n#foo)' />"
205
- rexml = "<rect fill='url(\n#foo)'></rect>"
206
- end
207
-
208
- define_method "test_absolute_uri_ref_with_space_in_svg_attribute_#{attr_name}" do
209
- input = "<rect fill=\"url(\nhttp://bad.com/)\" />"
210
- rexml = "<rect fill=' '></rect>"
211
- end
212
202
  end
213
203
  end
214
204
 
metadata CHANGED
@@ -1,196 +1,159 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
- version: !ruby/object:Gem::Version
4
- hash: 31
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.2.1
5
5
  prerelease:
6
- segments:
7
- - 1
8
- - 2
9
- - 0
10
- version: 1.2.0
11
6
  platform: ruby
12
- authors:
7
+ authors:
13
8
  - Mike Dalessio
14
9
  - Bryan Helmkamp
15
10
  autorequire:
16
11
  bindir: bin
17
12
  cert_chain: []
18
-
19
- date: 2011-08-08 00:00:00 -04:00
20
- default_executable:
21
- dependencies:
22
- - !ruby/object:Gem::Dependency
23
- requirement: &id001 !ruby/object:Gem::Requirement
13
+ date: 2012-04-14 00:00:00.000000000 Z
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: nokogiri
17
+ requirement: &7093760 !ruby/object:Gem::Requirement
24
18
  none: false
25
- requirements:
26
- - - ">="
27
- - !ruby/object:Gem::Version
28
- hash: 15
29
- segments:
30
- - 1
31
- - 4
32
- - 4
19
+ requirements:
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
33
22
  version: 1.4.4
34
- name: nokogiri
35
- version_requirements: *id001
36
- prerelease: false
37
23
  type: :runtime
38
- - !ruby/object:Gem::Dependency
39
- requirement: &id002 !ruby/object:Gem::Requirement
40
- none: false
41
- requirements:
42
- - - ">="
43
- - !ruby/object:Gem::Version
44
- hash: 27
45
- segments:
46
- - 0
47
- - 8
48
- version: "0.8"
49
- name: rake
50
- version_requirements: *id002
51
24
  prerelease: false
25
+ version_requirements: *7093760
26
+ - !ruby/object:Gem::Dependency
27
+ name: rake
28
+ requirement: &7093180 !ruby/object:Gem::Requirement
29
+ none: false
30
+ requirements:
31
+ - - ! '>='
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
52
34
  type: :development
53
- - !ruby/object:Gem::Dependency
54
- requirement: &id003 !ruby/object:Gem::Requirement
35
+ prerelease: false
36
+ version_requirements: *7093180
37
+ - !ruby/object:Gem::Dependency
38
+ name: minitest
39
+ requirement: &7107880 !ruby/object:Gem::Requirement
55
40
  none: false
56
- requirements:
41
+ requirements:
57
42
  - - ~>
58
- - !ruby/object:Gem::Version
59
- hash: 7
60
- segments:
61
- - 2
62
- - 2
63
- version: "2.2"
64
- name: minitest
65
- version_requirements: *id003
66
- prerelease: false
43
+ - !ruby/object:Gem::Version
44
+ version: '2.2'
67
45
  type: :development
68
- - !ruby/object:Gem::Dependency
69
- requirement: &id004 !ruby/object:Gem::Requirement
46
+ prerelease: false
47
+ version_requirements: *7107880
48
+ - !ruby/object:Gem::Dependency
49
+ name: rr
50
+ requirement: &7106860 !ruby/object:Gem::Requirement
70
51
  none: false
71
- requirements:
52
+ requirements:
72
53
  - - ~>
73
- - !ruby/object:Gem::Version
74
- hash: 15
75
- segments:
76
- - 1
77
- - 0
78
- version: "1.0"
79
- name: rr
80
- version_requirements: *id004
81
- prerelease: false
54
+ - !ruby/object:Gem::Version
55
+ version: '1.0'
82
56
  type: :development
83
- - !ruby/object:Gem::Dependency
84
- requirement: &id005 !ruby/object:Gem::Requirement
85
- none: false
86
- requirements:
87
- - - ">="
88
- - !ruby/object:Gem::Version
89
- hash: 3
90
- segments:
91
- - 0
92
- version: "0"
93
- name: json
94
- version_requirements: *id005
95
57
  prerelease: false
96
- type: :development
97
- - !ruby/object:Gem::Dependency
98
- requirement: &id006 !ruby/object:Gem::Requirement
58
+ version_requirements: *7106860
59
+ - !ruby/object:Gem::Dependency
60
+ name: json
61
+ requirement: &7103340 !ruby/object:Gem::Requirement
99
62
  none: false
100
- requirements:
101
- - - ">="
102
- - !ruby/object:Gem::Version
103
- hash: 3
104
- segments:
105
- - 0
106
- version: "0"
107
- name: hoe-gemspec
108
- version_requirements: *id006
109
- prerelease: false
63
+ requirements:
64
+ - - ! '>='
65
+ - !ruby/object:Gem::Version
66
+ version: '0'
110
67
  type: :development
111
- - !ruby/object:Gem::Dependency
112
- requirement: &id007 !ruby/object:Gem::Requirement
113
- none: false
114
- requirements:
115
- - - ">="
116
- - !ruby/object:Gem::Version
117
- hash: 3
118
- segments:
119
- - 0
120
- version: "0"
121
- name: hoe-debugging
122
- version_requirements: *id007
123
68
  prerelease: false
124
- type: :development
125
- - !ruby/object:Gem::Dependency
126
- requirement: &id008 !ruby/object:Gem::Requirement
69
+ version_requirements: *7103340
70
+ - !ruby/object:Gem::Dependency
71
+ name: hoe-gemspec
72
+ requirement: &7101160 !ruby/object:Gem::Requirement
127
73
  none: false
128
- requirements:
129
- - - ">="
130
- - !ruby/object:Gem::Version
131
- hash: 3
132
- segments:
133
- - 0
134
- version: "0"
135
- name: hoe-bundler
136
- version_requirements: *id008
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ type: :development
137
79
  prerelease: false
80
+ version_requirements: *7101160
81
+ - !ruby/object:Gem::Dependency
82
+ name: hoe-debugging
83
+ requirement: &7115900 !ruby/object:Gem::Requirement
84
+ none: false
85
+ requirements:
86
+ - - ! '>='
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
138
89
  type: :development
139
- - !ruby/object:Gem::Dependency
140
- requirement: &id009 !ruby/object:Gem::Requirement
90
+ prerelease: false
91
+ version_requirements: *7115900
92
+ - !ruby/object:Gem::Dependency
93
+ name: hoe-bundler
94
+ requirement: &7115180 !ruby/object:Gem::Requirement
141
95
  none: false
142
- requirements:
143
- - - ">="
144
- - !ruby/object:Gem::Version
145
- hash: 3
146
- segments:
147
- - 0
148
- version: "0"
149
- name: hoe-git
150
- version_requirements: *id009
96
+ requirements:
97
+ - - ! '>='
98
+ - !ruby/object:Gem::Version
99
+ version: '0'
100
+ type: :development
151
101
  prerelease: false
102
+ version_requirements: *7115180
103
+ - !ruby/object:Gem::Dependency
104
+ name: hoe-git
105
+ requirement: &7114520 !ruby/object:Gem::Requirement
106
+ none: false
107
+ requirements:
108
+ - - ! '>='
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
152
111
  type: :development
153
- - !ruby/object:Gem::Dependency
154
- requirement: &id010 !ruby/object:Gem::Requirement
112
+ prerelease: false
113
+ version_requirements: *7114520
114
+ - !ruby/object:Gem::Dependency
115
+ name: hoe
116
+ requirement: &7113560 !ruby/object:Gem::Requirement
155
117
  none: false
156
- requirements:
118
+ requirements:
157
119
  - - ~>
158
- - !ruby/object:Gem::Version
159
- hash: 23
160
- segments:
161
- - 2
162
- - 10
163
- version: "2.10"
164
- name: hoe
165
- version_requirements: *id010
166
- prerelease: false
120
+ - !ruby/object:Gem::Version
121
+ version: '2.12'
167
122
  type: :development
168
- description: |-
169
- Loofah is a general library for manipulating and transforming HTML/XML
170
- documents and fragments. It's built on top of Nokogiri and libxml2, so
171
- it's fast and has a nice API.
172
-
123
+ prerelease: false
124
+ version_requirements: *7113560
125
+ description: ! 'Loofah is a general library for manipulating and transforming HTML/XML
126
+
127
+ documents and fragments. It''s built on top of Nokogiri and libxml2, so
128
+
129
+ it''s fast and has a nice API.
130
+
131
+
173
132
  Loofah excels at HTML sanitization (XSS prevention). It includes some
174
- nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
175
- most likely won't make your codes less secure. (These statements have
133
+
134
+ nice HTML sanitizers, which are based on HTML5lib''s whitelist, so it
135
+
136
+ most likely won''t make your codes less secure. (These statements have
137
+
176
138
  not been evaluated by Netexperts.)
177
-
139
+
140
+
178
141
  ActiveRecord extensions for sanitization are available in the
142
+
179
143
  `loofah-activerecord` gem (see
180
- http://github.com/flavorjones/loofah-activerecord).
181
- email:
144
+
145
+ http://github.com/flavorjones/loofah-activerecord).'
146
+ email:
182
147
  - mike.dalessio@gmail.com
183
148
  - bryan@brynary.com
184
149
  executables: []
185
-
186
150
  extensions: []
187
-
188
- extra_rdoc_files:
151
+ extra_rdoc_files:
189
152
  - MIT-LICENSE.txt
190
153
  - Manifest.txt
191
- - CHANGELOG.rdoc
192
154
  - README.rdoc
193
- files:
155
+ - CHANGELOG.rdoc
156
+ files:
194
157
  - CHANGELOG.rdoc
195
158
  - Gemfile
196
159
  - MIT-LICENSE.txt
@@ -228,50 +191,42 @@ files:
228
191
  - test/unit/test_scrubber.rb
229
192
  - test/unit/test_scrubbers.rb
230
193
  - .gemtest
231
- has_rdoc: true
232
194
  homepage: http://github.com/flavorjones/loofah
233
195
  licenses: []
234
-
235
196
  post_install_message:
236
- rdoc_options:
197
+ rdoc_options:
237
198
  - --main
238
199
  - README.rdoc
239
- require_paths:
200
+ require_paths:
240
201
  - lib
241
- required_ruby_version: !ruby/object:Gem::Requirement
202
+ required_ruby_version: !ruby/object:Gem::Requirement
242
203
  none: false
243
- requirements:
244
- - - ">="
245
- - !ruby/object:Gem::Version
246
- hash: 3
247
- segments:
248
- - 0
249
- version: "0"
250
- required_rubygems_version: !ruby/object:Gem::Requirement
204
+ requirements:
205
+ - - ! '>='
206
+ - !ruby/object:Gem::Version
207
+ version: '0'
208
+ required_rubygems_version: !ruby/object:Gem::Requirement
251
209
  none: false
252
- requirements:
253
- - - ">="
254
- - !ruby/object:Gem::Version
255
- hash: 3
256
- segments:
257
- - 0
258
- version: "0"
210
+ requirements:
211
+ - - ! '>='
212
+ - !ruby/object:Gem::Version
213
+ version: '0'
259
214
  requirements: []
260
-
261
215
  rubyforge_project: loofah
262
- rubygems_version: 1.6.0
216
+ rubygems_version: 1.8.15
263
217
  signing_key:
264
218
  specification_version: 3
265
- summary: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments
266
- test_files:
267
- - test/unit/test_scrubber.rb
268
- - test/unit/test_helpers.rb
269
- - test/unit/test_api.rb
270
- - test/unit/test_scrubbers.rb
271
- - test/unit/test_encoding.rb
219
+ summary: Loofah is a general library for manipulating and transforming HTML/XML documents
220
+ and fragments
221
+ test_files:
272
222
  - test/html5/test_sanitizer.rb
223
+ - test/integration/test_html.rb
273
224
  - test/integration/test_helpers.rb
274
- - test/integration/test_scrubbers.rb
275
225
  - test/integration/test_ad_hoc.rb
226
+ - test/integration/test_scrubbers.rb
276
227
  - test/integration/test_xml.rb
277
- - test/integration/test_html.rb
228
+ - test/unit/test_scrubber.rb
229
+ - test/unit/test_helpers.rb
230
+ - test/unit/test_scrubbers.rb
231
+ - test/unit/test_api.rb
232
+ - test/unit/test_encoding.rb