loofah 2.0.2 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.rdoc +7 -0
  3. data/lib/loofah.rb +1 -1
  4. data/lib/loofah/html5/scrub.rb +1 -1
  5. data/test/html5/test_sanitizer.rb +16 -0
  6. metadata +76 -75
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fe26253679940dacafe8041f66b983b3bcbf52a0
4
- data.tar.gz: 1e871815f543b062b2b128a195c6e6068b18241d
3
+ metadata.gz: 1ede2fa4b15b118b6040d43ec57d90782e6a8234
4
+ data.tar.gz: e0e4ed5ebb391793549d27245834bb67189e83c3
5
5
  SHA512:
6
- metadata.gz: 40893992f92d5a29c7bd40de6b6b7190d823237803d4245f8b66b1dea0b884dabf11578e061ba73fef6b89df6828e8eb8fd47618385583880b2f6953cc98b022
7
- data.tar.gz: 55ca03dd4ea01c46ff6e7a932a8eb6c2a6bb106223c46f1ea74f06a99847f9780a23ae1752950249407567f9e42fee7fecc42d6c2cbe4e06baeb3f1f2d5751fd
6
+ metadata.gz: ca75adb9b1dad4f99f7182767518a4a935bc960ec81db86eb848f30bb918089f570ab29bfa9f2973e0bd3608876cd47c8af1fcb01a6596e5e845307b21caffd9
7
+ data.tar.gz: 42fea8ec3d59389976f2613d4dd763f9f7c7260069f113d7044d55daeb83850750f2d5803354b0d431f2fef25e7a65c0e5cbe2b916d1e26072c6ccd531183d6a
data/CHANGELOG.rdoc CHANGED
@@ -1,5 +1,12 @@
1
1
  = Changelog
2
2
 
3
+ == 2.0.3 / 2015-08-17
4
+
5
+ Bug fixes:
6
+
7
+ * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)
8
+
9
+
3
10
  == 2.0.2 / 2015-05-05
4
11
 
5
12
  Bug fixes:
data/lib/loofah.rb CHANGED
@@ -27,7 +27,7 @@ require 'loofah/html/document_fragment'
27
27
  #
28
28
  module Loofah
29
29
  # The version of Loofah you are using
30
- VERSION = '2.0.2'
30
+ VERSION = '2.0.3'
31
31
 
32
32
  class << self
33
33
  # Shortcut for Loofah::HTML::Document.parse
data/lib/loofah/html5/scrub.rb CHANGED
@@ -67,7 +67,7 @@ module Loofah
67
67
  style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
68
68
 
69
69
  # gauntlet
70
- return '' unless style =~ /\A([-:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/
70
+ return '' unless style =~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/
71
71
  return '' unless style =~ /\A\s*([-\w]+\s*:[^:;]*(;\s*|$))*\z/
72
72
 
73
73
  clean = []
data/test/html5/test_sanitizer.rb CHANGED
@@ -31,6 +31,12 @@ class Html5TestSanitizer < Loofah::TestCase
31
31
  %Q{given: "#{input}"\nexpected: "#{htmloutput}"\ngot: "#{sane}"})
32
32
  end
33
33
 
34
+ def assert_completes_in_reasonable_time &block
35
+ t0 = Time.now
36
+ block.call
37
+ assert_in_delta t0, Time.now, 0.01 # arbitrary seconds
38
+ end
39
+
34
40
  (HTML5::WhiteList::ALLOWED_ELEMENTS).each do |tag_name|
35
41
  define_method "test_should_allow_#{tag_name}_tag" do
36
42
  input = "<#{tag_name} title='1'>foo <bad>bar</bad> baz</#{tag_name}>"
@@ -223,16 +229,26 @@ class Html5TestSanitizer < Loofah::TestCase
223
229
  end
224
230
 
225
231
  def test_css_negative_value_sanitization
232
+ skip "pending better CSS parsing, see https://github.com/flavorjones/loofah/issues/90"
226
233
  html = "<span style=\"letter-spacing:-0.03em;\">"
227
234
  sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
228
235
  assert_match %r/-0.03em/, sane.inner_html
229
236
  end
230
237
 
231
238
  def test_css_negative_value_sanitization_shorthand_css_properties
239
+ skip "pending better CSS parsing, see https://github.com/flavorjones/loofah/issues/90"
232
240
  html = "<span style=\"margin-left:-0.05em;\">"
233
241
  sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
234
242
  assert_match %r/-0.05em/, sane.inner_html
235
243
  end
244
+
245
+ def test_issue_90_slow_regex
246
+ html = %q{<span style="background: url('data:image/svg&#43;xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20width%3D%2232%22%20height%3D%2232%22%20viewBox%3D%220%200%2032%2032%22%3E%3Cpath%20fill%3D%22%23D4C8AE%22%20d%3D%22M0%200h32v32h-32z%22%2F%3E%3Cpath%20fill%3D%22%2383604B%22%20d%3D%22M0%200h31.99v11.75h-31.99z%22%2F%3E%3Cpath%20fill%3D%22%233D2319%22%20d%3D%22M0%2011.5h32v.5h-32z%22%2F%3E%3Cpath%20fill%3D%22%23F83651%22%20d%3D%22M5%200h1v10.5h-1z%22%2F%3E%3Cpath%20fill%3D%22%23FCD050%22%20d%3D%22M6%200h1v10.5h-1z%22%2F%3E%3Cpath%20fill%3D%22%2371C797%22%20d%3D%22M7%200h1v10.5h-1z%22%2F%3E%3Cpath%20fill%3D%22%23509CF9%22%20d%3D%22M8%200h1v10.5h-1z%22%2F%3E%3ClinearGradient%20id%3D%22a%22%20gradientUnits%3D%22userSpaceOnUse%22%20x1%3D%2224.996%22%20y1%3D%2210.5%22%20x2%3D%2224.996%22%20y2%3D%224.5%22%3E%3Cstop%20offset%3D%220%22%20stop-color%3D%22%23796055%22%2F%3E%3Cstop%20offset%3D%22.434%22%20stop-color%3D%22%23614C43%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%233D2D28%22%2F%3E%3C%2FlinearGradient%3E%3Cpath%20fill%3D%22url(%23a)%22%20d%3D%22M28%208.5c0%201.1-.9%202-2%202h-2c-1.1%200-2-.9-2-2v-2c0-1.1.9-2%202-2h2c1.1%200%202%20.9%202%202v2z%22%2F%3E%3Cpath%20fill%3D%22%235F402E%22%20d%3D%22M28%208c0%201.1-.9%202-2%202h-2c-1.1%200-2-.9-2-2v-2c0-1.1.9-2%202-2h2c1.1%200%202%20.9%202%202v2z%22%2F%3E%3C');"></span>}
247
+
248
+ assert_completes_in_reasonable_time {
249
+ sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_html)
250
+ }
251
+ end
236
252
  end
237
253
 
238
254
  # <html5_license>
metadata CHANGED
@@ -1,170 +1,170 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
8
8
  - Bryan Helmkamp
9
- autorequire:
9
+ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-05-05 00:00:00.000000000 Z
12
+ date: 2015-08-17 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: nokogiri
16
- version_requirements: !ruby/object:Gem::Requirement
17
- requirements:
18
- - - '>='
19
- - !ruby/object:Gem::Version
20
- version: 1.5.9
21
16
  requirement: !ruby/object:Gem::Requirement
22
17
  requirements:
23
- - - '>='
18
+ - - ">="
24
19
  - !ruby/object:Gem::Version
25
20
  version: 1.5.9
26
- prerelease: false
27
21
  type: :runtime
28
- - !ruby/object:Gem::Dependency
29
- name: rdoc
22
+ prerelease: false
30
23
  version_requirements: !ruby/object:Gem::Requirement
31
24
  requirements:
32
- - - ~>
25
+ - - ">="
33
26
  - !ruby/object:Gem::Version
34
- version: '4.0'
27
+ version: 1.5.9
28
+ - !ruby/object:Gem::Dependency
29
+ name: rdoc
35
30
  requirement: !ruby/object:Gem::Requirement
36
31
  requirements:
37
- - - ~>
32
+ - - "~>"
38
33
  - !ruby/object:Gem::Version
39
34
  version: '4.0'
40
- prerelease: false
41
35
  type: :development
42
- - !ruby/object:Gem::Dependency
43
- name: rake
36
+ prerelease: false
44
37
  version_requirements: !ruby/object:Gem::Requirement
45
38
  requirements:
46
- - - '>='
39
+ - - "~>"
47
40
  - !ruby/object:Gem::Version
48
- version: '0.8'
41
+ version: '4.0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rake
49
44
  requirement: !ruby/object:Gem::Requirement
50
45
  requirements:
51
- - - '>='
46
+ - - ">="
52
47
  - !ruby/object:Gem::Version
53
48
  version: '0.8'
54
- prerelease: false
55
49
  type: :development
56
- - !ruby/object:Gem::Dependency
57
- name: minitest
50
+ prerelease: false
58
51
  version_requirements: !ruby/object:Gem::Requirement
59
52
  requirements:
60
- - - ~>
53
+ - - ">="
61
54
  - !ruby/object:Gem::Version
62
- version: '2.2'
55
+ version: '0.8'
56
+ - !ruby/object:Gem::Dependency
57
+ name: minitest
63
58
  requirement: !ruby/object:Gem::Requirement
64
59
  requirements:
65
- - - ~>
60
+ - - "~>"
66
61
  - !ruby/object:Gem::Version
67
62
  version: '2.2'
68
- prerelease: false
69
63
  type: :development
70
- - !ruby/object:Gem::Dependency
71
- name: rr
64
+ prerelease: false
72
65
  version_requirements: !ruby/object:Gem::Requirement
73
66
  requirements:
74
- - - ~>
67
+ - - "~>"
75
68
  - !ruby/object:Gem::Version
76
- version: 1.1.0
69
+ version: '2.2'
70
+ - !ruby/object:Gem::Dependency
71
+ name: rr
77
72
  requirement: !ruby/object:Gem::Requirement
78
73
  requirements:
79
- - - ~>
74
+ - - "~>"
80
75
  - !ruby/object:Gem::Version
81
76
  version: 1.1.0
82
- prerelease: false
83
77
  type: :development
84
- - !ruby/object:Gem::Dependency
85
- name: json
78
+ prerelease: false
86
79
  version_requirements: !ruby/object:Gem::Requirement
87
80
  requirements:
88
- - - '>='
81
+ - - "~>"
89
82
  - !ruby/object:Gem::Version
90
- version: '0'
83
+ version: 1.1.0
84
+ - !ruby/object:Gem::Dependency
85
+ name: json
91
86
  requirement: !ruby/object:Gem::Requirement
92
87
  requirements:
93
- - - '>='
88
+ - - ">="
94
89
  - !ruby/object:Gem::Version
95
90
  version: '0'
96
- prerelease: false
97
91
  type: :development
98
- - !ruby/object:Gem::Dependency
99
- name: hoe-gemspec
92
+ prerelease: false
100
93
  version_requirements: !ruby/object:Gem::Requirement
101
94
  requirements:
102
- - - '>='
95
+ - - ">="
103
96
  - !ruby/object:Gem::Version
104
97
  version: '0'
98
+ - !ruby/object:Gem::Dependency
99
+ name: hoe-gemspec
105
100
  requirement: !ruby/object:Gem::Requirement
106
101
  requirements:
107
- - - '>='
102
+ - - ">="
108
103
  - !ruby/object:Gem::Version
109
104
  version: '0'
110
- prerelease: false
111
105
  type: :development
112
- - !ruby/object:Gem::Dependency
113
- name: hoe-debugging
106
+ prerelease: false
114
107
  version_requirements: !ruby/object:Gem::Requirement
115
108
  requirements:
116
- - - '>='
109
+ - - ">="
117
110
  - !ruby/object:Gem::Version
118
111
  version: '0'
112
+ - !ruby/object:Gem::Dependency
113
+ name: hoe-debugging
119
114
  requirement: !ruby/object:Gem::Requirement
120
115
  requirements:
121
- - - '>='
116
+ - - ">="
122
117
  - !ruby/object:Gem::Version
123
118
  version: '0'
124
- prerelease: false
125
119
  type: :development
126
- - !ruby/object:Gem::Dependency
127
- name: hoe-bundler
120
+ prerelease: false
128
121
  version_requirements: !ruby/object:Gem::Requirement
129
122
  requirements:
130
- - - '>='
123
+ - - ">="
131
124
  - !ruby/object:Gem::Version
132
125
  version: '0'
126
+ - !ruby/object:Gem::Dependency
127
+ name: hoe-bundler
133
128
  requirement: !ruby/object:Gem::Requirement
134
129
  requirements:
135
- - - '>='
130
+ - - ">="
136
131
  - !ruby/object:Gem::Version
137
132
  version: '0'
138
- prerelease: false
139
133
  type: :development
140
- - !ruby/object:Gem::Dependency
141
- name: hoe-git
134
+ prerelease: false
142
135
  version_requirements: !ruby/object:Gem::Requirement
143
136
  requirements:
144
- - - '>='
137
+ - - ">="
145
138
  - !ruby/object:Gem::Version
146
139
  version: '0'
140
+ - !ruby/object:Gem::Dependency
141
+ name: hoe-git
147
142
  requirement: !ruby/object:Gem::Requirement
148
143
  requirements:
149
- - - '>='
144
+ - - ">="
150
145
  - !ruby/object:Gem::Version
151
146
  version: '0'
152
- prerelease: false
153
147
  type: :development
154
- - !ruby/object:Gem::Dependency
155
- name: hoe
148
+ prerelease: false
156
149
  version_requirements: !ruby/object:Gem::Requirement
157
150
  requirements:
158
- - - ~>
151
+ - - ">="
159
152
  - !ruby/object:Gem::Version
160
- version: '3.13'
153
+ version: '0'
154
+ - !ruby/object:Gem::Dependency
155
+ name: hoe
161
156
  requirement: !ruby/object:Gem::Requirement
162
157
  requirements:
163
- - - ~>
158
+ - - "~>"
164
159
  - !ruby/object:Gem::Version
165
160
  version: '3.13'
166
- prerelease: false
167
161
  type: :development
162
+ prerelease: false
163
+ version_requirements: !ruby/object:Gem::Requirement
164
+ requirements:
165
+ - - "~>"
166
+ - !ruby/object:Gem::Version
167
+ version: '3.13'
168
168
  description: |-
169
169
  Loofah is a general library for manipulating and transforming HTML/XML
170
170
  documents and fragments. It's built on top of Nokogiri and libxml2, so
@@ -189,7 +189,7 @@ extra_rdoc_files:
189
189
  - Manifest.txt
190
190
  - README.rdoc
191
191
  files:
192
- - .gemtest
192
+ - ".gemtest"
193
193
  - CHANGELOG.rdoc
194
194
  - Gemfile
195
195
  - MIT-LICENSE.txt
@@ -230,26 +230,27 @@ homepage: https://github.com/flavorjones/loofah
230
230
  licenses:
231
231
  - MIT
232
232
  metadata: {}
233
- post_install_message:
233
+ post_install_message:
234
234
  rdoc_options:
235
- - --main
235
+ - "--main"
236
236
  - README.rdoc
237
237
  require_paths:
238
238
  - lib
239
239
  required_ruby_version: !ruby/object:Gem::Requirement
240
240
  requirements:
241
- - - '>='
241
+ - - ">="
242
242
  - !ruby/object:Gem::Version
243
243
  version: '0'
244
244
  required_rubygems_version: !ruby/object:Gem::Requirement
245
245
  requirements:
246
- - - '>='
246
+ - - ">="
247
247
  - !ruby/object:Gem::Version
248
248
  version: '0'
249
249
  requirements: []
250
- rubyforge_project:
251
- rubygems_version: 2.4.5
252
- signing_key:
250
+ rubyforge_project:
251
+ rubygems_version: 2.4.6
252
+ signing_key:
253
253
  specification_version: 4
254
- summary: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments
254
+ summary: Loofah is a general library for manipulating and transforming HTML/XML documents
255
+ and fragments
255
256
  test_files: []