loofah 2.11.0 → 2.12.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of loofah might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/lib/loofah/html5/scrub.rb +5 -2
  4. data/lib/loofah/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 522ebc47f9d42ec64069bb77099c6eb6e96de6d70f73ba62f126227a38f1cdb4
4
- data.tar.gz: d558598dfe8cf3af9fa6b7075faf463dcffa68611404869334d3c66a81587074
3
+ metadata.gz: c868e8e66e94839a6486619672b3aa05b3f1b2d59987290eded52829fbe5ee9e
4
+ data.tar.gz: 7610aa28be173f2ad1e917fa01ef783a96189cc5ee98ce8878983f67ad46661d
5
5
  SHA512:
6
- metadata.gz: 13254497bb7b9b04b72aaabdf7c1297a0f732612e85c241b820c8e21861acfa9716d51b205aa972281602ce5582e85913ed682761f4ca228b1bd5919c23e10e4
7
- data.tar.gz: d7d9e41f40f65b93aeeed8561d058df6fb0757cdb80f0380d1db19b2c705cfae032f7f254c1a58142b8c8e32cda27d9e3c1b501859ff1714ed30f2c5c0e107d2
6
+ metadata.gz: 6676ba0100a6348670618e03015be589c207290880a91cd86c8502767cf7f6a9a91aa2d19d8cc9131a18537f74eb5440f273430f3cc27ebf4c6691259ddf3c7b
7
+ data.tar.gz: 4a9f90a2bf23dcb52a3b4a1ee7d8ace37ee310c14495fb749e7d4defc8b4a6dc4542b53b8cf6ea7579c70f753478ed523b29fbb13b6f1509fa47d422f0074b75
data/CHANGELOG.md CHANGED
@@ -1,5 +1,12 @@
1
1
  # Changelog
2
2
 
3
+ ## 2.12.0 / 2021-08-11
4
+
5
+ ### Features
6
+
7
+ * Support empty HTML5 data attributes. [[#215](https://github.com/flavorjones/loofah/issues/215)]
8
+
9
+
3
10
  ## 2.11.0 / 2021-07-31
4
11
 
5
12
  ### Features
data/lib/loofah/html5/scrub.rb CHANGED
@@ -10,6 +10,7 @@ module Loofah
10
10
  CRASS_SEMICOLON = { node: :semicolon, raw: ";" }
11
11
  CSS_IMPORTANT = '!important'
12
12
  CSS_PROPERTY_STRING_WITHOUT_EMBEDDED_QUOTES = /\A(["'])?[^"']+\1\z/
13
+ DATA_ATTRIBUTE_NAME = /\Adata-[\w-]+\z/
13
14
 
14
15
  class << self
15
16
  def allowed_element?(element_name)
@@ -25,7 +26,7 @@ module Loofah
25
26
  attr_node.node_name
26
27
  end
27
28
 
28
- if attr_name =~ /\Adata-[\w-]+\z/
29
+ if attr_name =~ DATA_ATTRIBUTE_NAME
29
30
  next
30
31
  end
31
32
 
@@ -62,7 +63,9 @@ module Loofah
62
63
  scrub_css_attribute(node)
63
64
 
64
65
  node.attribute_nodes.each do |attr_node|
65
- node.remove_attribute(attr_node.name) if attr_node.value !~ /[^[:space:]]/
66
+ if attr_node.value !~ /[^[:space:]]/ && attr_node.name !~ DATA_ATTRIBUTE_NAME
67
+ node.remove_attribute(attr_node.name)
68
+ end
66
69
  end
67
70
 
68
71
  force_correct_attribute_escaping!(node)
data/lib/loofah/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  module Loofah
3
3
  # The version of Loofah you are using
4
- VERSION = "2.11.0"
4
+ VERSION = "2.12.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: loofah
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.11.0
4
+ version: 2.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-07-31 00:00:00.000000000 Z
12
+ date: 2021-08-11 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: crass