loofah 2.9.0 → 2.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -2
- data/README.md +3 -3
- data/lib/loofah/html5/scrub.rb +6 -1
- data/lib/loofah/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 492fed0592f752787d888878678d74836accb7d07f2f778d9fdd714a9d311f5e
|
|
4
|
+
data.tar.gz: 94c3bfdf1bbf5d04f062119461bfeafa751131c780c2297bf892af6aab64607b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 58ce037d69172bb6d85acdf4faa0281e82e84ee7ef38212f6897971f7a0aeec2e4d151a6c93d8ec0bcb5e6f7522cc1d1d231c5810ce8b4875651777da3ceb3b7
|
|
7
|
+
data.tar.gz: ab4f6f053fb29ea9415683c3fa81f8ddcde147381314bc5bc87ccf105a97858846028ae7bb21987b3fc56cfa5c9beed769149b3a8cdc282db5c2bca827c5a57b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,22 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
## 2.9.1 / 2021-04-07
|
|
4
|
+
|
|
5
|
+
### Bug fixes
|
|
6
|
+
|
|
7
|
+
* Fix a regression in v2.9.0 which inappropriately removed CSS properties with quoted string values. [[#202](https://github.com/flavorjones/loofah/issues/202)]
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## 2.9.0 / 2021-01-14
|
|
11
|
+
|
|
12
|
+
### Features
|
|
4
13
|
|
|
5
14
|
* Handle CSS functions in a CSS shorthand property (like `background`). [[#199](https://github.com/flavorjones/loofah/issues/199), [#200](https://github.com/flavorjones/loofah/issues/200)]
|
|
6
15
|
|
|
7
16
|
|
|
8
|
-
|
|
17
|
+
## 2.8.0 / 2020-11-25
|
|
18
|
+
|
|
19
|
+
### Features
|
|
9
20
|
|
|
10
21
|
* Allow CSS properties `order`, `flex-direction`, `flex-grow`, `flex-wrap`, `flex-shrink`, `flex-flow`, `flex-basis`, `flex`, `justify-content`, `align-self`, `align-items`, and `align-content`. [[#197](https://github.com/flavorjones/loofah/issues/197)] (Thanks, [@miguelperez](https://github.com/miguelperez)!)
|
|
11
22
|
|
data/README.md
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
# Loofah
|
|
2
2
|
|
|
3
3
|
* https://github.com/flavorjones/loofah
|
|
4
|
-
* Docs: http://rubydoc.info/github/flavorjones/loofah/
|
|
4
|
+
* Docs: http://rubydoc.info/github/flavorjones/loofah/main/frames
|
|
5
5
|
* Mailing list: [loofah-talk@googlegroups.com](https://groups.google.com/forum/#!forum/loofah-talk)
|
|
6
6
|
|
|
7
7
|
## Status
|
|
8
8
|
|
|
9
|
-
[](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/loofah)
|
|
10
10
|
[](https://codeclimate.com/github/flavorjones/loofah)
|
|
11
11
|
[](https://tidelift.com/subscription/pkg/rubygems-loofah?utm_source=rubygems-loofah&utm_medium=referral&utm_campaign=readme)
|
|
12
12
|
|
|
@@ -211,7 +211,7 @@ end
|
|
|
211
211
|
Loofah.xml_document(File.read('plague.xml')).scrub!(bring_out_your_dead)
|
|
212
212
|
```
|
|
213
213
|
|
|
214
|
-
|
|
214
|
+
### Built-In HTML Scrubbers
|
|
215
215
|
|
|
216
216
|
Loofah comes with a set of sanitizing scrubbers that use HTML5lib's
|
|
217
217
|
safelist algorithm:
|
data/lib/loofah/html5/scrub.rb
CHANGED
|
@@ -9,6 +9,7 @@ module Loofah
|
|
|
9
9
|
CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(ch|cm|r?em|ex|in|lh|mm|pc|pt|px|Q|vmax|vmin|vw|vh|%|,|\))?)\z/
|
|
10
10
|
CRASS_SEMICOLON = { node: :semicolon, raw: ";" }
|
|
11
11
|
CSS_IMPORTANT = '!important'
|
|
12
|
+
CSS_PROPERTY_STRING_WITHOUT_EMBEDDED_QUOTES = /\A(["'])?[^"']+\1\z/
|
|
12
13
|
|
|
13
14
|
class << self
|
|
14
15
|
def allowed_element?(element_name)
|
|
@@ -92,7 +93,11 @@ module Loofah
|
|
|
92
93
|
when :whitespace
|
|
93
94
|
nil
|
|
94
95
|
when :string
|
|
95
|
-
|
|
96
|
+
if child[:raw] =~ CSS_PROPERTY_STRING_WITHOUT_EMBEDDED_QUOTES
|
|
97
|
+
Crass::Parser.stringify(child)
|
|
98
|
+
else
|
|
99
|
+
nil
|
|
100
|
+
end
|
|
96
101
|
when :function
|
|
97
102
|
if SafeList::ALLOWED_CSS_FUNCTIONS.include?(child[:name].downcase)
|
|
98
103
|
Crass::Parser.stringify(child)
|
data/lib/loofah/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: loofah
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.9.
|
|
4
|
+
version: 2.9.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Dalessio
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-04-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: nokogiri
|
|
@@ -196,7 +196,7 @@ metadata:
|
|
|
196
196
|
homepage_uri: https://github.com/flavorjones/loofah
|
|
197
197
|
source_code_uri: https://github.com/flavorjones/loofah
|
|
198
198
|
bug_tracker_uri: https://github.com/flavorjones/loofah/issues
|
|
199
|
-
changelog_uri: https://github.com/flavorjones/loofah/blob/
|
|
199
|
+
changelog_uri: https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md
|
|
200
200
|
documentation_uri: https://www.rubydoc.info/gems/loofah/
|
|
201
201
|
post_install_message:
|
|
202
202
|
rdoc_options: []
|