makeup 0.4.2 → 0.4.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. data/.gitignore +1 -0
  2. data/lib/makeup/markup.rb +6 -1
  3. data/lib/makeup/version.rb +1 -1
  4. data/makeup.gemspec +1 -0
  5. data/test/makeup/markup_test.rb +12 -0
  6. metadata +51 -10
  7. checksums.yaml +0 -7
  8. data/Gemfile.lock +0 -51
data/.gitignore CHANGED
@@ -1,2 +1,3 @@
1
1
  coverage
2
2
  test/reports
3
+ Gemfile.lock
data/lib/makeup/markup.rb CHANGED
@@ -22,6 +22,7 @@
22
22
  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23
23
  # SOFTWARE.
24
24
  #++
25
+ require "loofah"
25
26
  require "github/markup"
26
27
  require "makeup/code_block_parser"
27
28
  require "makeup/syntax_highlighter"
@@ -56,7 +57,11 @@ module Makeup
56
57
 
57
58
  def render(path, content)
58
59
  content = highlight_code_blocks(path, content)
59
- GitHub::Markup.render(path, content)
60
+ sanitize(GitHub::Markup.render(path, content))
61
+ end
62
+
63
+ def sanitize(html)
64
+ Loofah.fragment(html).scrub!(:prune).to_s
60
65
  end
61
66
 
62
67
  def highlight_code_blocks(path, markup)
data/lib/makeup/version.rb CHANGED
@@ -24,5 +24,5 @@
24
24
  #++
25
25
 
26
26
  module Makeup
27
- VERSION = "0.4.2"
27
+ VERSION = "0.4.3"
28
28
  end
data/makeup.gemspec CHANGED
@@ -21,6 +21,7 @@ markdown files.
21
21
  s.add_dependency "github-linguist", "~>2.8"
22
22
  s.add_dependency "github-markup", "~> 0.7"
23
23
  s.add_dependency "htmlentities", "~> 4.3"
24
+ s.add_dependency "loofah", "~> 1.2"
24
25
 
25
26
  s.add_development_dependency "minitest", "~> 2.0"
26
27
  s.add_development_dependency "rake", "~> 0.9"
data/test/makeup/markup_test.rb CHANGED
@@ -62,6 +62,18 @@ describe Makeup::Markup do
62
62
 
63
63
  assert_equal 2, html.scan(/common-lisp/).length
64
64
  end
65
+
66
+ it "strips unsafe html attributes and elements" do
67
+ md = <<-MD
68
+ <script>alert("foo")</script>
69
+ <a href="foo" data-destroy="boom" onclick="alert('foo')">link</a>
70
+ *bar*
71
+ MD
72
+
73
+ html = @renderer.render("file.md", md)
74
+
75
+ assert_equal %Q{<p><a href="foo">link</a>\n<em>bar</em></p>}, html
76
+ end
65
77
  end
66
78
 
67
79
  describe "#render" do
metadata CHANGED
@@ -1,18 +1,20 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: makeup
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.4.3
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Christian Johansen
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2013-11-21 00:00:00.000000000 Z
12
+ date: 2013-12-23 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: pygments.rb
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
19
  - - ~>
18
20
  - !ruby/object:Gem::Version
@@ -23,6 +25,7 @@ dependencies:
23
25
  type: :runtime
24
26
  prerelease: false
25
27
  version_requirements: !ruby/object:Gem::Requirement
28
+ none: false
26
29
  requirements:
27
30
  - - ~>
28
31
  - !ruby/object:Gem::Version
@@ -33,6 +36,7 @@ dependencies:
33
36
  - !ruby/object:Gem::Dependency
34
37
  name: github-linguist
35
38
  requirement: !ruby/object:Gem::Requirement
39
+ none: false
36
40
  requirements:
37
41
  - - ~>
38
42
  - !ruby/object:Gem::Version
@@ -40,6 +44,7 @@ dependencies:
40
44
  type: :runtime
41
45
  prerelease: false
42
46
  version_requirements: !ruby/object:Gem::Requirement
47
+ none: false
43
48
  requirements:
44
49
  - - ~>
45
50
  - !ruby/object:Gem::Version
@@ -47,6 +52,7 @@ dependencies:
47
52
  - !ruby/object:Gem::Dependency
48
53
  name: github-markup
49
54
  requirement: !ruby/object:Gem::Requirement
55
+ none: false
50
56
  requirements:
51
57
  - - ~>
52
58
  - !ruby/object:Gem::Version
@@ -54,6 +60,7 @@ dependencies:
54
60
  type: :runtime
55
61
  prerelease: false
56
62
  version_requirements: !ruby/object:Gem::Requirement
63
+ none: false
57
64
  requirements:
58
65
  - - ~>
59
66
  - !ruby/object:Gem::Version
@@ -61,6 +68,7 @@ dependencies:
61
68
  - !ruby/object:Gem::Dependency
62
69
  name: htmlentities
63
70
  requirement: !ruby/object:Gem::Requirement
71
+ none: false
64
72
  requirements:
65
73
  - - ~>
66
74
  - !ruby/object:Gem::Version
@@ -68,13 +76,31 @@ dependencies:
68
76
  type: :runtime
69
77
  prerelease: false
70
78
  version_requirements: !ruby/object:Gem::Requirement
79
+ none: false
71
80
  requirements:
72
81
  - - ~>
73
82
  - !ruby/object:Gem::Version
74
83
  version: '4.3'
84
+ - !ruby/object:Gem::Dependency
85
+ name: loofah
86
+ requirement: !ruby/object:Gem::Requirement
87
+ none: false
88
+ requirements:
89
+ - - ~>
90
+ - !ruby/object:Gem::Version
91
+ version: '1.2'
92
+ type: :runtime
93
+ prerelease: false
94
+ version_requirements: !ruby/object:Gem::Requirement
95
+ none: false
96
+ requirements:
97
+ - - ~>
98
+ - !ruby/object:Gem::Version
99
+ version: '1.2'
75
100
  - !ruby/object:Gem::Dependency
76
101
  name: minitest
77
102
  requirement: !ruby/object:Gem::Requirement
103
+ none: false
78
104
  requirements:
79
105
  - - ~>
80
106
  - !ruby/object:Gem::Version
@@ -82,6 +108,7 @@ dependencies:
82
108
  type: :development
83
109
  prerelease: false
84
110
  version_requirements: !ruby/object:Gem::Requirement
111
+ none: false
85
112
  requirements:
86
113
  - - ~>
87
114
  - !ruby/object:Gem::Version
@@ -89,6 +116,7 @@ dependencies:
89
116
  - !ruby/object:Gem::Dependency
90
117
  name: rake
91
118
  requirement: !ruby/object:Gem::Requirement
119
+ none: false
92
120
  requirements:
93
121
  - - ~>
94
122
  - !ruby/object:Gem::Version
@@ -96,6 +124,7 @@ dependencies:
96
124
  type: :development
97
125
  prerelease: false
98
126
  version_requirements: !ruby/object:Gem::Requirement
127
+ none: false
99
128
  requirements:
100
129
  - - ~>
101
130
  - !ruby/object:Gem::Version
@@ -103,6 +132,7 @@ dependencies:
103
132
  - !ruby/object:Gem::Dependency
104
133
  name: redcarpet
105
134
  requirement: !ruby/object:Gem::Requirement
135
+ none: false
106
136
  requirements:
107
137
  - - '='
108
138
  - !ruby/object:Gem::Version
@@ -110,14 +140,19 @@ dependencies:
110
140
  type: :development
111
141
  prerelease: false
112
142
  version_requirements: !ruby/object:Gem::Requirement
143
+ none: false
113
144
  requirements:
114
145
  - - '='
115
146
  - !ruby/object:Gem::Version
116
147
  version: 2.2.0
117
- description: |
118
- Makeup provides markup rendering and code highlighting. It renders all kinds of
148
+ description: ! 'Makeup provides markup rendering and code highlighting. It renders
149
+ all kinds of
150
+
119
151
  markup formats using GitHub::Markup, and implements "fenced code blocks" for
152
+
120
153
  markdown files.
154
+
155
+ '
121
156
  email:
122
157
  - christian@gitorious.org
123
158
  executables: []
@@ -127,7 +162,6 @@ files:
127
162
  - .gitignore
128
163
  - .travis.yml
129
164
  - Gemfile
130
- - Gemfile.lock
131
165
  - Rakefile
132
166
  - Readme.md
133
167
  - lib/makeup.rb
@@ -141,25 +175,32 @@ files:
141
175
  - test/test_helper.rb
142
176
  homepage: http://gitorious.org/gitorious/makeup
143
177
  licenses: []
144
- metadata: {}
145
178
  post_install_message:
146
179
  rdoc_options: []
147
180
  require_paths:
148
181
  - lib
149
182
  required_ruby_version: !ruby/object:Gem::Requirement
183
+ none: false
150
184
  requirements:
151
- - - '>='
185
+ - - ! '>='
152
186
  - !ruby/object:Gem::Version
153
187
  version: '0'
188
+ segments:
189
+ - 0
190
+ hash: -3804366775395324945
154
191
  required_rubygems_version: !ruby/object:Gem::Requirement
192
+ none: false
155
193
  requirements:
156
- - - '>='
194
+ - - ! '>='
157
195
  - !ruby/object:Gem::Version
158
196
  version: '0'
197
+ segments:
198
+ - 0
199
+ hash: -3804366775395324945
159
200
  requirements: []
160
201
  rubyforge_project: makeup
161
- rubygems_version: 2.0.3
202
+ rubygems_version: 1.8.25
162
203
  signing_key:
163
- specification_version: 4
204
+ specification_version: 3
164
205
  summary: Pretty markup
165
206
  test_files: []
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 379ce4e847dbec503944870569ff1457cbec0e2c
4
- data.tar.gz: 3629cba614b795458796194237ed7a89a70b7fe3
5
- SHA512:
6
- metadata.gz: 6de41d16b978fc8d73aaf826f6d4b3841293a43283d4e777dbbc0560f0d60610db8e43de32415ed67c49fe54abd0ea513b559d761e9ad65ab5c215dd83626f42
7
- data.tar.gz: a8861ab5ba65ef7e15d5d82d81beaa332a5bca5a6570b1b9d0e85381bef14f6fa8ef50769b5ff6657f3b777f850bb06f4428f8bb65623580bbd6a6d9dc558506
data/Gemfile.lock DELETED
@@ -1,51 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- makeup (0.4.1)
5
- github-linguist (~> 2.8)
6
- github-markup (~> 0.7)
7
- htmlentities (~> 4.3)
8
- pygments.rb (~> 0.4)
9
-
10
- GEM
11
- remote: http://rubygems.org/
12
- specs:
13
- builder (3.2.2)
14
- charlock_holmes (0.6.9.4)
15
- ci_reporter (1.9.0)
16
- builder (>= 2.1.2)
17
- escape_utils (0.3.2)
18
- github-linguist (2.8.5)
19
- charlock_holmes (~> 0.6.6)
20
- escape_utils (~> 0.3.1)
21
- mime-types (~> 1.19)
22
- pygments.rb (~> 0.4.2)
23
- github-markup (0.7.5)
24
- htmlentities (4.3.1)
25
- mime-types (1.24)
26
- minitest (2.12.1)
27
- multi_json (1.7.7)
28
- posix-spawn (0.3.6)
29
- pygments.rb (0.4.2)
30
- posix-spawn (~> 0.3.6)
31
- yajl-ruby (~> 1.1.0)
32
- rake (0.9.2.2)
33
- rcov (1.0.0)
34
- redcarpet (2.2.0)
35
- simplecov (0.7.1)
36
- multi_json (~> 1.0)
37
- simplecov-html (~> 0.7.1)
38
- simplecov-html (0.7.1)
39
- yajl-ruby (1.1.0)
40
-
41
- PLATFORMS
42
- ruby
43
-
44
- DEPENDENCIES
45
- ci_reporter
46
- makeup!
47
- minitest (~> 2.0)
48
- rake (~> 0.9)
49
- rcov
50
- redcarpet (= 2.2.0)
51
- simplecov