makeup 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. data/.gitignore +1 -0
  2. data/lib/makeup/markup.rb +6 -1
  3. data/lib/makeup/version.rb +1 -1
  4. data/makeup.gemspec +1 -0
  5. data/test/makeup/markup_test.rb +12 -0
  6. metadata +51 -10
  7. checksums.yaml +0 -7
  8. data/Gemfile.lock +0 -51
data/.gitignore CHANGED
@@ -1,2 +1,3 @@
1
1
  coverage
2
2
  test/reports
3
+ Gemfile.lock
data/lib/makeup/markup.rb CHANGED
@@ -22,6 +22,7 @@
22
22
  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23
23
  # SOFTWARE.
24
24
  #++
25
+ require "loofah"
25
26
  require "github/markup"
26
27
  require "makeup/code_block_parser"
27
28
  require "makeup/syntax_highlighter"
@@ -56,7 +57,11 @@ module Makeup
56
57
 
57
58
  def render(path, content)
58
59
  content = highlight_code_blocks(path, content)
59
- GitHub::Markup.render(path, content)
60
+ sanitize(GitHub::Markup.render(path, content))
61
+ end
62
+
63
+ def sanitize(html)
64
+ Loofah.fragment(html).scrub!(:prune).to_s
60
65
  end
61
66
 
62
67
  def highlight_code_blocks(path, markup)
data/lib/makeup/version.rb CHANGED
@@ -24,5 +24,5 @@
24
24
  #++
25
25
 
26
26
  module Makeup
27
- VERSION = "0.4.2"
27
+ VERSION = "0.4.3"
28
28
  end
data/makeup.gemspec CHANGED
@@ -21,6 +21,7 @@ markdown files.
21
21
  s.add_dependency "github-linguist", "~>2.8"
22
22
  s.add_dependency "github-markup", "~> 0.7"
23
23
  s.add_dependency "htmlentities", "~> 4.3"
24
+ s.add_dependency "loofah", "~> 1.2"
24
25
 
25
26
  s.add_development_dependency "minitest", "~> 2.0"
26
27
  s.add_development_dependency "rake", "~> 0.9"
data/test/makeup/markup_test.rb CHANGED
@@ -62,6 +62,18 @@ describe Makeup::Markup do
62
62
 
63
63
  assert_equal 2, html.scan(/common-lisp/).length
64
64
  end
65
+
66
+ it "strips unsafe html attributes and elements" do
67
+ md = <<-MD
68
+ <script>alert("foo")</script>
69
+ <a href="foo" data-destroy="boom" onclick="alert('foo')">link</a>
70
+ *bar*
71
+ MD
72
+
73
+ html = @renderer.render("file.md", md)
74
+
75
+ assert_equal %Q{<p><a href="foo">link</a>\n<em>bar</em></p>}, html
76
+ end
65
77
  end
66
78
 
67
79
  describe "#render" do
metadata CHANGED
@@ -1,18 +1,20 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: makeup
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.4.3
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Christian Johansen
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2013-11-21 00:00:00.000000000 Z
12
+ date: 2013-12-23 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: pygments.rb
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
19
  - - ~>
18
20
  - !ruby/object:Gem::Version
@@ -23,6 +25,7 @@ dependencies:
23
25
  type: :runtime
24
26
  prerelease: false
25
27
  version_requirements: !ruby/object:Gem::Requirement
28
+ none: false
26
29
  requirements:
27
30
  - - ~>
28
31
  - !ruby/object:Gem::Version
@@ -33,6 +36,7 @@ dependencies:
33
36
  - !ruby/object:Gem::Dependency
34
37
  name: github-linguist
35
38
  requirement: !ruby/object:Gem::Requirement
39
+ none: false
36
40
  requirements:
37
41
  - - ~>
38
42
  - !ruby/object:Gem::Version
@@ -40,6 +44,7 @@ dependencies:
40
44
  type: :runtime
41
45
  prerelease: false
42
46
  version_requirements: !ruby/object:Gem::Requirement
47
+ none: false
43
48
  requirements:
44
49
  - - ~>
45
50
  - !ruby/object:Gem::Version
@@ -47,6 +52,7 @@ dependencies:
47
52
  - !ruby/object:Gem::Dependency
48
53
  name: github-markup
49
54
  requirement: !ruby/object:Gem::Requirement
55
+ none: false
50
56
  requirements:
51
57
  - - ~>
52
58
  - !ruby/object:Gem::Version
@@ -54,6 +60,7 @@ dependencies:
54
60
  type: :runtime
55
61
  prerelease: false
56
62
  version_requirements: !ruby/object:Gem::Requirement
63
+ none: false
57
64
  requirements:
58
65
  - - ~>
59
66
  - !ruby/object:Gem::Version
@@ -61,6 +68,7 @@ dependencies:
61
68
  - !ruby/object:Gem::Dependency
62
69
  name: htmlentities
63
70
  requirement: !ruby/object:Gem::Requirement
71
+ none: false
64
72
  requirements:
65
73
  - - ~>
66
74
  - !ruby/object:Gem::Version
@@ -68,13 +76,31 @@ dependencies:
68
76
  type: :runtime
69
77
  prerelease: false
70
78
  version_requirements: !ruby/object:Gem::Requirement
79
+ none: false
71
80
  requirements:
72
81
  - - ~>
73
82
  - !ruby/object:Gem::Version
74
83
  version: '4.3'
84
+ - !ruby/object:Gem::Dependency
85
+ name: loofah
86
+ requirement: !ruby/object:Gem::Requirement
87
+ none: false
88
+ requirements:
89
+ - - ~>
90
+ - !ruby/object:Gem::Version
91
+ version: '1.2'
92
+ type: :runtime
93
+ prerelease: false
94
+ version_requirements: !ruby/object:Gem::Requirement
95
+ none: false
96
+ requirements:
97
+ - - ~>
98
+ - !ruby/object:Gem::Version
99
+ version: '1.2'
75
100
  - !ruby/object:Gem::Dependency
76
101
  name: minitest
77
102
  requirement: !ruby/object:Gem::Requirement
103
+ none: false
78
104
  requirements:
79
105
  - - ~>
80
106
  - !ruby/object:Gem::Version
@@ -82,6 +108,7 @@ dependencies:
82
108
  type: :development
83
109
  prerelease: false
84
110
  version_requirements: !ruby/object:Gem::Requirement
111
+ none: false
85
112
  requirements:
86
113
  - - ~>
87
114
  - !ruby/object:Gem::Version
@@ -89,6 +116,7 @@ dependencies:
89
116
  - !ruby/object:Gem::Dependency
90
117
  name: rake
91
118
  requirement: !ruby/object:Gem::Requirement
119
+ none: false
92
120
  requirements:
93
121
  - - ~>
94
122
  - !ruby/object:Gem::Version
@@ -96,6 +124,7 @@ dependencies:
96
124
  type: :development
97
125
  prerelease: false
98
126
  version_requirements: !ruby/object:Gem::Requirement
127
+ none: false
99
128
  requirements:
100
129
  - - ~>
101
130
  - !ruby/object:Gem::Version
@@ -103,6 +132,7 @@ dependencies:
103
132
  - !ruby/object:Gem::Dependency
104
133
  name: redcarpet
105
134
  requirement: !ruby/object:Gem::Requirement
135
+ none: false
106
136
  requirements:
107
137
  - - '='
108
138
  - !ruby/object:Gem::Version
@@ -110,14 +140,19 @@ dependencies:
110
140
  type: :development
111
141
  prerelease: false
112
142
  version_requirements: !ruby/object:Gem::Requirement
143
+ none: false
113
144
  requirements:
114
145
  - - '='
115
146
  - !ruby/object:Gem::Version
116
147
  version: 2.2.0
117
- description: |
118
- Makeup provides markup rendering and code highlighting. It renders all kinds of
148
+ description: ! 'Makeup provides markup rendering and code highlighting. It renders
149
+ all kinds of
150
+
119
151
  markup formats using GitHub::Markup, and implements "fenced code blocks" for
152
+
120
153
  markdown files.
154
+
155
+ '
121
156
  email:
122
157
  - christian@gitorious.org
123
158
  executables: []
@@ -127,7 +162,6 @@ files:
127
162
  - .gitignore
128
163
  - .travis.yml
129
164
  - Gemfile
130
- - Gemfile.lock
131
165
  - Rakefile
132
166
  - Readme.md
133
167
  - lib/makeup.rb
@@ -141,25 +175,32 @@ files:
141
175
  - test/test_helper.rb
142
176
  homepage: http://gitorious.org/gitorious/makeup
143
177
  licenses: []
144
- metadata: {}
145
178
  post_install_message:
146
179
  rdoc_options: []
147
180
  require_paths:
148
181
  - lib
149
182
  required_ruby_version: !ruby/object:Gem::Requirement
183
+ none: false
150
184
  requirements:
151
- - - '>='
185
+ - - ! '>='
152
186
  - !ruby/object:Gem::Version
153
187
  version: '0'
188
+ segments:
189
+ - 0
190
+ hash: -3804366775395324945
154
191
  required_rubygems_version: !ruby/object:Gem::Requirement
192
+ none: false
155
193
  requirements:
156
- - - '>='
194
+ - - ! '>='
157
195
  - !ruby/object:Gem::Version
158
196
  version: '0'
197
+ segments:
198
+ - 0
199
+ hash: -3804366775395324945
159
200
  requirements: []
160
201
  rubyforge_project: makeup
161
- rubygems_version: 2.0.3
202
+ rubygems_version: 1.8.25
162
203
  signing_key:
163
- specification_version: 4
204
+ specification_version: 3
164
205
  summary: Pretty markup
165
206
  test_files: []
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 379ce4e847dbec503944870569ff1457cbec0e2c
4
- data.tar.gz: 3629cba614b795458796194237ed7a89a70b7fe3
5
- SHA512:
6
- metadata.gz: 6de41d16b978fc8d73aaf826f6d4b3841293a43283d4e777dbbc0560f0d60610db8e43de32415ed67c49fe54abd0ea513b559d761e9ad65ab5c215dd83626f42
7
- data.tar.gz: a8861ab5ba65ef7e15d5d82d81beaa332a5bca5a6570b1b9d0e85381bef14f6fa8ef50769b5ff6657f3b777f850bb06f4428f8bb65623580bbd6a6d9dc558506
data/Gemfile.lock DELETED
@@ -1,51 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- makeup (0.4.1)
5
- github-linguist (~> 2.8)
6
- github-markup (~> 0.7)
7
- htmlentities (~> 4.3)
8
- pygments.rb (~> 0.4)
9
-
10
- GEM
11
- remote: http://rubygems.org/
12
- specs:
13
- builder (3.2.2)
14
- charlock_holmes (0.6.9.4)
15
- ci_reporter (1.9.0)
16
- builder (>= 2.1.2)
17
- escape_utils (0.3.2)
18
- github-linguist (2.8.5)
19
- charlock_holmes (~> 0.6.6)
20
- escape_utils (~> 0.3.1)
21
- mime-types (~> 1.19)
22
- pygments.rb (~> 0.4.2)
23
- github-markup (0.7.5)
24
- htmlentities (4.3.1)
25
- mime-types (1.24)
26
- minitest (2.12.1)
27
- multi_json (1.7.7)
28
- posix-spawn (0.3.6)
29
- pygments.rb (0.4.2)
30
- posix-spawn (~> 0.3.6)
31
- yajl-ruby (~> 1.1.0)
32
- rake (0.9.2.2)
33
- rcov (1.0.0)
34
- redcarpet (2.2.0)
35
- simplecov (0.7.1)
36
- multi_json (~> 1.0)
37
- simplecov-html (~> 0.7.1)
38
- simplecov-html (0.7.1)
39
- yajl-ruby (1.1.0)
40
-
41
- PLATFORMS
42
- ruby
43
-
44
- DEPENDENCIES
45
- ci_reporter
46
- makeup!
47
- minitest (~> 2.0)
48
- rake (~> 0.9)
49
- rcov
50
- redcarpet (= 2.2.0)
51
- simplecov