nokogiri 1.10.5-java → 1.10.10-java
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ext/java/nokogiri/XmlNodeSet.java +2 -1
- data/ext/nokogiri/xml_schema.c +29 -0
- data/lib/nokogiri/nokogiri.jar +0 -0
- data/lib/nokogiri/version.rb +1 -1
- metadata +16 -14
- data/patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch +0 -78
- data/patches/libxml2/0002-Remove-script-macro-support.patch +0 -40
- data/patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch +0 -44
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c0009aa757c5f24adc1777f12c38fe9f92ba330ab1a09a7b90c07f9de699fde8
|
4
|
+
data.tar.gz: b6e4303b1f66db490393579f326f2efa057c0a34163d26645ec54e413998d835
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b08ec706a72a4e9c9d194ca65807bc79c713736102334b189f4ab5d6c79742e510c0d4bfbf6494abcbf7e4ba5deeb824c86d76297c9f21d743e1c3a8853da8a5
|
7
|
+
data.tar.gz: a65b8b0235672dac4762cb5d7c0ab38e6fc1ff426b4135bf6fa297f2932cf8abe4ed181c8ead804cf1f34e63f96a6dd401041a6135c2391a816335e78ce8546a
|
@@ -39,6 +39,7 @@ import static nokogiri.internals.NokogiriHelpers.nodeListToRubyArray;
|
|
39
39
|
import java.util.Arrays;
|
40
40
|
|
41
41
|
import org.jruby.Ruby;
|
42
|
+
import org.jruby.RubyArray;
|
42
43
|
import org.jruby.RubyClass;
|
43
44
|
import org.jruby.RubyFixnum;
|
44
45
|
import org.jruby.RubyObject;
|
@@ -391,7 +392,7 @@ outer:
|
|
391
392
|
}
|
392
393
|
|
393
394
|
@JRubyMethod(name = {"to_a", "to_ary"})
|
394
|
-
public
|
395
|
+
public RubyArray to_a(ThreadContext context) {
|
395
396
|
return context.runtime.newArrayNoCopy(nodes);
|
396
397
|
}
|
397
398
|
|
data/ext/nokogiri/xml_schema.c
CHANGED
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
|
|
133
133
|
return rb_schema;
|
134
134
|
}
|
135
135
|
|
136
|
+
/* Schema creation will remove and deallocate "blank" nodes.
|
137
|
+
* If those blank nodes have been exposed to Ruby, they could get freed
|
138
|
+
* out from under the VALUE pointer. This function checks to see if any of
|
139
|
+
* those nodes have been exposed to Ruby, and if so we should raise an exception.
|
140
|
+
*/
|
141
|
+
static int has_blank_nodes_p(VALUE cache)
|
142
|
+
{
|
143
|
+
long i;
|
144
|
+
|
145
|
+
if (NIL_P(cache)) {
|
146
|
+
return 0;
|
147
|
+
}
|
148
|
+
|
149
|
+
for (i = 0; i < RARRAY_LEN(cache); i++) {
|
150
|
+
xmlNodePtr node;
|
151
|
+
VALUE element = rb_ary_entry(cache, i);
|
152
|
+
Data_Get_Struct(element, xmlNode, node);
|
153
|
+
if (xmlIsBlankNode(node)) {
|
154
|
+
return 1;
|
155
|
+
}
|
156
|
+
}
|
157
|
+
|
158
|
+
return 0;
|
159
|
+
}
|
160
|
+
|
136
161
|
/*
|
137
162
|
* call-seq:
|
138
163
|
* from_document(doc)
|
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
|
|
152
177
|
/* In case someone passes us a node. ugh. */
|
153
178
|
doc = doc->doc;
|
154
179
|
|
180
|
+
if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
|
181
|
+
rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
|
182
|
+
}
|
183
|
+
|
155
184
|
ctx = xmlSchemaNewDocParserCtxt(doc);
|
156
185
|
|
157
186
|
errors = rb_ary_new();
|
data/lib/nokogiri/nokogiri.jar
CHANGED
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.10.
|
4
|
+
version: 1.10.10
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Aaron Patterson
|
@@ -14,7 +14,7 @@ authors:
|
|
14
14
|
autorequire:
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
|
-
date:
|
17
|
+
date: 2020-07-06 00:00:00.000000000 Z
|
18
18
|
dependencies:
|
19
19
|
- !ruby/object:Gem::Dependency
|
20
20
|
requirement: !ruby/object:Gem::Requirement
|
@@ -133,7 +133,7 @@ dependencies:
|
|
133
133
|
requirements:
|
134
134
|
- - "~>"
|
135
135
|
- !ruby/object:Gem::Version
|
136
|
-
version: 1.0
|
136
|
+
version: 1.1.0
|
137
137
|
name: rake-compiler
|
138
138
|
prerelease: false
|
139
139
|
type: :development
|
@@ -141,13 +141,13 @@ dependencies:
|
|
141
141
|
requirements:
|
142
142
|
- - "~>"
|
143
143
|
- !ruby/object:Gem::Version
|
144
|
-
version: 1.0
|
144
|
+
version: 1.1.0
|
145
145
|
- !ruby/object:Gem::Dependency
|
146
146
|
requirement: !ruby/object:Gem::Requirement
|
147
147
|
requirements:
|
148
148
|
- - "~>"
|
149
149
|
- !ruby/object:Gem::Version
|
150
|
-
version:
|
150
|
+
version: '1.0'
|
151
151
|
name: rake-compiler-dock
|
152
152
|
prerelease: false
|
153
153
|
type: :development
|
@@ -155,7 +155,7 @@ dependencies:
|
|
155
155
|
requirements:
|
156
156
|
- - "~>"
|
157
157
|
- !ruby/object:Gem::Version
|
158
|
-
version:
|
158
|
+
version: '1.0'
|
159
159
|
- !ruby/object:Gem::Dependency
|
160
160
|
requirement: !ruby/object:Gem::Requirement
|
161
161
|
requirements:
|
@@ -223,7 +223,7 @@ dependencies:
|
|
223
223
|
requirements:
|
224
224
|
- - "~>"
|
225
225
|
- !ruby/object:Gem::Version
|
226
|
-
version: '3.
|
226
|
+
version: '3.22'
|
227
227
|
name: hoe
|
228
228
|
prerelease: false
|
229
229
|
type: :development
|
@@ -231,7 +231,7 @@ dependencies:
|
|
231
231
|
requirements:
|
232
232
|
- - "~>"
|
233
233
|
- !ruby/object:Gem::Version
|
234
|
-
version: '3.
|
234
|
+
version: '3.22'
|
235
235
|
description: |-
|
236
236
|
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
|
237
237
|
Nokogiri's many features is the ability to search documents via XPath
|
@@ -522,13 +522,15 @@ files:
|
|
522
522
|
- lib/xercesImpl.jar
|
523
523
|
- lib/xml-apis.jar
|
524
524
|
- lib/xsd/xmlparser/nokogiri.rb
|
525
|
-
|
526
|
-
- patches/libxml2/0002-Remove-script-macro-support.patch
|
527
|
-
- patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
|
528
|
-
homepage:
|
525
|
+
homepage: https://nokogiri.org
|
529
526
|
licenses:
|
530
527
|
- MIT
|
531
|
-
metadata:
|
528
|
+
metadata:
|
529
|
+
homepage_uri: https://nokogiri.org
|
530
|
+
bug_tracker_uri: https://github.com/sparklemotion/nokogiri/issues
|
531
|
+
documentation_uri: https://nokogiri.org/rdoc/index.html
|
532
|
+
changelog_uri: https://nokogiri.org/CHANGELOG.html
|
533
|
+
source_code_uri: https://github.com/sparklemotion/nokogiri
|
532
534
|
post_install_message:
|
533
535
|
rdoc_options:
|
534
536
|
- "--main"
|
@@ -547,7 +549,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
547
549
|
version: '0'
|
548
550
|
requirements: []
|
549
551
|
rubyforge_project:
|
550
|
-
rubygems_version: 2.7.
|
552
|
+
rubygems_version: 2.7.10
|
551
553
|
signing_key:
|
552
554
|
specification_version: 4
|
553
555
|
summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
|
@@ -1,78 +0,0 @@
|
|
1
|
-
From c5538465c08a8ea248a370bf55bc39cd3385e4af Mon Sep 17 00:00:00 2001
|
2
|
-
From: Mike Dalessio <mike.dalessio@gmail.com>
|
3
|
-
Date: Thu, 29 Mar 2018 14:09:00 -0400
|
4
|
-
Subject: [PATCH] Revert "Do not URI escape in server side includes"
|
5
|
-
|
6
|
-
This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
|
7
|
-
---
|
8
|
-
HTMLtree.c | 49 +++++++++++--------------------------------------
|
9
|
-
1 file changed, 11 insertions(+), 38 deletions(-)
|
10
|
-
|
11
|
-
diff --git a/HTMLtree.c b/HTMLtree.c
|
12
|
-
index 2fd0c9c..67160c5 100644
|
13
|
-
--- a/HTMLtree.c
|
14
|
-
+++ b/HTMLtree.c
|
15
|
-
@@ -717,49 +717,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
|
16
|
-
(!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
|
17
|
-
((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
|
18
|
-
(!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
|
19
|
-
+ xmlChar *escaped;
|
20
|
-
xmlChar *tmp = value;
|
21
|
-
- /* xmlURIEscapeStr() escapes '"' so it can be safely used. */
|
22
|
-
- xmlBufCCat(buf->buffer, "\"");
|
23
|
-
|
24
|
-
while (IS_BLANK_CH(*tmp)) tmp++;
|
25
|
-
|
26
|
-
- /* URI Escape everything, except server side includes. */
|
27
|
-
- for ( ; ; ) {
|
28
|
-
- xmlChar *escaped;
|
29
|
-
- xmlChar endChar;
|
30
|
-
- xmlChar *end = NULL;
|
31
|
-
- xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
|
32
|
-
- if (start != NULL) {
|
33
|
-
- end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
|
34
|
-
- if (end != NULL) {
|
35
|
-
- *start = '\0';
|
36
|
-
- }
|
37
|
-
- }
|
38
|
-
-
|
39
|
-
- /* Escape the whole string, or until start (set to '\0'). */
|
40
|
-
- escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
|
41
|
-
- if (escaped != NULL) {
|
42
|
-
- xmlBufCat(buf->buffer, escaped);
|
43
|
-
- xmlFree(escaped);
|
44
|
-
- } else {
|
45
|
-
- xmlBufCat(buf->buffer, tmp);
|
46
|
-
- }
|
47
|
-
-
|
48
|
-
- if (end == NULL) { /* Everything has been written. */
|
49
|
-
- break;
|
50
|
-
- }
|
51
|
-
-
|
52
|
-
- /* Do not escape anything within server side includes. */
|
53
|
-
- *start = '<'; /* Restore the first character of "<!--". */
|
54
|
-
- end += 3; /* strlen("-->") */
|
55
|
-
- endChar = *end;
|
56
|
-
- *end = '\0';
|
57
|
-
- xmlBufCat(buf->buffer, start);
|
58
|
-
- *end = endChar;
|
59
|
-
- tmp = end;
|
60
|
-
+ /*
|
61
|
-
+ * the < and > have already been escaped at the entity level
|
62
|
-
+ * And doing so here breaks server side includes
|
63
|
-
+ */
|
64
|
-
+ escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
|
65
|
-
+ if (escaped != NULL) {
|
66
|
-
+ xmlBufWriteQuotedString(buf->buffer, escaped);
|
67
|
-
+ xmlFree(escaped);
|
68
|
-
+ } else {
|
69
|
-
+ xmlBufWriteQuotedString(buf->buffer, value);
|
70
|
-
}
|
71
|
-
-
|
72
|
-
- xmlBufCCat(buf->buffer, "\"");
|
73
|
-
} else {
|
74
|
-
xmlBufWriteQuotedString(buf->buffer, value);
|
75
|
-
}
|
76
|
-
--
|
77
|
-
2.9.5
|
78
|
-
|
@@ -1,40 +0,0 @@
|
|
1
|
-
From 27e4aa8d885e47a296ea78d114dbbe8fc7aa3508 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Kevin Solorio <soloriok@gmail.com>
|
3
|
-
Date: Fri, 1 Feb 2019 14:32:42 -0800
|
4
|
-
Subject: [PATCH] Revert-support-html-h-b-7-1
|
5
|
-
|
6
|
-
---
|
7
|
-
entities.c | 17 -----------------
|
8
|
-
1 file changed, 17 deletions(-)
|
9
|
-
|
10
|
-
diff --git a/entities.c b/entities.c
|
11
|
-
index 43549bc5..82652f6d 100644
|
12
|
-
--- a/entities.c
|
13
|
-
+++ b/entities.c
|
14
|
-
@@ -623,23 +623,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
|
15
|
-
*out++ = 't';
|
16
|
-
*out++ = ';';
|
17
|
-
} else if (*cur == '&') {
|
18
|
-
- /*
|
19
|
-
- * Special handling of &{...} construct from HTML 4, see
|
20
|
-
- * http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1
|
21
|
-
- */
|
22
|
-
- if (html && attr && (cur[1] == '{') &&
|
23
|
-
- (strchr((const char *) cur, '}'))) {
|
24
|
-
- while (*cur != '}') {
|
25
|
-
- *out++ = *cur++;
|
26
|
-
- indx = out - buffer;
|
27
|
-
- if (indx + 100 > buffer_size) {
|
28
|
-
- growBufferReentrant();
|
29
|
-
- out = &buffer[indx];
|
30
|
-
- }
|
31
|
-
- }
|
32
|
-
- *out++ = *cur++;
|
33
|
-
- continue;
|
34
|
-
- }
|
35
|
-
*out++ = '&';
|
36
|
-
*out++ = 'a';
|
37
|
-
*out++ = 'm';
|
38
|
-
--
|
39
|
-
2.16.2
|
40
|
-
|
@@ -1,44 +0,0 @@
|
|
1
|
-
From ffc08467744bd2305d41ca882c37fa30adf3a067 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Kevin Solorio <soloriok@gmail.com>
|
3
|
-
Date: Wed, 27 Feb 2019 14:34:17 -0800
|
4
|
-
Subject: [PATCH 2/2] update entities.c to remove handling of ssi
|
5
|
-
|
6
|
-
---
|
7
|
-
entities.c | 21 ---------------------
|
8
|
-
1 file changed, 21 deletions(-)
|
9
|
-
|
10
|
-
diff --git a/entities.c b/entities.c
|
11
|
-
index 43549bc5..5c4a2a60 100644
|
12
|
-
--- a/entities.c
|
13
|
-
+++ b/entities.c
|
14
|
-
@@ -592,27 +592,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
|
15
|
-
* By default one have to encode at least '<', '>', '"' and '&' !
|
16
|
-
*/
|
17
|
-
if (*cur == '<') {
|
18
|
-
- const xmlChar *end;
|
19
|
-
-
|
20
|
-
- /*
|
21
|
-
- * Special handling of server side include in HTML attributes
|
22
|
-
- */
|
23
|
-
- if (html && attr &&
|
24
|
-
- (cur[1] == '!') && (cur[2] == '-') && (cur[3] == '-') &&
|
25
|
-
- ((end = xmlStrstr(cur, BAD_CAST "-->")) != NULL)) {
|
26
|
-
- while (cur != end) {
|
27
|
-
- *out++ = *cur++;
|
28
|
-
- indx = out - buffer;
|
29
|
-
- if (indx + 100 > buffer_size) {
|
30
|
-
- growBufferReentrant();
|
31
|
-
- out = &buffer[indx];
|
32
|
-
- }
|
33
|
-
- }
|
34
|
-
- *out++ = *cur++;
|
35
|
-
- *out++ = *cur++;
|
36
|
-
- *out++ = *cur++;
|
37
|
-
- continue;
|
38
|
-
- }
|
39
|
-
*out++ = '&';
|
40
|
-
*out++ = 'l';
|
41
|
-
*out++ = 't';
|
42
|
-
--
|
43
|
-
2.16.2
|
44
|
-
|