nokogiri 1.10.5-java → 1.10.10-java

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: db9dd50706263400b39bffa662a8f17ce6985dcc26703bd2c05583b647cf03b4
4
- data.tar.gz: e6a04af92285bedbb11d877c93422aaf382d4b39059815173e9f678f495062c0
3
+ metadata.gz: c0009aa757c5f24adc1777f12c38fe9f92ba330ab1a09a7b90c07f9de699fde8
4
+ data.tar.gz: b6e4303b1f66db490393579f326f2efa057c0a34163d26645ec54e413998d835
5
5
  SHA512:
6
- metadata.gz: d2bf182f13f6267aadf73eb5b0c450bd4adcc99c8af39ba63d782822d5e3de99a272c1bf1e9a7ae722a2f8c9fa9c5c930ba96d4bc7a606e5d73c4768fdb9acf0
7
- data.tar.gz: 123ebc8ad24bcdec9cd839059cf76d33a2b5b1d09163e4ff4f43efe8f8a5bdbc086c5d02e21ad34fc5a54457a82c0db411687f1251fa606251e70356cd64f8c0
6
+ metadata.gz: b08ec706a72a4e9c9d194ca65807bc79c713736102334b189f4ab5d6c79742e510c0d4bfbf6494abcbf7e4ba5deeb824c86d76297c9f21d743e1c3a8853da8a5
7
+ data.tar.gz: a65b8b0235672dac4762cb5d7c0ab38e6fc1ff426b4135bf6fa297f2932cf8abe4ed181c8ead804cf1f34e63f96a6dd401041a6135c2391a816335e78ce8546a
@@ -39,6 +39,7 @@ import static nokogiri.internals.NokogiriHelpers.nodeListToRubyArray;
39
39
  import java.util.Arrays;
40
40
 
41
41
  import org.jruby.Ruby;
42
+ import org.jruby.RubyArray;
42
43
  import org.jruby.RubyClass;
43
44
  import org.jruby.RubyFixnum;
44
45
  import org.jruby.RubyObject;
@@ -391,7 +392,7 @@ outer:
391
392
  }
392
393
 
393
394
  @JRubyMethod(name = {"to_a", "to_ary"})
394
- public IRubyObject to_a(ThreadContext context) {
395
+ public RubyArray to_a(ThreadContext context) {
395
396
  return context.runtime.newArrayNoCopy(nodes);
396
397
  }
397
398
 
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
133
133
  return rb_schema;
134
134
  }
135
135
 
136
+ /* Schema creation will remove and deallocate "blank" nodes.
137
+ * If those blank nodes have been exposed to Ruby, they could get freed
138
+ * out from under the VALUE pointer. This function checks to see if any of
139
+ * those nodes have been exposed to Ruby, and if so we should raise an exception.
140
+ */
141
+ static int has_blank_nodes_p(VALUE cache)
142
+ {
143
+ long i;
144
+
145
+ if (NIL_P(cache)) {
146
+ return 0;
147
+ }
148
+
149
+ for (i = 0; i < RARRAY_LEN(cache); i++) {
150
+ xmlNodePtr node;
151
+ VALUE element = rb_ary_entry(cache, i);
152
+ Data_Get_Struct(element, xmlNode, node);
153
+ if (xmlIsBlankNode(node)) {
154
+ return 1;
155
+ }
156
+ }
157
+
158
+ return 0;
159
+ }
160
+
136
161
  /*
137
162
  * call-seq:
138
163
  * from_document(doc)
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
152
177
  /* In case someone passes us a node. ugh. */
153
178
  doc = doc->doc;
154
179
 
180
+ if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
181
+ rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
182
+ }
183
+
155
184
  ctx = xmlSchemaNewDocParserCtxt(doc);
156
185
 
157
186
  errors = rb_ary_new();
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = "1.10.5"
3
+ VERSION = "1.10.10"
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.5
4
+ version: 1.10.10
5
5
  platform: java
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-10-31 00:00:00.000000000 Z
17
+ date: 2020-07-06 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  requirement: !ruby/object:Gem::Requirement
@@ -133,7 +133,7 @@ dependencies:
133
133
  requirements:
134
134
  - - "~>"
135
135
  - !ruby/object:Gem::Version
136
- version: 1.0.3
136
+ version: 1.1.0
137
137
  name: rake-compiler
138
138
  prerelease: false
139
139
  type: :development
@@ -141,13 +141,13 @@ dependencies:
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: 1.0.3
144
+ version: 1.1.0
145
145
  - !ruby/object:Gem::Dependency
146
146
  requirement: !ruby/object:Gem::Requirement
147
147
  requirements:
148
148
  - - "~>"
149
149
  - !ruby/object:Gem::Version
150
- version: 0.7.0
150
+ version: '1.0'
151
151
  name: rake-compiler-dock
152
152
  prerelease: false
153
153
  type: :development
@@ -155,7 +155,7 @@ dependencies:
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: 0.7.0
158
+ version: '1.0'
159
159
  - !ruby/object:Gem::Dependency
160
160
  requirement: !ruby/object:Gem::Requirement
161
161
  requirements:
@@ -223,7 +223,7 @@ dependencies:
223
223
  requirements:
224
224
  - - "~>"
225
225
  - !ruby/object:Gem::Version
226
- version: '3.18'
226
+ version: '3.22'
227
227
  name: hoe
228
228
  prerelease: false
229
229
  type: :development
@@ -231,7 +231,7 @@ dependencies:
231
231
  requirements:
232
232
  - - "~>"
233
233
  - !ruby/object:Gem::Version
234
- version: '3.18'
234
+ version: '3.22'
235
235
  description: |-
236
236
  Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
237
237
  Nokogiri's many features is the ability to search documents via XPath
@@ -522,13 +522,15 @@ files:
522
522
  - lib/xercesImpl.jar
523
523
  - lib/xml-apis.jar
524
524
  - lib/xsd/xmlparser/nokogiri.rb
525
- - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
526
- - patches/libxml2/0002-Remove-script-macro-support.patch
527
- - patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
528
- homepage:
525
+ homepage: https://nokogiri.org
529
526
  licenses:
530
527
  - MIT
531
- metadata: {}
528
+ metadata:
529
+ homepage_uri: https://nokogiri.org
530
+ bug_tracker_uri: https://github.com/sparklemotion/nokogiri/issues
531
+ documentation_uri: https://nokogiri.org/rdoc/index.html
532
+ changelog_uri: https://nokogiri.org/CHANGELOG.html
533
+ source_code_uri: https://github.com/sparklemotion/nokogiri
532
534
  post_install_message:
533
535
  rdoc_options:
534
536
  - "--main"
@@ -547,7 +549,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
547
549
  version: '0'
548
550
  requirements: []
549
551
  rubyforge_project:
550
- rubygems_version: 2.7.6
552
+ rubygems_version: 2.7.10
551
553
  signing_key:
552
554
  specification_version: 4
553
555
  summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
@@ -1,78 +0,0 @@
1
- From c5538465c08a8ea248a370bf55bc39cd3385e4af Mon Sep 17 00:00:00 2001
2
- From: Mike Dalessio <mike.dalessio@gmail.com>
3
- Date: Thu, 29 Mar 2018 14:09:00 -0400
4
- Subject: [PATCH] Revert "Do not URI escape in server side includes"
5
-
6
- This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
7
- ---
8
- HTMLtree.c | 49 +++++++++++--------------------------------------
9
- 1 file changed, 11 insertions(+), 38 deletions(-)
10
-
11
- diff --git a/HTMLtree.c b/HTMLtree.c
12
- index 2fd0c9c..67160c5 100644
13
- --- a/HTMLtree.c
14
- +++ b/HTMLtree.c
15
- @@ -717,49 +717,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
16
- (!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
17
- ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
18
- (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
19
- + xmlChar *escaped;
20
- xmlChar *tmp = value;
21
- - /* xmlURIEscapeStr() escapes '"' so it can be safely used. */
22
- - xmlBufCCat(buf->buffer, "\"");
23
-
24
- while (IS_BLANK_CH(*tmp)) tmp++;
25
-
26
- - /* URI Escape everything, except server side includes. */
27
- - for ( ; ; ) {
28
- - xmlChar *escaped;
29
- - xmlChar endChar;
30
- - xmlChar *end = NULL;
31
- - xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
32
- - if (start != NULL) {
33
- - end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
34
- - if (end != NULL) {
35
- - *start = '\0';
36
- - }
37
- - }
38
- -
39
- - /* Escape the whole string, or until start (set to '\0'). */
40
- - escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
41
- - if (escaped != NULL) {
42
- - xmlBufCat(buf->buffer, escaped);
43
- - xmlFree(escaped);
44
- - } else {
45
- - xmlBufCat(buf->buffer, tmp);
46
- - }
47
- -
48
- - if (end == NULL) { /* Everything has been written. */
49
- - break;
50
- - }
51
- -
52
- - /* Do not escape anything within server side includes. */
53
- - *start = '<'; /* Restore the first character of "<!--". */
54
- - end += 3; /* strlen("-->") */
55
- - endChar = *end;
56
- - *end = '\0';
57
- - xmlBufCat(buf->buffer, start);
58
- - *end = endChar;
59
- - tmp = end;
60
- + /*
61
- + * the < and > have already been escaped at the entity level
62
- + * And doing so here breaks server side includes
63
- + */
64
- + escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
65
- + if (escaped != NULL) {
66
- + xmlBufWriteQuotedString(buf->buffer, escaped);
67
- + xmlFree(escaped);
68
- + } else {
69
- + xmlBufWriteQuotedString(buf->buffer, value);
70
- }
71
- -
72
- - xmlBufCCat(buf->buffer, "\"");
73
- } else {
74
- xmlBufWriteQuotedString(buf->buffer, value);
75
- }
76
- --
77
- 2.9.5
78
-
@@ -1,40 +0,0 @@
1
- From 27e4aa8d885e47a296ea78d114dbbe8fc7aa3508 Mon Sep 17 00:00:00 2001
2
- From: Kevin Solorio <soloriok@gmail.com>
3
- Date: Fri, 1 Feb 2019 14:32:42 -0800
4
- Subject: [PATCH] Revert-support-html-h-b-7-1
5
-
6
- ---
7
- entities.c | 17 -----------------
8
- 1 file changed, 17 deletions(-)
9
-
10
- diff --git a/entities.c b/entities.c
11
- index 43549bc5..82652f6d 100644
12
- --- a/entities.c
13
- +++ b/entities.c
14
- @@ -623,23 +623,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
15
- *out++ = 't';
16
- *out++ = ';';
17
- } else if (*cur == '&') {
18
- - /*
19
- - * Special handling of &{...} construct from HTML 4, see
20
- - * http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1
21
- - */
22
- - if (html && attr && (cur[1] == '{') &&
23
- - (strchr((const char *) cur, '}'))) {
24
- - while (*cur != '}') {
25
- - *out++ = *cur++;
26
- - indx = out - buffer;
27
- - if (indx + 100 > buffer_size) {
28
- - growBufferReentrant();
29
- - out = &buffer[indx];
30
- - }
31
- - }
32
- - *out++ = *cur++;
33
- - continue;
34
- - }
35
- *out++ = '&';
36
- *out++ = 'a';
37
- *out++ = 'm';
38
- --
39
- 2.16.2
40
-
@@ -1,44 +0,0 @@
1
- From ffc08467744bd2305d41ca882c37fa30adf3a067 Mon Sep 17 00:00:00 2001
2
- From: Kevin Solorio <soloriok@gmail.com>
3
- Date: Wed, 27 Feb 2019 14:34:17 -0800
4
- Subject: [PATCH 2/2] update entities.c to remove handling of ssi
5
-
6
- ---
7
- entities.c | 21 ---------------------
8
- 1 file changed, 21 deletions(-)
9
-
10
- diff --git a/entities.c b/entities.c
11
- index 43549bc5..5c4a2a60 100644
12
- --- a/entities.c
13
- +++ b/entities.c
14
- @@ -592,27 +592,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
15
- * By default one have to encode at least '<', '>', '"' and '&' !
16
- */
17
- if (*cur == '<') {
18
- - const xmlChar *end;
19
- -
20
- - /*
21
- - * Special handling of server side include in HTML attributes
22
- - */
23
- - if (html && attr &&
24
- - (cur[1] == '!') && (cur[2] == '-') && (cur[3] == '-') &&
25
- - ((end = xmlStrstr(cur, BAD_CAST "-->")) != NULL)) {
26
- - while (cur != end) {
27
- - *out++ = *cur++;
28
- - indx = out - buffer;
29
- - if (indx + 100 > buffer_size) {
30
- - growBufferReentrant();
31
- - out = &buffer[indx];
32
- - }
33
- - }
34
- - *out++ = *cur++;
35
- - *out++ = *cur++;
36
- - *out++ = *cur++;
37
- - continue;
38
- - }
39
- *out++ = '&';
40
- *out++ = 'l';
41
- *out++ = 't';
42
- --
43
- 2.16.2
44
-