qiita-markdown 0.19.0 → 0.19.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of qiita-markdown might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/qiita/markdown/filters/user_input_sanitizer.rb +3 -0
  4. data/lib/qiita/markdown/version.rb +1 -1
  5. data/spec/qiita/markdown/processor_spec.rb +22 -0
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 83c8da2e7dd55be72fce627ec6b14cb23362346e
4
- data.tar.gz: 5752e8dae6fbbd5c9f9f94dc3e4a4320b9d222fa
3
+ metadata.gz: 3eb75a91593610b1dd442a8d9acfc482e987ffc5
4
+ data.tar.gz: 8ec204270a2308ee5999c2b163e31c199c866e21
5
5
  SHA512:
6
- metadata.gz: 885e5a8cc2397dfedbe970b5f85e8dc952275986912149c3a24a1068b32b1c0922b7d1fb9a19db93133410d130ccbe4cda3d45218dc15bbc9b43baf5070cf0bb
7
- data.tar.gz: f2a6c4b200eb88f247c16a4d87b4807a083042050e862a58fb7392bfbb25428f7a710ba3c1d1bf67fff0c02f1a1ff2e9fc443107f4f2a987e7147d4b5a965ab1
6
+ metadata.gz: 61dc32d46b01408c08f07b480554ad346ef96ff629d68140c16592a5a77f90163fd5331fca5b4d206ad92aeff330bcb5d4b3e9ce4d8b9b9584329a8085e58a80
7
+ data.tar.gz: b5f84f32227113bfbb6a1b71f85f7a5fcd5e906dea4a177f9916ec533523bc9399f83d794f8a2f351b46fae64d03e82f47e950135d460db8ab71600758515bb6
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  ## Unreleased
2
2
 
3
+ ## 0.19.1
4
+
5
+ - Add missing sanitization for `<div>` class attribute
6
+
3
7
  ## 0.19.0
4
8
 
5
9
  - Drop 2.0 and 2.1 from support Ruby versions
data/lib/qiita/markdown/filters/user_input_sanitizer.rb CHANGED
@@ -10,6 +10,9 @@ module Qiita
10
10
  "rel" => %w[footnote url],
11
11
  "rev" => %w[footnote],
12
12
  },
13
+ "div" => {
14
+ "class" => %w[footnotes],
15
+ },
13
16
  "sup" => {
14
17
  "id" => /\Afnref\d+\z/,
15
18
  },
data/lib/qiita/markdown/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Qiita
2
2
  module Markdown
3
- VERSION = "0.19.0"
3
+ VERSION = "0.19.1"
4
4
  end
5
5
  end
data/spec/qiita/markdown/processor_spec.rb CHANGED
@@ -1124,6 +1124,28 @@ describe Qiita::Markdown::Processor do
1124
1124
  end
1125
1125
  end
1126
1126
  end
1127
+
1128
+ context "with class attribute for <div> tag" do
1129
+ let(:markdown) do
1130
+ <<-EOS.strip_heredoc
1131
+ <div class="footnotes malicious-class">foo</div>
1132
+ EOS
1133
+ end
1134
+
1135
+ if allowed
1136
+ it "does not sanitize the classes" do
1137
+ should eq <<-EOS.strip_heredoc
1138
+ <div class="footnotes malicious-class">foo</div>
1139
+ EOS
1140
+ end
1141
+ else
1142
+ it "sanitizes classes except `footnotes`" do
1143
+ should eq <<-EOS.strip_heredoc
1144
+ <div class="footnotes">foo</div>
1145
+ EOS
1146
+ end
1147
+ end
1148
+ end
1127
1149
  end
1128
1150
 
1129
1151
  context "without script and strict context" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qiita-markdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.19.0
4
+ version: 0.19.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryo Nakamura