qiita-markdown 0.23.0 → 0.28.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of qiita-markdown might be problematic. Click here for more details.

Files changed (16) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +21 -0
  3. data/lib/qiita/markdown.rb +1 -0
  4. data/lib/qiita/markdown/embed/asciinema.rb +9 -0
  5. data/lib/qiita/markdown/embed/code_pen.rb +14 -2
  6. data/lib/qiita/markdown/embed/tweet.rb +5 -0
  7. data/lib/qiita/markdown/filters/final_sanitizer.rb +1 -0
  8. data/lib/qiita/markdown/filters/user_input_sanitizer.rb +2 -2
  9. data/lib/qiita/markdown/greenmat/html_toc_renderer.rb +6 -0
  10. data/lib/qiita/markdown/transformers/filter_attributes.rb +1 -1
  11. data/lib/qiita/markdown/transformers/filter_script.rb +14 -4
  12. data/lib/qiita/markdown/version.rb +1 -1
  13. data/qiita-markdown.gemspec +2 -2
  14. data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb +32 -12
  15. data/spec/qiita/markdown/processor_spec.rb +247 -187
  16. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 16c43409c5b2bdceefb568344cf9280e7d1e50b2
4
- data.tar.gz: f4225f554071f1e8c8c339248f08b3ef5253be46
2
+ SHA256:
3
+ metadata.gz: db1f661355f65d7ca159db9a954a74002a39cb996e573aa483384edf7fb6f68c
4
+ data.tar.gz: b2e6bce2f3f66af7e5238515e4f082abeedf86b90b886aacaa8ce45b7655e942
5
5
  SHA512:
6
- metadata.gz: 5a9edc2d4826bfefd294ad32cf556fbb6985ac94d4e91a435a9513f6aec51c1a58bc435eebd45350e275ad1e5314c188c0e56bd3d56bc6130d9fcbe18f72ba6e
7
- data.tar.gz: 2da9ab1ee70db812a391875522e53606991f177d1f66b7da80192b9db1bbda9cc83d101cb6b01fd292c6dc405b35ccac4cc01a694d7f872b9e7ae5b01bc19155
6
+ metadata.gz: 9784da7558dbe61bcc6f4e3e923c3286f4954c9632b892997c3816b1e366844420cd8280ae432b8a6a85ec3dff543dd31aaf2690f6b2ed20ae862f9d756fb74c
7
+ data.tar.gz: d1c1920577d61ba16cec374c16feaa9804e862b61e2653dfe99470b9832c66dc3d6c4969a8559b718bc3e0adf85b5e55aeb35604b01909a3c93b558a816e11e3
data/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  ## Unreleased
2
2
 
3
+ ## 0.28.0
4
+
5
+ - Accept new codepen script url (cpwebassets.codepen.io)
6
+
7
+ ## 0.27.0
8
+
9
+ - Support embed Asciinema
10
+
11
+ ## 0.26.0
12
+
13
+ - Use greenmat 3.2.2.4
14
+
15
+ ## 0.25.0
16
+
17
+ - Accept new codepen script url (static.codepen.io)
18
+
19
+ ## 0.24.0
20
+
21
+ - Fix to strip HTML tags in ToC
22
+ - Allow to use data-\* attributes when embedding Tweet and CodePen
23
+
3
24
  ## 0.23.0
4
25
 
5
26
  - Support embed Tweet
data/lib/qiita/markdown.rb CHANGED
@@ -9,6 +9,7 @@ require "sanitize"
9
9
 
10
10
  require "qiita/markdown/embed/code_pen"
11
11
  require "qiita/markdown/embed/tweet"
12
+ require "qiita/markdown/embed/asciinema"
12
13
  require "qiita/markdown/transformers/filter_attributes"
13
14
  require "qiita/markdown/transformers/filter_script"
14
15
  require "qiita/markdown/transformers/strip_invalid_node"
data/lib/qiita/markdown/embed/asciinema.rb ADDED
@@ -0,0 +1,9 @@
1
+ module Qiita
2
+ module Markdown
3
+ module Embed
4
+ module Asciinema
5
+ SCRIPT_HOST = "asciinema.org".freeze
6
+ end
7
+ end
8
+ end
9
+ end
data/lib/qiita/markdown/embed/code_pen.rb CHANGED
@@ -2,8 +2,20 @@ module Qiita
2
2
  module Markdown
3
3
  module Embed
4
4
  module CodePen
5
- SCRIPT_URL = "https://production-assets.codepen.io/assets/embed/ei.js"
6
- ATTRIBUTES = %w[class data-embed-version data-slug-hash]
5
+ SCRIPT_URLS = [
6
+ "https://production-assets.codepen.io/assets/embed/ei.js",
7
+ "https://static.codepen.io/assets/embed/ei.js",
8
+ "https://cpwebassets.codepen.io/assets/embed/ei.js",
9
+ ]
10
+ CLASS_NAME = %w[codepen]
11
+ DATA_ATTRIBUTES = %w[
12
+ data-active-link-color data-active-tab-color data-animations data-border
13
+ data-border-color data-class data-custom-css-url data-default-tab
14
+ data-embed-version data-height data-link-logo-color data-pen-title
15
+ data-preview data-rerun-position data-show-tab-bar data-slug-hash
16
+ data-tab-bar-color data-tab-link-color data-theme-id data-user
17
+ ]
18
+ ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
7
19
  end
8
20
  end
9
21
  end
data/lib/qiita/markdown/embed/tweet.rb CHANGED
@@ -4,6 +4,11 @@ module Qiita
4
4
  module Tweet
5
5
  SCRIPT_URL = "https://platform.twitter.com/widgets.js"
6
6
  CLASS_NAME = %w[twitter-tweet]
7
+ DATA_ATTRIBUTES = %w[
8
+ data-align data-cards data-conversation data-dnt
9
+ data-id data-lang data-link-color data-theme data-width
10
+ ]
11
+ ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
7
12
  end
8
13
  end
9
14
  end
data/lib/qiita/markdown/filters/final_sanitizer.rb CHANGED
@@ -18,6 +18,7 @@ module Qiita
18
18
  "href",
19
19
  "rel",
20
20
  ],
21
+ "blockquote" => Embed::Tweet::ATTRIBUTES,
21
22
  "iframe" => [
22
23
  "allowfullscreen",
23
24
  "frameborder",
data/lib/qiita/markdown/filters/user_input_sanitizer.rb CHANGED
@@ -11,7 +11,7 @@ module Qiita
11
11
  ],
12
12
  attributes: {
13
13
  "a" => %w[class href rel title],
14
- "blockquote" => %w[cite class],
14
+ "blockquote" => %w[cite] + Embed::Tweet::ATTRIBUTES,
15
15
  "code" => %w[data-metadata],
16
16
  "div" => %w[class],
17
17
  "font" => %w[color],
@@ -26,7 +26,7 @@ module Qiita
26
26
  "li" => %w[id],
27
27
  "p" => Embed::CodePen::ATTRIBUTES,
28
28
  "q" => %w[cite],
29
- "script" => %w[async src],
29
+ "script" => %w[async src id],
30
30
  "sup" => %w[id],
31
31
  "td" => %w[colspan rowspan style],
32
32
  "th" => %w[colspan rowspan style],
data/lib/qiita/markdown/greenmat/html_toc_renderer.rb CHANGED
@@ -65,6 +65,12 @@ module Qiita
65
65
  def increment
66
66
  counter[id] += 1
67
67
  end
68
+
69
+ private
70
+
71
+ def body
72
+ escape_html? ? CGI.escape_html(text) : raw_body
73
+ end
68
74
  end
69
75
  end
70
76
  end
data/lib/qiita/markdown/transformers/filter_attributes.rb CHANGED
@@ -15,7 +15,7 @@ module Qiita
15
15
  "class" => %w[footnotes],
16
16
  },
17
17
  "p" => {
18
- "class" => %w[codepen],
18
+ "class" => Embed::CodePen::CLASS_NAME,
19
19
  },
20
20
  "sup" => {
21
21
  "id" => /\Afnref\d+\z/,
data/lib/qiita/markdown/transformers/filter_script.rb CHANGED
@@ -2,10 +2,14 @@ module Qiita
2
2
  module Markdown
3
3
  module Transformers
4
4
  class FilterScript
5
- WHITE_LIST = [
6
- Embed::CodePen::SCRIPT_URL,
5
+ URL_WHITE_LIST = [
6
+ Embed::CodePen::SCRIPT_URLS,
7
7
  Embed::Tweet::SCRIPT_URL,
8
- ].freeze
8
+ ].flatten.freeze
9
+
10
+ HOST_WHITE_LIST = [
11
+ Embed::Asciinema::SCRIPT_HOST,
12
+ ].flatten.freeze
9
13
 
10
14
  def self.call(*args)
11
15
  new(*args).transform
@@ -17,7 +21,7 @@ module Qiita
17
21
 
18
22
  def transform
19
23
  if name == "script"
20
- if WHITE_LIST.include?(node["src"])
24
+ if URL_WHITE_LIST.include?(node["src"]) || HOST_WHITE_LIST.include?(host_of(node["src"]))
21
25
  node["async"] = "async" unless node.attributes.key?("async")
22
26
  node.children.unlink
23
27
  else
@@ -35,6 +39,12 @@ module Qiita
35
39
  def node
36
40
  @env[:node]
37
41
  end
42
+
43
+ def host_of(url)
44
+ Addressable::URI.parse(url).host if url
45
+ rescue Addressable::URI::InvalidURIError
46
+ nil
47
+ end
38
48
  end
39
49
  end
40
50
  end
data/lib/qiita/markdown/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Qiita
2
2
  module Markdown
3
- VERSION = "0.23.0"
3
+ VERSION = "0.28.0"
4
4
  end
5
5
  end
data/qiita-markdown.gemspec CHANGED
@@ -23,12 +23,12 @@ Gem::Specification.new do |spec|
23
23
  spec.add_dependency "html-pipeline", "~> 2.0"
24
24
  spec.add_dependency "mem"
25
25
  spec.add_dependency "pygments.rb", "~> 1.0"
26
- spec.add_dependency "greenmat", "3.2.2.3"
26
+ spec.add_dependency "greenmat", "3.2.2.4"
27
27
  spec.add_dependency "sanitize"
28
28
  spec.add_dependency "addressable"
29
29
  spec.add_development_dependency "activesupport", "4.2.6"
30
30
  spec.add_development_dependency "benchmark-ips", "~> 1.2"
31
- spec.add_development_dependency "bundler", "~> 1.7"
31
+ spec.add_development_dependency "bundler"
32
32
  spec.add_development_dependency "codeclimate-test-reporter", "0.4.4"
33
33
  spec.add_development_dependency "pry"
34
34
  spec.add_development_dependency "rake", "~> 10.0"
data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb CHANGED
@@ -117,20 +117,40 @@ describe Qiita::Markdown::Greenmat::HTMLToCRenderer do
117
117
  context "with :escape_html extension" do
118
118
  let(:extension) { { escape_html: true } }
119
119
 
120
- let(:markdown) do
121
- <<-EOS.strip_heredoc
122
- # <b>R&amp;B</b>
123
- EOS
120
+ context "with heading title including HTML tags" do
121
+ let(:markdown) do
122
+ <<-EOS.strip_heredoc
123
+ # <b>R&amp;B</b>
124
+ EOS
125
+ end
126
+
127
+ it "strips HTML characters in heading title" do
128
+ should eq <<-EOS.strip_heredoc
129
+ <ul>
130
+ <li>
131
+ <a href="#rb">R&amp;B</a>
132
+ </li>
133
+ </ul>
134
+ EOS
135
+ end
124
136
  end
125
137
 
126
- it "escapes special HTML characters in heading title" do
127
- should eq <<-EOS.strip_heredoc
128
- <ul>
129
- <li>
130
- <a href="#rb">&lt;b&gt;R&amp;amp;B&lt;/b&gt;</a>
131
- </li>
132
- </ul>
133
- EOS
138
+ context "with heading title including HTML tags inside of code" do
139
+ let(:markdown) do
140
+ <<-EOS.strip_heredoc
141
+ # `<div>`
142
+ EOS
143
+ end
144
+
145
+ it "escapes HTML tags inside of code" do
146
+ should eq <<-EOS.strip_heredoc
147
+ <ul>
148
+ <li>
149
+ <a href="#div">&lt;div&gt;</a>
150
+ </li>
151
+ </ul>
152
+ EOS
153
+ end
134
154
  end
135
155
  end
136
156
  end
data/spec/qiita/markdown/processor_spec.rb CHANGED
@@ -21,9 +21,9 @@ describe Qiita::Markdown::Processor do
21
21
  shared_examples_for "basic markdown syntax" do
22
22
  context "with valid condition" do
23
23
  let(:markdown) do
24
- <<-EOS.strip_heredoc
24
+ <<-MARKDOWN.strip_heredoc
25
25
  example
26
- EOS
26
+ MARKDOWN
27
27
  end
28
28
 
29
29
  it "returns a Hash with HTML output and other metadata" do
@@ -39,9 +39,9 @@ describe Qiita::Markdown::Processor do
39
39
  end
40
40
 
41
41
  it "sanitizes them" do
42
- should eq <<-EOS.strip_heredoc
42
+ should eq <<-HTML.strip_heredoc
43
43
  <p>&lt;&gt;&amp;</p>
44
- EOS
44
+ HTML
45
45
  end
46
46
  end
47
47
 
@@ -51,24 +51,24 @@ describe Qiita::Markdown::Processor do
51
51
  end
52
52
 
53
53
  it "replaces with mailto link" do
54
- should eq <<-EOS.strip_heredoc
54
+ should eq <<-HTML.strip_heredoc
55
55
  <p><a href="mailto:test@example.com" class="autolink">test@example.com</a></p>
56
- EOS
56
+ HTML
57
57
  end
58
58
  end
59
59
 
60
60
  context "with headings" do
61
61
  let(:markdown) do
62
- <<-EOS.strip_heredoc
62
+ <<-MARKDOWN.strip_heredoc
63
63
  # a
64
64
  ## a
65
65
  ### a
66
66
  ### a
67
- EOS
67
+ MARKDOWN
68
68
  end
69
69
 
70
70
  it "adds ID for ToC" do
71
- should eq <<-EOS.strip_heredoc
71
+ should eq <<-HTML.strip_heredoc
72
72
 
73
73
  <h1>
74
74
  <span id="a" class="fragment"></span><a href="#a"><i class="fa fa-link"></i></a>a</h1>
@@ -81,48 +81,48 @@ describe Qiita::Markdown::Processor do
81
81
 
82
82
  <h3>
83
83
  <span id="a-3" class="fragment"></span><a href="#a-3"><i class="fa fa-link"></i></a>a</h3>
84
- EOS
84
+ HTML
85
85
  end
86
86
  end
87
87
 
88
88
  context "with heading whose title includes special HTML characters" do
89
89
  let(:markdown) do
90
- <<-EOS.strip_heredoc
90
+ <<-MARKDOWN.strip_heredoc
91
91
  # <b>R&amp;B</b>
92
- EOS
92
+ MARKDOWN
93
93
  end
94
94
 
95
95
  it "generates fragment identifier by sanitizing the special characters in the title" do
96
- should eq <<-EOS.strip_heredoc
96
+ should eq <<-HTML.strip_heredoc
97
97
 
98
98
  <h1>
99
99
  <span id="rb" class="fragment"></span><a href="#rb"><i class="fa fa-link"></i></a><b>R&amp;B</b>
100
100
  </h1>
101
- EOS
101
+ HTML
102
102
  end
103
103
  end
104
104
 
105
105
  context "with manually inputted heading HTML tags without id attribute" do
106
106
  let(:markdown) do
107
- <<-EOS.strip_heredoc
107
+ <<-MARKDOWN.strip_heredoc
108
108
  <h1>foo</h1>
109
- EOS
109
+ MARKDOWN
110
110
  end
111
111
 
112
112
  it "does nothing" do
113
- should eq <<-EOS.strip_heredoc
113
+ should eq <<-HTML.strip_heredoc
114
114
  <h1>foo</h1>
115
- EOS
115
+ HTML
116
116
  end
117
117
  end
118
118
 
119
119
  context "with code" do
120
120
  let(:markdown) do
121
- <<-EOS.strip_heredoc
121
+ <<-MARKDOWN.strip_heredoc
122
122
  ```foo.rb
123
123
  puts 'hello world'
124
124
  ```
125
- EOS
125
+ MARKDOWN
126
126
  end
127
127
 
128
128
  it "returns detected codes" do
@@ -138,68 +138,68 @@ describe Qiita::Markdown::Processor do
138
138
 
139
139
  context "with code & filename" do
140
140
  let(:markdown) do
141
- <<-EOS.strip_heredoc
141
+ <<-MARKDOWN.strip_heredoc
142
142
  ```example.rb
143
143
  1
144
144
  ```
145
- EOS
145
+ MARKDOWN
146
146
  end
147
147
 
148
148
  it "returns code-frame, code-lang, and highlighted pre element" do
149
- should eq <<-EOS.strip_heredoc
149
+ should eq <<-HTML.strip_heredoc
150
150
  <div class="code-frame" data-lang="ruby">
151
151
  <div class="code-lang"><span class="bold">example.rb</span></div>
152
152
  <div class="highlight"><pre><span></span><span class="mi">1</span>
153
153
  </pre></div>
154
154
  </div>
155
- EOS
155
+ HTML
156
156
  end
157
157
  end
158
158
 
159
159
  context "with code & filename with .php" do
160
160
  let(:markdown) do
161
- <<-EOS.strip_heredoc
161
+ <<-MARKDOWN.strip_heredoc
162
162
  ```example.php
163
163
  1
164
164
  ```
165
- EOS
165
+ MARKDOWN
166
166
  end
167
167
 
168
168
  it "returns PHP code-frame" do
169
- should eq <<-EOS.strip_heredoc
169
+ should eq <<-HTML.strip_heredoc
170
170
  <div class="code-frame" data-lang="php">
171
171
  <div class="code-lang"><span class="bold">example.php</span></div>
172
172
  <div class="highlight"><pre><span></span><span class="mi">1</span>
173
173
  </pre></div>
174
174
  </div>
175
- EOS
175
+ HTML
176
176
  end
177
177
  end
178
178
 
179
179
  context "with code & no filename" do
180
180
  let(:markdown) do
181
- <<-EOS.strip_heredoc
181
+ <<-MARKDOWN.strip_heredoc
182
182
  ```ruby
183
183
  1
184
184
  ```
185
- EOS
185
+ MARKDOWN
186
186
  end
187
187
 
188
188
  it "returns code-frame and highlighted pre element" do
189
- should eq <<-EOS.strip_heredoc
189
+ should eq <<-HTML.strip_heredoc
190
190
  <div class="code-frame" data-lang="ruby"><div class="highlight"><pre><span></span><span class="mi">1</span>
191
191
  </pre></div></div>
192
- EOS
192
+ HTML
193
193
  end
194
194
  end
195
195
 
196
196
  context "with undefined but aliased language" do
197
197
  let(:markdown) do
198
- <<-EOS.strip_heredoc
198
+ <<-MARKDOWN.strip_heredoc
199
199
  ```zsh
200
200
  true
201
201
  ```
202
- EOS
202
+ MARKDOWN
203
203
  end
204
204
 
205
205
  it "returns aliased language name" do
@@ -215,22 +215,22 @@ describe Qiita::Markdown::Processor do
215
215
 
216
216
  context "with code with leading and trailing newlines" do
217
217
  let(:markdown) do
218
- <<-EOS.strip_heredoc
218
+ <<-MARKDOWN.strip_heredoc
219
219
  ```
220
220
 
221
221
  foo
222
222
 
223
223
  ```
224
- EOS
224
+ MARKDOWN
225
225
  end
226
226
 
227
227
  it "does not strip the newlines" do
228
- should eq <<-EOS.strip_heredoc
228
+ should eq <<-HTML.strip_heredoc
229
229
  <div class="code-frame" data-lang="text"><div class="highlight"><pre><span></span>
230
230
  foo
231
231
 
232
232
  </pre></div></div>
233
- EOS
233
+ HTML
234
234
  end
235
235
  end
236
236
 
@@ -240,9 +240,9 @@ describe Qiita::Markdown::Processor do
240
240
  end
241
241
 
242
242
  it "replaces mention with link" do
243
- should include(<<-EOS.strip_heredoc.rstrip)
243
+ should include(<<-HTML.strip_heredoc.rstrip)
244
244
  <a href="/alice" class="user-mention js-hovercard" title="alice" data-hovercard-target-type="user" data-hovercard-target-name="alice">@alice</a>
245
- EOS
245
+ HTML
246
246
  end
247
247
  end
248
248
 
@@ -252,15 +252,15 @@ describe Qiita::Markdown::Processor do
252
252
  end
253
253
 
254
254
  it "replaces mention with link" do
255
- should include(<<-EOS.strip_heredoc.rstrip)
255
+ should include(<<-HTML.strip_heredoc.rstrip)
256
256
  <a href="/al" class="user-mention js-hovercard" title="al" data-hovercard-target-type="user" data-hovercard-target-name="al">@al</a>
257
- EOS
257
+ HTML
258
258
  end
259
259
  end
260
260
 
261
261
  context "with mentions in complex patterns" do
262
262
  let(:markdown) do
263
- <<-EOS.strip_heredoc
263
+ <<-MARKDOWN.strip_heredoc
264
264
  @alice
265
265
 
266
266
  ```
@@ -280,7 +280,7 @@ describe Qiita::Markdown::Processor do
280
280
  @-o
281
281
  @o_
282
282
  @_o
283
- EOS
283
+ MARKDOWN
284
284
  end
285
285
 
286
286
  it "extracts mentions correctly" do
@@ -300,21 +300,21 @@ describe Qiita::Markdown::Processor do
300
300
 
301
301
  context "with mention-like filename on code block" do
302
302
  let(:markdown) do
303
- <<-EOS.strip_heredoc
303
+ <<-MARKDOWN.strip_heredoc
304
304
  ```ruby:@alice
305
305
  1
306
306
  ```
307
- EOS
307
+ MARKDOWN
308
308
  end
309
309
 
310
310
  it "does not treat it as mention" do
311
- should include(<<-EOS.strip_heredoc.rstrip)
311
+ should include(<<-HTML.strip_heredoc.rstrip)
312
312
  <div class="code-frame" data-lang="ruby">
313
313
  <div class="code-lang"><span class="bold">@alice</span></div>
314
314
  <div class="highlight"><pre><span></span><span class="mi">1</span>
315
315
  </pre></div>
316
316
  </div>
317
- EOS
317
+ HTML
318
318
  end
319
319
  end
320
320
 
@@ -324,11 +324,11 @@ describe Qiita::Markdown::Processor do
324
324
  end
325
325
 
326
326
  it "does not replace mention with link" do
327
- should include(<<-EOS.strip_heredoc.rstrip)
327
+ should include(<<-HTML.strip_heredoc.rstrip)
328
328
  <blockquote>
329
329
  <p>@alice</p>
330
330
  </blockquote>
331
- EOS
331
+ HTML
332
332
  end
333
333
  end
334
334
 
@@ -338,9 +338,9 @@ describe Qiita::Markdown::Processor do
338
338
  end
339
339
 
340
340
  it "does not emphasize the name" do
341
- should include(<<-EOS.strip_heredoc.rstrip)
341
+ should include(<<-HTML.strip_heredoc.rstrip)
342
342
  <a href="/_alice_" class="user-mention js-hovercard" title="_alice_" data-hovercard-target-type="user" data-hovercard-target-name="_alice_">@_alice_</a>
343
- EOS
343
+ HTML
344
344
  end
345
345
  end
346
346
 
@@ -350,10 +350,10 @@ describe Qiita::Markdown::Processor do
350
350
  end
351
351
 
352
352
  let(:markdown) do
353
- <<-EOS.strip_heredoc
353
+ <<-MARKDOWN.strip_heredoc
354
354
  @alice
355
355
  @bob
356
- EOS
356
+ MARKDOWN
357
357
  end
358
358
 
359
359
  it "limits mentions to allowed usernames" do
@@ -371,9 +371,9 @@ describe Qiita::Markdown::Processor do
371
371
  end
372
372
 
373
373
  it "links it and reports all allowed users as mentioned user names" do
374
- should include(<<-EOS.strip_heredoc.rstrip)
374
+ should include(<<-HTML.strip_heredoc.rstrip)
375
375
  <a href="/" class="user-mention" title="all">@all</a>
376
- EOS
376
+ HTML
377
377
  expect(result[:mentioned_usernames]).to eq context[:allowed_usernames]
378
378
  end
379
379
  end
@@ -409,9 +409,9 @@ describe Qiita::Markdown::Processor do
409
409
  end
410
410
 
411
411
  it "does not replace it" do
412
- is_expected.to eq <<-EOS.strip_heredoc
412
+ is_expected.to eq <<-HTML.strip_heredoc
413
413
  <p>@alice/bob</p>
414
- EOS
414
+ HTML
415
415
  end
416
416
  end
417
417
 
@@ -427,9 +427,9 @@ describe Qiita::Markdown::Processor do
427
427
  end
428
428
 
429
429
  it "replaces it with preferred link and updates :mentioned_groups" do
430
- is_expected.to eq <<-EOS.strip_heredoc
430
+ is_expected.to eq <<-HTML.strip_heredoc
431
431
  <p><a href="https://alice.example.com/groups/bob" rel="nofollow noopener" target="_blank">@alice/bob</a></p>
432
- EOS
432
+ HTML
433
433
  expect(result[:mentioned_groups]).to eq [{
434
434
  group_url_name: "bob",
435
435
  team_url_name: "alice",
@@ -459,9 +459,9 @@ describe Qiita::Markdown::Processor do
459
459
  end
460
460
 
461
461
  it "creates link for that" do
462
- should eq <<-EOS.strip_heredoc
462
+ should eq <<-HTML.strip_heredoc
463
463
  <p><a href="/example"></a></p>
464
- EOS
464
+ HTML
465
465
  end
466
466
  end
467
467
 
@@ -471,9 +471,9 @@ describe Qiita::Markdown::Processor do
471
471
  end
472
472
 
473
473
  it "creates link for that" do
474
- should eq <<-EOS.strip_heredoc
474
+ should eq <<-HTML.strip_heredoc
475
475
  <p><a href="#example"></a></p>
476
- EOS
476
+ HTML
477
477
  end
478
478
  end
479
479
 
@@ -483,9 +483,9 @@ describe Qiita::Markdown::Processor do
483
483
  end
484
484
 
485
485
  it "creates link for that with the title" do
486
- should eq <<-EOS.strip_heredoc
486
+ should eq <<-HTML.strip_heredoc
487
487
  <p><a href="/example" title="Title"></a></p>
488
- EOS
488
+ HTML
489
489
  end
490
490
  end
491
491
 
@@ -508,9 +508,9 @@ describe Qiita::Markdown::Processor do
508
508
  end
509
509
 
510
510
  it "removes that link by creating empty a element" do
511
- should eq <<-EOS.strip_heredoc
511
+ should eq <<-HTML.strip_heredoc
512
512
  <p><a></a></p>
513
- EOS
513
+ HTML
514
514
  end
515
515
  end
516
516
 
@@ -526,11 +526,11 @@ describe Qiita::Markdown::Processor do
526
526
 
527
527
  context "with emoji in pre or code element" do
528
528
  let(:markdown) do
529
- <<-EOS.strip_heredoc
529
+ <<-MARKDOWN.strip_heredoc
530
530
  ```
531
531
  :+1:
532
532
  ```
533
- EOS
533
+ MARKDOWN
534
534
  end
535
535
 
536
536
  it "does not replace it" do
@@ -573,11 +573,11 @@ describe Qiita::Markdown::Processor do
573
573
 
574
574
  context "with colon-only label" do
575
575
  let(:markdown) do
576
- <<-EOS.strip_heredoc
576
+ <<-MARKDOWN.strip_heredoc
577
577
  ```:
578
578
  1
579
579
  ```
580
- EOS
580
+ MARKDOWN
581
581
  end
582
582
 
583
583
  it "does not replace it" do
@@ -597,42 +597,42 @@ describe Qiita::Markdown::Processor do
597
597
  end
598
598
 
599
599
  it "allows font element with color attribute" do
600
- should eq <<-EOS.strip_heredoc
600
+ should eq <<-HTML.strip_heredoc
601
601
  <p>#{markdown}</p>
602
- EOS
602
+ HTML
603
603
  end
604
604
  end
605
605
 
606
606
  context "with task list" do
607
607
  let(:markdown) do
608
- <<-EOS.strip_heredoc
608
+ <<-MARKDOWN.strip_heredoc
609
609
  - [ ] a
610
610
  - [x] b
611
- EOS
611
+ MARKDOWN
612
612
  end
613
613
 
614
614
  it "inserts checkbox" do
615
- should eq <<-EOS.strip_heredoc
615
+ should eq <<-HTML.strip_heredoc
616
616
  <ul>
617
617
  <li class="task-list-item">
618
618
  <input type="checkbox" class="task-list-item-checkbox" disabled>a</li>
619
619
  <li class="task-list-item">
620
620
  <input type="checkbox" class="task-list-item-checkbox" checked disabled>b</li>
621
621
  </ul>
622
- EOS
622
+ HTML
623
623
  end
624
624
  end
625
625
 
626
626
  context "with nested task list" do
627
627
  let(:markdown) do
628
- <<-EOS.strip_heredoc
628
+ <<-MARKDOWN.strip_heredoc
629
629
  - [ ] a
630
630
  - [ ] b
631
- EOS
631
+ MARKDOWN
632
632
  end
633
633
 
634
634
  it "inserts checkbox" do
635
- should eq <<-EOS.strip_heredoc
635
+ should eq <<-HTML.strip_heredoc
636
636
  <ul>
637
637
  <li class="task-list-item">
638
638
  <input type="checkbox" class="task-list-item-checkbox" disabled>a
@@ -643,45 +643,45 @@ describe Qiita::Markdown::Processor do
643
643
  </ul>
644
644
  </li>
645
645
  </ul>
646
- EOS
646
+ HTML
647
647
  end
648
648
  end
649
649
 
650
650
  context "with task list in code block" do
651
651
  let(:markdown) do
652
- <<-EOS.strip_heredoc
652
+ <<-MARKDOWN.strip_heredoc
653
653
  ```
654
654
  - [ ] a
655
655
  - [x] b
656
656
  ```
657
- EOS
657
+ MARKDOWN
658
658
  end
659
659
 
660
660
  it "does not replace checkbox" do
661
- should eq <<-EOS.strip_heredoc
661
+ should eq <<-HTML.strip_heredoc
662
662
  <div class="code-frame" data-lang="text"><div class="highlight"><pre><span></span>- [ ] a
663
663
  - [x] b
664
664
  </pre></div></div>
665
- EOS
665
+ HTML
666
666
  end
667
667
  end
668
668
 
669
669
  context "with empty line between task list" do
670
670
  let(:markdown) do
671
- <<-EOS.strip_heredoc
671
+ <<-MARKDOWN.strip_heredoc
672
672
  - [ ] a
673
673
 
674
674
  - [x] b
675
- EOS
675
+ MARKDOWN
676
676
  end
677
677
 
678
678
  it "inserts checkbox" do
679
- should eq <<-EOS.strip_heredoc
679
+ should eq <<-HTML.strip_heredoc
680
680
  <ul>
681
681
  <li class="task-list-item"><p><input type="checkbox" class="task-list-item-checkbox" disabled>a</p></li>
682
682
  <li class="task-list-item"><p><input type="checkbox" class="task-list-item-checkbox" checked disabled>b</p></li>
683
683
  </ul>
684
- EOS
684
+ HTML
685
685
  end
686
686
  end
687
687
 
@@ -691,25 +691,25 @@ describe Qiita::Markdown::Processor do
691
691
  end
692
692
 
693
693
  it "inserts checkbox" do
694
- should eq <<-EOS.strip_heredoc
694
+ should eq <<-HTML.strip_heredoc
695
695
  <ul>
696
696
  <li>
697
697
  </ul>
698
- EOS
698
+ HTML
699
699
  end
700
700
  end
701
701
 
702
702
  context "with text-aligned table" do
703
703
  let(:markdown) do
704
- <<-EOS.strip_heredoc
704
+ <<-MARKDOWN.strip_heredoc
705
705
  | a | b | c |
706
706
  |:---|---:|:---:|
707
707
  | a | b | c |
708
- EOS
708
+ MARKDOWN
709
709
  end
710
710
 
711
711
  it "creates table element with text-align style" do
712
- should eq <<-EOS.strip_heredoc
712
+ should eq <<-HTML.strip_heredoc
713
713
  <table>
714
714
  <thead>
715
715
  <tr>
@@ -726,20 +726,20 @@ describe Qiita::Markdown::Processor do
726
726
  </tr>
727
727
  </tbody>
728
728
  </table>
729
- EOS
729
+ HTML
730
730
  end
731
731
  end
732
732
 
733
733
  context "with footenotes syntax" do
734
734
  let(:markdown) do
735
- <<-EOS.strip_heredoc
735
+ <<-MARKDOWN.strip_heredoc
736
736
  [^1]
737
737
  [^1]: test
738
- EOS
738
+ MARKDOWN
739
739
  end
740
740
 
741
741
  it "generates footnotes elements" do
742
- should eq <<-EOS.strip_heredoc
742
+ should eq <<-HTML.strip_heredoc
743
743
  <p><sup id="fnref1"><a href="#fn1" rel="footnote" title="test">1</a></sup></p>
744
744
 
745
745
  <div class="footnotes">
@@ -752,35 +752,35 @@ describe Qiita::Markdown::Processor do
752
752
 
753
753
  </ol>
754
754
  </div>
755
- EOS
755
+ HTML
756
756
  end
757
757
  end
758
758
 
759
759
  context "with manually written link inside of <sup> tag" do
760
760
  let(:markdown) do
761
- <<-EOS.strip_heredoc
761
+ <<-MARKDOWN.strip_heredoc
762
762
  <sup>[Example](http://example.com/)</sup>
763
- EOS
763
+ MARKDOWN
764
764
  end
765
765
 
766
766
  it "does not confuse the structure with automatically generated footnote reference" do
767
- should eq <<-EOS.strip_heredoc
767
+ should eq <<-HTML.strip_heredoc
768
768
  <p><sup><a href="http://example.com/">Example</a></sup></p>
769
- EOS
769
+ HTML
770
770
  end
771
771
  end
772
772
 
773
773
  context "with manually written <a> tag with strange href inside of <sup> tag" do
774
774
  let(:markdown) do
775
- <<-EOS.strip_heredoc
775
+ <<-MARKDOWN.strip_heredoc
776
776
  <sup><a href="#foo.1">Link</a></sup>
777
- EOS
777
+ MARKDOWN
778
778
  end
779
779
 
780
780
  it "does not confuse the structure with automatically generated footnote reference" do
781
- should eq <<-EOS.strip_heredoc
781
+ should eq <<-HTML.strip_heredoc
782
782
  <p><sup><a href="#foo.1">Link</a></sup></p>
783
- EOS
783
+ HTML
784
784
  end
785
785
  end
786
786
 
@@ -790,16 +790,16 @@ describe Qiita::Markdown::Processor do
790
790
  end
791
791
 
792
792
  let(:markdown) do
793
- <<-EOS.strip_heredoc
793
+ <<-MARKDOWN.strip_heredoc
794
794
  [^1]
795
795
  [^1]: test
796
- EOS
796
+ MARKDOWN
797
797
  end
798
798
 
799
799
  it "does not generate footnote elements" do
800
- should eq <<-EOS.strip_heredoc
800
+ should eq <<-HTML.strip_heredoc
801
801
  <p><a href="test">^1</a></p>
802
- EOS
802
+ HTML
803
803
  end
804
804
  end
805
805
 
@@ -813,9 +813,9 @@ describe Qiita::Markdown::Processor do
813
813
  end
814
814
 
815
815
  let(:markdown) do
816
- <<-EOS.strip_heredoc
816
+ <<-MARKDOWN.strip_heredoc
817
817
  :foo: :o: :x:
818
- EOS
818
+ MARKDOWN
819
819
  end
820
820
 
821
821
  it "replaces only the specified emoji names with img elements with custom URL" do
@@ -1036,9 +1036,9 @@ describe Qiita::Markdown::Processor do
1036
1036
  shared_examples_for "script element" do |allowed:|
1037
1037
  context "with script element" do
1038
1038
  let(:markdown) do
1039
- <<-EOS.strip_heredoc
1039
+ <<-MARKDOWN.strip_heredoc
1040
1040
  <script>alert(1)</script>
1041
- EOS
1041
+ MARKDOWN
1042
1042
  end
1043
1043
 
1044
1044
  if allowed
@@ -1048,9 +1048,9 @@ describe Qiita::Markdown::Processor do
1048
1048
 
1049
1049
  context "and allowed attributes" do
1050
1050
  let(:markdown) do
1051
- <<-EOS.strip_heredoc
1051
+ <<-MARKDOWN.strip_heredoc
1052
1052
  <p><script async data-a="b" type="text/javascript">alert(1)</script></p>
1053
- EOS
1053
+ MARKDOWN
1054
1054
  end
1055
1055
 
1056
1056
  it "allows data-attributes" do
@@ -1068,32 +1068,32 @@ describe Qiita::Markdown::Processor do
1068
1068
  shared_examples_for "malicious script in filename" do |allowed:|
1069
1069
  context "with malicious script in filename" do
1070
1070
  let(:markdown) do
1071
- <<-EOS.strip_heredoc
1071
+ <<-MARKDOWN.strip_heredoc
1072
1072
  ```js:test<script>alert(1)</script>
1073
1073
  1
1074
1074
  ```
1075
- EOS
1075
+ MARKDOWN
1076
1076
  end
1077
1077
 
1078
1078
  if allowed
1079
1079
  it "does not sanitize script element" do
1080
- should eq <<-EOS.strip_heredoc
1080
+ should eq <<-HTML.strip_heredoc
1081
1081
  <div class="code-frame" data-lang="js">
1082
1082
  <div class="code-lang"><span class="bold">test<script>alert(1)</script></span></div>
1083
1083
  <div class="highlight"><pre><span></span><span class="mi">1</span>
1084
1084
  </pre></div>
1085
1085
  </div>
1086
- EOS
1086
+ HTML
1087
1087
  end
1088
1088
  else
1089
1089
  it "sanitizes script element" do
1090
- should eq <<-EOS.strip_heredoc
1090
+ should eq <<-HTML.strip_heredoc
1091
1091
  <div class="code-frame" data-lang="js">
1092
1092
  <div class="code-lang"><span class="bold">test</span></div>
1093
1093
  <div class="highlight"><pre><span></span><span class="mi">1</span>
1094
1094
  </pre></div>
1095
1095
  </div>
1096
- EOS
1096
+ HTML
1097
1097
  end
1098
1098
  end
1099
1099
  end
@@ -1102,9 +1102,9 @@ describe Qiita::Markdown::Processor do
1102
1102
  shared_examples_for "iframe element" do |allowed:|
1103
1103
  context "with iframe" do
1104
1104
  let(:markdown) do
1105
- <<-EOS.strip_heredoc
1105
+ <<-MARKDOWN.strip_heredoc
1106
1106
  <iframe width="1" height="2" src="//example.com" frameborder="0" allowfullscreen></iframe>
1107
- EOS
1107
+ MARKDOWN
1108
1108
  end
1109
1109
 
1110
1110
  if allowed
@@ -1122,9 +1122,9 @@ describe Qiita::Markdown::Processor do
1122
1122
  shared_examples_for "input element" do |allowed:|
1123
1123
  context "with input" do
1124
1124
  let(:markdown) do
1125
- <<-EOS.strip_heredoc
1125
+ <<-MARKDOWN.strip_heredoc
1126
1126
  <input type="checkbox"> foo
1127
- EOS
1127
+ MARKDOWN
1128
1128
  end
1129
1129
 
1130
1130
  if allowed
@@ -1142,44 +1142,66 @@ describe Qiita::Markdown::Processor do
1142
1142
  shared_examples_for "data-attributes" do |allowed:|
1143
1143
  context "with data-attributes for general tags" do
1144
1144
  let(:markdown) do
1145
- <<-EOS.strip_heredoc
1145
+ <<-MARKDOWN.strip_heredoc
1146
1146
  <div data-a="b"></div>
1147
- EOS
1147
+ MARKDOWN
1148
1148
  end
1149
1149
 
1150
1150
  if allowed
1151
1151
  it "does not sanitize data-attributes" do
1152
- should eq <<-EOS.strip_heredoc
1152
+ should eq <<-HTML.strip_heredoc
1153
1153
  <div data-a="b"></div>
1154
- EOS
1154
+ HTML
1155
1155
  end
1156
1156
  else
1157
1157
  it "sanitizes data-attributes" do
1158
- should eq <<-EOS.strip_heredoc
1158
+ should eq <<-HTML.strip_heredoc
1159
1159
  <div></div>
1160
- EOS
1160
+ HTML
1161
+ end
1162
+ end
1163
+ end
1164
+
1165
+ context "with data-attributes for <blockquote> tag" do
1166
+ let(:markdown) do
1167
+ <<-MARKDOWN.strip_heredoc
1168
+ <blockquote data-theme="a" data-malicious="b"></blockquote>
1169
+ MARKDOWN
1170
+ end
1171
+
1172
+ if allowed
1173
+ it "does not sanitize data-attributes" do
1174
+ should eq <<-HTML.strip_heredoc
1175
+ <blockquote data-theme="a" data-malicious="b"></blockquote>
1176
+ HTML
1177
+ end
1178
+ else
1179
+ it "sanitizes data-attributes except the attributes used by tweet" do
1180
+ should eq <<-HTML.strip_heredoc
1181
+ <blockquote data-theme="a"></blockquote>
1182
+ HTML
1161
1183
  end
1162
1184
  end
1163
1185
  end
1164
1186
 
1165
1187
  context "with data-attributes for <p> tag" do
1166
1188
  let(:markdown) do
1167
- <<-EOS.strip_heredoc
1189
+ <<-MARKDOWN.strip_heredoc
1168
1190
  <p data-slug-hash="a" data-malicious="b"></p>
1169
- EOS
1191
+ MARKDOWN
1170
1192
  end
1171
1193
 
1172
1194
  if allowed
1173
1195
  it "does not sanitize data-attributes" do
1174
- should eq <<-EOS.strip_heredoc
1196
+ should eq <<-HTML.strip_heredoc
1175
1197
  <p data-slug-hash="a" data-malicious="b"></p>
1176
- EOS
1198
+ HTML
1177
1199
  end
1178
1200
  else
1179
1201
  it "sanitizes data-attributes except the attributes used by codepen" do
1180
- should eq <<-EOS.strip_heredoc
1202
+ should eq <<-HTML.strip_heredoc
1181
1203
  <p data-slug-hash="a"></p>
1182
- EOS
1204
+ HTML
1183
1205
  end
1184
1206
  end
1185
1207
  end
@@ -1204,91 +1226,91 @@ describe Qiita::Markdown::Processor do
1204
1226
 
1205
1227
  context "with class attribute for <a> tag" do
1206
1228
  let(:markdown) do
1207
- <<-EOS.strip_heredoc
1229
+ <<-MARKDOWN.strip_heredoc
1208
1230
  <a href="foo" class="malicious-class">foo</a>
1209
1231
  http://qiita.com/
1210
- EOS
1232
+ MARKDOWN
1211
1233
  end
1212
1234
 
1213
1235
  if allowed
1214
1236
  it "does not sanitize the classes" do
1215
- should eq <<-EOS.strip_heredoc
1237
+ should eq <<-HTML.strip_heredoc
1216
1238
  <p><a href="foo" class="malicious-class">foo</a><br>
1217
1239
  <a href="http://qiita.com/" class="autolink" rel="nofollow noopener" target="_blank">http://qiita.com/</a></p>
1218
- EOS
1240
+ HTML
1219
1241
  end
1220
1242
  else
1221
1243
  it "sanitizes classes except `autolink`" do
1222
- should eq <<-EOS.strip_heredoc
1244
+ should eq <<-HTML.strip_heredoc
1223
1245
  <p><a href="foo" class="">foo</a><br>
1224
1246
  <a href="http://qiita.com/" class="autolink" rel="nofollow noopener" target="_blank">http://qiita.com/</a></p>
1225
- EOS
1247
+ HTML
1226
1248
  end
1227
1249
  end
1228
1250
  end
1229
1251
 
1230
1252
  context "with class attribute for <blockquote> tag" do
1231
1253
  let(:markdown) do
1232
- <<-EOS.strip_heredoc
1254
+ <<-MARKDOWN.strip_heredoc
1233
1255
  <blockquote class="twitter-tweet malicious-class">foo</blockquote>
1234
- EOS
1256
+ MARKDOWN
1235
1257
  end
1236
1258
 
1237
1259
  if allowed
1238
1260
  it "does not sanitize the classes" do
1239
- should eq <<-EOS.strip_heredoc
1261
+ should eq <<-HTML.strip_heredoc
1240
1262
  <blockquote class="twitter-tweet malicious-class">foo</blockquote>
1241
- EOS
1263
+ HTML
1242
1264
  end
1243
1265
  else
1244
1266
  it "sanitizes classes except `twitter-tweet`" do
1245
- should eq <<-EOS.strip_heredoc
1267
+ should eq <<-HTML.strip_heredoc
1246
1268
  <blockquote class="twitter-tweet">foo</blockquote>
1247
- EOS
1269
+ HTML
1248
1270
  end
1249
1271
  end
1250
1272
  end
1251
1273
 
1252
1274
  context "with class attribute for <div> tag" do
1253
1275
  let(:markdown) do
1254
- <<-EOS.strip_heredoc
1276
+ <<-MARKDOWN.strip_heredoc
1255
1277
  <div class="footnotes malicious-class">foo</div>
1256
- EOS
1278
+ MARKDOWN
1257
1279
  end
1258
1280
 
1259
1281
  if allowed
1260
1282
  it "does not sanitize the classes" do
1261
- should eq <<-EOS.strip_heredoc
1283
+ should eq <<-HTML.strip_heredoc
1262
1284
  <div class="footnotes malicious-class">foo</div>
1263
- EOS
1285
+ HTML
1264
1286
  end
1265
1287
  else
1266
1288
  it "sanitizes classes except `footnotes`" do
1267
- should eq <<-EOS.strip_heredoc
1289
+ should eq <<-HTML.strip_heredoc
1268
1290
  <div class="footnotes">foo</div>
1269
- EOS
1291
+ HTML
1270
1292
  end
1271
1293
  end
1272
1294
  end
1273
1295
 
1274
1296
  context "with class attribute for <p> tag" do
1275
1297
  let(:markdown) do
1276
- <<-EOS.strip_heredoc
1298
+ <<-MARKDOWN.strip_heredoc
1277
1299
  <p class="codepen malicious-class">foo</p>
1278
- EOS
1300
+ MARKDOWN
1279
1301
  end
1280
1302
 
1281
1303
  if allowed
1282
1304
  it "does not sanitize the classes" do
1283
- should eq <<-EOS.strip_heredoc
1305
+ should eq <<-HTML.strip_heredoc
1284
1306
  <p class="codepen malicious-class">foo</p>
1285
- EOS
1307
+ HTML
1286
1308
  end
1287
1309
  else
1288
1310
  it "sanitizes classes except `codepen`" do
1289
- should eq <<-EOS.strip_heredoc
1311
+ should eq <<-HTML.strip_heredoc
1290
1312
  <p class="codepen">foo</p>
1291
- EOS
1313
+ HTML
1292
1314
  end
1293
1315
  end
1294
1316
  end
@@ -1313,55 +1335,93 @@ describe Qiita::Markdown::Processor do
1313
1335
  end
1314
1336
 
1315
1337
  shared_examples_for "override embed code attributes" do |allowed:|
1316
- context "with HTML embed code for CodePen" do
1338
+ context "with HTML embed code for CodePen using old script url" do
1317
1339
  let(:markdown) do
1318
- <<-EOS.strip_heredoc
1340
+ <<-MARKDOWN.strip_heredoc
1319
1341
  <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>
1320
1342
  <script src="https://production-assets.codepen.io/assets/embed/ei.js"></script>
1321
- EOS
1343
+ MARKDOWN
1322
1344
  end
1323
1345
 
1324
1346
  if allowed
1325
1347
  it "does not sanitize embed code" do
1326
- should eq <<-EOS.strip_heredoc
1348
+ should eq <<-HTML.strip_heredoc
1327
1349
  <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1328
1350
  <script src="https://production-assets.codepen.io/assets/embed/ei.js"></script>
1329
- EOS
1351
+ HTML
1330
1352
  end
1331
1353
  else
1332
- it "sanitizes data-attributes except the minimum attributes and force async attribute" do
1333
- should eq <<-EOS.strip_heredoc
1334
- <p data-slug-hash="foo" data-embed-version="2" class="codepen"></p>\n
1354
+ it "forces async attribute on script" do
1355
+ should eq <<-HTML.strip_heredoc
1356
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1335
1357
  <script src="https://production-assets.codepen.io/assets/embed/ei.js" async="async"></script>
1336
- EOS
1358
+ HTML
1337
1359
  end
1338
1360
  end
1339
1361
  end
1340
1362
 
1341
- context "with embed code for Tweet" do
1363
+ context "with HTML embed code for CodePen" do
1342
1364
  let(:markdown) do
1343
- <<-EOS.strip_heredoc
1344
- <blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>
1345
- <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
1346
- EOS
1365
+ <<-MARKDOWN.strip_heredoc
1366
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>
1367
+ <script src="https://static.codepen.io/assets/embed/ei.js"></script>
1368
+ MARKDOWN
1369
+ end
1370
+
1371
+ if allowed
1372
+ it "does not sanitize embed code" do
1373
+ should eq <<-HTML.strip_heredoc
1374
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1375
+ <script src="https://static.codepen.io/assets/embed/ei.js"></script>
1376
+ HTML
1377
+ end
1378
+ else
1379
+ it "forces async attribute on script" do
1380
+ should eq <<-HTML.strip_heredoc
1381
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1382
+ <script src="https://static.codepen.io/assets/embed/ei.js" async="async"></script>
1383
+ HTML
1384
+ end
1385
+ end
1386
+ end
1387
+
1388
+ context "with HTML embed code for Asciinema" do
1389
+ let(:markdown) do
1390
+ <<-MARKDOWN.strip_heredoc
1391
+ <script id="example" src="https://asciinema.org/a/example.js"></script>
1392
+ MARKDOWN
1347
1393
  end
1348
1394
 
1349
1395
  if allowed
1350
1396
  it "does not sanitize embed code" do
1351
- should eq <<-EOS.strip_heredoc
1352
- <blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>\n
1353
- <script async src="https://platform.twitter.com/widgets.js"></script>
1354
- EOS
1397
+ should eq <<-HTML.strip_heredoc
1398
+ <script id="example" src="https://asciinema.org/a/example.js"></script>
1399
+ HTML
1355
1400
  end
1356
1401
  else
1357
- it "sanitizes attributes except `twitter-tweet` class" do
1358
- should eq <<-EOS.strip_heredoc
1359
- <blockquote class="twitter-tweet">foo</blockquote>\n
1360
- <script async src="https://platform.twitter.com/widgets.js"></script>
1361
- EOS
1402
+ it "forces async attribute on script" do
1403
+ should eq <<-HTML.strip_heredoc
1404
+ <script id="example" src="https://asciinema.org/a/example.js" async="async"></script>
1405
+ HTML
1362
1406
  end
1363
1407
  end
1364
1408
  end
1409
+
1410
+ context "with embed code for Tweet" do
1411
+ let(:markdown) do
1412
+ <<-MARKDOWN.strip_heredoc
1413
+ <blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>
1414
+ <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
1415
+ MARKDOWN
1416
+ end
1417
+
1418
+ it "does not sanitize embed code" do
1419
+ should eq <<-HTML.strip_heredoc
1420
+ <blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>\n
1421
+ <script async src="https://platform.twitter.com/widgets.js"></script>
1422
+ HTML
1423
+ end
1424
+ end
1365
1425
  end
1366
1426
 
1367
1427
  context "without script and strict context" do