qiita-markdown 0.23.0 → 0.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of qiita-markdown might be problematic. Click here for more details.

Files changed (16) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +21 -0
  3. data/lib/qiita/markdown.rb +1 -0
  4. data/lib/qiita/markdown/embed/asciinema.rb +9 -0
  5. data/lib/qiita/markdown/embed/code_pen.rb +14 -2
  6. data/lib/qiita/markdown/embed/tweet.rb +5 -0
  7. data/lib/qiita/markdown/filters/final_sanitizer.rb +1 -0
  8. data/lib/qiita/markdown/filters/user_input_sanitizer.rb +2 -2
  9. data/lib/qiita/markdown/greenmat/html_toc_renderer.rb +6 -0
  10. data/lib/qiita/markdown/transformers/filter_attributes.rb +1 -1
  11. data/lib/qiita/markdown/transformers/filter_script.rb +14 -4
  12. data/lib/qiita/markdown/version.rb +1 -1
  13. data/qiita-markdown.gemspec +2 -2
  14. data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb +32 -12
  15. data/spec/qiita/markdown/processor_spec.rb +247 -187
  16. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 16c43409c5b2bdceefb568344cf9280e7d1e50b2
4
- data.tar.gz: f4225f554071f1e8c8c339248f08b3ef5253be46
2
+ SHA256:
3
+ metadata.gz: db1f661355f65d7ca159db9a954a74002a39cb996e573aa483384edf7fb6f68c
4
+ data.tar.gz: b2e6bce2f3f66af7e5238515e4f082abeedf86b90b886aacaa8ce45b7655e942
5
5
  SHA512:
6
- metadata.gz: 5a9edc2d4826bfefd294ad32cf556fbb6985ac94d4e91a435a9513f6aec51c1a58bc435eebd45350e275ad1e5314c188c0e56bd3d56bc6130d9fcbe18f72ba6e
7
- data.tar.gz: 2da9ab1ee70db812a391875522e53606991f177d1f66b7da80192b9db1bbda9cc83d101cb6b01fd292c6dc405b35ccac4cc01a694d7f872b9e7ae5b01bc19155
6
+ metadata.gz: 9784da7558dbe61bcc6f4e3e923c3286f4954c9632b892997c3816b1e366844420cd8280ae432b8a6a85ec3dff543dd31aaf2690f6b2ed20ae862f9d756fb74c
7
+ data.tar.gz: d1c1920577d61ba16cec374c16feaa9804e862b61e2653dfe99470b9832c66dc3d6c4969a8559b718bc3e0adf85b5e55aeb35604b01909a3c93b558a816e11e3
data/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  ## Unreleased
2
2
 
3
+ ## 0.28.0
4
+
5
+ - Accept new codepen script url (cpwebassets.codepen.io)
6
+
7
+ ## 0.27.0
8
+
9
+ - Support embed Asciinema
10
+
11
+ ## 0.26.0
12
+
13
+ - Use greenmat 3.2.2.4
14
+
15
+ ## 0.25.0
16
+
17
+ - Accept new codepen script url (static.codepen.io)
18
+
19
+ ## 0.24.0
20
+
21
+ - Fix to strip HTML tags in ToC
22
+ - Allow to use data-\* attributes when embedding Tweet and CodePen
23
+
3
24
  ## 0.23.0
4
25
 
5
26
  - Support embed Tweet
data/lib/qiita/markdown.rb CHANGED
@@ -9,6 +9,7 @@ require "sanitize"
9
9
 
10
10
  require "qiita/markdown/embed/code_pen"
11
11
  require "qiita/markdown/embed/tweet"
12
+ require "qiita/markdown/embed/asciinema"
12
13
  require "qiita/markdown/transformers/filter_attributes"
13
14
  require "qiita/markdown/transformers/filter_script"
14
15
  require "qiita/markdown/transformers/strip_invalid_node"
data/lib/qiita/markdown/embed/asciinema.rb ADDED
@@ -0,0 +1,9 @@
1
+ module Qiita
2
+ module Markdown
3
+ module Embed
4
+ module Asciinema
5
+ SCRIPT_HOST = "asciinema.org".freeze
6
+ end
7
+ end
8
+ end
9
+ end
data/lib/qiita/markdown/embed/code_pen.rb CHANGED
@@ -2,8 +2,20 @@ module Qiita
2
2
  module Markdown
3
3
  module Embed
4
4
  module CodePen
5
- SCRIPT_URL = "https://production-assets.codepen.io/assets/embed/ei.js"
6
- ATTRIBUTES = %w[class data-embed-version data-slug-hash]
5
+ SCRIPT_URLS = [
6
+ "https://production-assets.codepen.io/assets/embed/ei.js",
7
+ "https://static.codepen.io/assets/embed/ei.js",
8
+ "https://cpwebassets.codepen.io/assets/embed/ei.js",
9
+ ]
10
+ CLASS_NAME = %w[codepen]
11
+ DATA_ATTRIBUTES = %w[
12
+ data-active-link-color data-active-tab-color data-animations data-border
13
+ data-border-color data-class data-custom-css-url data-default-tab
14
+ data-embed-version data-height data-link-logo-color data-pen-title
15
+ data-preview data-rerun-position data-show-tab-bar data-slug-hash
16
+ data-tab-bar-color data-tab-link-color data-theme-id data-user
17
+ ]
18
+ ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
7
19
  end
8
20
  end
9
21
  end
data/lib/qiita/markdown/embed/tweet.rb CHANGED
@@ -4,6 +4,11 @@ module Qiita
4
4
  module Tweet
5
5
  SCRIPT_URL = "https://platform.twitter.com/widgets.js"
6
6
  CLASS_NAME = %w[twitter-tweet]
7
+ DATA_ATTRIBUTES = %w[
8
+ data-align data-cards data-conversation data-dnt
9
+ data-id data-lang data-link-color data-theme data-width
10
+ ]
11
+ ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
7
12
  end
8
13
  end
9
14
  end
data/lib/qiita/markdown/filters/final_sanitizer.rb CHANGED
@@ -18,6 +18,7 @@ module Qiita
18
18
  "href",
19
19
  "rel",
20
20
  ],
21
+ "blockquote" => Embed::Tweet::ATTRIBUTES,
21
22
  "iframe" => [
22
23
  "allowfullscreen",
23
24
  "frameborder",
data/lib/qiita/markdown/filters/user_input_sanitizer.rb CHANGED
@@ -11,7 +11,7 @@ module Qiita
11
11
  ],
12
12
  attributes: {
13
13
  "a" => %w[class href rel title],
14
- "blockquote" => %w[cite class],
14
+ "blockquote" => %w[cite] + Embed::Tweet::ATTRIBUTES,
15
15
  "code" => %w[data-metadata],
16
16
  "div" => %w[class],
17
17
  "font" => %w[color],
@@ -26,7 +26,7 @@ module Qiita
26
26
  "li" => %w[id],
27
27
  "p" => Embed::CodePen::ATTRIBUTES,
28
28
  "q" => %w[cite],
29
- "script" => %w[async src],
29
+ "script" => %w[async src id],
30
30
  "sup" => %w[id],
31
31
  "td" => %w[colspan rowspan style],
32
32
  "th" => %w[colspan rowspan style],
data/lib/qiita/markdown/greenmat/html_toc_renderer.rb CHANGED
@@ -65,6 +65,12 @@ module Qiita
65
65
  def increment
66
66
  counter[id] += 1
67
67
  end
68
+
69
+ private
70
+
71
+ def body
72
+ escape_html? ? CGI.escape_html(text) : raw_body
73
+ end
68
74
  end
69
75
  end
70
76
  end
data/lib/qiita/markdown/transformers/filter_attributes.rb CHANGED
@@ -15,7 +15,7 @@ module Qiita
15
15
  "class" => %w[footnotes],
16
16
  },
17
17
  "p" => {
18
- "class" => %w[codepen],
18
+ "class" => Embed::CodePen::CLASS_NAME,
19
19
  },
20
20
  "sup" => {
21
21
  "id" => /\Afnref\d+\z/,
data/lib/qiita/markdown/transformers/filter_script.rb CHANGED
@@ -2,10 +2,14 @@ module Qiita
2
2
  module Markdown
3
3
  module Transformers
4
4
  class FilterScript
5
- WHITE_LIST = [
6
- Embed::CodePen::SCRIPT_URL,
5
+ URL_WHITE_LIST = [
6
+ Embed::CodePen::SCRIPT_URLS,
7
7
  Embed::Tweet::SCRIPT_URL,
8
- ].freeze
8
+ ].flatten.freeze
9
+
10
+ HOST_WHITE_LIST = [
11
+ Embed::Asciinema::SCRIPT_HOST,
12
+ ].flatten.freeze
9
13
 
10
14
  def self.call(*args)
11
15
  new(*args).transform
@@ -17,7 +21,7 @@ module Qiita
17
21
 
18
22
  def transform
19
23
  if name == "script"
20
- if WHITE_LIST.include?(node["src"])
24
+ if URL_WHITE_LIST.include?(node["src"]) || HOST_WHITE_LIST.include?(host_of(node["src"]))
21
25
  node["async"] = "async" unless node.attributes.key?("async")
22
26
  node.children.unlink
23
27
  else
@@ -35,6 +39,12 @@ module Qiita
35
39
  def node
36
40
  @env[:node]
37
41
  end
42
+
43
+ def host_of(url)
44
+ Addressable::URI.parse(url).host if url
45
+ rescue Addressable::URI::InvalidURIError
46
+ nil
47
+ end
38
48
  end
39
49
  end
40
50
  end
data/lib/qiita/markdown/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Qiita
2
2
  module Markdown
3
- VERSION = "0.23.0"
3
+ VERSION = "0.28.0"
4
4
  end
5
5
  end
data/qiita-markdown.gemspec CHANGED
@@ -23,12 +23,12 @@ Gem::Specification.new do |spec|
23
23
  spec.add_dependency "html-pipeline", "~> 2.0"
24
24
  spec.add_dependency "mem"
25
25
  spec.add_dependency "pygments.rb", "~> 1.0"
26
- spec.add_dependency "greenmat", "3.2.2.3"
26
+ spec.add_dependency "greenmat", "3.2.2.4"
27
27
  spec.add_dependency "sanitize"
28
28
  spec.add_dependency "addressable"
29
29
  spec.add_development_dependency "activesupport", "4.2.6"
30
30
  spec.add_development_dependency "benchmark-ips", "~> 1.2"
31
- spec.add_development_dependency "bundler", "~> 1.7"
31
+ spec.add_development_dependency "bundler"
32
32
  spec.add_development_dependency "codeclimate-test-reporter", "0.4.4"
33
33
  spec.add_development_dependency "pry"
34
34
  spec.add_development_dependency "rake", "~> 10.0"
data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb CHANGED
@@ -117,20 +117,40 @@ describe Qiita::Markdown::Greenmat::HTMLToCRenderer do
117
117
  context "with :escape_html extension" do
118
118
  let(:extension) { { escape_html: true } }
119
119
 
120
- let(:markdown) do
121
- <<-EOS.strip_heredoc
122
- # <b>R&amp;B</b>
123
- EOS
120
+ context "with heading title including HTML tags" do
121
+ let(:markdown) do
122
+ <<-EOS.strip_heredoc
123
+ # <b>R&amp;B</b>
124
+ EOS
125
+ end
126
+
127
+ it "strips HTML characters in heading title" do
128
+ should eq <<-EOS.strip_heredoc
129
+ <ul>
130
+ <li>
131
+ <a href="#rb">R&amp;B</a>
132
+ </li>
133
+ </ul>
134
+ EOS
135
+ end
124
136
  end
125
137
 
126
- it "escapes special HTML characters in heading title" do
127
- should eq <<-EOS.strip_heredoc
128
- <ul>
129
- <li>
130
- <a href="#rb">&lt;b&gt;R&amp;amp;B&lt;/b&gt;</a>
131
- </li>
132
- </ul>
133
- EOS
138
+ context "with heading title including HTML tags inside of code" do
139
+ let(:markdown) do
140
+ <<-EOS.strip_heredoc
141
+ # `<div>`
142
+ EOS
143
+ end
144
+
145
+ it "escapes HTML tags inside of code" do
146
+ should eq <<-EOS.strip_heredoc
147
+ <ul>
148
+ <li>
149
+ <a href="#div">&lt;div&gt;</a>
150
+ </li>
151
+ </ul>
152
+ EOS
153
+ end
134
154
  end
135
155
  end
136
156
  end
data/spec/qiita/markdown/processor_spec.rb CHANGED
@@ -21,9 +21,9 @@ describe Qiita::Markdown::Processor do
21
21
  shared_examples_for "basic markdown syntax" do
22
22
  context "with valid condition" do
23
23
  let(:markdown) do
24
- <<-EOS.strip_heredoc
24
+ <<-MARKDOWN.strip_heredoc
25
25
  example
26
- EOS
26
+ MARKDOWN
27
27
  end
28
28
 
29
29
  it "returns a Hash with HTML output and other metadata" do
@@ -39,9 +39,9 @@ describe Qiita::Markdown::Processor do
39
39
  end
40
40
 
41
41
  it "sanitizes them" do
42
- should eq <<-EOS.strip_heredoc
42
+ should eq <<-HTML.strip_heredoc
43
43
  <p>&lt;&gt;&amp;</p>
44
- EOS
44
+ HTML
45
45
  end
46
46
  end
47
47
 
@@ -51,24 +51,24 @@ describe Qiita::Markdown::Processor do
51
51
  end
52
52
 
53
53
  it "replaces with mailto link" do
54
- should eq <<-EOS.strip_heredoc
54
+ should eq <<-HTML.strip_heredoc
55
55
  <p><a href="mailto:test@example.com" class="autolink">test@example.com</a></p>
56
- EOS
56
+ HTML
57
57
  end
58
58
  end
59
59
 
60
60
  context "with headings" do
61
61
  let(:markdown) do
62
- <<-EOS.strip_heredoc
62
+ <<-MARKDOWN.strip_heredoc
63
63
  # a
64
64
  ## a
65
65
  ### a
66
66
  ### a
67
- EOS
67
+ MARKDOWN
68
68
  end
69
69
 
70
70
  it "adds ID for ToC" do
71
- should eq <<-EOS.strip_heredoc
71
+ should eq <<-HTML.strip_heredoc
72
72
 
73
73
  <h1>
74
74
  <span id="a" class="fragment"></span><a href="#a"><i class="fa fa-link"></i></a>a</h1>
@@ -81,48 +81,48 @@ describe Qiita::Markdown::Processor do
81
81
 
82
82
  <h3>
83
83
  <span id="a-3" class="fragment"></span><a href="#a-3"><i class="fa fa-link"></i></a>a</h3>
84
- EOS
84
+ HTML
85
85
  end
86
86
  end
87
87
 
88
88
  context "with heading whose title includes special HTML characters" do
89
89
  let(:markdown) do
90
- <<-EOS.strip_heredoc
90
+ <<-MARKDOWN.strip_heredoc
91
91
  # <b>R&amp;B</b>
92
- EOS
92
+ MARKDOWN
93
93
  end
94
94
 
95
95
  it "generates fragment identifier by sanitizing the special characters in the title" do
96
- should eq <<-EOS.strip_heredoc
96
+ should eq <<-HTML.strip_heredoc
97
97
 
98
98
  <h1>
99
99
  <span id="rb" class="fragment"></span><a href="#rb"><i class="fa fa-link"></i></a><b>R&amp;B</b>
100
100
  </h1>
101
- EOS
101
+ HTML
102
102
  end
103
103
  end
104
104
 
105
105
  context "with manually inputted heading HTML tags without id attribute" do
106
106
  let(:markdown) do
107
- <<-EOS.strip_heredoc
107
+ <<-MARKDOWN.strip_heredoc
108
108
  <h1>foo</h1>
109
- EOS
109
+ MARKDOWN
110
110
  end
111
111
 
112
112
  it "does nothing" do
113
- should eq <<-EOS.strip_heredoc
113
+ should eq <<-HTML.strip_heredoc
114
114
  <h1>foo</h1>
115
- EOS
115
+ HTML
116
116
  end
117
117
  end
118
118
 
119
119
  context "with code" do
120
120
  let(:markdown) do
121
- <<-EOS.strip_heredoc
121
+ <<-MARKDOWN.strip_heredoc
122
122
  ```foo.rb
123
123
  puts 'hello world'
124
124
  ```
125
- EOS
125
+ MARKDOWN
126
126
  end
127
127
 
128
128
  it "returns detected codes" do
@@ -138,68 +138,68 @@ describe Qiita::Markdown::Processor do
138
138
 
139
139
  context "with code & filename" do
140
140
  let(:markdown) do
141
- <<-EOS.strip_heredoc
141
+ <<-MARKDOWN.strip_heredoc
142
142
  ```example.rb
143
143
  1
144
144
  ```
145
- EOS
145
+ MARKDOWN
146
146
  end
147
147
 
148
148
  it "returns code-frame, code-lang, and highlighted pre element" do
149
- should eq <<-EOS.strip_heredoc
149
+ should eq <<-HTML.strip_heredoc
150
150
  <div class="code-frame" data-lang="ruby">
151
151
  <div class="code-lang"><span class="bold">example.rb</span></div>
152
152
  <div class="highlight"><pre><span></span><span class="mi">1</span>
153
153
  </pre></div>
154
154
  </div>
155
- EOS
155
+ HTML
156
156
  end
157
157
  end
158
158
 
159
159
  context "with code & filename with .php" do
160
160
  let(:markdown) do
161
- <<-EOS.strip_heredoc
161
+ <<-MARKDOWN.strip_heredoc
162
162
  ```example.php
163
163
  1
164
164
  ```
165
- EOS
165
+ MARKDOWN
166
166
  end
167
167
 
168
168
  it "returns PHP code-frame" do
169
- should eq <<-EOS.strip_heredoc
169
+ should eq <<-HTML.strip_heredoc
170
170
  <div class="code-frame" data-lang="php">
171
171
  <div class="code-lang"><span class="bold">example.php</span></div>
172
172
  <div class="highlight"><pre><span></span><span class="mi">1</span>
173
173
  </pre></div>
174
174
  </div>
175
- EOS
175
+ HTML
176
176
  end
177
177
  end
178
178
 
179
179
  context "with code & no filename" do
180
180
  let(:markdown) do
181
- <<-EOS.strip_heredoc
181
+ <<-MARKDOWN.strip_heredoc
182
182
  ```ruby
183
183
  1
184
184
  ```
185
- EOS
185
+ MARKDOWN
186
186
  end
187
187
 
188
188
  it "returns code-frame and highlighted pre element" do
189
- should eq <<-EOS.strip_heredoc
189
+ should eq <<-HTML.strip_heredoc
190
190
  <div class="code-frame" data-lang="ruby"><div class="highlight"><pre><span></span><span class="mi">1</span>
191
191
  </pre></div></div>
192
- EOS
192
+ HTML
193
193
  end
194
194
  end
195
195
 
196
196
  context "with undefined but aliased language" do
197
197
  let(:markdown) do
198
- <<-EOS.strip_heredoc
198
+ <<-MARKDOWN.strip_heredoc
199
199
  ```zsh
200
200
  true
201
201
  ```
202
- EOS
202
+ MARKDOWN
203
203
  end
204
204
 
205
205
  it "returns aliased language name" do
@@ -215,22 +215,22 @@ describe Qiita::Markdown::Processor do
215
215
 
216
216
  context "with code with leading and trailing newlines" do
217
217
  let(:markdown) do
218
- <<-EOS.strip_heredoc
218
+ <<-MARKDOWN.strip_heredoc
219
219
  ```
220
220
 
221
221
  foo
222
222
 
223
223
  ```
224
- EOS
224
+ MARKDOWN
225
225
  end
226
226
 
227
227
  it "does not strip the newlines" do
228
- should eq <<-EOS.strip_heredoc
228
+ should eq <<-HTML.strip_heredoc
229
229
  <div class="code-frame" data-lang="text"><div class="highlight"><pre><span></span>
230
230
  foo
231
231
 
232
232
  </pre></div></div>
233
- EOS
233
+ HTML
234
234
  end
235
235
  end
236
236
 
@@ -240,9 +240,9 @@ describe Qiita::Markdown::Processor do
240
240
  end
241
241
 
242
242
  it "replaces mention with link" do
243
- should include(<<-EOS.strip_heredoc.rstrip)
243
+ should include(<<-HTML.strip_heredoc.rstrip)
244
244
  <a href="/alice" class="user-mention js-hovercard" title="alice" data-hovercard-target-type="user" data-hovercard-target-name="alice">@alice</a>
245
- EOS
245
+ HTML
246
246
  end
247
247
  end
248
248
 
@@ -252,15 +252,15 @@ describe Qiita::Markdown::Processor do
252
252
  end
253
253
 
254
254
  it "replaces mention with link" do
255
- should include(<<-EOS.strip_heredoc.rstrip)
255
+ should include(<<-HTML.strip_heredoc.rstrip)
256
256
  <a href="/al" class="user-mention js-hovercard" title="al" data-hovercard-target-type="user" data-hovercard-target-name="al">@al</a>
257
- EOS
257
+ HTML
258
258
  end
259
259
  end
260
260
 
261
261
  context "with mentions in complex patterns" do
262
262
  let(:markdown) do
263
- <<-EOS.strip_heredoc
263
+ <<-MARKDOWN.strip_heredoc
264
264
  @alice
265
265
 
266
266
  ```
@@ -280,7 +280,7 @@ describe Qiita::Markdown::Processor do
280
280
  @-o
281
281
  @o_
282
282
  @_o
283
- EOS
283
+ MARKDOWN
284
284
  end
285
285
 
286
286
  it "extracts mentions correctly" do
@@ -300,21 +300,21 @@ describe Qiita::Markdown::Processor do
300
300
 
301
301
  context "with mention-like filename on code block" do
302
302
  let(:markdown) do
303
- <<-EOS.strip_heredoc
303
+ <<-MARKDOWN.strip_heredoc
304
304
  ```ruby:@alice
305
305
  1
306
306
  ```
307
- EOS
307
+ MARKDOWN
308
308
  end
309
309
 
310
310
  it "does not treat it as mention" do
311
- should include(<<-EOS.strip_heredoc.rstrip)
311
+ should include(<<-HTML.strip_heredoc.rstrip)
312
312
  <div class="code-frame" data-lang="ruby">
313
313
  <div class="code-lang"><span class="bold">@alice</span></div>
314
314
  <div class="highlight"><pre><span></span><span class="mi">1</span>
315
315
  </pre></div>
316
316
  </div>
317
- EOS
317
+ HTML
318
318
  end
319
319
  end
320
320
 
@@ -324,11 +324,11 @@ describe Qiita::Markdown::Processor do
324
324
  end
325
325
 
326
326
  it "does not replace mention with link" do
327
- should include(<<-EOS.strip_heredoc.rstrip)
327
+ should include(<<-HTML.strip_heredoc.rstrip)
328
328
  <blockquote>
329
329
  <p>@alice</p>
330
330
  </blockquote>
331
- EOS
331
+ HTML
332
332
  end
333
333
  end
334
334
 
@@ -338,9 +338,9 @@ describe Qiita::Markdown::Processor do
338
338
  end
339
339
 
340
340
  it "does not emphasize the name" do
341
- should include(<<-EOS.strip_heredoc.rstrip)
341
+ should include(<<-HTML.strip_heredoc.rstrip)
342
342
  <a href="/_alice_" class="user-mention js-hovercard" title="_alice_" data-hovercard-target-type="user" data-hovercard-target-name="_alice_">@_alice_</a>
343
- EOS
343
+ HTML
344
344
  end
345
345
  end
346
346
 
@@ -350,10 +350,10 @@ describe Qiita::Markdown::Processor do
350
350
  end
351
351
 
352
352
  let(:markdown) do
353
- <<-EOS.strip_heredoc
353
+ <<-MARKDOWN.strip_heredoc
354
354
  @alice
355
355
  @bob
356
- EOS
356
+ MARKDOWN
357
357
  end
358
358
 
359
359
  it "limits mentions to allowed usernames" do
@@ -371,9 +371,9 @@ describe Qiita::Markdown::Processor do
371
371
  end
372
372
 
373
373
  it "links it and reports all allowed users as mentioned user names" do
374
- should include(<<-EOS.strip_heredoc.rstrip)
374
+ should include(<<-HTML.strip_heredoc.rstrip)
375
375
  <a href="/" class="user-mention" title="all">@all</a>
376
- EOS
376
+ HTML
377
377
  expect(result[:mentioned_usernames]).to eq context[:allowed_usernames]
378
378
  end
379
379
  end
@@ -409,9 +409,9 @@ describe Qiita::Markdown::Processor do
409
409
  end
410
410
 
411
411
  it "does not replace it" do
412
- is_expected.to eq <<-EOS.strip_heredoc
412
+ is_expected.to eq <<-HTML.strip_heredoc
413
413
  <p>@alice/bob</p>
414
- EOS
414
+ HTML
415
415
  end
416
416
  end
417
417
 
@@ -427,9 +427,9 @@ describe Qiita::Markdown::Processor do
427
427
  end
428
428
 
429
429
  it "replaces it with preferred link and updates :mentioned_groups" do
430
- is_expected.to eq <<-EOS.strip_heredoc
430
+ is_expected.to eq <<-HTML.strip_heredoc
431
431
  <p><a href="https://alice.example.com/groups/bob" rel="nofollow noopener" target="_blank">@alice/bob</a></p>
432
- EOS
432
+ HTML
433
433
  expect(result[:mentioned_groups]).to eq [{
434
434
  group_url_name: "bob",
435
435
  team_url_name: "alice",
@@ -459,9 +459,9 @@ describe Qiita::Markdown::Processor do
459
459
  end
460
460
 
461
461
  it "creates link for that" do
462
- should eq <<-EOS.strip_heredoc
462
+ should eq <<-HTML.strip_heredoc
463
463
  <p><a href="/example"></a></p>
464
- EOS
464
+ HTML
465
465
  end
466
466
  end
467
467
 
@@ -471,9 +471,9 @@ describe Qiita::Markdown::Processor do
471
471
  end
472
472
 
473
473
  it "creates link for that" do
474
- should eq <<-EOS.strip_heredoc
474
+ should eq <<-HTML.strip_heredoc
475
475
  <p><a href="#example"></a></p>
476
- EOS
476
+ HTML
477
477
  end
478
478
  end
479
479
 
@@ -483,9 +483,9 @@ describe Qiita::Markdown::Processor do
483
483
  end
484
484
 
485
485
  it "creates link for that with the title" do
486
- should eq <<-EOS.strip_heredoc
486
+ should eq <<-HTML.strip_heredoc
487
487
  <p><a href="/example" title="Title"></a></p>
488
- EOS
488
+ HTML
489
489
  end
490
490
  end
491
491
 
@@ -508,9 +508,9 @@ describe Qiita::Markdown::Processor do
508
508
  end
509
509
 
510
510
  it "removes that link by creating empty a element" do
511
- should eq <<-EOS.strip_heredoc
511
+ should eq <<-HTML.strip_heredoc
512
512
  <p><a></a></p>
513
- EOS
513
+ HTML
514
514
  end
515
515
  end
516
516
 
@@ -526,11 +526,11 @@ describe Qiita::Markdown::Processor do
526
526
 
527
527
  context "with emoji in pre or code element" do
528
528
  let(:markdown) do
529
- <<-EOS.strip_heredoc
529
+ <<-MARKDOWN.strip_heredoc
530
530
  ```
531
531
  :+1:
532
532
  ```
533
- EOS
533
+ MARKDOWN
534
534
  end
535
535
 
536
536
  it "does not replace it" do
@@ -573,11 +573,11 @@ describe Qiita::Markdown::Processor do
573
573
 
574
574
  context "with colon-only label" do
575
575
  let(:markdown) do
576
- <<-EOS.strip_heredoc
576
+ <<-MARKDOWN.strip_heredoc
577
577
  ```:
578
578
  1
579
579
  ```
580
- EOS
580
+ MARKDOWN
581
581
  end
582
582
 
583
583
  it "does not replace it" do
@@ -597,42 +597,42 @@ describe Qiita::Markdown::Processor do
597
597
  end
598
598
 
599
599
  it "allows font element with color attribute" do
600
- should eq <<-EOS.strip_heredoc
600
+ should eq <<-HTML.strip_heredoc
601
601
  <p>#{markdown}</p>
602
- EOS
602
+ HTML
603
603
  end
604
604
  end
605
605
 
606
606
  context "with task list" do
607
607
  let(:markdown) do
608
- <<-EOS.strip_heredoc
608
+ <<-MARKDOWN.strip_heredoc
609
609
  - [ ] a
610
610
  - [x] b
611
- EOS
611
+ MARKDOWN
612
612
  end
613
613
 
614
614
  it "inserts checkbox" do
615
- should eq <<-EOS.strip_heredoc
615
+ should eq <<-HTML.strip_heredoc
616
616
  <ul>
617
617
  <li class="task-list-item">
618
618
  <input type="checkbox" class="task-list-item-checkbox" disabled>a</li>
619
619
  <li class="task-list-item">
620
620
  <input type="checkbox" class="task-list-item-checkbox" checked disabled>b</li>
621
621
  </ul>
622
- EOS
622
+ HTML
623
623
  end
624
624
  end
625
625
 
626
626
  context "with nested task list" do
627
627
  let(:markdown) do
628
- <<-EOS.strip_heredoc
628
+ <<-MARKDOWN.strip_heredoc
629
629
  - [ ] a
630
630
  - [ ] b
631
- EOS
631
+ MARKDOWN
632
632
  end
633
633
 
634
634
  it "inserts checkbox" do
635
- should eq <<-EOS.strip_heredoc
635
+ should eq <<-HTML.strip_heredoc
636
636
  <ul>
637
637
  <li class="task-list-item">
638
638
  <input type="checkbox" class="task-list-item-checkbox" disabled>a
@@ -643,45 +643,45 @@ describe Qiita::Markdown::Processor do
643
643
  </ul>
644
644
  </li>
645
645
  </ul>
646
- EOS
646
+ HTML
647
647
  end
648
648
  end
649
649
 
650
650
  context "with task list in code block" do
651
651
  let(:markdown) do
652
- <<-EOS.strip_heredoc
652
+ <<-MARKDOWN.strip_heredoc
653
653
  ```
654
654
  - [ ] a
655
655
  - [x] b
656
656
  ```
657
- EOS
657
+ MARKDOWN
658
658
  end
659
659
 
660
660
  it "does not replace checkbox" do
661
- should eq <<-EOS.strip_heredoc
661
+ should eq <<-HTML.strip_heredoc
662
662
  <div class="code-frame" data-lang="text"><div class="highlight"><pre><span></span>- [ ] a
663
663
  - [x] b
664
664
  </pre></div></div>
665
- EOS
665
+ HTML
666
666
  end
667
667
  end
668
668
 
669
669
  context "with empty line between task list" do
670
670
  let(:markdown) do
671
- <<-EOS.strip_heredoc
671
+ <<-MARKDOWN.strip_heredoc
672
672
  - [ ] a
673
673
 
674
674
  - [x] b
675
- EOS
675
+ MARKDOWN
676
676
  end
677
677
 
678
678
  it "inserts checkbox" do
679
- should eq <<-EOS.strip_heredoc
679
+ should eq <<-HTML.strip_heredoc
680
680
  <ul>
681
681
  <li class="task-list-item"><p><input type="checkbox" class="task-list-item-checkbox" disabled>a</p></li>
682
682
  <li class="task-list-item"><p><input type="checkbox" class="task-list-item-checkbox" checked disabled>b</p></li>
683
683
  </ul>
684
- EOS
684
+ HTML
685
685
  end
686
686
  end
687
687
 
@@ -691,25 +691,25 @@ describe Qiita::Markdown::Processor do
691
691
  end
692
692
 
693
693
  it "inserts checkbox" do
694
- should eq <<-EOS.strip_heredoc
694
+ should eq <<-HTML.strip_heredoc
695
695
  <ul>
696
696
  <li>
697
697
  </ul>
698
- EOS
698
+ HTML
699
699
  end
700
700
  end
701
701
 
702
702
  context "with text-aligned table" do
703
703
  let(:markdown) do
704
- <<-EOS.strip_heredoc
704
+ <<-MARKDOWN.strip_heredoc
705
705
  | a | b | c |
706
706
  |:---|---:|:---:|
707
707
  | a | b | c |
708
- EOS
708
+ MARKDOWN
709
709
  end
710
710
 
711
711
  it "creates table element with text-align style" do
712
- should eq <<-EOS.strip_heredoc
712
+ should eq <<-HTML.strip_heredoc
713
713
  <table>
714
714
  <thead>
715
715
  <tr>
@@ -726,20 +726,20 @@ describe Qiita::Markdown::Processor do
726
726
  </tr>
727
727
  </tbody>
728
728
  </table>
729
- EOS
729
+ HTML
730
730
  end
731
731
  end
732
732
 
733
733
  context "with footenotes syntax" do
734
734
  let(:markdown) do
735
- <<-EOS.strip_heredoc
735
+ <<-MARKDOWN.strip_heredoc
736
736
  [^1]
737
737
  [^1]: test
738
- EOS
738
+ MARKDOWN
739
739
  end
740
740
 
741
741
  it "generates footnotes elements" do
742
- should eq <<-EOS.strip_heredoc
742
+ should eq <<-HTML.strip_heredoc
743
743
  <p><sup id="fnref1"><a href="#fn1" rel="footnote" title="test">1</a></sup></p>
744
744
 
745
745
  <div class="footnotes">
@@ -752,35 +752,35 @@ describe Qiita::Markdown::Processor do
752
752
 
753
753
  </ol>
754
754
  </div>
755
- EOS
755
+ HTML
756
756
  end
757
757
  end
758
758
 
759
759
  context "with manually written link inside of <sup> tag" do
760
760
  let(:markdown) do
761
- <<-EOS.strip_heredoc
761
+ <<-MARKDOWN.strip_heredoc
762
762
  <sup>[Example](http://example.com/)</sup>
763
- EOS
763
+ MARKDOWN
764
764
  end
765
765
 
766
766
  it "does not confuse the structure with automatically generated footnote reference" do
767
- should eq <<-EOS.strip_heredoc
767
+ should eq <<-HTML.strip_heredoc
768
768
  <p><sup><a href="http://example.com/">Example</a></sup></p>
769
- EOS
769
+ HTML
770
770
  end
771
771
  end
772
772
 
773
773
  context "with manually written <a> tag with strange href inside of <sup> tag" do
774
774
  let(:markdown) do
775
- <<-EOS.strip_heredoc
775
+ <<-MARKDOWN.strip_heredoc
776
776
  <sup><a href="#foo.1">Link</a></sup>
777
- EOS
777
+ MARKDOWN
778
778
  end
779
779
 
780
780
  it "does not confuse the structure with automatically generated footnote reference" do
781
- should eq <<-EOS.strip_heredoc
781
+ should eq <<-HTML.strip_heredoc
782
782
  <p><sup><a href="#foo.1">Link</a></sup></p>
783
- EOS
783
+ HTML
784
784
  end
785
785
  end
786
786
 
@@ -790,16 +790,16 @@ describe Qiita::Markdown::Processor do
790
790
  end
791
791
 
792
792
  let(:markdown) do
793
- <<-EOS.strip_heredoc
793
+ <<-MARKDOWN.strip_heredoc
794
794
  [^1]
795
795
  [^1]: test
796
- EOS
796
+ MARKDOWN
797
797
  end
798
798
 
799
799
  it "does not generate footnote elements" do
800
- should eq <<-EOS.strip_heredoc
800
+ should eq <<-HTML.strip_heredoc
801
801
  <p><a href="test">^1</a></p>
802
- EOS
802
+ HTML
803
803
  end
804
804
  end
805
805
 
@@ -813,9 +813,9 @@ describe Qiita::Markdown::Processor do
813
813
  end
814
814
 
815
815
  let(:markdown) do
816
- <<-EOS.strip_heredoc
816
+ <<-MARKDOWN.strip_heredoc
817
817
  :foo: :o: :x:
818
- EOS
818
+ MARKDOWN
819
819
  end
820
820
 
821
821
  it "replaces only the specified emoji names with img elements with custom URL" do
@@ -1036,9 +1036,9 @@ describe Qiita::Markdown::Processor do
1036
1036
  shared_examples_for "script element" do |allowed:|
1037
1037
  context "with script element" do
1038
1038
  let(:markdown) do
1039
- <<-EOS.strip_heredoc
1039
+ <<-MARKDOWN.strip_heredoc
1040
1040
  <script>alert(1)</script>
1041
- EOS
1041
+ MARKDOWN
1042
1042
  end
1043
1043
 
1044
1044
  if allowed
@@ -1048,9 +1048,9 @@ describe Qiita::Markdown::Processor do
1048
1048
 
1049
1049
  context "and allowed attributes" do
1050
1050
  let(:markdown) do
1051
- <<-EOS.strip_heredoc
1051
+ <<-MARKDOWN.strip_heredoc
1052
1052
  <p><script async data-a="b" type="text/javascript">alert(1)</script></p>
1053
- EOS
1053
+ MARKDOWN
1054
1054
  end
1055
1055
 
1056
1056
  it "allows data-attributes" do
@@ -1068,32 +1068,32 @@ describe Qiita::Markdown::Processor do
1068
1068
  shared_examples_for "malicious script in filename" do |allowed:|
1069
1069
  context "with malicious script in filename" do
1070
1070
  let(:markdown) do
1071
- <<-EOS.strip_heredoc
1071
+ <<-MARKDOWN.strip_heredoc
1072
1072
  ```js:test<script>alert(1)</script>
1073
1073
  1
1074
1074
  ```
1075
- EOS
1075
+ MARKDOWN
1076
1076
  end
1077
1077
 
1078
1078
  if allowed
1079
1079
  it "does not sanitize script element" do
1080
- should eq <<-EOS.strip_heredoc
1080
+ should eq <<-HTML.strip_heredoc
1081
1081
  <div class="code-frame" data-lang="js">
1082
1082
  <div class="code-lang"><span class="bold">test<script>alert(1)</script></span></div>
1083
1083
  <div class="highlight"><pre><span></span><span class="mi">1</span>
1084
1084
  </pre></div>
1085
1085
  </div>
1086
- EOS
1086
+ HTML
1087
1087
  end
1088
1088
  else
1089
1089
  it "sanitizes script element" do
1090
- should eq <<-EOS.strip_heredoc
1090
+ should eq <<-HTML.strip_heredoc
1091
1091
  <div class="code-frame" data-lang="js">
1092
1092
  <div class="code-lang"><span class="bold">test</span></div>
1093
1093
  <div class="highlight"><pre><span></span><span class="mi">1</span>
1094
1094
  </pre></div>
1095
1095
  </div>
1096
- EOS
1096
+ HTML
1097
1097
  end
1098
1098
  end
1099
1099
  end
@@ -1102,9 +1102,9 @@ describe Qiita::Markdown::Processor do
1102
1102
  shared_examples_for "iframe element" do |allowed:|
1103
1103
  context "with iframe" do
1104
1104
  let(:markdown) do
1105
- <<-EOS.strip_heredoc
1105
+ <<-MARKDOWN.strip_heredoc
1106
1106
  <iframe width="1" height="2" src="//example.com" frameborder="0" allowfullscreen></iframe>
1107
- EOS
1107
+ MARKDOWN
1108
1108
  end
1109
1109
 
1110
1110
  if allowed
@@ -1122,9 +1122,9 @@ describe Qiita::Markdown::Processor do
1122
1122
  shared_examples_for "input element" do |allowed:|
1123
1123
  context "with input" do
1124
1124
  let(:markdown) do
1125
- <<-EOS.strip_heredoc
1125
+ <<-MARKDOWN.strip_heredoc
1126
1126
  <input type="checkbox"> foo
1127
- EOS
1127
+ MARKDOWN
1128
1128
  end
1129
1129
 
1130
1130
  if allowed
@@ -1142,44 +1142,66 @@ describe Qiita::Markdown::Processor do
1142
1142
  shared_examples_for "data-attributes" do |allowed:|
1143
1143
  context "with data-attributes for general tags" do
1144
1144
  let(:markdown) do
1145
- <<-EOS.strip_heredoc
1145
+ <<-MARKDOWN.strip_heredoc
1146
1146
  <div data-a="b"></div>
1147
- EOS
1147
+ MARKDOWN
1148
1148
  end
1149
1149
 
1150
1150
  if allowed
1151
1151
  it "does not sanitize data-attributes" do
1152
- should eq <<-EOS.strip_heredoc
1152
+ should eq <<-HTML.strip_heredoc
1153
1153
  <div data-a="b"></div>
1154
- EOS
1154
+ HTML
1155
1155
  end
1156
1156
  else
1157
1157
  it "sanitizes data-attributes" do
1158
- should eq <<-EOS.strip_heredoc
1158
+ should eq <<-HTML.strip_heredoc
1159
1159
  <div></div>
1160
- EOS
1160
+ HTML
1161
+ end
1162
+ end
1163
+ end
1164
+
1165
+ context "with data-attributes for <blockquote> tag" do
1166
+ let(:markdown) do
1167
+ <<-MARKDOWN.strip_heredoc
1168
+ <blockquote data-theme="a" data-malicious="b"></blockquote>
1169
+ MARKDOWN
1170
+ end
1171
+
1172
+ if allowed
1173
+ it "does not sanitize data-attributes" do
1174
+ should eq <<-HTML.strip_heredoc
1175
+ <blockquote data-theme="a" data-malicious="b"></blockquote>
1176
+ HTML
1177
+ end
1178
+ else
1179
+ it "sanitizes data-attributes except the attributes used by tweet" do
1180
+ should eq <<-HTML.strip_heredoc
1181
+ <blockquote data-theme="a"></blockquote>
1182
+ HTML
1161
1183
  end
1162
1184
  end
1163
1185
  end
1164
1186
 
1165
1187
  context "with data-attributes for <p> tag" do
1166
1188
  let(:markdown) do
1167
- <<-EOS.strip_heredoc
1189
+ <<-MARKDOWN.strip_heredoc
1168
1190
  <p data-slug-hash="a" data-malicious="b"></p>
1169
- EOS
1191
+ MARKDOWN
1170
1192
  end
1171
1193
 
1172
1194
  if allowed
1173
1195
  it "does not sanitize data-attributes" do
1174
- should eq <<-EOS.strip_heredoc
1196
+ should eq <<-HTML.strip_heredoc
1175
1197
  <p data-slug-hash="a" data-malicious="b"></p>
1176
- EOS
1198
+ HTML
1177
1199
  end
1178
1200
  else
1179
1201
  it "sanitizes data-attributes except the attributes used by codepen" do
1180
- should eq <<-EOS.strip_heredoc
1202
+ should eq <<-HTML.strip_heredoc
1181
1203
  <p data-slug-hash="a"></p>
1182
- EOS
1204
+ HTML
1183
1205
  end
1184
1206
  end
1185
1207
  end
@@ -1204,91 +1226,91 @@ describe Qiita::Markdown::Processor do
1204
1226
 
1205
1227
  context "with class attribute for <a> tag" do
1206
1228
  let(:markdown) do
1207
- <<-EOS.strip_heredoc
1229
+ <<-MARKDOWN.strip_heredoc
1208
1230
  <a href="foo" class="malicious-class">foo</a>
1209
1231
  http://qiita.com/
1210
- EOS
1232
+ MARKDOWN
1211
1233
  end
1212
1234
 
1213
1235
  if allowed
1214
1236
  it "does not sanitize the classes" do
1215
- should eq <<-EOS.strip_heredoc
1237
+ should eq <<-HTML.strip_heredoc
1216
1238
  <p><a href="foo" class="malicious-class">foo</a><br>
1217
1239
  <a href="http://qiita.com/" class="autolink" rel="nofollow noopener" target="_blank">http://qiita.com/</a></p>
1218
- EOS
1240
+ HTML
1219
1241
  end
1220
1242
  else
1221
1243
  it "sanitizes classes except `autolink`" do
1222
- should eq <<-EOS.strip_heredoc
1244
+ should eq <<-HTML.strip_heredoc
1223
1245
  <p><a href="foo" class="">foo</a><br>
1224
1246
  <a href="http://qiita.com/" class="autolink" rel="nofollow noopener" target="_blank">http://qiita.com/</a></p>
1225
- EOS
1247
+ HTML
1226
1248
  end
1227
1249
  end
1228
1250
  end
1229
1251
 
1230
1252
  context "with class attribute for <blockquote> tag" do
1231
1253
  let(:markdown) do
1232
- <<-EOS.strip_heredoc
1254
+ <<-MARKDOWN.strip_heredoc
1233
1255
  <blockquote class="twitter-tweet malicious-class">foo</blockquote>
1234
- EOS
1256
+ MARKDOWN
1235
1257
  end
1236
1258
 
1237
1259
  if allowed
1238
1260
  it "does not sanitize the classes" do
1239
- should eq <<-EOS.strip_heredoc
1261
+ should eq <<-HTML.strip_heredoc
1240
1262
  <blockquote class="twitter-tweet malicious-class">foo</blockquote>
1241
- EOS
1263
+ HTML
1242
1264
  end
1243
1265
  else
1244
1266
  it "sanitizes classes except `twitter-tweet`" do
1245
- should eq <<-EOS.strip_heredoc
1267
+ should eq <<-HTML.strip_heredoc
1246
1268
  <blockquote class="twitter-tweet">foo</blockquote>
1247
- EOS
1269
+ HTML
1248
1270
  end
1249
1271
  end
1250
1272
  end
1251
1273
 
1252
1274
  context "with class attribute for <div> tag" do
1253
1275
  let(:markdown) do
1254
- <<-EOS.strip_heredoc
1276
+ <<-MARKDOWN.strip_heredoc
1255
1277
  <div class="footnotes malicious-class">foo</div>
1256
- EOS
1278
+ MARKDOWN
1257
1279
  end
1258
1280
 
1259
1281
  if allowed
1260
1282
  it "does not sanitize the classes" do
1261
- should eq <<-EOS.strip_heredoc
1283
+ should eq <<-HTML.strip_heredoc
1262
1284
  <div class="footnotes malicious-class">foo</div>
1263
- EOS
1285
+ HTML
1264
1286
  end
1265
1287
  else
1266
1288
  it "sanitizes classes except `footnotes`" do
1267
- should eq <<-EOS.strip_heredoc
1289
+ should eq <<-HTML.strip_heredoc
1268
1290
  <div class="footnotes">foo</div>
1269
- EOS
1291
+ HTML
1270
1292
  end
1271
1293
  end
1272
1294
  end
1273
1295
 
1274
1296
  context "with class attribute for <p> tag" do
1275
1297
  let(:markdown) do
1276
- <<-EOS.strip_heredoc
1298
+ <<-MARKDOWN.strip_heredoc
1277
1299
  <p class="codepen malicious-class">foo</p>
1278
- EOS
1300
+ MARKDOWN
1279
1301
  end
1280
1302
 
1281
1303
  if allowed
1282
1304
  it "does not sanitize the classes" do
1283
- should eq <<-EOS.strip_heredoc
1305
+ should eq <<-HTML.strip_heredoc
1284
1306
  <p class="codepen malicious-class">foo</p>
1285
- EOS
1307
+ HTML
1286
1308
  end
1287
1309
  else
1288
1310
  it "sanitizes classes except `codepen`" do
1289
- should eq <<-EOS.strip_heredoc
1311
+ should eq <<-HTML.strip_heredoc
1290
1312
  <p class="codepen">foo</p>
1291
- EOS
1313
+ HTML
1292
1314
  end
1293
1315
  end
1294
1316
  end
@@ -1313,55 +1335,93 @@ describe Qiita::Markdown::Processor do
1313
1335
  end
1314
1336
 
1315
1337
  shared_examples_for "override embed code attributes" do |allowed:|
1316
- context "with HTML embed code for CodePen" do
1338
+ context "with HTML embed code for CodePen using old script url" do
1317
1339
  let(:markdown) do
1318
- <<-EOS.strip_heredoc
1340
+ <<-MARKDOWN.strip_heredoc
1319
1341
  <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>
1320
1342
  <script src="https://production-assets.codepen.io/assets/embed/ei.js"></script>
1321
- EOS
1343
+ MARKDOWN
1322
1344
  end
1323
1345
 
1324
1346
  if allowed
1325
1347
  it "does not sanitize embed code" do
1326
- should eq <<-EOS.strip_heredoc
1348
+ should eq <<-HTML.strip_heredoc
1327
1349
  <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1328
1350
  <script src="https://production-assets.codepen.io/assets/embed/ei.js"></script>
1329
- EOS
1351
+ HTML
1330
1352
  end
1331
1353
  else
1332
- it "sanitizes data-attributes except the minimum attributes and force async attribute" do
1333
- should eq <<-EOS.strip_heredoc
1334
- <p data-slug-hash="foo" data-embed-version="2" class="codepen"></p>\n
1354
+ it "forces async attribute on script" do
1355
+ should eq <<-HTML.strip_heredoc
1356
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1335
1357
  <script src="https://production-assets.codepen.io/assets/embed/ei.js" async="async"></script>
1336
- EOS
1358
+ HTML
1337
1359
  end
1338
1360
  end
1339
1361
  end
1340
1362
 
1341
- context "with embed code for Tweet" do
1363
+ context "with HTML embed code for CodePen" do
1342
1364
  let(:markdown) do
1343
- <<-EOS.strip_heredoc
1344
- <blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>
1345
- <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
1346
- EOS
1365
+ <<-MARKDOWN.strip_heredoc
1366
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>
1367
+ <script src="https://static.codepen.io/assets/embed/ei.js"></script>
1368
+ MARKDOWN
1369
+ end
1370
+
1371
+ if allowed
1372
+ it "does not sanitize embed code" do
1373
+ should eq <<-HTML.strip_heredoc
1374
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1375
+ <script src="https://static.codepen.io/assets/embed/ei.js"></script>
1376
+ HTML
1377
+ end
1378
+ else
1379
+ it "forces async attribute on script" do
1380
+ should eq <<-HTML.strip_heredoc
1381
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1382
+ <script src="https://static.codepen.io/assets/embed/ei.js" async="async"></script>
1383
+ HTML
1384
+ end
1385
+ end
1386
+ end
1387
+
1388
+ context "with HTML embed code for Asciinema" do
1389
+ let(:markdown) do
1390
+ <<-MARKDOWN.strip_heredoc
1391
+ <script id="example" src="https://asciinema.org/a/example.js"></script>
1392
+ MARKDOWN
1347
1393
  end
1348
1394
 
1349
1395
  if allowed
1350
1396
  it "does not sanitize embed code" do
1351
- should eq <<-EOS.strip_heredoc
1352
- <blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>\n
1353
- <script async src="https://platform.twitter.com/widgets.js"></script>
1354
- EOS
1397
+ should eq <<-HTML.strip_heredoc
1398
+ <script id="example" src="https://asciinema.org/a/example.js"></script>
1399
+ HTML
1355
1400
  end
1356
1401
  else
1357
- it "sanitizes attributes except `twitter-tweet` class" do
1358
- should eq <<-EOS.strip_heredoc
1359
- <blockquote class="twitter-tweet">foo</blockquote>\n
1360
- <script async src="https://platform.twitter.com/widgets.js"></script>
1361
- EOS
1402
+ it "forces async attribute on script" do
1403
+ should eq <<-HTML.strip_heredoc
1404
+ <script id="example" src="https://asciinema.org/a/example.js" async="async"></script>
1405
+ HTML
1362
1406
  end
1363
1407
  end
1364
1408
  end
1409
+
1410
+ context "with embed code for Tweet" do
1411
+ let(:markdown) do
1412
+ <<-MARKDOWN.strip_heredoc
1413
+ <blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>
1414
+ <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
1415
+ MARKDOWN
1416
+ end
1417
+
1418
+ it "does not sanitize embed code" do
1419
+ should eq <<-HTML.strip_heredoc
1420
+ <blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>\n
1421
+ <script async src="https://platform.twitter.com/widgets.js"></script>
1422
+ HTML
1423
+ end
1424
+ end
1365
1425
  end
1366
1426
 
1367
1427
  context "without script and strict context" do