qiita-markdown 0.26.0 → 0.27.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of qiita-markdown might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/qiita/markdown.rb +1 -0
- data/lib/qiita/markdown/embed/asciinema.rb +9 -0
- data/lib/qiita/markdown/filters/user_input_sanitizer.rb +1 -1
- data/lib/qiita/markdown/transformers/filter_script.rb +12 -2
- data/lib/qiita/markdown/version.rb +1 -1
- data/qiita-markdown.gemspec +1 -1
- data/spec/qiita/markdown/processor_spec.rb +22 -0
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e5daef53080035aaeb3d6330fd29a92c62edfb4daf432c62f4617f2683682ab1
|
|
4
|
+
data.tar.gz: 8bd27e4fb3b789cbbe98ca99dd987277091f262509d4a596996942ead45ae9ca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f38d622bdfcec12a795998a31b9dec566583542837024bb9ad6c0c88531b16b759774966ad0925d03d06f3c58de9d81192b074c6ed82c57b26caa7c5a7b93332
|
|
7
|
+
data.tar.gz: 4c22a80c6be7cb94ee7cc5e1a3966a788aae38f6e72e0784a42678d472cc1081dbd626f89d98250fea91e4000081fc949334d276b09869896cca4b005155e51b
|
data/CHANGELOG.md
CHANGED
data/lib/qiita/markdown.rb
CHANGED
|
@@ -9,6 +9,7 @@ require "sanitize"
|
|
|
9
9
|
|
|
10
10
|
require "qiita/markdown/embed/code_pen"
|
|
11
11
|
require "qiita/markdown/embed/tweet"
|
|
12
|
+
require "qiita/markdown/embed/asciinema"
|
|
12
13
|
require "qiita/markdown/transformers/filter_attributes"
|
|
13
14
|
require "qiita/markdown/transformers/filter_script"
|
|
14
15
|
require "qiita/markdown/transformers/strip_invalid_node"
|
|
@@ -2,11 +2,15 @@ module Qiita
|
|
|
2
2
|
module Markdown
|
|
3
3
|
module Transformers
|
|
4
4
|
class FilterScript
|
|
5
|
-
|
|
5
|
+
URL_WHITE_LIST = [
|
|
6
6
|
Embed::CodePen::SCRIPT_URLS,
|
|
7
7
|
Embed::Tweet::SCRIPT_URL,
|
|
8
8
|
].flatten.freeze
|
|
9
9
|
|
|
10
|
+
HOST_WHITE_LIST = [
|
|
11
|
+
Embed::Asciinema::SCRIPT_HOST,
|
|
12
|
+
].flatten.freeze
|
|
13
|
+
|
|
10
14
|
def self.call(*args)
|
|
11
15
|
new(*args).transform
|
|
12
16
|
end
|
|
@@ -17,7 +21,7 @@ module Qiita
|
|
|
17
21
|
|
|
18
22
|
def transform
|
|
19
23
|
if name == "script"
|
|
20
|
-
if
|
|
24
|
+
if URL_WHITE_LIST.include?(node["src"]) || HOST_WHITE_LIST.include?(host_of(node["src"]))
|
|
21
25
|
node["async"] = "async" unless node.attributes.key?("async")
|
|
22
26
|
node.children.unlink
|
|
23
27
|
else
|
|
@@ -35,6 +39,12 @@ module Qiita
|
|
|
35
39
|
def node
|
|
36
40
|
@env[:node]
|
|
37
41
|
end
|
|
42
|
+
|
|
43
|
+
def host_of(url)
|
|
44
|
+
Addressable::URI.parse(url).host if url
|
|
45
|
+
rescue Addressable::URI::InvalidURIError
|
|
46
|
+
nil
|
|
47
|
+
end
|
|
38
48
|
end
|
|
39
49
|
end
|
|
40
50
|
end
|
data/qiita-markdown.gemspec
CHANGED
|
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.add_dependency "addressable"
|
|
29
29
|
spec.add_development_dependency "activesupport", "4.2.6"
|
|
30
30
|
spec.add_development_dependency "benchmark-ips", "~> 1.2"
|
|
31
|
-
spec.add_development_dependency "bundler"
|
|
31
|
+
spec.add_development_dependency "bundler"
|
|
32
32
|
spec.add_development_dependency "codeclimate-test-reporter", "0.4.4"
|
|
33
33
|
spec.add_development_dependency "pry"
|
|
34
34
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
@@ -1385,6 +1385,28 @@ describe Qiita::Markdown::Processor do
|
|
|
1385
1385
|
end
|
|
1386
1386
|
end
|
|
1387
1387
|
|
|
1388
|
+
context "with HTML embed code for Asciinema" do
|
|
1389
|
+
let(:markdown) do
|
|
1390
|
+
<<-MARKDOWN.strip_heredoc
|
|
1391
|
+
<script id="example" src="https://asciinema.org/a/example.js"></script>
|
|
1392
|
+
MARKDOWN
|
|
1393
|
+
end
|
|
1394
|
+
|
|
1395
|
+
if allowed
|
|
1396
|
+
it "does not sanitize embed code" do
|
|
1397
|
+
should eq <<-HTML.strip_heredoc
|
|
1398
|
+
<script id="example" src="https://asciinema.org/a/example.js"></script>
|
|
1399
|
+
HTML
|
|
1400
|
+
end
|
|
1401
|
+
else
|
|
1402
|
+
it "forces async attribute on script" do
|
|
1403
|
+
should eq <<-HTML.strip_heredoc
|
|
1404
|
+
<script id="example" src="https://asciinema.org/a/example.js" async="async"></script>
|
|
1405
|
+
HTML
|
|
1406
|
+
end
|
|
1407
|
+
end
|
|
1408
|
+
end
|
|
1409
|
+
|
|
1388
1410
|
context "with embed code for Tweet" do
|
|
1389
1411
|
let(:markdown) do
|
|
1390
1412
|
<<-MARKDOWN.strip_heredoc
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: qiita-markdown
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.27.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryo Nakamura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-01-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gemoji
|
|
@@ -154,16 +154,16 @@ dependencies:
|
|
|
154
154
|
name: bundler
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
156
156
|
requirements:
|
|
157
|
-
- - "
|
|
157
|
+
- - ">="
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: '
|
|
159
|
+
version: '0'
|
|
160
160
|
type: :development
|
|
161
161
|
prerelease: false
|
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
163
|
requirements:
|
|
164
|
-
- - "
|
|
164
|
+
- - ">="
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: '
|
|
166
|
+
version: '0'
|
|
167
167
|
- !ruby/object:Gem::Dependency
|
|
168
168
|
name: codeclimate-test-reporter
|
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -256,6 +256,7 @@ files:
|
|
|
256
256
|
- lib/qiita-markdown.rb
|
|
257
257
|
- lib/qiita/markdown.rb
|
|
258
258
|
- lib/qiita/markdown/base_processor.rb
|
|
259
|
+
- lib/qiita/markdown/embed/asciinema.rb
|
|
259
260
|
- lib/qiita/markdown/embed/code_pen.rb
|
|
260
261
|
- lib/qiita/markdown/embed/tweet.rb
|
|
261
262
|
- lib/qiita/markdown/filters/checkbox.rb
|
|
@@ -310,7 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
310
311
|
version: '0'
|
|
311
312
|
requirements: []
|
|
312
313
|
rubyforge_project:
|
|
313
|
-
rubygems_version: 2.7.
|
|
314
|
+
rubygems_version: 2.7.6
|
|
314
315
|
signing_key:
|
|
315
316
|
specification_version: 4
|
|
316
317
|
summary: Qiita-specified markdown processor.
|