qiita-markdown 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of qiita-markdown might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/qiita/markdown/filters/sanitize.rb +21 -5
- data/lib/qiita/markdown/version.rb +1 -1
- data/spec/qiita/markdown/processor_spec.rb +32 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3af22c8eb0334e08693fbe35fefc4918b8f0a23e
|
|
4
|
+
data.tar.gz: ea1ecd65e7cb7dca1d91e3bbe74edfbb3051fa5f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 97290186fac7d4b16831c5996f589b4357da4892067c4df975134a7c53299854574f5f8950355c667d85efbb8db2a5dceebefdc2dfda7a7d8e408b79c1491dfa
|
|
7
|
+
data.tar.gz: bd3caef118d1074cc65fcda3aefedee101c3cb4dae0c35d7ffe8df49b9b43d21615b5ffffb4aa8cc1359e42904438fb42be6f013073a20fe8baca899e138fd16
|
data/CHANGELOG.md
CHANGED
|
@@ -48,6 +48,17 @@ module Qiita
|
|
|
48
48
|
"a" => [
|
|
49
49
|
"href",
|
|
50
50
|
],
|
|
51
|
+
"iframe" => [
|
|
52
|
+
"allowfullscreen",
|
|
53
|
+
"frameborder",
|
|
54
|
+
"height",
|
|
55
|
+
"marginheight",
|
|
56
|
+
"marginwidth",
|
|
57
|
+
"scrolling",
|
|
58
|
+
"src",
|
|
59
|
+
"style",
|
|
60
|
+
"width",
|
|
61
|
+
],
|
|
51
62
|
"img" => [
|
|
52
63
|
"src",
|
|
53
64
|
],
|
|
@@ -55,6 +66,10 @@ module Qiita
|
|
|
55
66
|
"itemscope",
|
|
56
67
|
"itemtype",
|
|
57
68
|
],
|
|
69
|
+
"script" => [
|
|
70
|
+
"async",
|
|
71
|
+
"src",
|
|
72
|
+
],
|
|
58
73
|
all: [
|
|
59
74
|
"abbr",
|
|
60
75
|
"align",
|
|
@@ -78,6 +93,7 @@ module Qiita
|
|
|
78
93
|
"target",
|
|
79
94
|
"title",
|
|
80
95
|
"width",
|
|
96
|
+
:data,
|
|
81
97
|
],
|
|
82
98
|
},
|
|
83
99
|
elements: [
|
|
@@ -153,7 +169,7 @@ module Qiita
|
|
|
153
169
|
}
|
|
154
170
|
|
|
155
171
|
SCRIPTABLE_RULE = RULE.dup.tap do |rule|
|
|
156
|
-
rule[:elements] = RULE[:elements] + ["script"]
|
|
172
|
+
rule[:elements] = RULE[:elements] + ["iframe", "script"]
|
|
157
173
|
rule[:remove_contents] = []
|
|
158
174
|
end
|
|
159
175
|
|
|
@@ -164,6 +180,10 @@ module Qiita
|
|
|
164
180
|
|
|
165
181
|
private
|
|
166
182
|
|
|
183
|
+
def has_script_context?
|
|
184
|
+
context[:script] == true
|
|
185
|
+
end
|
|
186
|
+
|
|
167
187
|
def rule
|
|
168
188
|
case
|
|
169
189
|
when context[:rule]
|
|
@@ -174,10 +194,6 @@ module Qiita
|
|
|
174
194
|
RULE
|
|
175
195
|
end
|
|
176
196
|
end
|
|
177
|
-
|
|
178
|
-
def has_script_context?
|
|
179
|
-
context[:script] == true
|
|
180
|
-
end
|
|
181
197
|
end
|
|
182
198
|
end
|
|
183
199
|
end
|
|
@@ -177,6 +177,38 @@ describe Qiita::Markdown::Processor do
|
|
|
177
177
|
end
|
|
178
178
|
end
|
|
179
179
|
|
|
180
|
+
context "with data-attribute" do
|
|
181
|
+
before do
|
|
182
|
+
context[:script] = true
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
let(:markdown) do
|
|
186
|
+
<<-EOS.strip_heredoc
|
|
187
|
+
<script async data-a="b">alert(1)</script>
|
|
188
|
+
EOS
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
it "allows data-attributes" do
|
|
192
|
+
should eq markdown
|
|
193
|
+
end
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
context "with iframe" do
|
|
197
|
+
before do
|
|
198
|
+
context[:script] = true
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
let(:markdown) do
|
|
202
|
+
<<-EOS.strip_heredoc
|
|
203
|
+
<iframe width="1" height="2" src="//example.com" frameborder="0" allowfullscreen></iframe>
|
|
204
|
+
EOS
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
it "allows iframe with some attributes" do
|
|
208
|
+
should eq markdown
|
|
209
|
+
end
|
|
210
|
+
end
|
|
211
|
+
|
|
180
212
|
context "with mention" do
|
|
181
213
|
let(:markdown) do
|
|
182
214
|
"@alice"
|