qiita-markdown 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/qiita/markdown/filters/sanitize.rb +7 -0
- data/lib/qiita/markdown/processor.rb +1 -1
- data/lib/qiita/markdown/version.rb +1 -1
- data/spec/qiita/markdown/processor_spec.rb +19 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 248dab83e19fd3e32b11fa78625b51a24f36479b
|
|
4
|
+
data.tar.gz: 8e564e30dfca3ed14cbcfc5377d493150baad7a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f80abb21c9f17a44eb8a9727cac09d61699f247d6119bde8e82bf686fcf35c3efb64152a623962b312ac2cc7a0d7128088912d86a660e02c2ba3aaa57fd4b2a
|
|
7
|
+
data.tar.gz: 3c39f211272a8302879811ef3866d1c5f4a42df751109fa664a470da4db842f25a50d26bb0f9bf8b028ec8159ff19608f76d8cdf491a9bc6ef557317ad84f47c
|
data/CHANGELOG.md
CHANGED
|
@@ -62,6 +62,11 @@ module Qiita
|
|
|
62
62
|
"img" => [
|
|
63
63
|
"src",
|
|
64
64
|
],
|
|
65
|
+
"input" => [
|
|
66
|
+
"checked",
|
|
67
|
+
"disabled",
|
|
68
|
+
"type",
|
|
69
|
+
],
|
|
65
70
|
"div" => [
|
|
66
71
|
"itemscope",
|
|
67
72
|
"itemtype",
|
|
@@ -133,6 +138,7 @@ module Qiita
|
|
|
133
138
|
"hr",
|
|
134
139
|
"i",
|
|
135
140
|
"img",
|
|
141
|
+
"input",
|
|
136
142
|
"ins",
|
|
137
143
|
"kbd",
|
|
138
144
|
"li",
|
|
@@ -145,6 +151,7 @@ module Qiita
|
|
|
145
151
|
"ruby",
|
|
146
152
|
"s",
|
|
147
153
|
"samp",
|
|
154
|
+
"span",
|
|
148
155
|
"strike",
|
|
149
156
|
"strong",
|
|
150
157
|
"sub",
|
|
@@ -7,7 +7,6 @@ module Qiita
|
|
|
7
7
|
|
|
8
8
|
DEFAULT_FILTERS = [
|
|
9
9
|
Filters::Redcarpet,
|
|
10
|
-
Filters::Sanitize,
|
|
11
10
|
Filters::Footnote,
|
|
12
11
|
Filters::Code,
|
|
13
12
|
Filters::Checkbox,
|
|
@@ -15,6 +14,7 @@ module Qiita
|
|
|
15
14
|
HTML::Pipeline::EmojiFilter,
|
|
16
15
|
Filters::SyntaxHighlight,
|
|
17
16
|
Filters::Mention,
|
|
17
|
+
Filters::Sanitize,
|
|
18
18
|
]
|
|
19
19
|
|
|
20
20
|
# @param [Hash] context Optional context for HTML::Pipeline.
|
|
@@ -109,7 +109,26 @@ describe Qiita::Markdown::Processor do
|
|
|
109
109
|
</div>
|
|
110
110
|
EOS
|
|
111
111
|
end
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
context "with malicious script in filename" do
|
|
115
|
+
let(:markdown) do
|
|
116
|
+
<<-EOS.strip_heredoc
|
|
117
|
+
```js:test<script>alert(1)</script>
|
|
118
|
+
1
|
|
119
|
+
```
|
|
120
|
+
EOS
|
|
121
|
+
end
|
|
112
122
|
|
|
123
|
+
it "sanitizes script element" do
|
|
124
|
+
should eq <<-EOS.strip_heredoc
|
|
125
|
+
<div class="code-frame" data-lang="js">
|
|
126
|
+
<div class="code-lang"><span class="bold">test</span></div>
|
|
127
|
+
<div class="highlight"><pre><span class="mi">1</span>
|
|
128
|
+
</pre></div>
|
|
129
|
+
</div>
|
|
130
|
+
EOS
|
|
131
|
+
end
|
|
113
132
|
end
|
|
114
133
|
|
|
115
134
|
context "with code & no filename" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: qiita-markdown
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryo Nakamura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-01-
|
|
11
|
+
date: 2015-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|