qiita-markdown 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of qiita-markdown might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/qiita/markdown/filters/sanitize.rb +7 -0
- data/lib/qiita/markdown/processor.rb +1 -1
- data/lib/qiita/markdown/version.rb +1 -1
- data/spec/qiita/markdown/processor_spec.rb +19 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 248dab83e19fd3e32b11fa78625b51a24f36479b
|
|
4
|
+
data.tar.gz: 8e564e30dfca3ed14cbcfc5377d493150baad7a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f80abb21c9f17a44eb8a9727cac09d61699f247d6119bde8e82bf686fcf35c3efb64152a623962b312ac2cc7a0d7128088912d86a660e02c2ba3aaa57fd4b2a
|
|
7
|
+
data.tar.gz: 3c39f211272a8302879811ef3866d1c5f4a42df751109fa664a470da4db842f25a50d26bb0f9bf8b028ec8159ff19608f76d8cdf491a9bc6ef557317ad84f47c
|
data/CHANGELOG.md
CHANGED
|
@@ -62,6 +62,11 @@ module Qiita
|
|
|
62
62
|
"img" => [
|
|
63
63
|
"src",
|
|
64
64
|
],
|
|
65
|
+
"input" => [
|
|
66
|
+
"checked",
|
|
67
|
+
"disabled",
|
|
68
|
+
"type",
|
|
69
|
+
],
|
|
65
70
|
"div" => [
|
|
66
71
|
"itemscope",
|
|
67
72
|
"itemtype",
|
|
@@ -133,6 +138,7 @@ module Qiita
|
|
|
133
138
|
"hr",
|
|
134
139
|
"i",
|
|
135
140
|
"img",
|
|
141
|
+
"input",
|
|
136
142
|
"ins",
|
|
137
143
|
"kbd",
|
|
138
144
|
"li",
|
|
@@ -145,6 +151,7 @@ module Qiita
|
|
|
145
151
|
"ruby",
|
|
146
152
|
"s",
|
|
147
153
|
"samp",
|
|
154
|
+
"span",
|
|
148
155
|
"strike",
|
|
149
156
|
"strong",
|
|
150
157
|
"sub",
|
|
@@ -7,7 +7,6 @@ module Qiita
|
|
|
7
7
|
|
|
8
8
|
DEFAULT_FILTERS = [
|
|
9
9
|
Filters::Redcarpet,
|
|
10
|
-
Filters::Sanitize,
|
|
11
10
|
Filters::Footnote,
|
|
12
11
|
Filters::Code,
|
|
13
12
|
Filters::Checkbox,
|
|
@@ -15,6 +14,7 @@ module Qiita
|
|
|
15
14
|
HTML::Pipeline::EmojiFilter,
|
|
16
15
|
Filters::SyntaxHighlight,
|
|
17
16
|
Filters::Mention,
|
|
17
|
+
Filters::Sanitize,
|
|
18
18
|
]
|
|
19
19
|
|
|
20
20
|
# @param [Hash] context Optional context for HTML::Pipeline.
|
|
@@ -109,7 +109,26 @@ describe Qiita::Markdown::Processor do
|
|
|
109
109
|
</div>
|
|
110
110
|
EOS
|
|
111
111
|
end
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
context "with malicious script in filename" do
|
|
115
|
+
let(:markdown) do
|
|
116
|
+
<<-EOS.strip_heredoc
|
|
117
|
+
```js:test<script>alert(1)</script>
|
|
118
|
+
1
|
|
119
|
+
```
|
|
120
|
+
EOS
|
|
121
|
+
end
|
|
112
122
|
|
|
123
|
+
it "sanitizes script element" do
|
|
124
|
+
should eq <<-EOS.strip_heredoc
|
|
125
|
+
<div class="code-frame" data-lang="js">
|
|
126
|
+
<div class="code-lang"><span class="bold">test</span></div>
|
|
127
|
+
<div class="highlight"><pre><span class="mi">1</span>
|
|
128
|
+
</pre></div>
|
|
129
|
+
</div>
|
|
130
|
+
EOS
|
|
131
|
+
end
|
|
113
132
|
end
|
|
114
133
|
|
|
115
134
|
context "with code & no filename" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: qiita-markdown
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryo Nakamura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-01-
|
|
11
|
+
date: 2015-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|