qiita-markdown 0.19.1 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/qiita/markdown/filters/user_input_sanitizer.rb +4 -1
  4. data/lib/qiita/markdown/version.rb +1 -1
  5. data/spec/qiita/markdown/processor_spec.rb +22 -0
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3eb75a91593610b1dd442a8d9acfc482e987ffc5
4
- data.tar.gz: 8ec204270a2308ee5999c2b163e31c199c866e21
3
+ metadata.gz: da128a043af30b7150fe3a7cfd4e498206287f4f
4
+ data.tar.gz: f1c24db2c52521cb1929480e94ac6c1e710fb325
5
5
  SHA512:
6
- metadata.gz: 61dc32d46b01408c08f07b480554ad346ef96ff629d68140c16592a5a77f90163fd5331fca5b4d206ad92aeff330bcb5d4b3e9ce4d8b9b9584329a8085e58a80
7
- data.tar.gz: b5f84f32227113bfbb6a1b71f85f7a5fcd5e906dea4a177f9916ec533523bc9399f83d794f8a2f351b46fae64d03e82f47e950135d460db8ab71600758515bb6
6
+ metadata.gz: 26463d11cd37164156db324205e26e827bee86f060900641659d6ba106394552334408f82f896c2631ee6cc0ccb2b784d736ac57cfe0edf7a662155c2d73e7ef
7
+ data.tar.gz: feb783906656c3c7173ad19f3b92033d3e7fcdfe38d1d5842f22436cca6af693218ee372d7b2adb02a9a584759af513b62326f894d55ddc92f5325cc7ffd8725
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  ## Unreleased
2
2
 
3
+ ## 0.20.0
4
+
5
+ - Allow `<blockquote class="twitter-tweet">`
6
+
3
7
  ## 0.19.1
4
8
 
5
9
  - Add missing sanitization for `<div>` class attribute
data/lib/qiita/markdown/filters/user_input_sanitizer.rb CHANGED
@@ -10,6 +10,9 @@ module Qiita
10
10
  "rel" => %w[footnote url],
11
11
  "rev" => %w[footnote],
12
12
  },
13
+ "blockquote" => {
14
+ "class" => %w[twitter-tweet],
15
+ },
13
16
  "div" => {
14
17
  "class" => %w[footnotes],
15
18
  },
@@ -63,7 +66,7 @@ module Qiita
63
66
  ],
64
67
  attributes: {
65
68
  "a" => %w[class href rel title],
66
- "blockquote" => %w[cite],
69
+ "blockquote" => %w[cite class],
67
70
  "code" => %w[data-metadata],
68
71
  "div" => %w[class],
69
72
  "font" => %w[color],
data/lib/qiita/markdown/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Qiita
2
2
  module Markdown
3
- VERSION = "0.19.1"
3
+ VERSION = "0.20.0"
4
4
  end
5
5
  end
data/spec/qiita/markdown/processor_spec.rb CHANGED
@@ -1125,6 +1125,28 @@ describe Qiita::Markdown::Processor do
1125
1125
  end
1126
1126
  end
1127
1127
 
1128
+ context "with class attribute for <blockquote> tag" do
1129
+ let(:markdown) do
1130
+ <<-EOS.strip_heredoc
1131
+ <blockquote class="twitter-tweet malicious-class">foo</blockquote>
1132
+ EOS
1133
+ end
1134
+
1135
+ if allowed
1136
+ it "does not sanitize the classes" do
1137
+ should eq <<-EOS.strip_heredoc
1138
+ <blockquote class="twitter-tweet malicious-class">foo</blockquote>
1139
+ EOS
1140
+ end
1141
+ else
1142
+ it "sanitizes classes except `twitter-tweet`" do
1143
+ should eq <<-EOS.strip_heredoc
1144
+ <blockquote class="twitter-tweet">foo</blockquote>
1145
+ EOS
1146
+ end
1147
+ end
1148
+ end
1149
+
1128
1150
  context "with class attribute for <div> tag" do
1129
1151
  let(:markdown) do
1130
1152
  <<-EOS.strip_heredoc
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qiita-markdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.19.1
4
+ version: 0.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryo Nakamura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-16 00:00:00.000000000 Z
11
+ date: 2017-06-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gemoji