qiita-markdown 0.23.0 → 0.24.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of qiita-markdown might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/qiita/markdown/embed/code_pen.rb +9 -1
- data/lib/qiita/markdown/embed/tweet.rb +5 -0
- data/lib/qiita/markdown/filters/final_sanitizer.rb +1 -0
- data/lib/qiita/markdown/filters/user_input_sanitizer.rb +1 -1
- data/lib/qiita/markdown/greenmat/html_toc_renderer.rb +6 -0
- data/lib/qiita/markdown/transformers/filter_attributes.rb +1 -1
- data/lib/qiita/markdown/version.rb +1 -1
- data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb +32 -12
- data/spec/qiita/markdown/processor_spec.rb +30 -17
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ebf4b7bf3373510614a5718e5f679f8b811e799
|
4
|
+
data.tar.gz: e8c155ed67938804d750f6dbf19ee2dbde25f68f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0b9770f4cc579ccbb39b7e6b3b4d624937f7e12572bbdaa8db7e2d634439441c4f87b9a5a314a52d10647dd19279d2e5589c6781d161e1368993849590753ba2
|
7
|
+
data.tar.gz: 9ee149a5fc1470e7d7a3e8dca59b2a4cc9fc8765f7494f8703e33222a24811275be35d544fdc520bd092c1607f7951ca6fd1befd3c19919d2dfe9c0187906254
|
data/CHANGELOG.md
CHANGED
@@ -3,7 +3,15 @@ module Qiita
|
|
3
3
|
module Embed
|
4
4
|
module CodePen
|
5
5
|
SCRIPT_URL = "https://production-assets.codepen.io/assets/embed/ei.js"
|
6
|
-
|
6
|
+
CLASS_NAME = %w[codepen]
|
7
|
+
DATA_ATTRIBUTES = %w[
|
8
|
+
data-active-link-color data-active-tab-color data-animations data-border
|
9
|
+
data-border-color data-class data-custom-css-url data-default-tab
|
10
|
+
data-embed-version data-height data-link-logo-color data-pen-title
|
11
|
+
data-preview data-rerun-position data-show-tab-bar data-slug-hash
|
12
|
+
data-tab-bar-color data-tab-link-color data-theme-id data-user
|
13
|
+
]
|
14
|
+
ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
|
7
15
|
end
|
8
16
|
end
|
9
17
|
end
|
@@ -4,6 +4,11 @@ module Qiita
|
|
4
4
|
module Tweet
|
5
5
|
SCRIPT_URL = "https://platform.twitter.com/widgets.js"
|
6
6
|
CLASS_NAME = %w[twitter-tweet]
|
7
|
+
DATA_ATTRIBUTES = %w[
|
8
|
+
data-align data-cards data-conversation data-dnt
|
9
|
+
data-id data-lang data-link-color data-theme data-width
|
10
|
+
]
|
11
|
+
ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
|
7
12
|
end
|
8
13
|
end
|
9
14
|
end
|
@@ -117,20 +117,40 @@ describe Qiita::Markdown::Greenmat::HTMLToCRenderer do
|
|
117
117
|
context "with :escape_html extension" do
|
118
118
|
let(:extension) { { escape_html: true } }
|
119
119
|
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
120
|
+
context "with heading title including HTML tags" do
|
121
|
+
let(:markdown) do
|
122
|
+
<<-EOS.strip_heredoc
|
123
|
+
# <b>R&B</b>
|
124
|
+
EOS
|
125
|
+
end
|
126
|
+
|
127
|
+
it "strips HTML characters in heading title" do
|
128
|
+
should eq <<-EOS.strip_heredoc
|
129
|
+
<ul>
|
130
|
+
<li>
|
131
|
+
<a href="#rb">R&B</a>
|
132
|
+
</li>
|
133
|
+
</ul>
|
134
|
+
EOS
|
135
|
+
end
|
124
136
|
end
|
125
137
|
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
138
|
+
context "with heading title including HTML tags inside of code" do
|
139
|
+
let(:markdown) do
|
140
|
+
<<-EOS.strip_heredoc
|
141
|
+
# `<div>`
|
142
|
+
EOS
|
143
|
+
end
|
144
|
+
|
145
|
+
it "escapes HTML tags inside of code" do
|
146
|
+
should eq <<-EOS.strip_heredoc
|
147
|
+
<ul>
|
148
|
+
<li>
|
149
|
+
<a href="#div"><div></a>
|
150
|
+
</li>
|
151
|
+
</ul>
|
152
|
+
EOS
|
153
|
+
end
|
134
154
|
end
|
135
155
|
end
|
136
156
|
end
|
@@ -1162,6 +1162,28 @@ describe Qiita::Markdown::Processor do
|
|
1162
1162
|
end
|
1163
1163
|
end
|
1164
1164
|
|
1165
|
+
context "with data-attributes for <blockquote> tag" do
|
1166
|
+
let(:markdown) do
|
1167
|
+
<<-EOS.strip_heredoc
|
1168
|
+
<blockquote data-theme="a" data-malicious="b"></blockquote>
|
1169
|
+
EOS
|
1170
|
+
end
|
1171
|
+
|
1172
|
+
if allowed
|
1173
|
+
it "does not sanitize data-attributes" do
|
1174
|
+
should eq <<-EOS.strip_heredoc
|
1175
|
+
<blockquote data-theme="a" data-malicious="b"></blockquote>
|
1176
|
+
EOS
|
1177
|
+
end
|
1178
|
+
else
|
1179
|
+
it "sanitizes data-attributes except the attributes used by tweet" do
|
1180
|
+
should eq <<-EOS.strip_heredoc
|
1181
|
+
<blockquote data-theme="a"></blockquote>
|
1182
|
+
EOS
|
1183
|
+
end
|
1184
|
+
end
|
1185
|
+
end
|
1186
|
+
|
1165
1187
|
context "with data-attributes for <p> tag" do
|
1166
1188
|
let(:markdown) do
|
1167
1189
|
<<-EOS.strip_heredoc
|
@@ -1329,9 +1351,9 @@ describe Qiita::Markdown::Processor do
|
|
1329
1351
|
EOS
|
1330
1352
|
end
|
1331
1353
|
else
|
1332
|
-
it "
|
1354
|
+
it "forces async attribute on script" do
|
1333
1355
|
should eq <<-EOS.strip_heredoc
|
1334
|
-
<p data-slug-hash="foo" data-embed-version="2" class="codepen"></p>\n
|
1356
|
+
<p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
|
1335
1357
|
<script src="https://production-assets.codepen.io/assets/embed/ei.js" async="async"></script>
|
1336
1358
|
EOS
|
1337
1359
|
end
|
@@ -1341,25 +1363,16 @@ describe Qiita::Markdown::Processor do
|
|
1341
1363
|
context "with embed code for Tweet" do
|
1342
1364
|
let(:markdown) do
|
1343
1365
|
<<-EOS.strip_heredoc
|
1344
|
-
<blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>
|
1366
|
+
<blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>
|
1345
1367
|
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
|
1346
1368
|
EOS
|
1347
1369
|
end
|
1348
1370
|
|
1349
|
-
|
1350
|
-
|
1351
|
-
|
1352
|
-
|
1353
|
-
|
1354
|
-
EOS
|
1355
|
-
end
|
1356
|
-
else
|
1357
|
-
it "sanitizes attributes except `twitter-tweet` class" do
|
1358
|
-
should eq <<-EOS.strip_heredoc
|
1359
|
-
<blockquote class="twitter-tweet">foo</blockquote>\n
|
1360
|
-
<script async src="https://platform.twitter.com/widgets.js"></script>
|
1361
|
-
EOS
|
1362
|
-
end
|
1371
|
+
it "does not sanitize embed code" do
|
1372
|
+
should eq <<-EOS.strip_heredoc
|
1373
|
+
<blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>\n
|
1374
|
+
<script async src="https://platform.twitter.com/widgets.js"></script>
|
1375
|
+
EOS
|
1363
1376
|
end
|
1364
1377
|
end
|
1365
1378
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: qiita-markdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.24.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryo Nakamura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-12-
|
11
|
+
date: 2017-12-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gemoji
|