qiita-markdown 0.23.0 → 0.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of qiita-markdown might be problematic. Click here for more details.

Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/qiita/markdown/embed/code_pen.rb +9 -1
  4. data/lib/qiita/markdown/embed/tweet.rb +5 -0
  5. data/lib/qiita/markdown/filters/final_sanitizer.rb +1 -0
  6. data/lib/qiita/markdown/filters/user_input_sanitizer.rb +1 -1
  7. data/lib/qiita/markdown/greenmat/html_toc_renderer.rb +6 -0
  8. data/lib/qiita/markdown/transformers/filter_attributes.rb +1 -1
  9. data/lib/qiita/markdown/version.rb +1 -1
  10. data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb +32 -12
  11. data/spec/qiita/markdown/processor_spec.rb +30 -17
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 16c43409c5b2bdceefb568344cf9280e7d1e50b2
4
- data.tar.gz: f4225f554071f1e8c8c339248f08b3ef5253be46
3
+ metadata.gz: 2ebf4b7bf3373510614a5718e5f679f8b811e799
4
+ data.tar.gz: e8c155ed67938804d750f6dbf19ee2dbde25f68f
5
5
  SHA512:
6
- metadata.gz: 5a9edc2d4826bfefd294ad32cf556fbb6985ac94d4e91a435a9513f6aec51c1a58bc435eebd45350e275ad1e5314c188c0e56bd3d56bc6130d9fcbe18f72ba6e
7
- data.tar.gz: 2da9ab1ee70db812a391875522e53606991f177d1f66b7da80192b9db1bbda9cc83d101cb6b01fd292c6dc405b35ccac4cc01a694d7f872b9e7ae5b01bc19155
6
+ metadata.gz: 0b9770f4cc579ccbb39b7e6b3b4d624937f7e12572bbdaa8db7e2d634439441c4f87b9a5a314a52d10647dd19279d2e5589c6781d161e1368993849590753ba2
7
+ data.tar.gz: 9ee149a5fc1470e7d7a3e8dca59b2a4cc9fc8765f7494f8703e33222a24811275be35d544fdc520bd092c1607f7951ca6fd1befd3c19919d2dfe9c0187906254
data/CHANGELOG.md CHANGED
@@ -1,5 +1,10 @@
1
1
  ## Unreleased
2
2
 
3
+ ## 0.24.0
4
+
5
+ - Fix to strip HTML tags in ToC
6
+ - Allow to use data-\* attributes when embedding Tweet and CodePen
7
+
3
8
  ## 0.23.0
4
9
 
5
10
  - Support embed Tweet
data/lib/qiita/markdown/embed/code_pen.rb CHANGED
@@ -3,7 +3,15 @@ module Qiita
3
3
  module Embed
4
4
  module CodePen
5
5
  SCRIPT_URL = "https://production-assets.codepen.io/assets/embed/ei.js"
6
- ATTRIBUTES = %w[class data-embed-version data-slug-hash]
6
+ CLASS_NAME = %w[codepen]
7
+ DATA_ATTRIBUTES = %w[
8
+ data-active-link-color data-active-tab-color data-animations data-border
9
+ data-border-color data-class data-custom-css-url data-default-tab
10
+ data-embed-version data-height data-link-logo-color data-pen-title
11
+ data-preview data-rerun-position data-show-tab-bar data-slug-hash
12
+ data-tab-bar-color data-tab-link-color data-theme-id data-user
13
+ ]
14
+ ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
7
15
  end
8
16
  end
9
17
  end
data/lib/qiita/markdown/embed/tweet.rb CHANGED
@@ -4,6 +4,11 @@ module Qiita
4
4
  module Tweet
5
5
  SCRIPT_URL = "https://platform.twitter.com/widgets.js"
6
6
  CLASS_NAME = %w[twitter-tweet]
7
+ DATA_ATTRIBUTES = %w[
8
+ data-align data-cards data-conversation data-dnt
9
+ data-id data-lang data-link-color data-theme data-width
10
+ ]
11
+ ATTRIBUTES = %w[class] + DATA_ATTRIBUTES
7
12
  end
8
13
  end
9
14
  end
data/lib/qiita/markdown/filters/final_sanitizer.rb CHANGED
@@ -18,6 +18,7 @@ module Qiita
18
18
  "href",
19
19
  "rel",
20
20
  ],
21
+ "blockquote" => Embed::Tweet::ATTRIBUTES,
21
22
  "iframe" => [
22
23
  "allowfullscreen",
23
24
  "frameborder",
data/lib/qiita/markdown/filters/user_input_sanitizer.rb CHANGED
@@ -11,7 +11,7 @@ module Qiita
11
11
  ],
12
12
  attributes: {
13
13
  "a" => %w[class href rel title],
14
- "blockquote" => %w[cite class],
14
+ "blockquote" => %w[cite] + Embed::Tweet::ATTRIBUTES,
15
15
  "code" => %w[data-metadata],
16
16
  "div" => %w[class],
17
17
  "font" => %w[color],
data/lib/qiita/markdown/greenmat/html_toc_renderer.rb CHANGED
@@ -65,6 +65,12 @@ module Qiita
65
65
  def increment
66
66
  counter[id] += 1
67
67
  end
68
+
69
+ private
70
+
71
+ def body
72
+ escape_html? ? CGI.escape_html(text) : raw_body
73
+ end
68
74
  end
69
75
  end
70
76
  end
data/lib/qiita/markdown/transformers/filter_attributes.rb CHANGED
@@ -15,7 +15,7 @@ module Qiita
15
15
  "class" => %w[footnotes],
16
16
  },
17
17
  "p" => {
18
- "class" => %w[codepen],
18
+ "class" => Embed::CodePen::CLASS_NAME,
19
19
  },
20
20
  "sup" => {
21
21
  "id" => /\Afnref\d+\z/,
data/lib/qiita/markdown/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Qiita
2
2
  module Markdown
3
- VERSION = "0.23.0"
3
+ VERSION = "0.24.0"
4
4
  end
5
5
  end
data/spec/qiita/markdown/greenmat/html_toc_renderer_spec.rb CHANGED
@@ -117,20 +117,40 @@ describe Qiita::Markdown::Greenmat::HTMLToCRenderer do
117
117
  context "with :escape_html extension" do
118
118
  let(:extension) { { escape_html: true } }
119
119
 
120
- let(:markdown) do
121
- <<-EOS.strip_heredoc
122
- # <b>R&amp;B</b>
123
- EOS
120
+ context "with heading title including HTML tags" do
121
+ let(:markdown) do
122
+ <<-EOS.strip_heredoc
123
+ # <b>R&amp;B</b>
124
+ EOS
125
+ end
126
+
127
+ it "strips HTML characters in heading title" do
128
+ should eq <<-EOS.strip_heredoc
129
+ <ul>
130
+ <li>
131
+ <a href="#rb">R&amp;B</a>
132
+ </li>
133
+ </ul>
134
+ EOS
135
+ end
124
136
  end
125
137
 
126
- it "escapes special HTML characters in heading title" do
127
- should eq <<-EOS.strip_heredoc
128
- <ul>
129
- <li>
130
- <a href="#rb">&lt;b&gt;R&amp;amp;B&lt;/b&gt;</a>
131
- </li>
132
- </ul>
133
- EOS
138
+ context "with heading title including HTML tags inside of code" do
139
+ let(:markdown) do
140
+ <<-EOS.strip_heredoc
141
+ # `<div>`
142
+ EOS
143
+ end
144
+
145
+ it "escapes HTML tags inside of code" do
146
+ should eq <<-EOS.strip_heredoc
147
+ <ul>
148
+ <li>
149
+ <a href="#div">&lt;div&gt;</a>
150
+ </li>
151
+ </ul>
152
+ EOS
153
+ end
134
154
  end
135
155
  end
136
156
  end
data/spec/qiita/markdown/processor_spec.rb CHANGED
@@ -1162,6 +1162,28 @@ describe Qiita::Markdown::Processor do
1162
1162
  end
1163
1163
  end
1164
1164
 
1165
+ context "with data-attributes for <blockquote> tag" do
1166
+ let(:markdown) do
1167
+ <<-EOS.strip_heredoc
1168
+ <blockquote data-theme="a" data-malicious="b"></blockquote>
1169
+ EOS
1170
+ end
1171
+
1172
+ if allowed
1173
+ it "does not sanitize data-attributes" do
1174
+ should eq <<-EOS.strip_heredoc
1175
+ <blockquote data-theme="a" data-malicious="b"></blockquote>
1176
+ EOS
1177
+ end
1178
+ else
1179
+ it "sanitizes data-attributes except the attributes used by tweet" do
1180
+ should eq <<-EOS.strip_heredoc
1181
+ <blockquote data-theme="a"></blockquote>
1182
+ EOS
1183
+ end
1184
+ end
1185
+ end
1186
+
1165
1187
  context "with data-attributes for <p> tag" do
1166
1188
  let(:markdown) do
1167
1189
  <<-EOS.strip_heredoc
@@ -1329,9 +1351,9 @@ describe Qiita::Markdown::Processor do
1329
1351
  EOS
1330
1352
  end
1331
1353
  else
1332
- it "sanitizes data-attributes except the minimum attributes and force async attribute" do
1354
+ it "forces async attribute on script" do
1333
1355
  should eq <<-EOS.strip_heredoc
1334
- <p data-slug-hash="foo" data-embed-version="2" class="codepen"></p>\n
1356
+ <p data-height="1" data-theme-id="0" data-slug-hash="foo" data-default-tab="bar" data-user="baz" data-embed-version="2" data-pen-title="qux" class="codepen"></p>\n
1335
1357
  <script src="https://production-assets.codepen.io/assets/embed/ei.js" async="async"></script>
1336
1358
  EOS
1337
1359
  end
@@ -1341,25 +1363,16 @@ describe Qiita::Markdown::Processor do
1341
1363
  context "with embed code for Tweet" do
1342
1364
  let(:markdown) do
1343
1365
  <<-EOS.strip_heredoc
1344
- <blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>
1366
+ <blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>
1345
1367
  <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
1346
1368
  EOS
1347
1369
  end
1348
1370
 
1349
- if allowed
1350
- it "does not sanitize embed code" do
1351
- should eq <<-EOS.strip_heredoc
1352
- <blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none">foo</blockquote>\n
1353
- <script async src="https://platform.twitter.com/widgets.js"></script>
1354
- EOS
1355
- end
1356
- else
1357
- it "sanitizes attributes except `twitter-tweet` class" do
1358
- should eq <<-EOS.strip_heredoc
1359
- <blockquote class="twitter-tweet">foo</blockquote>\n
1360
- <script async src="https://platform.twitter.com/widgets.js"></script>
1361
- EOS
1362
- end
1371
+ it "does not sanitize embed code" do
1372
+ should eq <<-EOS.strip_heredoc
1373
+ <blockquote class="twitter-tweet" data-lang="es" data-cards="hidden" data-conversation="none">foo</blockquote>\n
1374
+ <script async src="https://platform.twitter.com/widgets.js"></script>
1375
+ EOS
1363
1376
  end
1364
1377
  end
1365
1378
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qiita-markdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.23.0
4
+ version: 0.24.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryo Nakamura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-12-09 00:00:00.000000000 Z
11
+ date: 2017-12-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gemoji