qiita-markdown 0.31.0 → 0.32.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of qiita-markdown might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1e3469d19ed195eb7a7ccdeeedaa1503154a262893c882768834c8636fad0ae7
|
4
|
+
data.tar.gz: 3b9fec449730dcf1f19ec3d84247a7b1d89e1f785e9b52eace389cedfb9045c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cab8938cb167a8c41d6b68478f562f87e5c06a6f412c4f4e0b12c9450cb7506c380eb9ab7ef3ae73eca991d50bbb1da8d5d3e5da4a0e7fdece14ebea15053e1f
|
7
|
+
data.tar.gz: 5e74b4610be3b012d1cd381ecc5e3efc41f581da095ae3a6d5836dc3b62297c7d7deac6d0e93d1c32d84385baea699bfff6f804e1f5924539b3468703d01cd94
|
data/CHANGELOG.md
CHANGED
@@ -22,6 +22,7 @@ module Qiita
|
|
22
22
|
def transform
|
23
23
|
if name == "iframe"
|
24
24
|
if URL_WHITE_LIST.include?(node["src"]) || HOST_WHITE_LIST.include?(host_of(node["src"]))
|
25
|
+
node["width"] = "100%"
|
25
26
|
node.children.unlink
|
26
27
|
else
|
27
28
|
node.unlink
|
@@ -40,7 +41,10 @@ module Qiita
|
|
40
41
|
end
|
41
42
|
|
42
43
|
def host_of(url)
|
43
|
-
|
44
|
+
if url
|
45
|
+
port = URI.parse(url).port
|
46
|
+
Addressable::URI.parse(url).host if [443, 80].include? port
|
47
|
+
end
|
44
48
|
rescue Addressable::URI::InvalidURIError
|
45
49
|
nil
|
46
50
|
end
|
@@ -43,7 +43,10 @@ module Qiita
|
|
43
43
|
end
|
44
44
|
|
45
45
|
def host_of(url)
|
46
|
-
|
46
|
+
if url
|
47
|
+
port = URI.parse(url).port
|
48
|
+
Addressable::URI.parse(url).host if [443, 80].include? port
|
49
|
+
end
|
47
50
|
rescue Addressable::URI::InvalidURIError
|
48
51
|
nil
|
49
52
|
end
|
@@ -1480,10 +1480,18 @@ describe Qiita::Markdown::Processor do
|
|
1480
1480
|
MARKDOWN
|
1481
1481
|
end
|
1482
1482
|
|
1483
|
-
|
1484
|
-
|
1485
|
-
|
1486
|
-
|
1483
|
+
if allowed
|
1484
|
+
it "does not sanitize embed code" do
|
1485
|
+
should eq <<-HTML.strip_heredoc
|
1486
|
+
<iframe width="100" height="100" src="https://www.youtube.com/embed/example"></iframe>
|
1487
|
+
HTML
|
1488
|
+
end
|
1489
|
+
else
|
1490
|
+
it "forces width attribute on iframe" do
|
1491
|
+
should eq <<-HTML.strip_heredoc
|
1492
|
+
<iframe width="100%" height="100" src="https://www.youtube.com/embed/example"></iframe>
|
1493
|
+
HTML
|
1494
|
+
end
|
1487
1495
|
end
|
1488
1496
|
|
1489
1497
|
context "when url is privacy enhanced mode" do
|
@@ -1493,10 +1501,18 @@ describe Qiita::Markdown::Processor do
|
|
1493
1501
|
MARKDOWN
|
1494
1502
|
end
|
1495
1503
|
|
1496
|
-
|
1497
|
-
|
1498
|
-
|
1499
|
-
|
1504
|
+
if allowed
|
1505
|
+
it "does not sanitize embed code" do
|
1506
|
+
should eq <<-HTML.strip_heredoc
|
1507
|
+
<iframe width="100" height="100" src="https://www.youtube-nocookie.com/embed/example"></iframe>
|
1508
|
+
HTML
|
1509
|
+
end
|
1510
|
+
else
|
1511
|
+
it "forces width attribute on iframe" do
|
1512
|
+
should eq <<-HTML.strip_heredoc
|
1513
|
+
<iframe width="100%" height="100" src="https://www.youtube-nocookie.com/embed/example"></iframe>
|
1514
|
+
HTML
|
1515
|
+
end
|
1500
1516
|
end
|
1501
1517
|
end
|
1502
1518
|
end
|
@@ -1508,10 +1524,18 @@ describe Qiita::Markdown::Processor do
|
|
1508
1524
|
MARKDOWN
|
1509
1525
|
end
|
1510
1526
|
|
1511
|
-
|
1512
|
-
|
1513
|
-
|
1514
|
-
|
1527
|
+
if allowed
|
1528
|
+
it "does not sanitize embed code" do
|
1529
|
+
should eq <<-HTML.strip_heredoc
|
1530
|
+
<iframe width="100" height="100" src="https://www.slideshare.net/embed/example"></iframe>
|
1531
|
+
HTML
|
1532
|
+
end
|
1533
|
+
else
|
1534
|
+
it "forces width attribute on iframe" do
|
1535
|
+
should eq <<-HTML.strip_heredoc
|
1536
|
+
<iframe width="100%" height="100" src="https://www.slideshare.net/embed/example"></iframe>
|
1537
|
+
HTML
|
1538
|
+
end
|
1515
1539
|
end
|
1516
1540
|
end
|
1517
1541
|
|
@@ -1522,10 +1546,18 @@ describe Qiita::Markdown::Processor do
|
|
1522
1546
|
MARKDOWN
|
1523
1547
|
end
|
1524
1548
|
|
1525
|
-
|
1526
|
-
|
1527
|
-
|
1528
|
-
|
1549
|
+
if allowed
|
1550
|
+
it "does not sanitize embed code" do
|
1551
|
+
should eq <<-HTML.strip_heredoc
|
1552
|
+
<iframe src="https://docs.google.com/presentation/d/example/embed" frameborder="0" width="482" height="300" allowfullscreen="true"></iframe>
|
1553
|
+
HTML
|
1554
|
+
end
|
1555
|
+
else
|
1556
|
+
it "forces width attribute on iframe" do
|
1557
|
+
should eq <<-HTML.strip_heredoc
|
1558
|
+
<iframe src="https://docs.google.com/presentation/d/example/embed" frameborder="0" width="100%" height="300" allowfullscreen="true"></iframe>
|
1559
|
+
HTML
|
1560
|
+
end
|
1529
1561
|
end
|
1530
1562
|
end
|
1531
1563
|
|
@@ -1566,6 +1598,34 @@ describe Qiita::Markdown::Processor do
|
|
1566
1598
|
HTML
|
1567
1599
|
end
|
1568
1600
|
end
|
1601
|
+
|
1602
|
+
context "with embed script code with xss" do
|
1603
|
+
let(:markdown) do
|
1604
|
+
<<-MARKDOWN.strip_heredoc
|
1605
|
+
<script async class="speakerdeck-embed" data-id="example" data-ratio="1.33333333333333" src="javascript://speakerdeck.com/assets/embed.js"></script>
|
1606
|
+
MARKDOWN
|
1607
|
+
|
1608
|
+
it "forces width attribute on iframe" do
|
1609
|
+
should eq <<-HTML.strip_heredoc
|
1610
|
+
\n
|
1611
|
+
HTML
|
1612
|
+
end
|
1613
|
+
end
|
1614
|
+
end
|
1615
|
+
|
1616
|
+
context "with embed iframe code with xss" do
|
1617
|
+
let(:markdown) do
|
1618
|
+
<<-MARKDOWN.strip_heredoc
|
1619
|
+
<iframe src="javascript://docs.google.com/presentation/d/example/embed" frameborder="0" width="482" height="300" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe>
|
1620
|
+
MARKDOWN
|
1621
|
+
|
1622
|
+
it "forces width attribute on iframe" do
|
1623
|
+
should eq <<-HTML.strip_heredoc
|
1624
|
+
\n
|
1625
|
+
HTML
|
1626
|
+
end
|
1627
|
+
end
|
1628
|
+
end
|
1569
1629
|
end
|
1570
1630
|
|
1571
1631
|
context "without script and strict context" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: qiita-markdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.32.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryo Nakamura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-03-
|
11
|
+
date: 2021-03-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gemoji
|