qiita-markdown 0.32.0 → 0.33.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of qiita-markdown might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e3469d19ed195eb7a7ccdeeedaa1503154a262893c882768834c8636fad0ae7
4
- data.tar.gz: 3b9fec449730dcf1f19ec3d84247a7b1d89e1f785e9b52eace389cedfb9045c3
3
+ metadata.gz: 17dc016afba392cc6e3ea77af4cdc445e32c6004a6c23a24b8dce1a4e0ec1811
4
+ data.tar.gz: 042e3a11a8cc6d266463ae7bb8d3e46c8c732efeb061086586c80a277898cf38
5
5
  SHA512:
6
- metadata.gz: cab8938cb167a8c41d6b68478f562f87e5c06a6f412c4f4e0b12c9450cb7506c380eb9ab7ef3ae73eca991d50bbb1da8d5d3e5da4a0e7fdece14ebea15053e1f
7
- data.tar.gz: 5e74b4610be3b012d1cd381ecc5e3efc41f581da095ae3a6d5836dc3b62297c7d7deac6d0e93d1c32d84385baea699bfff6f804e1f5924539b3468703d01cd94
6
+ metadata.gz: 0c59646956b877c13e7c6ef62bd366483b5a7da78f19bfe8aee2305ea568c6f59dfb2d916e68a822e3363ddabbf7577166e8e21a8da79152550b11c77a3dc8d6
7
+ data.tar.gz: b907d5a284c9c77e9f264298d38d6ec4a0861179dda36320f6fd40187b606662b1e07e61d9f3e5bd2070f203e3de5d60b53cdb05593ca64ceb875c6bbd811f31
data/CHANGELOG.md CHANGED
@@ -1,8 +1,12 @@
1
1
  ## Unreleased
2
2
 
3
+ ## 0.33.0
4
+
5
+ - Fix XSS possibility bug
6
+
3
7
  ## 0.32.0
4
8
 
5
- - Fixed XSS possibility bug
9
+ - Fix XSS possibility bug
6
10
  - Fix iframe width to be fixed at 100%
7
11
 
8
12
  ## 0.31.0
@@ -42,10 +42,10 @@ module Qiita
42
42
 
43
43
  def host_of(url)
44
44
  if url
45
- port = URI.parse(url).port
46
- Addressable::URI.parse(url).host if [443, 80].include? port
45
+ scheme = URI.parse(url).scheme
46
+ Addressable::URI.parse(url).host if ["http", "https"].include? scheme
47
47
  end
48
- rescue Addressable::URI::InvalidURIError
48
+ rescue Addressable::URI::InvalidURIError, URI::InvalidURIError
49
49
  nil
50
50
  end
51
51
  end
@@ -44,10 +44,10 @@ module Qiita
44
44
 
45
45
  def host_of(url)
46
46
  if url
47
- port = URI.parse(url).port
48
- Addressable::URI.parse(url).host if [443, 80].include? port
47
+ scheme = URI.parse(url).scheme
48
+ Addressable::URI.parse(url).host if ["http", "https"].include? scheme
49
49
  end
50
- rescue Addressable::URI::InvalidURIError
50
+ rescue Addressable::URI::InvalidURIError, URI::InvalidURIError
51
51
  nil
52
52
  end
53
53
  end
@@ -1,5 +1,5 @@
1
1
  module Qiita
2
2
  module Markdown
3
- VERSION = "0.32.0"
3
+ VERSION = "0.33.0"
4
4
  end
5
5
  end
@@ -1616,7 +1616,7 @@ describe Qiita::Markdown::Processor do
1616
1616
  context "with embed iframe code with xss" do
1617
1617
  let(:markdown) do
1618
1618
  <<-MARKDOWN.strip_heredoc
1619
- <iframe src="javascript://docs.google.com/presentation/d/example/embed" frameborder="0" width="482" height="300" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe>
1619
+ <iframe src="javascript://docs.google.com:80/%0d%0aalert(document.domain)" frameborder="0" width="482" height="300" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe>
1620
1620
  MARKDOWN
1621
1621
 
1622
1622
  it "forces width attribute on iframe" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qiita-markdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.32.0
4
+ version: 0.33.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryo Nakamura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-15 00:00:00.000000000 Z
11
+ date: 2021-03-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gemoji