qti 2.12.1 → 2.13.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/qti/sanitizer.rb +9 -3
  3. data/lib/qti/version.rb +1 -1
  4. data/spec/lib/qti/sanitizer_spec.rb +15 -7
  5. data/spec/lib/qti/v1/models/assessment_item_spec.rb +2 -2
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0f9b01aa2a3dd926eecc38def85058a183d1cdc137e7b2fdb7e57e53d039ec8d
4
- data.tar.gz: 947616c8831529af2441ff21f24202be5a09a0edf14ed285576840c595019e25
3
+ metadata.gz: 012e43c78ded5cf4f1ec586f8bbd321cadb532facc73e3b06bf9ecd884ab724f
4
+ data.tar.gz: d95a01adb90683fa13c2bd769581edc53771c8a8157c692954090d38936fc318
5
5
  SHA512:
6
- metadata.gz: 56801239a3801104cf1f79bd485fbeb45485b694360d4f2e98cc1edeaa3945b3c5aa85ccc9cdf282d5ee8657dc55b70731087cce0b65749fc9b12cf2c583819d
7
- data.tar.gz: 9aee853c6af495ae4349aec0f429b17ec8d61cf46c952d5b96f92f63d0b6e5334332bd56249106c7df616fac44d7e4d0be9a28da4abff65528c22fa82029ede4
6
+ metadata.gz: bfd79edf504cedad28c37fb5c34ce67b54e2421ba8db324e25d905d23881c66d44f64f700d6803c8853f70b68864f249eb9725d47b3f3b232c66d3a9b2217f39
7
+ data.tar.gz: 197b13f906c3604df179ab2276d69fcd8e0183f8988046bcd73df35653c312c02f0e37127874d6d371d7320e7e9d0b2bea5a6bbc324d419d1c3067907fa8e1d9
data/lib/qti/sanitizer.rb CHANGED
@@ -10,11 +10,15 @@ module Qti
10
10
 
11
11
  PROTOCOLS = ['http', 'https', :relative].freeze
12
12
  FILTER_TAGS = %w[iframe object embed video audio source].freeze
13
+ ALL_DATA_ATTR = [:data].freeze
13
14
  MEDIA_SRC_ATTR = %w[src data type codebase].freeze
14
15
  MEDIA_FMT_ATTR = %w[width height classid].freeze
15
16
  MEDIA_ALT_ATTR = %w[title alt allow allowfullscreen].freeze
16
- MEDIA_EXT_ATTR = %w[data-media-type data-media-id].freeze
17
- MEDIA_ATTR = [MEDIA_SRC_ATTR, MEDIA_FMT_ATTR, MEDIA_ALT_ATTR, MEDIA_EXT_ATTR].flatten.freeze
17
+ MEDIA_ATTR = [MEDIA_SRC_ATTR, MEDIA_FMT_ATTR, MEDIA_ALT_ATTR, ALL_DATA_ATTR].flatten.freeze
18
+
19
+ def self.relaxed_config(element, overrides)
20
+ Sanitize::Config::RELAXED[:attributes][element] + overrides
21
+ end
18
22
 
19
23
  CONFIG =
20
24
  {
@@ -38,7 +42,9 @@ module Qti
38
42
  allowscriptaccess width height],
39
43
  'iframe' => %w[src width height name align frameborder scrolling sandbox
40
44
  allowfullscreen webkitallowfullscreen mozallowfullscreen
41
- allow] # TODO: remove explicit allow with domain whitelist account setting
45
+ allow] + ALL_DATA_ATTR, # TODO: remove explicit allow with domain whitelist account setting
46
+ 'a' => relaxed_config('a', ['target'] + ALL_DATA_ATTR),
47
+ 'img' => relaxed_config('img', ALL_DATA_ATTR)
42
48
  }
43
49
  }.freeze
44
50
 
data/lib/qti/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Qti
2
- VERSION = '2.12.1'.freeze
2
+ VERSION = '2.13.1'.freeze
3
3
  end
data/spec/lib/qti/sanitizer_spec.rb CHANGED
@@ -31,13 +31,6 @@ describe Qti::Sanitizer do
31
31
  expect(sanitizer.clean(html)).to include 'classid'
32
32
  end
33
33
 
34
- it 'allows needed media extension attributes' do
35
- html = '<object data-media-type="thing" data-media-id=123456789>'
36
-
37
- expect(sanitizer.clean(html)).to include 'data-media-type'
38
- expect(sanitizer.clean(html)).to include 'data-media-id'
39
- end
40
-
41
34
  it 'allows needed media alt attributes' do
42
35
  html = '<source title="Title" alt="description" allow="fullscreen" allowfullscreen=1>'
43
36
 
@@ -46,5 +39,20 @@ describe Qti::Sanitizer do
46
39
  expect(sanitizer.clean(html)).to include 'allow'
47
40
  expect(sanitizer.clean(html)).to include 'allowfullscreen'
48
41
  end
42
+
43
+ it 'allows data attributes on <img>, <object>, <video>, <audio>, <iframe>, <source>, <a>' do
44
+ %w[<img> <object> <video> <audio> <iframe> <source> <a>].each do |tag|
45
+ tag.insert(-2, ' data-test="thing" data-media-id=123456789')
46
+
47
+ expect(sanitizer.clean(tag)).to include 'data-test'
48
+ expect(sanitizer.clean(tag)).to include 'data-media-id'
49
+ end
50
+ end
51
+
52
+ it 'allows target attribute on <a>' do
53
+ html = '<a href="http://a.url" target="_blank">'
54
+
55
+ expect(sanitizer.clean(html)).to include 'target="_blank"'
56
+ end
49
57
  end
50
58
  end
data/spec/lib/qti/v1/models/assessment_item_spec.rb CHANGED
@@ -36,11 +36,11 @@ describe Qti::V1::Models::AssessmentItem do
36
36
  expect(loaded_class.item_body).to include '\(sample equation\)'
37
37
  end
38
38
 
39
- it 'does not transform math content when conversion is Disabled' do
39
+ it 'does not replace <img> math content with pure latex when conversion is Disabled' do
40
40
  Qti.configure do |config|
41
41
  config.extract_latex_from_image_tags = false
42
42
  end
43
- expect(loaded_class.item_body).not_to include '"sample equation"'
43
+ expect(loaded_class.item_body).to include '<img data-equation-content="sample equation"'
44
44
  end
45
45
 
46
46
  describe '#points_possible' do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qti
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.12.1
4
+ version: 2.13.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adrian Diaz
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2023-01-31 00:00:00.000000000 Z
15
+ date: 2023-04-24 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: actionview