qti 2.12.1 → 2.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/qti/sanitizer.rb +9 -3
- data/lib/qti/version.rb +1 -1
- data/spec/lib/qti/sanitizer_spec.rb +15 -7
- data/spec/lib/qti/v1/models/assessment_item_spec.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 012e43c78ded5cf4f1ec586f8bbd321cadb532facc73e3b06bf9ecd884ab724f
|
4
|
+
data.tar.gz: d95a01adb90683fa13c2bd769581edc53771c8a8157c692954090d38936fc318
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bfd79edf504cedad28c37fb5c34ce67b54e2421ba8db324e25d905d23881c66d44f64f700d6803c8853f70b68864f249eb9725d47b3f3b232c66d3a9b2217f39
|
7
|
+
data.tar.gz: 197b13f906c3604df179ab2276d69fcd8e0183f8988046bcd73df35653c312c02f0e37127874d6d371d7320e7e9d0b2bea5a6bbc324d419d1c3067907fa8e1d9
|
data/lib/qti/sanitizer.rb
CHANGED
@@ -10,11 +10,15 @@ module Qti
|
|
10
10
|
|
11
11
|
PROTOCOLS = ['http', 'https', :relative].freeze
|
12
12
|
FILTER_TAGS = %w[iframe object embed video audio source].freeze
|
13
|
+
ALL_DATA_ATTR = [:data].freeze
|
13
14
|
MEDIA_SRC_ATTR = %w[src data type codebase].freeze
|
14
15
|
MEDIA_FMT_ATTR = %w[width height classid].freeze
|
15
16
|
MEDIA_ALT_ATTR = %w[title alt allow allowfullscreen].freeze
|
16
|
-
|
17
|
-
|
17
|
+
MEDIA_ATTR = [MEDIA_SRC_ATTR, MEDIA_FMT_ATTR, MEDIA_ALT_ATTR, ALL_DATA_ATTR].flatten.freeze
|
18
|
+
|
19
|
+
def self.relaxed_config(element, overrides)
|
20
|
+
Sanitize::Config::RELAXED[:attributes][element] + overrides
|
21
|
+
end
|
18
22
|
|
19
23
|
CONFIG =
|
20
24
|
{
|
@@ -38,7 +42,9 @@ module Qti
|
|
38
42
|
allowscriptaccess width height],
|
39
43
|
'iframe' => %w[src width height name align frameborder scrolling sandbox
|
40
44
|
allowfullscreen webkitallowfullscreen mozallowfullscreen
|
41
|
-
allow] # TODO: remove explicit allow with domain whitelist account setting
|
45
|
+
allow] + ALL_DATA_ATTR, # TODO: remove explicit allow with domain whitelist account setting
|
46
|
+
'a' => relaxed_config('a', ['target'] + ALL_DATA_ATTR),
|
47
|
+
'img' => relaxed_config('img', ALL_DATA_ATTR)
|
42
48
|
}
|
43
49
|
}.freeze
|
44
50
|
|
data/lib/qti/version.rb
CHANGED
@@ -31,13 +31,6 @@ describe Qti::Sanitizer do
|
|
31
31
|
expect(sanitizer.clean(html)).to include 'classid'
|
32
32
|
end
|
33
33
|
|
34
|
-
it 'allows needed media extension attributes' do
|
35
|
-
html = '<object data-media-type="thing" data-media-id=123456789>'
|
36
|
-
|
37
|
-
expect(sanitizer.clean(html)).to include 'data-media-type'
|
38
|
-
expect(sanitizer.clean(html)).to include 'data-media-id'
|
39
|
-
end
|
40
|
-
|
41
34
|
it 'allows needed media alt attributes' do
|
42
35
|
html = '<source title="Title" alt="description" allow="fullscreen" allowfullscreen=1>'
|
43
36
|
|
@@ -46,5 +39,20 @@ describe Qti::Sanitizer do
|
|
46
39
|
expect(sanitizer.clean(html)).to include 'allow'
|
47
40
|
expect(sanitizer.clean(html)).to include 'allowfullscreen'
|
48
41
|
end
|
42
|
+
|
43
|
+
it 'allows data attributes on <img>, <object>, <video>, <audio>, <iframe>, <source>, <a>' do
|
44
|
+
%w[<img> <object> <video> <audio> <iframe> <source> <a>].each do |tag|
|
45
|
+
tag.insert(-2, ' data-test="thing" data-media-id=123456789')
|
46
|
+
|
47
|
+
expect(sanitizer.clean(tag)).to include 'data-test'
|
48
|
+
expect(sanitizer.clean(tag)).to include 'data-media-id'
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
it 'allows target attribute on <a>' do
|
53
|
+
html = '<a href="http://a.url" target="_blank">'
|
54
|
+
|
55
|
+
expect(sanitizer.clean(html)).to include 'target="_blank"'
|
56
|
+
end
|
49
57
|
end
|
50
58
|
end
|
@@ -36,11 +36,11 @@ describe Qti::V1::Models::AssessmentItem do
|
|
36
36
|
expect(loaded_class.item_body).to include '\(sample equation\)'
|
37
37
|
end
|
38
38
|
|
39
|
-
it 'does not
|
39
|
+
it 'does not replace <img> math content with pure latex when conversion is Disabled' do
|
40
40
|
Qti.configure do |config|
|
41
41
|
config.extract_latex_from_image_tags = false
|
42
42
|
end
|
43
|
-
expect(loaded_class.item_body).
|
43
|
+
expect(loaded_class.item_body).to include '<img data-equation-content="sample equation"'
|
44
44
|
end
|
45
45
|
|
46
46
|
describe '#points_possible' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: qti
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.13.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adrian Diaz
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2023-
|
15
|
+
date: 2023-04-24 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: actionview
|