qti 2.14.0 → 2.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/qti/sanitizer.rb +2 -2
- data/lib/qti/version.rb +1 -1
- data/spec/lib/qti/sanitizer_spec.rb +9 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fcafa61127adf8dafdd3084cd6c22d56630473c0d01e42a7e6cddf6ee7b4ba96
|
|
4
|
+
data.tar.gz: 68fdf75e1b11fae2ca2ac55aca9daf936c2754ee1a0a244ccc94a51953c3957f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 06543ad3a11e643f4c9731a641da3495afa53d94defa9ac8b40a34015d152ca24e5943fb1b33d9fe0db0714915f9a2e86dd2511821197f1b29395b071adf1ce0
|
|
7
|
+
data.tar.gz: 7b3ad6b2fa593ca9f2be62f524777fef0d41d9ddc8833af38ec445a89a3ffe5c855dd80312000978a0bd55bada68b8d711220a54b46d1b231223b0e41727b0b3
|
data/lib/qti/sanitizer.rb
CHANGED
|
@@ -40,7 +40,7 @@ module Qti
|
|
|
40
40
|
'object' => MEDIA_ATTR,
|
|
41
41
|
'embed' => %w[name src type allowfullscreen pluginspage wmode
|
|
42
42
|
allowscriptaccess width height],
|
|
43
|
-
'iframe' => %w[src width height name align frameborder scrolling sandbox
|
|
43
|
+
'iframe' => %w[src style width height name align frameborder scrolling sandbox
|
|
44
44
|
allowfullscreen webkitallowfullscreen mozallowfullscreen
|
|
45
45
|
allow] + ALL_DATA_ATTR, # TODO: remove explicit allow with domain whitelist account setting
|
|
46
46
|
'a' => relaxed_config('a', ['target'] + ALL_DATA_ATTR),
|
|
@@ -92,7 +92,7 @@ module Qti
|
|
|
92
92
|
lambda do |env|
|
|
93
93
|
return unless FILTER_TAGS.include?(env[:node_name])
|
|
94
94
|
return if env[:is_whitelisted] || !env[:node].element?
|
|
95
|
-
Sanitize.node!(env[:node], CONFIG)
|
|
95
|
+
Sanitize.node!(env[:node], Sanitize::Config.merge(Sanitize::Config::RELAXED, CONFIG))
|
|
96
96
|
{ node_whitelist: [env[:node]] }
|
|
97
97
|
end
|
|
98
98
|
end
|
data/lib/qti/version.rb
CHANGED
|
@@ -54,5 +54,14 @@ describe Qti::Sanitizer do
|
|
|
54
54
|
|
|
55
55
|
expect(sanitizer.clean(html)).to include 'target="_blank"'
|
|
56
56
|
end
|
|
57
|
+
|
|
58
|
+
it 'allows style attributes on iframe' do
|
|
59
|
+
html = '<iframe style="width: 523px; height: 294px; display: inline-block;"></iframe>'
|
|
60
|
+
|
|
61
|
+
expect(sanitizer.clean(html)).to include 'style'
|
|
62
|
+
expect(sanitizer.clean(html)).to include 'width: 523px;'
|
|
63
|
+
expect(sanitizer.clean(html)).to include 'height: 294px;'
|
|
64
|
+
expect(sanitizer.clean(html)).to include 'display: inline-block;'
|
|
65
|
+
end
|
|
57
66
|
end
|
|
58
67
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: qti
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.15.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adrian Diaz
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2023-05-
|
|
15
|
+
date: 2023-05-16 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: actionview
|