qti 2.14.0 → 2.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/qti/sanitizer.rb +2 -2
- data/lib/qti/version.rb +1 -1
- data/spec/lib/qti/sanitizer_spec.rb +9 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fcafa61127adf8dafdd3084cd6c22d56630473c0d01e42a7e6cddf6ee7b4ba96
|
|
4
|
+
data.tar.gz: 68fdf75e1b11fae2ca2ac55aca9daf936c2754ee1a0a244ccc94a51953c3957f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 06543ad3a11e643f4c9731a641da3495afa53d94defa9ac8b40a34015d152ca24e5943fb1b33d9fe0db0714915f9a2e86dd2511821197f1b29395b071adf1ce0
|
|
7
|
+
data.tar.gz: 7b3ad6b2fa593ca9f2be62f524777fef0d41d9ddc8833af38ec445a89a3ffe5c855dd80312000978a0bd55bada68b8d711220a54b46d1b231223b0e41727b0b3
|
data/lib/qti/sanitizer.rb
CHANGED
|
@@ -40,7 +40,7 @@ module Qti
|
|
|
40
40
|
'object' => MEDIA_ATTR,
|
|
41
41
|
'embed' => %w[name src type allowfullscreen pluginspage wmode
|
|
42
42
|
allowscriptaccess width height],
|
|
43
|
-
'iframe' => %w[src width height name align frameborder scrolling sandbox
|
|
43
|
+
'iframe' => %w[src style width height name align frameborder scrolling sandbox
|
|
44
44
|
allowfullscreen webkitallowfullscreen mozallowfullscreen
|
|
45
45
|
allow] + ALL_DATA_ATTR, # TODO: remove explicit allow with domain whitelist account setting
|
|
46
46
|
'a' => relaxed_config('a', ['target'] + ALL_DATA_ATTR),
|
|
@@ -92,7 +92,7 @@ module Qti
|
|
|
92
92
|
lambda do |env|
|
|
93
93
|
return unless FILTER_TAGS.include?(env[:node_name])
|
|
94
94
|
return if env[:is_whitelisted] || !env[:node].element?
|
|
95
|
-
Sanitize.node!(env[:node], CONFIG)
|
|
95
|
+
Sanitize.node!(env[:node], Sanitize::Config.merge(Sanitize::Config::RELAXED, CONFIG))
|
|
96
96
|
{ node_whitelist: [env[:node]] }
|
|
97
97
|
end
|
|
98
98
|
end
|
data/lib/qti/version.rb
CHANGED
|
@@ -54,5 +54,14 @@ describe Qti::Sanitizer do
|
|
|
54
54
|
|
|
55
55
|
expect(sanitizer.clean(html)).to include 'target="_blank"'
|
|
56
56
|
end
|
|
57
|
+
|
|
58
|
+
it 'allows style attributes on iframe' do
|
|
59
|
+
html = '<iframe style="width: 523px; height: 294px; display: inline-block;"></iframe>'
|
|
60
|
+
|
|
61
|
+
expect(sanitizer.clean(html)).to include 'style'
|
|
62
|
+
expect(sanitizer.clean(html)).to include 'width: 523px;'
|
|
63
|
+
expect(sanitizer.clean(html)).to include 'height: 294px;'
|
|
64
|
+
expect(sanitizer.clean(html)).to include 'display: inline-block;'
|
|
65
|
+
end
|
|
57
66
|
end
|
|
58
67
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: qti
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.15.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adrian Diaz
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2023-05-
|
|
15
|
+
date: 2023-05-16 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: actionview
|