qti 2.25.2 → 2.26.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/qti/sanitizer.rb +393 -2
  3. data/lib/qti/version.rb +1 -1
  4. data/spec/lib/qti/sanitizer_spec.rb +6 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 062a48a89ca4ced5ac4c33976eaa79be84d9f9f883de111d0cf8643550c1dd62
4
- data.tar.gz: d6ec810ebbc758d650c2c081cbb777c1fd073bb1fc176b1e7b80958884cafc54
3
+ metadata.gz: d185ca9468c4d41b04a10ffc8fdddc3b443ecd632de1f5b64c68dde754da375e
4
+ data.tar.gz: 5d47f324498c8c1d0bbb42eea2dbc08976aa7836c0cd6c386456f0e2bd5b86b5
5
5
  SHA512:
6
- metadata.gz: 6abd2fda6c86e08b215c2ff3b7b1c79fdb8b5170af23de03c7f537528f2d6297981c941bf9ed19d9ee38345b9b13794abb24f68b7ab246693da55be0da1c8b18
7
- data.tar.gz: 4140785078c7f4412d6c94e7124706e694bb5e884dc811d40db7e9c5c916ed81e0da86741378a4773c71abd5f8794e7ea8373383fe8b6f0fca808f0921ae0ac8
6
+ metadata.gz: c61f7ecb24c47c98892d9edf31f1d145d7f3acddd9fab59c22dc15d0559a3e1c531046f33bee05790aff8db27b1d785d38554ac15eb994025b2dc0713e8e2586
7
+ data.tar.gz: e2fc18ee5e506a6db953868dd5e90e69e418f04054be671250c6fa55fa375cd8ba9954e7f3d90ec6f4b819abad673eef8344723671cd45b7c11d3e0972d4e50d
data/lib/qti/sanitizer.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  module Qti
2
+ # rubocop:disable Metrics/ClassLength
2
3
  class Sanitizer
3
4
  ELEMENTS_REMAP = {
4
5
  'prompt' => 'div',
@@ -20,9 +21,58 @@ module Qti
20
21
  Sanitize::Config::RELAXED[:attributes][element] + overrides
21
22
  end
22
23
 
24
+ # Copied from Canvas (Classic Quizzes)
25
+ # canvas_sanitize/lib/canvas_sanitize/canvas_sanitize.rb:142
26
+ MATHML_TAGS =
27
+ %w[annotation
28
+ annotationml
29
+ maction
30
+ maligngroup
31
+ malignmark
32
+ mark
33
+ math
34
+ menclose
35
+ merror
36
+ mfenced
37
+ mfrac
38
+ mglyph
39
+ mi
40
+ mlabeledtr
41
+ mlongdiv
42
+ mmultiscripts
43
+ mn
44
+ mo
45
+ mover
46
+ mpadded
47
+ mphantom
48
+ mprescripts
49
+ mroot
50
+ mrow
51
+ ms
52
+ mscarries
53
+ mscarry
54
+ msgroup
55
+ msline
56
+ mspace
57
+ msqrt
58
+ msrow
59
+ mstack
60
+ mstyle
61
+ msub
62
+ msubsup
63
+ msup
64
+ mtable
65
+ mtd
66
+ mtext
67
+ mtr
68
+ munder
69
+ munderover
70
+ none
71
+ semantics].freeze
72
+
23
73
  CONFIG =
24
74
  {
25
- elements: Sanitize::Config::RELAXED[:elements] + FILTER_TAGS,
75
+ elements: Sanitize::Config::RELAXED[:elements] + MATHML_TAGS + FILTER_TAGS,
26
76
  protocols:
27
77
  {
28
78
  'iframe' => { 'src' => PROTOCOLS },
@@ -44,7 +94,347 @@ module Qti
44
94
  allowfullscreen webkitallowfullscreen mozallowfullscreen
45
95
  allow] + ALL_DATA_ATTR, # TODO: remove explicit allow with domain whitelist account setting
46
96
  'a' => relaxed_config('a', ['target'] + ALL_DATA_ATTR),
47
- 'img' => relaxed_config('img', ALL_DATA_ATTR)
97
+ 'img' => relaxed_config('img', ALL_DATA_ATTR),
98
+ # MathML
99
+ 'annotation' => %w[href xref definitionURL encoding cd name src].freeze,
100
+ 'annotation-xml' => %w[href xref definitionURL encoding cd name src].freeze,
101
+ 'maction' => %w[href xref mathcolor mathbackground actiontype selection].freeze,
102
+ 'maligngroup' => %w[href xref mathcolor mathbackground groupalign].freeze,
103
+ 'malignmark' => %w[href xref mathcolor mathbackground edge].freeze,
104
+ 'map' => ['name'].freeze,
105
+ 'math' => %w[href
106
+ xref
107
+ display
108
+ maxwidth
109
+ overflow
110
+ altimg
111
+ altimg-width
112
+ altimg-height
113
+ altimg-valign
114
+ alttext
115
+ cdgroup
116
+ mathcolor
117
+ mathbackground
118
+ scriptlevel
119
+ displaystyle
120
+ scriptsizemultiplier
121
+ scriptminsize
122
+ infixlinebreakstyle
123
+ decimalpoint
124
+ mathvariant
125
+ mathsize
126
+ width
127
+ height
128
+ valign
129
+ form
130
+ fence
131
+ separator
132
+ lspace
133
+ rspace
134
+ stretchy
135
+ symmetric
136
+ maxsize
137
+ minsize
138
+ largeop
139
+ movablelimits
140
+ accent
141
+ linebreak
142
+ lineleading
143
+ linebreakstyle
144
+ linebreakmultchar
145
+ indentalign
146
+ indentshift
147
+ indenttarget
148
+ indentalignfirst
149
+ indentshiftfirst
150
+ indentalignlast
151
+ indentshiftlast
152
+ depth
153
+ lquote
154
+ rquote
155
+ linethickness
156
+ munalign
157
+ denomalign
158
+ bevelled
159
+ voffset
160
+ open
161
+ close
162
+ separators
163
+ notation
164
+ subscriptshift
165
+ superscriptshift
166
+ accentunder
167
+ align
168
+ rowalign
169
+ columnalign
170
+ groupalign
171
+ alignmentscope
172
+ columnwidth
173
+ rowspacing
174
+ columnspacing
175
+ rowlines
176
+ columnlines
177
+ frame
178
+ framespacing
179
+ equalrows
180
+ equalcolumns
181
+ side
182
+ minlabelspacing
183
+ rowspan
184
+ columnspan
185
+ edge
186
+ stackalign
187
+ charalign
188
+ charspacing
189
+ longdivstyle
190
+ position
191
+ shift
192
+ location
193
+ crossout
194
+ length
195
+ leftoverhang
196
+ rightoverhang
197
+ mslinethickness
198
+ selection
199
+ xmlns].freeze,
200
+ 'menclose' => %w[href xref mathcolor mathbackground notation].freeze,
201
+ 'merror' => %w[href xref mathcolor mathbackground].freeze,
202
+ 'mfenced' => %w[href xref mathcolor mathbackground open close separators].freeze,
203
+ 'mfrac' => %w[href
204
+ xref
205
+ mathcolor
206
+ mathbackground
207
+ linethickness
208
+ munalign
209
+ denomalign
210
+ bevelled].freeze,
211
+ 'mglyph' => %w[href xref mathcolor mathbackground src alt width height valign].freeze,
212
+ 'mi' => %w[href xref mathcolor mathbackground mathvariant mathsize].freeze,
213
+ 'mlabeledtr' => %w[href xref mathcolor mathbackground].freeze,
214
+ 'mlongdiv' => %w[href
215
+ xref
216
+ mathcolor
217
+ mathbackground
218
+ longdivstyle
219
+ align
220
+ stackalign
221
+ charalign
222
+ charspacing].freeze,
223
+ 'mmultiscripts' => %w[href
224
+ xref
225
+ mathcolor
226
+ mathbackground
227
+ subscriptshift
228
+ superscriptshift].freeze,
229
+ 'mn' => %w[href xref mathcolor mathbackground mathvariant mathsize].freeze,
230
+ 'mo' => %w[href
231
+ xref
232
+ mathcolor
233
+ mathbackground
234
+ mathvariant
235
+ mathsize
236
+ form
237
+ fence
238
+ separator
239
+ lspace
240
+ rspace
241
+ stretchy
242
+ symmetric
243
+ maxsize
244
+ minsize
245
+ largeop
246
+ movablelimits
247
+ accent
248
+ linebreak
249
+ lineleading
250
+ linebreakstyle
251
+ linebreakmultchar
252
+ indentalign
253
+ indentshift
254
+ indenttarget
255
+ indentalignfirst
256
+ indentshiftfirst
257
+ indentalignlast
258
+ indentshiftlast].freeze,
259
+ 'mover' => %w[href xref mathcolor mathbackground accent align].freeze,
260
+ 'mpadded' => %w[href
261
+ xref
262
+ mathcolor
263
+ mathbackground
264
+ height
265
+ depth
266
+ width
267
+ lspace
268
+ voffset].freeze,
269
+ 'mphantom' => %w[href xref mathcolor mathbackground].freeze,
270
+ 'mprescripts' => %w[href xref mathcolor mathbackground].freeze,
271
+ 'mroot' => %w[href xref mathcolor mathbackground].freeze,
272
+ 'mrow' => %w[href xref mathcolor mathbackground].freeze,
273
+ 'ms' => %w[href xref mathcolor mathbackground mathvariant mathsize lquote rquote].freeze,
274
+ 'mscarries' => %w[href
275
+ xref
276
+ mathcolor
277
+ mathbackground
278
+ position
279
+ location
280
+ crossout
281
+ scriptsizemultiplier].freeze,
282
+ 'mscarry' => %w[href xref mathcolor mathbackground location crossout].freeze,
283
+ 'msgroup' => %w[href xref mathcolor mathbackground position shift].freeze,
284
+ 'msline' => %w[href
285
+ xref
286
+ mathcolor
287
+ mathbackground
288
+ position
289
+ length
290
+ leftoverhang
291
+ rightoverhang
292
+ mslinethickness].freeze,
293
+ 'mspace' => %w[href xref mathcolor mathbackground mathvariant mathsize].freeze,
294
+ 'msqrt' => %w[href xref mathcolor mathbackground].freeze,
295
+ 'msrow' => %w[href xref mathcolor mathbackground position].freeze,
296
+ 'mstack' => %w[href
297
+ xref
298
+ mathcolor
299
+ mathbackground
300
+ align
301
+ stackalign
302
+ charalign
303
+ charspacing].freeze,
304
+ 'mstyle' => %w[href
305
+ xref
306
+ mathcolor
307
+ mathbackground
308
+ scriptlevel
309
+ displaystyle
310
+ scriptsizemultiplier
311
+ scriptminsize
312
+ infixlinebreakstyle
313
+ decimalpoint
314
+ mathvariant
315
+ mathsize
316
+ width
317
+ height
318
+ valign
319
+ form
320
+ fence
321
+ separator
322
+ lspace
323
+ rspace
324
+ stretchy
325
+ symmetric
326
+ maxsize
327
+ minsize
328
+ largeop
329
+ movablelimits
330
+ accent
331
+ linebreak
332
+ lineleading
333
+ linebreakstyle
334
+ linebreakmultchar
335
+ indentalign
336
+ indentshift
337
+ indenttarget
338
+ indentalignfirst
339
+ indentshiftfirst
340
+ indentalignlast
341
+ indentshiftlast
342
+ depth
343
+ lquote
344
+ rquote
345
+ linethickness
346
+ munalign
347
+ denomalign
348
+ bevelled
349
+ voffset
350
+ open
351
+ close
352
+ separators
353
+ notation
354
+ subscriptshift
355
+ superscriptshift
356
+ accentunder
357
+ align
358
+ rowalign
359
+ columnalign
360
+ groupalign
361
+ alignmentscope
362
+ columnwidth
363
+ rowspacing
364
+ columnspacing
365
+ rowlines
366
+ columnlines
367
+ frame
368
+ framespacing
369
+ equalrows
370
+ equalcolumns
371
+ side
372
+ minlabelspacing
373
+ rowspan
374
+ columnspan
375
+ edge
376
+ stackalign
377
+ charalign
378
+ charspacing
379
+ longdivstyle
380
+ position
381
+ shift
382
+ location
383
+ crossout
384
+ length
385
+ leftoverhang
386
+ rightoverhang
387
+ mslinethickness
388
+ selection].freeze,
389
+ 'msub' => %w[href xref mathcolor mathbackground subscriptshift].freeze,
390
+ 'msubsup' => %w[href xref mathcolor mathbackground subscriptshift superscriptshift].freeze,
391
+ 'msup' => %w[href xref mathcolor mathbackground superscriptshift].freeze,
392
+ 'mtable' => %w[href
393
+ xref
394
+ mathcolor
395
+ mathbackground
396
+ align
397
+ rowalign
398
+ columnalign
399
+ groupalign
400
+ alignmentscope
401
+ columnwidth
402
+ width
403
+ rowspacing
404
+ columnspacing
405
+ rowlines
406
+ columnlines
407
+ frame
408
+ framespacing
409
+ equalrows
410
+ equalcolumns
411
+ displaystyle
412
+ side
413
+ minlabelspacing].freeze,
414
+ 'mtd' => %w[href
415
+ xref
416
+ mathcolor
417
+ mathbackground
418
+ rowspan
419
+ columnspan
420
+ rowalign
421
+ columnalign
422
+ groupalign].freeze,
423
+ 'mtext' => %w[href
424
+ xref
425
+ mathcolor
426
+ mathbackground
427
+ mathvariant
428
+ mathsize
429
+ width
430
+ height
431
+ depth
432
+ linebreak].freeze,
433
+ 'mtr' => %w[href xref mathcolor mathbackground rowalign columnalign groupalign].freeze,
434
+ 'munder' => %w[href xref mathcolor mathbackground accentunder align].freeze,
435
+ 'munderover' => %w[href xref mathcolor mathbackground accent accentunder align].freeze,
436
+ 'none' => %w[href xref mathcolor mathbackground].freeze,
437
+ 'semantics' => %w[href xref definitionURL encoding].freeze
48
438
  }
49
439
  }.freeze
50
440
 
@@ -151,4 +541,5 @@ module Qti
151
541
  node.unlink
152
542
  end
153
543
  end
544
+ # rubocop:enable Metrics/ClassLength
154
545
  end
data/lib/qti/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Qti
2
- VERSION = '2.25.2'.freeze
2
+ VERSION = '2.26.1'.freeze
3
3
  end
data/spec/lib/qti/sanitizer_spec.rb CHANGED
@@ -63,5 +63,11 @@ describe Qti::Sanitizer do
63
63
  expect(sanitizer.clean(html)).to include 'height: 294px;'
64
64
  expect(sanitizer.clean(html)).to include 'display: inline-block;'
65
65
  end
66
+
67
+ Qti::Sanitizer::MATHML_TAGS.each do |tag|
68
+ it "allows MathML tag: #{tag}" do
69
+ expect(sanitizer.clean("<#{tag}>")).to eq("<#{tag}></#{tag}>")
70
+ end
71
+ end
66
72
  end
67
73
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qti
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.25.2
4
+ version: 2.26.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adrian Diaz
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2025-01-28 00:00:00.000000000 Z
15
+ date: 2025-03-31 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: actionview