qti 2.13.0 → 2.13.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/qti/sanitizer.rb +9 -3
  3. data/lib/qti/version.rb +1 -1
  4. data/spec/lib/qti/sanitizer_spec.rb +15 -7
  5. data/spec/lib/qti/v1/models/assessment_item_spec.rb +2 -2
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 59de2b4d33d7358a8024126e3b019dd75e59a4b9a27369bd5891144f5246b74b
4
- data.tar.gz: b018ffb87e722f93f2301f98ca7d6611da87a2b92680347ae324e1a2f822cf72
3
+ metadata.gz: 012e43c78ded5cf4f1ec586f8bbd321cadb532facc73e3b06bf9ecd884ab724f
4
+ data.tar.gz: d95a01adb90683fa13c2bd769581edc53771c8a8157c692954090d38936fc318
5
5
  SHA512:
6
- metadata.gz: f9f652bd1d7d18ca9797b76d104cd8353b2fc6936d58c4a1bc7e472acd94a698e19c106ad47db721797f25edae8829edfd9c3d03c0be78a949dfa2c72ff7426e
7
- data.tar.gz: 8faf29357f3dadf3a3897b0a33baf2d6bf70e1666fae4f89191f89f94f16748c8361f4b7650e886795c9ae5f95d517de2a6dc6119b285073e654aa04dcb07176
6
+ metadata.gz: bfd79edf504cedad28c37fb5c34ce67b54e2421ba8db324e25d905d23881c66d44f64f700d6803c8853f70b68864f249eb9725d47b3f3b232c66d3a9b2217f39
7
+ data.tar.gz: 197b13f906c3604df179ab2276d69fcd8e0183f8988046bcd73df35653c312c02f0e37127874d6d371d7320e7e9d0b2bea5a6bbc324d419d1c3067907fa8e1d9
data/lib/qti/sanitizer.rb CHANGED
@@ -10,11 +10,15 @@ module Qti
10
10
 
11
11
  PROTOCOLS = ['http', 'https', :relative].freeze
12
12
  FILTER_TAGS = %w[iframe object embed video audio source].freeze
13
+ ALL_DATA_ATTR = [:data].freeze
13
14
  MEDIA_SRC_ATTR = %w[src data type codebase].freeze
14
15
  MEDIA_FMT_ATTR = %w[width height classid].freeze
15
16
  MEDIA_ALT_ATTR = %w[title alt allow allowfullscreen].freeze
16
- MEDIA_EXT_ATTR = %w[data-media-type data-media-id].freeze
17
- MEDIA_ATTR = [MEDIA_SRC_ATTR, MEDIA_FMT_ATTR, MEDIA_ALT_ATTR, MEDIA_EXT_ATTR].flatten.freeze
17
+ MEDIA_ATTR = [MEDIA_SRC_ATTR, MEDIA_FMT_ATTR, MEDIA_ALT_ATTR, ALL_DATA_ATTR].flatten.freeze
18
+
19
+ def self.relaxed_config(element, overrides)
20
+ Sanitize::Config::RELAXED[:attributes][element] + overrides
21
+ end
18
22
 
19
23
  CONFIG =
20
24
  {
@@ -38,7 +42,9 @@ module Qti
38
42
  allowscriptaccess width height],
39
43
  'iframe' => %w[src width height name align frameborder scrolling sandbox
40
44
  allowfullscreen webkitallowfullscreen mozallowfullscreen
41
- allow] # TODO: remove explicit allow with domain whitelist account setting
45
+ allow] + ALL_DATA_ATTR, # TODO: remove explicit allow with domain whitelist account setting
46
+ 'a' => relaxed_config('a', ['target'] + ALL_DATA_ATTR),
47
+ 'img' => relaxed_config('img', ALL_DATA_ATTR)
42
48
  }
43
49
  }.freeze
44
50
 
data/lib/qti/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Qti
2
- VERSION = '2.13.0'.freeze
2
+ VERSION = '2.13.1'.freeze
3
3
  end
data/spec/lib/qti/sanitizer_spec.rb CHANGED
@@ -31,13 +31,6 @@ describe Qti::Sanitizer do
31
31
  expect(sanitizer.clean(html)).to include 'classid'
32
32
  end
33
33
 
34
- it 'allows needed media extension attributes' do
35
- html = '<object data-media-type="thing" data-media-id=123456789>'
36
-
37
- expect(sanitizer.clean(html)).to include 'data-media-type'
38
- expect(sanitizer.clean(html)).to include 'data-media-id'
39
- end
40
-
41
34
  it 'allows needed media alt attributes' do
42
35
  html = '<source title="Title" alt="description" allow="fullscreen" allowfullscreen=1>'
43
36
 
@@ -46,5 +39,20 @@ describe Qti::Sanitizer do
46
39
  expect(sanitizer.clean(html)).to include 'allow'
47
40
  expect(sanitizer.clean(html)).to include 'allowfullscreen'
48
41
  end
42
+
43
+ it 'allows data attributes on <img>, <object>, <video>, <audio>, <iframe>, <source>, <a>' do
44
+ %w[<img> <object> <video> <audio> <iframe> <source> <a>].each do |tag|
45
+ tag.insert(-2, ' data-test="thing" data-media-id=123456789')
46
+
47
+ expect(sanitizer.clean(tag)).to include 'data-test'
48
+ expect(sanitizer.clean(tag)).to include 'data-media-id'
49
+ end
50
+ end
51
+
52
+ it 'allows target attribute on <a>' do
53
+ html = '<a href="http://a.url" target="_blank">'
54
+
55
+ expect(sanitizer.clean(html)).to include 'target="_blank"'
56
+ end
49
57
  end
50
58
  end
data/spec/lib/qti/v1/models/assessment_item_spec.rb CHANGED
@@ -36,11 +36,11 @@ describe Qti::V1::Models::AssessmentItem do
36
36
  expect(loaded_class.item_body).to include '\(sample equation\)'
37
37
  end
38
38
 
39
- it 'does not transform math content when conversion is Disabled' do
39
+ it 'does not replace <img> math content with pure latex when conversion is Disabled' do
40
40
  Qti.configure do |config|
41
41
  config.extract_latex_from_image_tags = false
42
42
  end
43
- expect(loaded_class.item_body).not_to include '"sample equation"'
43
+ expect(loaded_class.item_body).to include '<img data-equation-content="sample equation"'
44
44
  end
45
45
 
46
46
  describe '#points_possible' do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: qti
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.13.0
4
+ version: 2.13.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adrian Diaz
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2023-03-22 00:00:00.000000000 Z
15
+ date: 2023-04-24 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: actionview