rails-html-sanitizer 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of rails-html-sanitizer might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 870e022a24bf7e490864eb68c6676617508060c44cb0fbcfbce1f476b7bfa453
4
- data.tar.gz: 280abb7f0ce9d0d311f4a1b8ac84d94dbe009592c32c2364eea594b0d336f5eb
3
+ metadata.gz: 8eba1aac52c80be280f186c5d378150709b7d4cd2a5d5b2367e6d2c036648d52
4
+ data.tar.gz: 96408eae2efee778a704f7caf246b64868a63bfdbbb81905b294bcca731a9289
5
5
  SHA512:
6
- metadata.gz: d3780c7ea8e6e77bafe1486aef16852ba326adf8a9cbcdc5fe2639f8ea47e9bb8a2e50553ecb25bceeeeb1665b5edfab92c1022707c7aa59a4f0d0c605b67223
7
- data.tar.gz: 14bba8b83f0e0a6782b0e12a8c29fc73d469cda550104d7ad32b8cf8ef3628d981d4c82637e7826c79e2dc4bfd86c230a74031acf53ec0b10a40d2cabf7eed84
6
+ metadata.gz: c4209cebc841299143a466143f4b776461fc1cc8bba112dc603e86835b68ee44a800566f64224b27f5a45d164d0b004049b228dc405c3de59068800ec7a5d564
7
+ data.tar.gz: c899472b8dffe9f9fd4d15ae4739f07a775d74b9ed14143beb688bb546b6a82ec469add036747b81aff33510e6e241379e21458cb39d9b2a8e797824066e24e5
@@ -1,3 +1,9 @@
1
+ ## 1.3.0
2
+
3
+ * Address deprecations in Loofah 2.3.0.
4
+
5
+ *Josh Goodall*
6
+
1
7
  ## 1.2.0
2
8
 
3
9
  * Remove needless `white_list_sanitizer` deprecation.
@@ -74,7 +74,7 @@ module Rails
74
74
  #
75
75
  # === Options
76
76
  # Sanitizes both html and css via the safe lists found here:
77
- # https://github.com/flavorjones/loofah/blob/master/lib/loofah/html5/whitelist.rb
77
+ # https://github.com/flavorjones/loofah/blob/master/lib/loofah/html5/safelist.rb
78
78
  #
79
79
  # SafeListSanitizer also accepts options to configure
80
80
  # the safe list used when sanitizing html.
@@ -1,7 +1,7 @@
1
1
  module Rails
2
2
  module Html
3
3
  class Sanitizer
4
- VERSION = "1.2.0"
4
+ VERSION = "1.3.0"
5
5
  end
6
6
  end
7
7
  end
@@ -138,17 +138,17 @@ module Rails
138
138
  attr_node.node_name
139
139
  end
140
140
 
141
- if Loofah::HTML5::WhiteList::ATTR_VAL_IS_URI.include?(attr_name)
141
+ if Loofah::HTML5::SafeList::ATTR_VAL_IS_URI.include?(attr_name)
142
142
  # this block lifted nearly verbatim from HTML5 sanitization
143
143
  val_unescaped = CGI.unescapeHTML(attr_node.value).gsub(Loofah::HTML5::Scrub::CONTROL_CHARACTERS,'').downcase
144
- if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ && ! Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS.include?(val_unescaped.split(Loofah::HTML5::WhiteList::PROTOCOL_SEPARATOR)[0])
144
+ if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ && ! Loofah::HTML5::SafeList::ALLOWED_PROTOCOLS.include?(val_unescaped.split(Loofah::HTML5::SafeList::PROTOCOL_SEPARATOR)[0])
145
145
  attr_node.remove
146
146
  end
147
147
  end
148
- if Loofah::HTML5::WhiteList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name)
148
+ if Loofah::HTML5::SafeList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name)
149
149
  attr_node.value = attr_node.value.gsub(/url\s*\(\s*[^#\s][^)]+?\)/m, ' ') if attr_node.value
150
150
  end
151
- if Loofah::HTML5::WhiteList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == 'xlink:href' && attr_node.value =~ /^\s*[^#\s].*/m
151
+ if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == 'xlink:href' && attr_node.value =~ /^\s*[^#\s].*/m
152
152
  attr_node.remove
153
153
  end
154
154
 
@@ -181,7 +181,7 @@ class SanitizersTest < Minitest::Test
181
181
  assert_sanitized raw, %{src="javascript:bang" <img width="5">foo</img>, <span>bar</span>}
182
182
  end
183
183
 
184
- tags = Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS - %w(script form)
184
+ tags = Loofah::HTML5::SafeList::ALLOWED_ELEMENTS - %w(script form)
185
185
  tags.each do |tag_name|
186
186
  define_method "test_should_allow_#{tag_name}_tag" do
187
187
  scope_allowed_tags(tags) do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-html-sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafael Mendonça França
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-08-08 00:00:00.000000000 Z
12
+ date: 2019-10-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: loofah
@@ -17,20 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - "~>"
19
19
  - !ruby/object:Gem::Version
20
- version: '2.2'
21
- - - ">="
22
- - !ruby/object:Gem::Version
23
- version: 2.2.2
20
+ version: '2.3'
24
21
  type: :runtime
25
22
  prerelease: false
26
23
  version_requirements: !ruby/object:Gem::Requirement
27
24
  requirements:
28
25
  - - "~>"
29
26
  - !ruby/object:Gem::Version
30
- version: '2.2'
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: 2.2.2
27
+ version: '2.3'
34
28
  - !ruby/object:Gem::Dependency
35
29
  name: bundler
36
30
  requirement: !ruby/object:Gem::Requirement
@@ -123,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
123
117
  - !ruby/object:Gem::Version
124
118
  version: '0'
125
119
  requirements: []
126
- rubygems_version: 3.0.4
120
+ rubygems_version: 3.0.3
127
121
  signing_key:
128
122
  specification_version: 4
129
123
  summary: This gem is responsible to sanitize HTML fragments in Rails applications.