rails-html-sanitizer 1.3.0 → 1.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rails-html-sanitizer might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -0
- data/README.md +3 -1
- data/lib/rails/html/sanitizer/version.rb +1 -1
- data/lib/rails/html/sanitizer.rb +18 -1
- data/lib/rails/html/scrubbers.rb +1 -1
- data/test/sanitizer_test.rb +118 -19
- data/test/scrubbers_test.rb +16 -0
- metadata +9 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2f00d9f256478eb753c8d211c3b25efa4204bbdbc9c5abf0415413c811a2e404
|
|
4
|
+
data.tar.gz: 65d3871aa798dfbbfb1138b666d475b590e347cdb66614d6d39b72ad3531c742
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e6e31eaa72b1a2e8356aae50600ac784f85a80828cbc49ce8061384ecd3f21a1d8eaee69845dc08537c5102728c3cc41a72cb3ed8b9789c4921038398afa61e2
|
|
7
|
+
data.tar.gz: 6b14a49842eaf4c3e0fbae5acd28fdf32a5deb6cd42f769aada848226847180c4d3a67a9dcbc439e1a4855699b0ea694cb4c7b6ee173391ac841bd334ae44b6f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,46 @@
|
|
|
1
|
+
## 1.4.3 / 2022-06-09
|
|
2
|
+
|
|
3
|
+
* Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
|
|
4
|
+
|
|
5
|
+
Prevent the combination of `select` and `style` as allowed tags in SafeListSanitizer.
|
|
6
|
+
|
|
7
|
+
Fixes CVE-2022-32209
|
|
8
|
+
|
|
9
|
+
*Mike Dalessio*
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
## 1.4.2 / 2021-08-23
|
|
13
|
+
|
|
14
|
+
* Slightly improve performance.
|
|
15
|
+
|
|
16
|
+
Assuming elements are more common than comments, make one less method call per node.
|
|
17
|
+
|
|
18
|
+
*Mike Dalessio*
|
|
19
|
+
|
|
20
|
+
## 1.4.1 / 2021-08-18
|
|
21
|
+
|
|
22
|
+
* Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
|
|
23
|
+
|
|
24
|
+
Some scrubbers will want to override the default behavior and allow comments, but v1.4.0 only
|
|
25
|
+
passed through elements to the scrubber's `keep_node?` method.
|
|
26
|
+
|
|
27
|
+
This change once again allows the scrubber to make the decision on comment nodes, but still skips
|
|
28
|
+
other non-elements like processing instructions (see #115).
|
|
29
|
+
|
|
30
|
+
*Mike Dalessio*
|
|
31
|
+
|
|
32
|
+
## 1.4.0 / 2021-08-18
|
|
33
|
+
|
|
34
|
+
* Processing Instructions are no longer allowed by Rails::Html::PermitScrubber
|
|
35
|
+
|
|
36
|
+
Previously, a PI with a name (or "target") matching an allowed tag name was not scrubbed. There
|
|
37
|
+
are no known security issues associated with these PIs, but similar to comments it's preferred to
|
|
38
|
+
omit these nodes when possible from sanitized output.
|
|
39
|
+
|
|
40
|
+
Fixes #115.
|
|
41
|
+
|
|
42
|
+
*Mike Dalessio*
|
|
43
|
+
|
|
1
44
|
## 1.3.0
|
|
2
45
|
|
|
3
46
|
* Address deprecations in Loofah 2.3.0.
|
data/README.md
CHANGED
|
@@ -81,8 +81,10 @@ html_fragment.to_s # => "<a></a>"
|
|
|
81
81
|
#### `Rails::Html::TargetScrubber`
|
|
82
82
|
|
|
83
83
|
Where `PermitScrubber` picks out tags and attributes to permit in sanitization,
|
|
84
|
-
`Rails::Html::TargetScrubber` targets them for removal.
|
|
84
|
+
`Rails::Html::TargetScrubber` targets them for removal. See https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/safelist.rb for the tag list.
|
|
85
85
|
|
|
86
|
+
**Note:** by default, it will scrub anything that is not part of the permitted tags from
|
|
87
|
+
loofah `HTML5::Scrub.allowed_element?`.
|
|
86
88
|
|
|
87
89
|
```ruby
|
|
88
90
|
scrubber = Rails::Html::TargetScrubber.new
|
data/lib/rails/html/sanitizer.rb
CHANGED
|
@@ -141,8 +141,25 @@ module Rails
|
|
|
141
141
|
|
|
142
142
|
private
|
|
143
143
|
|
|
144
|
+
def loofah_using_html5?
|
|
145
|
+
# future-proofing, see https://github.com/flavorjones/loofah/pull/239
|
|
146
|
+
Loofah.respond_to?(:html5_mode?) && Loofah.html5_mode?
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
def remove_safelist_tag_combinations(tags)
|
|
150
|
+
if !loofah_using_html5? && tags.include?("select") && tags.include?("style")
|
|
151
|
+
warn("WARNING: #{self.class}: removing 'style' from safelist, should not be combined with 'select'")
|
|
152
|
+
tags.delete("style")
|
|
153
|
+
end
|
|
154
|
+
tags
|
|
155
|
+
end
|
|
156
|
+
|
|
144
157
|
def allowed_tags(options)
|
|
145
|
-
options[:tags]
|
|
158
|
+
if options[:tags]
|
|
159
|
+
remove_safelist_tag_combinations(options[:tags])
|
|
160
|
+
else
|
|
161
|
+
self.class.allowed_tags
|
|
162
|
+
end
|
|
146
163
|
end
|
|
147
164
|
|
|
148
165
|
def allowed_attributes(options)
|
data/lib/rails/html/scrubbers.rb
CHANGED
data/test/sanitizer_test.rb
CHANGED
|
@@ -2,6 +2,8 @@ require "minitest/autorun"
|
|
|
2
2
|
require "rails-html-sanitizer"
|
|
3
3
|
require "rails/dom/testing/assertions/dom_assertions"
|
|
4
4
|
|
|
5
|
+
puts Nokogiri::VERSION_INFO
|
|
6
|
+
|
|
5
7
|
class SanitizersTest < Minitest::Test
|
|
6
8
|
include Rails::Dom::Testing::Assertions::DomAssertions
|
|
7
9
|
|
|
@@ -12,13 +14,11 @@ class SanitizersTest < Minitest::Test
|
|
|
12
14
|
end
|
|
13
15
|
|
|
14
16
|
def test_sanitize_nested_script
|
|
15
|
-
|
|
16
|
-
assert_equal '<script>alert("XSS");</script>', sanitizer.sanitize('<script><script></script>alert("XSS");<script><</script>/</script><script>script></script>', tags: %w(em))
|
|
17
|
+
assert_equal '<script>alert("XSS");</script>', safe_list_sanitize('<script><script></script>alert("XSS");<script><</script>/</script><script>script></script>', tags: %w(em))
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def test_sanitize_nested_script_in_style
|
|
20
|
-
|
|
21
|
-
assert_equal '<script>alert("XSS");</script>', sanitizer.sanitize('<style><script></style>alert("XSS");<style><</style>/</style><style>script></style>', tags: %w(em))
|
|
21
|
+
assert_equal '<script>alert("XSS");</script>', safe_list_sanitize('<style><script></style>alert("XSS");<style><</style>/</style><style>script></style>', tags: %w(em))
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
class XpathRemovalTestSanitizer < Rails::Html::Sanitizer
|
|
@@ -54,7 +54,8 @@ class SanitizersTest < Minitest::Test
|
|
|
54
54
|
|
|
55
55
|
def test_strip_tags_with_quote
|
|
56
56
|
input = '<" <img src="trollface.gif" onload="alert(1)"> hi'
|
|
57
|
-
|
|
57
|
+
expected = libxml_2_9_14_recovery? ? %{<" hi} : %{ hi}
|
|
58
|
+
assert_equal(expected, full_sanitize(input))
|
|
58
59
|
end
|
|
59
60
|
|
|
60
61
|
def test_strip_invalid_html
|
|
@@ -75,15 +76,21 @@ class SanitizersTest < Minitest::Test
|
|
|
75
76
|
end
|
|
76
77
|
|
|
77
78
|
def test_remove_unclosed_tags
|
|
78
|
-
|
|
79
|
+
input = "This is <-- not\n a comment here."
|
|
80
|
+
expected = libxml_2_9_14_recovery? ? %{This is <-- not\n a comment here.} : %{This is }
|
|
81
|
+
assert_equal(expected, full_sanitize(input))
|
|
79
82
|
end
|
|
80
83
|
|
|
81
84
|
def test_strip_cdata
|
|
82
|
-
|
|
85
|
+
input = "This has a <![CDATA[<section>]]> here."
|
|
86
|
+
expected = libxml_2_9_14_recovery? ? %{This has a <![CDATA[]]> here.} : %{This has a ]]> here.}
|
|
87
|
+
assert_equal(expected, full_sanitize(input))
|
|
83
88
|
end
|
|
84
89
|
|
|
85
90
|
def test_strip_unclosed_cdata
|
|
86
|
-
|
|
91
|
+
input = "This has an unclosed <![CDATA[<section>]] here..."
|
|
92
|
+
expected = libxml_2_9_14_recovery? ? %{This has an unclosed <![CDATA[]] here...} : %{This has an unclosed ]] here...}
|
|
93
|
+
assert_equal(expected, full_sanitize(input))
|
|
87
94
|
end
|
|
88
95
|
|
|
89
96
|
def test_strip_blank_string
|
|
@@ -93,7 +100,7 @@ class SanitizersTest < Minitest::Test
|
|
|
93
100
|
end
|
|
94
101
|
|
|
95
102
|
def test_strip_tags_with_plaintext
|
|
96
|
-
assert_equal "
|
|
103
|
+
assert_equal "Don't touch me", full_sanitize("Don't touch me")
|
|
97
104
|
end
|
|
98
105
|
|
|
99
106
|
def test_strip_tags_with_tags
|
|
@@ -135,7 +142,7 @@ class SanitizersTest < Minitest::Test
|
|
|
135
142
|
end
|
|
136
143
|
|
|
137
144
|
def test_strip_links_with_plaintext
|
|
138
|
-
assert_equal "
|
|
145
|
+
assert_equal "Don't touch me", link_sanitize("Don't touch me")
|
|
139
146
|
end
|
|
140
147
|
|
|
141
148
|
def test_strip_links_with_line_feed_and_uppercase_tag
|
|
@@ -271,7 +278,8 @@ class SanitizersTest < Minitest::Test
|
|
|
271
278
|
|
|
272
279
|
def test_scrub_style_if_style_attribute_option_is_passed
|
|
273
280
|
input = '<p style="color: #000; background-image: url(http://www.ragingplatypus.com/i/cam-full.jpg);"></p>'
|
|
274
|
-
|
|
281
|
+
actual = safe_list_sanitize(input, attributes: %w(style))
|
|
282
|
+
assert_includes(['<p style="color: #000;"></p>', '<p style="color:#000;"></p>'], actual)
|
|
275
283
|
end
|
|
276
284
|
|
|
277
285
|
def test_should_raise_argument_error_if_tags_is_not_enumerable
|
|
@@ -413,8 +421,25 @@ class SanitizersTest < Minitest::Test
|
|
|
413
421
|
end
|
|
414
422
|
|
|
415
423
|
def test_should_sanitize_div_background_image_unicode_encoded
|
|
416
|
-
|
|
417
|
-
|
|
424
|
+
[
|
|
425
|
+
convert_to_css_hex("url(javascript:alert(1))", false),
|
|
426
|
+
convert_to_css_hex("url(javascript:alert(1))", true),
|
|
427
|
+
convert_to_css_hex("url(https://example.com)", false),
|
|
428
|
+
convert_to_css_hex("url(https://example.com)", true),
|
|
429
|
+
].each do |propval|
|
|
430
|
+
raw = "background-image:" + propval
|
|
431
|
+
assert_empty(sanitize_css(raw))
|
|
432
|
+
end
|
|
433
|
+
end
|
|
434
|
+
|
|
435
|
+
def test_should_allow_div_background_image_unicode_encoded_safe_functions
|
|
436
|
+
[
|
|
437
|
+
convert_to_css_hex("rgb(255,0,0)", false),
|
|
438
|
+
convert_to_css_hex("rgb(255,0,0)", true),
|
|
439
|
+
].each do |propval|
|
|
440
|
+
raw = "background-image:" + propval
|
|
441
|
+
assert_includes(sanitize_css(raw), "background-image")
|
|
442
|
+
end
|
|
418
443
|
end
|
|
419
444
|
|
|
420
445
|
def test_should_sanitize_div_style_expression
|
|
@@ -432,11 +457,15 @@ class SanitizersTest < Minitest::Test
|
|
|
432
457
|
end
|
|
433
458
|
|
|
434
459
|
def test_should_sanitize_cdata_section
|
|
435
|
-
|
|
460
|
+
input = "<![CDATA[<span>section</span>]]>"
|
|
461
|
+
expected = libxml_2_9_14_recovery? ? %{<![CDATA[<span>section</span>]]>} : %{section]]>}
|
|
462
|
+
assert_sanitized(input, expected)
|
|
436
463
|
end
|
|
437
464
|
|
|
438
465
|
def test_should_sanitize_unterminated_cdata_section
|
|
439
|
-
|
|
466
|
+
input = "<![CDATA[<span>neverending..."
|
|
467
|
+
expected = libxml_2_9_14_recovery? ? %{<![CDATA[<span>neverending...</span>} : %{neverending...}
|
|
468
|
+
assert_sanitized(input, expected)
|
|
440
469
|
end
|
|
441
470
|
|
|
442
471
|
def test_should_not_mangle_urls_with_ampersand
|
|
@@ -487,7 +516,13 @@ class SanitizersTest < Minitest::Test
|
|
|
487
516
|
|
|
488
517
|
text = safe_list_sanitize(html)
|
|
489
518
|
|
|
490
|
-
|
|
519
|
+
acceptable_results = [
|
|
520
|
+
# nokogiri w/vendored+patched libxml2
|
|
521
|
+
%{<a href="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
522
|
+
# nokogiri w/ system libxml2
|
|
523
|
+
%{<a href="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
524
|
+
]
|
|
525
|
+
assert_includes(acceptable_results, text)
|
|
491
526
|
end
|
|
492
527
|
|
|
493
528
|
def test_uri_escaping_of_src_attr_in_a_tag_in_safe_list_sanitizer
|
|
@@ -497,7 +532,13 @@ class SanitizersTest < Minitest::Test
|
|
|
497
532
|
|
|
498
533
|
text = safe_list_sanitize(html)
|
|
499
534
|
|
|
500
|
-
|
|
535
|
+
acceptable_results = [
|
|
536
|
+
# nokogiri w/vendored+patched libxml2
|
|
537
|
+
%{<a src="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
538
|
+
# nokogiri w/system libxml2
|
|
539
|
+
%{<a src="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
540
|
+
]
|
|
541
|
+
assert_includes(acceptable_results, text)
|
|
501
542
|
end
|
|
502
543
|
|
|
503
544
|
def test_uri_escaping_of_name_attr_in_a_tag_in_safe_list_sanitizer
|
|
@@ -507,7 +548,13 @@ class SanitizersTest < Minitest::Test
|
|
|
507
548
|
|
|
508
549
|
text = safe_list_sanitize(html)
|
|
509
550
|
|
|
510
|
-
|
|
551
|
+
acceptable_results = [
|
|
552
|
+
# nokogiri w/vendored+patched libxml2
|
|
553
|
+
%{<a name="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
554
|
+
# nokogiri w/system libxml2
|
|
555
|
+
%{<a name="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
556
|
+
]
|
|
557
|
+
assert_includes(acceptable_results, text)
|
|
511
558
|
end
|
|
512
559
|
|
|
513
560
|
def test_uri_escaping_of_name_action_in_a_tag_in_safe_list_sanitizer
|
|
@@ -517,7 +564,40 @@ class SanitizersTest < Minitest::Test
|
|
|
517
564
|
|
|
518
565
|
text = safe_list_sanitize(html, attributes: ['action'])
|
|
519
566
|
|
|
520
|
-
|
|
567
|
+
acceptable_results = [
|
|
568
|
+
# nokogiri w/vendored+patched libxml2
|
|
569
|
+
%{<a action="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
570
|
+
# nokogiri w/system libxml2
|
|
571
|
+
%{<a action="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>},
|
|
572
|
+
]
|
|
573
|
+
assert_includes(acceptable_results, text)
|
|
574
|
+
end
|
|
575
|
+
|
|
576
|
+
def test_exclude_node_type_processing_instructions
|
|
577
|
+
assert_equal("<div>text</div><b>text</b>", safe_list_sanitize("<div>text</div><?div content><b>text</b>"))
|
|
578
|
+
end
|
|
579
|
+
|
|
580
|
+
def test_exclude_node_type_comment
|
|
581
|
+
assert_equal("<div>text</div><b>text</b>", safe_list_sanitize("<div>text</div><!-- comment --><b>text</b>"))
|
|
582
|
+
end
|
|
583
|
+
|
|
584
|
+
def test_disallow_the_dangerous_safelist_combination_of_select_and_style
|
|
585
|
+
input = "<select><style><script>alert(1)</script></style></select>"
|
|
586
|
+
tags = ["select", "style"]
|
|
587
|
+
warning = /WARNING: Rails::Html::SafeListSanitizer: removing 'style' from safelist/
|
|
588
|
+
sanitized = nil
|
|
589
|
+
invocation = Proc.new { sanitized = safe_list_sanitize(input, tags: tags) }
|
|
590
|
+
|
|
591
|
+
if html5_mode?
|
|
592
|
+
# if Loofah is using an HTML5 parser,
|
|
593
|
+
# then "style" should be removed by the parser as an invalid child of "select"
|
|
594
|
+
assert_silent(&invocation)
|
|
595
|
+
else
|
|
596
|
+
# if Loofah is using an HTML4 parser,
|
|
597
|
+
# then SafeListSanitizer should remove "style" from the safelist
|
|
598
|
+
assert_output(nil, warning, &invocation)
|
|
599
|
+
end
|
|
600
|
+
refute_includes(sanitized, "style")
|
|
521
601
|
end
|
|
522
602
|
|
|
523
603
|
protected
|
|
@@ -565,4 +645,23 @@ protected
|
|
|
565
645
|
ensure
|
|
566
646
|
Rails::Html::SafeListSanitizer.allowed_attributes = old_attributes
|
|
567
647
|
end
|
|
648
|
+
|
|
649
|
+
# note that this is used for testing CSS hex encoding: \\[0-9a-f]{1,6}
|
|
650
|
+
def convert_to_css_hex(string, escape_parens=false)
|
|
651
|
+
string.chars.map do |c|
|
|
652
|
+
if !escape_parens && (c == "(" || c == ")")
|
|
653
|
+
c
|
|
654
|
+
else
|
|
655
|
+
format('\00%02X', c.ord)
|
|
656
|
+
end
|
|
657
|
+
end.join
|
|
658
|
+
end
|
|
659
|
+
|
|
660
|
+
def libxml_2_9_14_recovery?
|
|
661
|
+
Nokogiri.method(:uses_libxml?).arity == -1 && Nokogiri.uses_libxml?(">= 2.9.14")
|
|
662
|
+
end
|
|
663
|
+
|
|
664
|
+
def html5_mode?
|
|
665
|
+
::Loofah.respond_to?(:html5_mode?) && ::Loofah.html5_mode?
|
|
666
|
+
end
|
|
568
667
|
end
|
data/test/scrubbers_test.rb
CHANGED
|
@@ -41,6 +41,16 @@ class PermitScrubberTest < ScrubberTest
|
|
|
41
41
|
assert_scrubbed '<tag>hello</tag>', 'hello'
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
+
def test_default_scrub_removes_comments
|
|
45
|
+
assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
|
|
46
|
+
'<div>one</div><span>three</span>')
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def test_default_scrub_removes_processing_instructions
|
|
50
|
+
assert_scrubbed('<div>one</div><?div two><span>three</span>',
|
|
51
|
+
'<div>one</div><span>three</span>')
|
|
52
|
+
end
|
|
53
|
+
|
|
44
54
|
def test_default_attributes_removal_behavior
|
|
45
55
|
assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
|
|
46
56
|
end
|
|
@@ -56,6 +66,12 @@ class PermitScrubberTest < ScrubberTest
|
|
|
56
66
|
assert_scrubbed html, '<tag>leave me now</tag>'
|
|
57
67
|
end
|
|
58
68
|
|
|
69
|
+
def test_leaves_comments_when_supplied_as_tag
|
|
70
|
+
@scrubber.tags = %w(div comment)
|
|
71
|
+
assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
|
|
72
|
+
'<div>one</div><!-- two -->three')
|
|
73
|
+
end
|
|
74
|
+
|
|
59
75
|
def test_leaves_only_supplied_tags_nested
|
|
60
76
|
html = '<tag>leave <em>me <span>now</span></em></tag>'
|
|
61
77
|
@scrubber.tags = %w(tag)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails-html-sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3
|
|
4
|
+
version: 1.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael Mendonça França
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2022-06-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: loofah
|
|
@@ -101,7 +101,11 @@ files:
|
|
|
101
101
|
homepage: https://github.com/rails/rails-html-sanitizer
|
|
102
102
|
licenses:
|
|
103
103
|
- MIT
|
|
104
|
-
metadata:
|
|
104
|
+
metadata:
|
|
105
|
+
bug_tracker_uri: https://github.com/rails/rails-html-sanitizer/issues
|
|
106
|
+
changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.4.3/CHANGELOG.md
|
|
107
|
+
documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.4.3
|
|
108
|
+
source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.4.3
|
|
105
109
|
post_install_message:
|
|
106
110
|
rdoc_options: []
|
|
107
111
|
require_paths:
|
|
@@ -117,10 +121,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
117
121
|
- !ruby/object:Gem::Version
|
|
118
122
|
version: '0'
|
|
119
123
|
requirements: []
|
|
120
|
-
rubygems_version: 3.
|
|
124
|
+
rubygems_version: 3.3.5
|
|
121
125
|
signing_key:
|
|
122
126
|
specification_version: 4
|
|
123
127
|
summary: This gem is responsible to sanitize HTML fragments in Rails applications.
|
|
124
128
|
test_files:
|
|
125
|
-
- test/scrubbers_test.rb
|
|
126
129
|
- test/sanitizer_test.rb
|
|
130
|
+
- test/scrubbers_test.rb
|