RubyGems - rails-html-sanitizer - Versions diffs - 1.5.0 → 1.6.0.rc1 - Mend

rails-html-sanitizer 1.5.0 → 1.6.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +58 -0
data/MIT-LICENSE +1 -1
data/README.md +95 -48
data/lib/rails/html/sanitizer/version.rb +4 -2
data/lib/rails/html/sanitizer.rb +367 -104
data/lib/rails/html/scrubbers.rb +70 -69
data/lib/rails-html-sanitizer.rb +7 -23
data/test/rails_api_test.rb +74 -0
data/test/sanitizer_test.rb +900 -590
data/test/scrubbers_test.rb +49 -36
metadata +21 -65

data/test/scrubbers_test.rb CHANGED Viewed

@@ -1,11 +1,16 @@
+# frozen_string_literal: true
 require "minitest/autorun"
 require "rails-html-sanitizer"
 class ScrubberTest < Minitest::Test
   protected
+    def scrub_fragment(html)
+      Loofah.scrub_fragment(html, @scrubber).to_s
+    end
     def assert_scrubbed(html, expected = html)
-      output = Loofah.scrub_fragment(html, @scrubber).to_s
+      output = scrub_fragment(html)
       assert_equal expected, output
     end
@@ -28,9 +33,8 @@ class ScrubberTest < Minitest::Test
 end
 class PermitScrubberTest < ScrubberTest
   def setup
-    @scrubber = Rails::Html::PermitScrubber.new
+    @scrubber = Rails::HTML::PermitScrubber.new
   end
   def test_responds_to_scrub
@@ -38,51 +42,60 @@ class PermitScrubberTest < ScrubberTest
   end
   def test_default_scrub_behavior
-    assert_scrubbed '<tag>hello</tag>', 'hello'
+    assert_scrubbed "<tag>hello</tag>", "hello"
   end
   def test_default_scrub_removes_comments
-    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
-                    '<div>one</div><span>three</span>')
+    assert_scrubbed("<div>one</div><!-- two --><span>three</span>",
+                    "<div>one</div><span>three</span>")
   end
   def test_default_scrub_removes_processing_instructions
-    assert_scrubbed('<div>one</div><?div two><span>three</span>',
-                    '<div>one</div><span>three</span>')
+    input = "<div>one</div><?div two><span>three</span>"
+    result = scrub_fragment(input)
+    acceptable_results = [
+      # jruby cyberneko (nokogiri < 1.14.0)
+      "<div>one</div>",
+      # everything else
+      "<div>one</div><span>three</span>",
+    ]
+    assert_includes(acceptable_results, result)
   end
   def test_default_attributes_removal_behavior
-    assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
+    assert_scrubbed '<p cooler="hello">hello</p>', "<p>hello</p>"
   end
   def test_leaves_supplied_tags
     @scrubber.tags = %w(a)
-    assert_scrubbed '<a>hello</a>'
+    assert_scrubbed "<a>hello</a>"
   end
   def test_leaves_only_supplied_tags
-    html = '<tag>leave me <span>now</span></tag>'
+    html = "<tag>leave me <span>now</span></tag>"
     @scrubber.tags = %w(tag)
-    assert_scrubbed html, '<tag>leave me now</tag>'
+    assert_scrubbed html, "<tag>leave me now</tag>"
   end
   def test_prunes_tags
-    @scrubber = Rails::Html::PermitScrubber.new(prune: true)
+    @scrubber = Rails::HTML::PermitScrubber.new(prune: true)
     @scrubber.tags = %w(tag)
-    html = '<tag>leave me <span>now</span></tag>'
-    assert_scrubbed html, '<tag>leave me </tag>'
+    html = "<tag>leave me <span>now</span></tag>"
+    assert_scrubbed html, "<tag>leave me </tag>"
   end
   def test_leaves_comments_when_supplied_as_tag
     @scrubber.tags = %w(div comment)
-    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
-                    '<div>one</div><!-- two -->three')
+    assert_scrubbed("<div>one</div><!-- two --><span>three</span>",
+                    "<div>one</div><!-- two -->three")
   end
   def test_leaves_only_supplied_tags_nested
-    html = '<tag>leave <em>me <span>now</span></em></tag>'
+    html = "<tag>leave <em>me <span>now</span></em></tag>"
     @scrubber.tags = %w(tag)
-    assert_scrubbed html, '<tag>leave me now</tag>'
+    assert_scrubbed html, "<tag>leave me now</tag>"
   end
   def test_leaves_supplied_attributes
@@ -109,16 +122,16 @@ class PermitScrubberTest < ScrubberTest
   end
   def test_leaves_text
-    assert_scrubbed('some text')
+    assert_scrubbed("some text")
   end
   def test_skips_text_nodes
-    assert_node_skipped('some text')
+    assert_node_skipped("some text")
   end
   def test_tags_accessor_validation
     e = assert_raises(ArgumentError) do
-      @scrubber.tags = 'tag'
+      @scrubber.tags = "tag"
     end
     assert_equal "You should pass :tags as an Enumerable", e.message
@@ -127,7 +140,7 @@ class PermitScrubberTest < ScrubberTest
   def test_attributes_accessor_validation
     e = assert_raises(ArgumentError) do
-      @scrubber.attributes = 'cooler'
+      @scrubber.attributes = "cooler"
     end
     assert_equal "You should pass :attributes as an Enumerable", e.message
@@ -137,19 +150,19 @@ end
 class TargetScrubberTest < ScrubberTest
   def setup
-    @scrubber = Rails::Html::TargetScrubber.new
+    @scrubber = Rails::HTML::TargetScrubber.new
   end
   def test_targeting_tags_removes_only_them
     @scrubber.tags = %w(a h1)
-    html = '<script></script><a></a><h1></h1>'
-    assert_scrubbed html, '<script></script>'
+    html = "<script></script><a></a><h1></h1>"
+    assert_scrubbed html, "<script></script>"
   end
   def test_targeting_tags_removes_only_them_nested
     @scrubber.tags = %w(a)
-    html = '<tag><a><tag><a></a></tag></a></tag>'
-    assert_scrubbed html, '<tag><tag></tag></tag>'
+    html = "<tag><a><tag><a></a></tag></a></tag>"
+    assert_scrubbed html, "<tag><tag></tag></tag>"
   end
   def test_targeting_attributes_removes_only_them
@@ -166,29 +179,29 @@ class TargetScrubberTest < ScrubberTest
   end
   def test_prunes_tags
-    @scrubber = Rails::Html::TargetScrubber.new(prune: true)
+    @scrubber = Rails::HTML::TargetScrubber.new(prune: true)
     @scrubber.tags = %w(span)
-    html = '<tag>leave me <span>now</span></tag>'
-    assert_scrubbed html, '<tag>leave me </tag>'
+    html = "<tag>leave me <span>now</span></tag>"
+    assert_scrubbed html, "<tag>leave me </tag>"
   end
 end
 class TextOnlyScrubberTest < ScrubberTest
   def setup
-    @scrubber = Rails::Html::TextOnlyScrubber.new
+    @scrubber = Rails::HTML::TextOnlyScrubber.new
   end
   def test_removes_all_tags_and_keep_the_content
-    assert_scrubbed '<tag>hello</tag>', 'hello'
+    assert_scrubbed "<tag>hello</tag>", "hello"
   end
   def test_skips_text_nodes
-    assert_node_skipped('some text')
+    assert_node_skipped("some text")
   end
 end
 class ReturningStopFromScrubNodeTest < ScrubberTest
-  class ScrubStopper < Rails::Html::PermitScrubber
+  class ScrubStopper < Rails::HTML::PermitScrubber
     def scrub_node(node)
       Loofah::Scrubber::STOP
     end
@@ -199,6 +212,6 @@ class ReturningStopFromScrubNodeTest < ScrubberTest
   end
   def test_returns_stop_from_scrub_if_scrub_node_does
-    assert_scrub_stopped '<script>remove me</script>'
+    assert_scrub_stopped "<script>remove me</script>"
   end
 end

metadata CHANGED Viewed

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: rails-html-sanitizer
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.6.0.rc1
 platform: ruby
 authors:
 - Rafael Mendonça França
 - Kasper Timm Hansen
+- Mike Dalessio
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-20 00:00:00.000000000 Z
+date: 2023-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: loofah
@@ -17,80 +18,33 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.19'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.19.1
+        version: '2.21'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.19'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.19.1
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.3'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.21'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rails-dom-testing
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: '1.14'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.14'
 description: HTML sanitization for Rails applications
 email:
 - rafaelmfranca@gmail.com
 - kaspth@gmail.com
+- mike.dalessio@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -102,6 +56,7 @@ files:
 - lib/rails/html/sanitizer.rb
 - lib/rails/html/sanitizer/version.rb
 - lib/rails/html/scrubbers.rb
+- test/rails_api_test.rb
 - test/sanitizer_test.rb
 - test/scrubbers_test.rb
 homepage: https://github.com/rails/rails-html-sanitizer
@@ -109,9 +64,9 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails-html-sanitizer/issues
-  changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.5.0/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.5.0
-  source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.5.0
+  changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.6.0.rc1/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.6.0.rc1
+  source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.6.0.rc1
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -120,17 +75,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.4.2
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: This gem is responsible to sanitize HTML fragments in Rails applications.
 test_files:
+- test/rails_api_test.rb
 - test/sanitizer_test.rb
 - test/scrubbers_test.rb