rails-html-sanitizer 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rails-html-sanitizer might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/rails/html/sanitizer.rb +1 -1
  4. data/lib/rails/html/sanitizer/version.rb +1 -1
  5. data/lib/rails/html/scrubbers.rb +4 -4
  6. data/test/sanitizer_test.rb +1 -1
  7. metadata +5 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 870e022a24bf7e490864eb68c6676617508060c44cb0fbcfbce1f476b7bfa453
4
- data.tar.gz: 280abb7f0ce9d0d311f4a1b8ac84d94dbe009592c32c2364eea594b0d336f5eb
3
+ metadata.gz: 8eba1aac52c80be280f186c5d378150709b7d4cd2a5d5b2367e6d2c036648d52
4
+ data.tar.gz: 96408eae2efee778a704f7caf246b64868a63bfdbbb81905b294bcca731a9289
5
5
  SHA512:
6
- metadata.gz: d3780c7ea8e6e77bafe1486aef16852ba326adf8a9cbcdc5fe2639f8ea47e9bb8a2e50553ecb25bceeeeb1665b5edfab92c1022707c7aa59a4f0d0c605b67223
7
- data.tar.gz: 14bba8b83f0e0a6782b0e12a8c29fc73d469cda550104d7ad32b8cf8ef3628d981d4c82637e7826c79e2dc4bfd86c230a74031acf53ec0b10a40d2cabf7eed84
6
+ metadata.gz: c4209cebc841299143a466143f4b776461fc1cc8bba112dc603e86835b68ee44a800566f64224b27f5a45d164d0b004049b228dc405c3de59068800ec7a5d564
7
+ data.tar.gz: c899472b8dffe9f9fd4d15ae4739f07a775d74b9ed14143beb688bb546b6a82ec469add036747b81aff33510e6e241379e21458cb39d9b2a8e797824066e24e5
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## 1.3.0
2
+
3
+ * Address deprecations in Loofah 2.3.0.
4
+
5
+ *Josh Goodall*
6
+
1
7
  ## 1.2.0
2
8
 
3
9
  * Remove needless `white_list_sanitizer` deprecation.
data/lib/rails/html/sanitizer.rb CHANGED
@@ -74,7 +74,7 @@ module Rails
74
74
  #
75
75
  # === Options
76
76
  # Sanitizes both html and css via the safe lists found here:
77
- # https://github.com/flavorjones/loofah/blob/master/lib/loofah/html5/whitelist.rb
77
+ # https://github.com/flavorjones/loofah/blob/master/lib/loofah/html5/safelist.rb
78
78
  #
79
79
  # SafeListSanitizer also accepts options to configure
80
80
  # the safe list used when sanitizing html.
data/lib/rails/html/sanitizer/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Rails
2
2
  module Html
3
3
  class Sanitizer
4
- VERSION = "1.2.0"
4
+ VERSION = "1.3.0"
5
5
  end
6
6
  end
7
7
  end
data/lib/rails/html/scrubbers.rb CHANGED
@@ -138,17 +138,17 @@ module Rails
138
138
  attr_node.node_name
139
139
  end
140
140
 
141
- if Loofah::HTML5::WhiteList::ATTR_VAL_IS_URI.include?(attr_name)
141
+ if Loofah::HTML5::SafeList::ATTR_VAL_IS_URI.include?(attr_name)
142
142
  # this block lifted nearly verbatim from HTML5 sanitization
143
143
  val_unescaped = CGI.unescapeHTML(attr_node.value).gsub(Loofah::HTML5::Scrub::CONTROL_CHARACTERS,'').downcase
144
- if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ && ! Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS.include?(val_unescaped.split(Loofah::HTML5::WhiteList::PROTOCOL_SEPARATOR)[0])
144
+ if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ && ! Loofah::HTML5::SafeList::ALLOWED_PROTOCOLS.include?(val_unescaped.split(Loofah::HTML5::SafeList::PROTOCOL_SEPARATOR)[0])
145
145
  attr_node.remove
146
146
  end
147
147
  end
148
- if Loofah::HTML5::WhiteList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name)
148
+ if Loofah::HTML5::SafeList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name)
149
149
  attr_node.value = attr_node.value.gsub(/url\s*\(\s*[^#\s][^)]+?\)/m, ' ') if attr_node.value
150
150
  end
151
- if Loofah::HTML5::WhiteList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == 'xlink:href' && attr_node.value =~ /^\s*[^#\s].*/m
151
+ if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == 'xlink:href' && attr_node.value =~ /^\s*[^#\s].*/m
152
152
  attr_node.remove
153
153
  end
154
154
 
data/test/sanitizer_test.rb CHANGED
@@ -181,7 +181,7 @@ class SanitizersTest < Minitest::Test
181
181
  assert_sanitized raw, %{src="javascript:bang" <img width="5">foo</img>, <span>bar</span>}
182
182
  end
183
183
 
184
- tags = Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS - %w(script form)
184
+ tags = Loofah::HTML5::SafeList::ALLOWED_ELEMENTS - %w(script form)
185
185
  tags.each do |tag_name|
186
186
  define_method "test_should_allow_#{tag_name}_tag" do
187
187
  scope_allowed_tags(tags) do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-html-sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafael Mendonça França
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-08-08 00:00:00.000000000 Z
12
+ date: 2019-10-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: loofah
@@ -17,20 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - "~>"
19
19
  - !ruby/object:Gem::Version
20
- version: '2.2'
21
- - - ">="
22
- - !ruby/object:Gem::Version
23
- version: 2.2.2
20
+ version: '2.3'
24
21
  type: :runtime
25
22
  prerelease: false
26
23
  version_requirements: !ruby/object:Gem::Requirement
27
24
  requirements:
28
25
  - - "~>"
29
26
  - !ruby/object:Gem::Version
30
- version: '2.2'
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: 2.2.2
27
+ version: '2.3'
34
28
  - !ruby/object:Gem::Dependency
35
29
  name: bundler
36
30
  requirement: !ruby/object:Gem::Requirement
@@ -123,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
123
117
  - !ruby/object:Gem::Version
124
118
  version: '0'
125
119
  requirements: []
126
- rubygems_version: 3.0.4
120
+ rubygems_version: 3.0.3
127
121
  signing_key:
128
122
  specification_version: 4
129
123
  summary: This gem is responsible to sanitize HTML fragments in Rails applications.