rails-html-sanitizer 1.4.1 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/rails/html/sanitizer/version.rb +1 -1
- data/lib/rails/html/scrubbers.rb +1 -1
- data/test/scrubbers_test.rb +16 -44
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 85be608ca4422813683df971eb55217f0a70d9bb3d6398efad913ddb90d2c3c5
|
|
4
|
+
data.tar.gz: cdc86ec92f2698f49d73d37e58622b97f4115330e084a2bc6ea46fc711926e94
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b748cab99a7c9bdda776b5aaf76a55e16ff59b6aa10f4ee1fd9b97b7f5a6a897a8a2e0e1fe31cdd741207130d34ccdff2debb4437b0b03b87896ab9c16537f4b
|
|
7
|
+
data.tar.gz: 35f4c0c12c555feb73623df3bc09d19069c48b9ee91539dc247b6a599dc091adb08b56f43041014dfacd6f46183f7b6d68355104716a1feeaef58c3319be6bea
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## 1.4.2 / 2021-08-23
|
|
2
|
+
|
|
3
|
+
* Slightly improve performance.
|
|
4
|
+
|
|
5
|
+
Assuming elements are more common than comments, make one less method call per node.
|
|
6
|
+
|
|
7
|
+
*Mike Dalessio*
|
|
8
|
+
|
|
1
9
|
## 1.4.1 / 2021-08-18
|
|
2
10
|
|
|
3
11
|
* Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
|
data/lib/rails/html/scrubbers.rb
CHANGED
data/test/scrubbers_test.rb
CHANGED
|
@@ -41,6 +41,16 @@ class PermitScrubberTest < ScrubberTest
|
|
|
41
41
|
assert_scrubbed '<tag>hello</tag>', 'hello'
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
+
def test_default_scrub_removes_comments
|
|
45
|
+
assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
|
|
46
|
+
'<div>one</div><span>three</span>')
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def test_default_scrub_removes_processing_instructions
|
|
50
|
+
assert_scrubbed('<div>one</div><?div two><span>three</span>',
|
|
51
|
+
'<div>one</div><span>three</span>')
|
|
52
|
+
end
|
|
53
|
+
|
|
44
54
|
def test_default_attributes_removal_behavior
|
|
45
55
|
assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
|
|
46
56
|
end
|
|
@@ -56,6 +66,12 @@ class PermitScrubberTest < ScrubberTest
|
|
|
56
66
|
assert_scrubbed html, '<tag>leave me now</tag>'
|
|
57
67
|
end
|
|
58
68
|
|
|
69
|
+
def test_leaves_comments_when_supplied_as_tag
|
|
70
|
+
@scrubber.tags = %w(div comment)
|
|
71
|
+
assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
|
|
72
|
+
'<div>one</div><!-- two -->three')
|
|
73
|
+
end
|
|
74
|
+
|
|
59
75
|
def test_leaves_only_supplied_tags_nested
|
|
60
76
|
html = '<tag>leave <em>me <span>now</span></em></tag>'
|
|
61
77
|
@scrubber.tags = %w(tag)
|
|
@@ -112,50 +128,6 @@ class PermitScrubberTest < ScrubberTest
|
|
|
112
128
|
end
|
|
113
129
|
end
|
|
114
130
|
|
|
115
|
-
class PermitScrubberSubclassTest < ScrubberTest
|
|
116
|
-
def setup
|
|
117
|
-
@scrubber = Class.new(::Rails::Html::PermitScrubber) do
|
|
118
|
-
attr :nodes_seen
|
|
119
|
-
|
|
120
|
-
def initialize
|
|
121
|
-
super()
|
|
122
|
-
@nodes_seen = []
|
|
123
|
-
end
|
|
124
|
-
|
|
125
|
-
def keep_node?(node)
|
|
126
|
-
@nodes_seen << node.name
|
|
127
|
-
super(node)
|
|
128
|
-
end
|
|
129
|
-
end.new
|
|
130
|
-
end
|
|
131
|
-
|
|
132
|
-
def test_elements_are_checked
|
|
133
|
-
html = %Q("<div></div><a></a><tr></tr>")
|
|
134
|
-
Loofah.scrub_fragment(html, @scrubber)
|
|
135
|
-
assert_includes(@scrubber.nodes_seen, "div")
|
|
136
|
-
assert_includes(@scrubber.nodes_seen, "a")
|
|
137
|
-
assert_includes(@scrubber.nodes_seen, "tr")
|
|
138
|
-
end
|
|
139
|
-
|
|
140
|
-
def test_comments_are_checked
|
|
141
|
-
# this passes in v1.3.0 but fails in v1.4.0
|
|
142
|
-
html = %Q("<div></div><!-- ohai --><tr></tr>")
|
|
143
|
-
Loofah.scrub_fragment(html, @scrubber)
|
|
144
|
-
assert_includes(@scrubber.nodes_seen, "div")
|
|
145
|
-
assert_includes(@scrubber.nodes_seen, "comment")
|
|
146
|
-
assert_includes(@scrubber.nodes_seen, "tr")
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
def test_craftily_named_processing_instructions_are_not_checked
|
|
150
|
-
# this fails in v1.3.0 but passes in v1.4.0
|
|
151
|
-
html = %Q("<div></div><?a content><tr></tr>")
|
|
152
|
-
Loofah.scrub_fragment(html, @scrubber)
|
|
153
|
-
assert_includes(@scrubber.nodes_seen, "div")
|
|
154
|
-
refute_includes(@scrubber.nodes_seen, "a")
|
|
155
|
-
assert_includes(@scrubber.nodes_seen, "tr")
|
|
156
|
-
end
|
|
157
|
-
end
|
|
158
|
-
|
|
159
131
|
class TargetScrubberTest < ScrubberTest
|
|
160
132
|
def setup
|
|
161
133
|
@scrubber = Rails::Html::TargetScrubber.new
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails-html-sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael Mendonça França
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-08-
|
|
12
|
+
date: 2021-08-24 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: loofah
|
|
@@ -103,9 +103,9 @@ licenses:
|
|
|
103
103
|
- MIT
|
|
104
104
|
metadata:
|
|
105
105
|
bug_tracker_uri: https://github.com/rails/rails-html-sanitizer/issues
|
|
106
|
-
changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.4.
|
|
107
|
-
documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.4.
|
|
108
|
-
source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.4.
|
|
106
|
+
changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.4.2/CHANGELOG.md
|
|
107
|
+
documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.4.2
|
|
108
|
+
source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.4.2
|
|
109
109
|
post_install_message:
|
|
110
110
|
rdoc_options: []
|
|
111
111
|
require_paths:
|