rails-html-sanitizer 1.6.2 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/lib/rails/html/sanitizer/version.rb +1 -1
  4. data/lib/rails/html/sanitizer.rb +4 -0
  5. data/test/rails_api_test.rb +15 -2
  6. data/test/sanitizer_test.rb +1 -5
  7. data/test/scrubbers_test.rb +1 -2
  8. data/test/test_helper.rb +7 -0
  9. metadata +10 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d5507b24d4d93d6efebf2e327d04980dd114cd491732b5c71a7e1a3294c846a9
4
- data.tar.gz: dd7a5070b04bf6a97b96df01d65fce9d52790e62dc6631b31fb72ecc2a6d16ed
3
+ metadata.gz: 1e73c95bdfd00d65afcc40a3ef436fe4bab7b7571e62b789a877ea2b201a2740
4
+ data.tar.gz: 9ac916682a1d0b3b6f45059f5509a1f7785349e0c08102fac6cb1539bff0db3f
5
5
  SHA512:
6
- metadata.gz: 912e9d41629bd93de8a14352757add81fde36e394e7907923a88dbebc39da85722fc13a01fa23973421a11e715b41fb78cec3f0379ccf5a97ab0f0ee3ed3dc5a
7
- data.tar.gz: e03d92f6289ef71e4039a64b89bce79c5d5a9d628632c84b2b54235fbe69384578de92f7b2db114c13d041c4d589672dd09e23758a043e675eb37f961a858f67
6
+ metadata.gz: d70c999e3775bb58adcc8b6b785c49b7f79ea14990042c2a96105cd36b09c8126f25a317e8f9ab920b0aeaaf107e61870443e0afff78ea291ad163e659b043e6
7
+ data.tar.gz: 440f779d178582a39723cc22191e7397becdbc2c2fbd36d3af7eac52f66ce722a9f9000f4cae43d46e36451da2e66249667a5a3d02c5914835a85fac6dd98331
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ ## v1.7.0 / 2026-02-24
2
+
3
+ * Add `Rails::HTML::Sanitizer.allowed_uri?` which delegates to `Loofah::HTML5::Scrub.allowed_uri?`,
4
+ allowing the Rails framework to check URI safety without a direct dependency on Loofah.
5
+
6
+ The minimum Loofah dependency is now `~> 2.25`.
7
+
8
+ *Mike Dalessio*
9
+
10
+
1
11
  ## v1.6.2 / 2024-12-12
2
12
 
3
13
  * `PermitScrubber` fully supports frozen "allowed tags".
data/lib/rails/html/sanitizer/version.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Rails
4
4
  module HTML
5
5
  class Sanitizer
6
- VERSION = "1.6.2"
6
+ VERSION = "1.7.0"
7
7
  end
8
8
  end
9
9
  end
data/lib/rails/html/sanitizer.rb CHANGED
@@ -13,6 +13,10 @@ module Rails
13
13
  def best_supported_vendor
14
14
  html5_support? ? Rails::HTML5::Sanitizer : Rails::HTML4::Sanitizer
15
15
  end
16
+
17
+ def allowed_uri?(uri_string)
18
+ Loofah::HTML5::Scrub.allowed_uri?(uri_string)
19
+ end
16
20
  end
17
21
 
18
22
  def sanitize(html, options = {})
data/test/rails_api_test.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "minitest/autorun"
4
- require "rails-html-sanitizer"
3
+ require_relative "test_helper"
5
4
 
6
5
  class RailsApiTest < Minitest::Test
7
6
  def test_html_module_name_alias
@@ -85,4 +84,18 @@ class RailsApiTest < Minitest::Test
85
84
  skip("no HTML5 support on this platform") unless Rails::HTML::Sanitizer.html5_support?
86
85
  assert_equal(Rails::HTML5::SafeListSanitizer, Rails::HTML5::Sanitizer.white_list_sanitizer)
87
86
  end
87
+
88
+ def test_allowed_uri_returns_true_for_allowed_protocols
89
+ assert(Rails::HTML::Sanitizer.allowed_uri?("https://example.com"))
90
+ assert(Rails::HTML::Sanitizer.allowed_uri?("http://example.com"))
91
+ assert(Rails::HTML::Sanitizer.allowed_uri?("mailto:user@example.com"))
92
+ end
93
+
94
+ def test_allowed_uri_returns_false_for_disallowed_protocols
95
+ refute(Rails::HTML::Sanitizer.allowed_uri?("javascript:alert(1)"))
96
+ end
97
+
98
+ def test_allowed_uri_returns_true_for_relative_uris
99
+ assert(Rails::HTML::Sanitizer.allowed_uri?("/relative/path"))
100
+ end
88
101
  end
data/test/sanitizer_test.rb CHANGED
@@ -1,10 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "minitest/autorun"
4
- require "rails-html-sanitizer"
5
-
6
- puts "nokogiri version info: #{Nokogiri::VERSION_INFO}"
7
- puts "html5 support: #{Rails::HTML::Sanitizer.html5_support?}"
3
+ require_relative "test_helper"
8
4
 
9
5
  #
10
6
  # NOTE that many of these tests contain multiple acceptable results.
data/test/scrubbers_test.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "minitest/autorun"
4
- require "rails-html-sanitizer"
3
+ require_relative "test_helper"
5
4
 
6
5
  class ScrubberTest < Minitest::Test
7
6
  protected
data/test/test_helper.rb ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "minitest/autorun"
4
+ require "rails-html-sanitizer"
5
+
6
+ puts "nokogiri version info: #{Nokogiri::VERSION_INFO}"
7
+ puts "html5 support: #{Rails::HTML::Sanitizer.html5_support?}"
metadata CHANGED
@@ -1,16 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-html-sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafael Mendonça França
8
8
  - Kasper Timm Hansen
9
9
  - Mike Dalessio
10
- autorequire:
11
10
  bindir: bin
12
11
  cert_chain: []
13
- date: 2024-12-12 00:00:00.000000000 Z
12
+ date: 1980-01-02 00:00:00.000000000 Z
14
13
  dependencies:
15
14
  - !ruby/object:Gem::Dependency
16
15
  name: loofah
@@ -18,14 +17,14 @@ dependencies:
18
17
  requirements:
19
18
  - - "~>"
20
19
  - !ruby/object:Gem::Version
21
- version: '2.21'
20
+ version: '2.25'
22
21
  type: :runtime
23
22
  prerelease: false
24
23
  version_requirements: !ruby/object:Gem::Requirement
25
24
  requirements:
26
25
  - - "~>"
27
26
  - !ruby/object:Gem::Version
28
- version: '2.21'
27
+ version: '2.25'
29
28
  - !ruby/object:Gem::Dependency
30
29
  name: nokogiri
31
30
  requirement: !ruby/object:Gem::Requirement
@@ -113,15 +112,15 @@ files:
113
112
  - test/rails_api_test.rb
114
113
  - test/sanitizer_test.rb
115
114
  - test/scrubbers_test.rb
115
+ - test/test_helper.rb
116
116
  homepage: https://github.com/rails/rails-html-sanitizer
117
117
  licenses:
118
118
  - MIT
119
119
  metadata:
120
120
  bug_tracker_uri: https://github.com/rails/rails-html-sanitizer/issues
121
- changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.6.2/CHANGELOG.md
122
- documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.6.2
123
- source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.6.2
124
- post_install_message:
121
+ changelog_uri: https://github.com/rails/rails-html-sanitizer/blob/v1.7.0/CHANGELOG.md
122
+ documentation_uri: https://www.rubydoc.info/gems/rails-html-sanitizer/1.7.0
123
+ source_code_uri: https://github.com/rails/rails-html-sanitizer/tree/v1.7.0
125
124
  rdoc_options: []
126
125
  require_paths:
127
126
  - lib
@@ -136,11 +135,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
136
135
  - !ruby/object:Gem::Version
137
136
  version: '0'
138
137
  requirements: []
139
- rubygems_version: 3.3.22
140
- signing_key:
138
+ rubygems_version: 4.0.3
141
139
  specification_version: 4
142
140
  summary: This gem is responsible to sanitize HTML fragments in Rails applications.
143
141
  test_files:
144
142
  - test/rails_api_test.rb
145
143
  - test/sanitizer_test.rb
146
144
  - test/scrubbers_test.rb
145
+ - test/test_helper.rb