relaton-render 1.2.1 → 1.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4bcf0448a633329d256fee9e297e7c50182a5e214014a7cb78a9d3ab7ec3147f
-  data.tar.gz: 766c8ddbb23a88334eaf2d3be35894ffe62ce300126c7cdded5af90e8341a7a6
+  metadata.gz: ece7911d68f25665c109d3a9420e30aab669c880655c5bb15b4146c8acee4f43
+  data.tar.gz: 1ba627049f678c0b817da7a93af4420b74e34579965a65eeaeb0f80126abed02
 SHA512:
-  metadata.gz: 9ff2d1381a4075e7c0c5b46a5fb174b1190621b25760600928f2b49da2379eea21006f17468d74c89e9c1f30cd8abb49f591bd5361e5ab57e029a6de04d09c57
-  data.tar.gz: 18b0f1710c29a3e8ce67f055d3dcdefeaf62191ff7711beaa296bf95f669f49699186868172a617a429765c9544de52eb30669b98c2b63f41a46c76b36b91b65
+  metadata.gz: 92ad5ab36726f3b857ff9d792cce3ae2ba3ba0b8adba21308b0596da88822f16e4131b92c7047b31105036c534c552815d12e10b3e0773cbf04634769713c8f5
+  data.tar.gz: 790abb7747575c3b990fdb6a4ed579c3fc2269d35b1e05f0d3ab6c0869686784b4b91dfd8c0f9d7a006516c681e1821604f6351e91918fd210df78c9f106e760

data/lib/relaton/render/parse/parse.rb

@@ -82,7 +82,12 @@ module Relaton
         end
       end
 
-      ALLOWED_INLINE_TAGS = %w[em strong sub sup a smallcap].freeze
+      ALLOWED_INLINE_TAGS = %w[
+        em eref strong stem sub sup tt underline keyword ruby
+        strike smallcap xref br link hr pagebreak bookmark
+        image index index-xref concept add del span erefstack
+        date fn
+      ].freeze
 
       private
 
@@ -100,12 +105,39 @@ module Relaton
       # output against embedded structural markup (most commonly <title>) in
       # bibliographic text fields, where relaton-bib may surface either form
       # depending on lutaml-model serialisation behaviour.
+      #
+      # Authors embed inline markup either literally (<em>foo</em>) or
+      # entity-encoded (&lt;em&gt;foo&lt;/em&gt;); both are intended as
+      # markup, and downstream template rendering decodes entities anyway
+      # (see HTMLEntities.decode in template.rb), so we normalise the
+      # encoded form to literal up front and let a single Nokogiri-fragment
+      # walk handle both. Elements whose name is in the allow-list are
+      # preserved verbatim with their entire subtree, so wrappers that
+      # legitimately carry block content (notably <fn><p>…</p></fn>)
+      # round-trip intact rather than being shredded one tag at a time.
+      # Disallowed elements are unwrapped (tag dropped, children kept),
+      # recursing first so allowed wrappers nested inside disallowed
+      # wrappers still survive. Nokogiri re-escapes any genuine `<` left in
+      # text positions on serialisation, so plain prose like "5 < 10" is
+      # preserved correctly.
       def sanitise_inline_markup(str)
         blank?(str) and return str
-        allowed = ALLOWED_INLINE_TAGS.join("|")
-        literal = %r{</?(?!(?:#{allowed})\b)[A-Za-z][\w:-]*(?:\s[^>]*)?/?>}
-        encoded = %r{&lt;/?(?!(?:#{allowed})\b)[A-Za-z][\w:-]*(?:\s[^&]*?)?/?&gt;}
-        str.gsub(literal, "").gsub(encoded, "")
+        normalised = str.gsub("&lt;", "<").gsub("&gt;", ">")
+        frag = Nokogiri::XML.fragment(normalised)
+        unwrap_disallowed(frag)
+        save_opts = Nokogiri::XML::Node::SaveOptions::AS_XML |
+                    Nokogiri::XML::Node::SaveOptions::NO_DECLARATION
+        frag.to_xml(encoding: "UTF-8", save_with: save_opts)
+      end
+
+      def unwrap_disallowed(node)
+        node.children.to_a.each do |child|
+          next unless child.element?
+          next if ALLOWED_INLINE_TAGS.include?(child.name)
+
+          unwrap_disallowed(child)
+          child.replace(child.children)
+        end
       end
 
       def wrap_in_esc(obj)

data/lib/relaton/render/version.rb

@@ -1,5 +1,5 @@
 module Relaton
   module Render
-    VERSION = "1.2.1".freeze
+    VERSION = "1.2.2".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: relaton-render
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.2.2
 platform: ruby
 authors:
 - Ribose Inc.