roadie 3.1.1 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dc05f1423ea7579bcf0dbe77db9fca005476eab1
-  data.tar.gz: 28839fad6470f4b466346d63d0b0b3a96ae7e612
+  metadata.gz: 05621c67077ec54a4f4dcc2ab3fcb67c284b4f38
+  data.tar.gz: 2a112599b37195701647caf2fb10cd03838f113c
 SHA512:
-  metadata.gz: e62a3b9333e939b9c16b811f3d37ef3db08cd086e15d43fe13f932045af71bfc6551a9a9c57b6f89398c9a8bd5fe5af091e1ef66109149e621a8d3f329f9e9be
-  data.tar.gz: 2c851d5ca9539fbf2db20368b8d7178a9d433e24541f26534416c0720afdc1b5fcfd55d4ff0d4188e3f3e2a9c66e43a2360d8563e3e5125838e4af4deedd22ae
+  metadata.gz: 3f689cd3d12c8e5ee73fe82eb82f8c27648b7cd5919f178501fc69f47073f3d10e335f66061c1ef35c5311a3d7f42a5694a9cb3238abbeea600627cd2edc308a
+  data.tar.gz: 9d459995a266fe9b0f186a980b4325b6fb2446f26b7eda6983d8a16cb38277aec81545aad9e170c8dd01a7c0658ec10fc12bd6b81c562f07a876ba51e750141b

data/.travis.yml

@@ -1,17 +1,20 @@
 sudo: false
 language: ruby
 rvm:
-  - 1.9.3
-  - 2.0
   - 2.1
   - 2.2
+  - 2.3.0
   - jruby
   - rbx
 
+matrix:
+  allow_failures:
+    # Rubinius has a lot of trouble and no large following, so I'm going to
+    # allow failures on it until it gets more stable on Travis / Real Life(tm).
+    # Let me know if you need it. Patches are welcome!
+    - rvm: rbx
+  fast_finish: true
+
 cache: bundler
 bundler_args: --without guard
 script: "rake"
-
-env:
-  # Setup Coveralls
-  secure: "D1Uvi+a7W89k91zXVVwuuvv8O8qbDdyJ4g9i+3bGaSYySHxD8YuuG1QiQ4G/S2KLp/r3VPRpa8Wb1mSwb81tEBzXpzoZC7zSvgntPxRPhMg4zpodZ0O0AkK8/t1yZSkIe0V5sejFOQ1a5LJa3OorKBBjrqM5kPDOygTXtO3bQ6E="

data/Changelog.md

@@ -1,6 +1,23 @@
 ### dev
 
-[full changelog](https://github.com/Mange/roadie/compare/v3.1.1...master)
+[full changelog](https://github.com/Mange/roadie/compare/v3.2.0...master)
+
+* Nothing yet.
+
+### 3.2.0
+
+[full changelog](https://github.com/Mange/roadie/compare/v3.1.1...v3.2.0)
+
+* Deprecations:
+  * Dropped support for MRI 1.9.3.
+  * Dropped support for MRI 2.0.
+* Upgrades:
+  * Use `css_parser` 1.4.x instead of 1.3.x.
+* Bug fixes:
+  * Strip UTF-8 BOM (Byte Order Mark) from stylesheets before parsing / concatenating - [Bartłomiej Wójtowicz](https://github.com/qbart) (#128)
+* Enhancements:
+  * Build against Ruby MRI 2.3.0 too.
+  * Don't add extra whitespace between table cells.
 
 ### 3.1.1
 

data/Gemfile

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 gemspec
 
 # Added here so it does not show up on the Gemspec; I only want it for CI builds
-gem 'coveralls', group: :test, require: nil
+gem 'codecov', group: :test, require: false
 
 group :guard do
   gem 'guard'

data/{MIT-LICENSE → LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2009 Jim Neath / Purify
+Copyright (c) 2009-2016 Magnus Bergmark, Jim Neath / Purify, and contributors.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -3,7 +3,7 @@ Roadie
 
 [![Build history and status](https://travis-ci.org/Mange/roadie.svg?branch=master)](http://travis-ci.org/#!/Mange/roadie)
 [![Code Climate](https://codeclimate.com/github/Mange/roadie.png)](https://codeclimate.com/github/Mange/roadie)
-[![Coverage Status](https://coveralls.io/repos/Mange/roadie/badge.png?branch=master)](https://coveralls.io/r/Mange/roadie?branch=master)
+[![Code coverage status](https://codecov.io/github/Mange/roadie/coverage.svg?branch=master)](https://codecov.io/github/Mange/roadie?branch=master)
 [![Gem Version](https://badge.fury.io/rb/roadie.png)](http://badge.fury.io/rb/roadie)
 [![Dependency Status](https://gemnasium.com/Mange/roadie.png)](https://gemnasium.com/Mange/roadie)
 
@@ -19,7 +19,7 @@ How does it work?
 
 Email clients have bad support for stylesheets, and some of them blocks stylesheets from downloading. The easiest way to handle this is to work with inline styles (`style="..."`), but that is error prone and hard to work with as you cannot use classes and/or reuse styling over your HTML.
 
-This gem makes this easier by automatically inlining stylesheets into the document. You give Roadie your CSS, or let it find it by itself from the `<link>` and `<style>` tags in the markup, and it will go though all of the selectors assigning the styles to the maching elements. Careful attention has been put into selectors being applied in the correct order, so it should behave just like in the browser.
+This gem makes this easier by automatically inlining stylesheets into the document. You give Roadie your CSS, or let it find it by itself from the `<link>` and `<style>` tags in the markup, and it will go through all of the selectors assigning the styles to the matching elements. Careful attention has been put into selectors being applied in the correct order, so it should behave just like in the browser.
 
 "Dynamic" selectors (`:hover`, `:visited`, `:focus`, etc.), or selectors not understood by Nokogiri will be inlined into a single `<style>` element for those email clients that support it. This changes specificity a great deal for these rules, so it might not work 100% out of the box. (See more about this below)
 
@@ -383,12 +383,11 @@ Build Status
 
 Tested with [Travis CI](http://travis-ci.org) using:
 
-* MRI 1.9.3
-* MRI 2.0
 * MRI 2.1
 * MRI 2.2
+* MRI 2.3.0
 * JRuby (latest)
-* Rubinius >= 2.1
+* Rubinius (failures on Rubinius will not fail the build due to a long history of instability in `rbx`)
 
 [(Build status)](http://travis-ci.org/#!/Mange/roadie)
 
@@ -433,6 +432,17 @@ bundle install
 rake
 ```
 
+Security
+--------
+
+Roadie is set up with the assumption that all CSS and HTML passing through it is under your control. It is not recommended to run arbritary HTML with the default settings.
+
+Care has been given to try to secure all file system accesses, but it is never guaranteed that someone cannot access something they should not be able to access.
+
+In order to secure Roadie against file system access, only use your own asset providers that you yourself can secure against your particular environment.
+
+If you have found any security vulnerability, please email me at `magnus.bergmark+security@gmail.com` to disclose it. [For very sensitive issues, please use my public GPG key.][gpg] You can also encrypt your message with my public key and open an issue if you do not want to email me directly. Thank you.
+
 History and contributors
 ------------------------
 
@@ -451,7 +461,7 @@ License
 
 (The MIT License)
 
-Copyright (c) 2009-2015
+Copyright (c) 2009-2016 Magnus Bergmark, Jim Neath / Purify, and contributors.
 
 * [Magnus Bergmark](https://github.com/Mange) <magnus.bergmark@gmail.com>
 
@@ -461,3 +471,4 @@ The above copyright notice and this permission notice shall be included in all c
 
 THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+[gpg]: https://gist.github.com/Mange/baf25e23e653a206ec2d#file-keybase-md

data/lib/roadie/document.rb

@@ -67,8 +67,7 @@ module Roadie
 
       callback after_transformation, dom
 
-      # #dup is called since it fixed a few segfaults in certain versions of Nokogiri
-      dom.dup.to_html
+      serialize_document dom
     end
 
     # Assign new normal asset providers. The supplied list will be wrapped in a {ProviderList} using {ProviderList.wrap}.
@@ -99,6 +98,16 @@ module Roadie
       make_url_rewriter.transform_dom(dom)
     end
 
+    def serialize_document(dom)
+      # #dup is called since it fixed a few segfaults in certain versions of Nokogiri
+      save_options = Nokogiri::XML::Node::SaveOptions
+      dom.dup.to_html(
+        save_with: (
+          save_options::NO_DECLARATION | save_options::NO_EMPTY_TAGS | save_options::AS_HTML
+        )
+      )
+    end
+
     def make_url_rewriter
       if url_options
         UrlRewriter.new(UrlGenerator.new(url_options))

data/lib/roadie/net_http_provider.rb

@@ -2,7 +2,6 @@
 require 'set'
 require 'uri'
 require 'net/http'
-require 'net/https' # For Ruby 1.9.3 support
 
 module Roadie
   # @api public

data/lib/roadie/stylesheet.rb

@@ -6,6 +6,8 @@ module Roadie
   # @attr_reader [String] name the name of the stylesheet ("stylesheets/main.css", "Admin user styles", etc.). The name of the stylesheet will be visible if any errors occur.
   # @attr_reader [Array<StyleBlock>] blocks
   class Stylesheet
+    BOM = "\xEF\xBB\xBF".force_encoding('UTF-8').freeze
+
     attr_reader :name, :blocks
 
     # Parses the CSS string into a {StyleBlock}s and stores it.
@@ -14,7 +16,7 @@ module Roadie
     # @param [String] css
     def initialize(name, css)
       @name = name
-      @blocks = parse_blocks(css)
+      @blocks = parse_blocks(css.sub(BOM, ""))
     end
 
     # @yield [selector, properties]

data/lib/roadie/version.rb

@@ -1,3 +1,3 @@
 module Roadie
-  VERSION = '3.1.1'
+  VERSION = '3.2.0'
 end

data/roadie.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = ">= 1.9"
 
   s.add_dependency 'nokogiri', '>= 1.5.0', '< 1.7.0'
-  s.add_dependency 'css_parser', '~> 1.3.4'
+  s.add_dependency 'css_parser', '~> 1.4.5'
 
   s.add_development_dependency 'rspec', '~> 3.0'
   s.add_development_dependency 'rspec-collection_matchers', '~> 1.0'

data/spec/integration_spec.rb

@@ -250,4 +250,25 @@ describe "Roadie functionality" do
     expect(result.at_css("body")["class"]).to eq("roadie")
     expect(result.at_css("span")).to be_nil
   end
+
+  it "does not add whitespace between table cells" do
+    document = Roadie::Document.new <<-HTML
+      <html>
+        <body>
+          <table>
+            <tr>
+              <td>One</td><td>1</td>
+            </tr>
+            <tr>
+              <td>Two</td><td>2</td>
+            </tr>
+          </table>
+        </body>
+      </html>
+    HTML
+    result = document.transform
+
+    expect(result).to include("<td>One</td><td>1</td>")
+    expect(result).to include("<td>Two</td><td>2</td>")
+  end
 end

data/spec/lib/roadie/stylesheet_spec.rb

@@ -65,5 +65,11 @@ module Roadie
         Stylesheet.new("name", input)
       }.to_not change { input }.from(input_copy)
     end
+
+    it "strips UTF-8 Byte Order Mark" do
+      input = "\xEF\xBB\xBFbody { color: green; }"
+      stylesheet = Stylesheet.new("bom.css", input)
+      expect(stylesheet.to_s).to eq "body{color:green}"
+    end
   end
 end

data/spec/spec_helper.rb

@@ -2,8 +2,11 @@ require 'rspec/collection_matchers'
 require 'webmock/rspec'
 
 if ENV['CI']
-  require 'coveralls'
-  Coveralls.wear!
+  require 'simplecov'
+  SimpleCov.start
+
+  require 'codecov'
+  SimpleCov.formatter = SimpleCov::Formatter::Codecov
 end
 
 $: << File.dirname(__FILE__) + '/../lib'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roadie
 version: !ruby/object:Gem::Version
-  version: 3.1.1
+  version: 3.2.0
 platform: ruby
 authors:
 - Magnus Bergmark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-11 00:00:00.000000000 Z
+date: 2016-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.4.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.4.5
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -103,7 +103,7 @@ files:
 - Changelog.md
 - Gemfile
 - Guardfile
-- MIT-LICENSE
+- LICENSE
 - README.md
 - Rakefile
 - autotest/discover.rb