sanitize 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/HISTORY +4 -0
- data/README.rdoc +2 -1
- data/lib/sanitize.rb +4 -3
- metadata +2 -2
data/HISTORY
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
Sanitize History
|
|
2
2
|
================================================================================
|
|
3
3
|
|
|
4
|
+
Version 1.0.2 (2009-01-04)
|
|
5
|
+
* Fixed a bug that caused an exception to be thrown when parsing a valueless
|
|
6
|
+
attribute that's expected to contain a URL.
|
|
7
|
+
|
|
4
8
|
Version 1.0.1 (2009-01-01)
|
|
5
9
|
* You can now specify :relative in a protocol config array to allow attributes
|
|
6
10
|
containing relative URLs with no protocol. The Basic and Relaxed configs
|
data/README.rdoc
CHANGED
|
@@ -15,7 +15,7 @@ or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
|
|
|
15
15
|
caution.
|
|
16
16
|
|
|
17
17
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
|
18
|
-
*Version*:: 1.0.
|
|
18
|
+
*Version*:: 1.0.2 (2009-01-04)
|
|
19
19
|
*Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
|
|
20
20
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
|
21
21
|
*Website*:: http://github.com/rgrove/sanitize
|
|
@@ -24,6 +24,7 @@ caution.
|
|
|
24
24
|
|
|
25
25
|
* RubyGems
|
|
26
26
|
* Hpricot 0.6+
|
|
27
|
+
* HTMLEntities 4.0.0+
|
|
27
28
|
|
|
28
29
|
== Usage
|
|
29
30
|
|
data/lib/sanitize.rb
CHANGED
|
@@ -85,7 +85,7 @@ class Sanitize
|
|
|
85
85
|
if node.comment?
|
|
86
86
|
node.swap('') unless @config[:allow_comments]
|
|
87
87
|
elsif node.elem?
|
|
88
|
-
name = node.name.downcase
|
|
88
|
+
name = node.name.to_s.downcase
|
|
89
89
|
|
|
90
90
|
# Delete any element that isn't in the whitelist.
|
|
91
91
|
unless @config[:elements].include?(name)
|
|
@@ -96,7 +96,7 @@ class Sanitize
|
|
|
96
96
|
if @config[:attributes].has_key?(name)
|
|
97
97
|
# Delete any attribute that isn't in the whitelist for this element.
|
|
98
98
|
node.raw_attributes.delete_if do |key, value|
|
|
99
|
-
!@config[:attributes][name].include?(key.downcase)
|
|
99
|
+
!@config[:attributes][name].include?(key.to_s.downcase)
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
# Delete remaining attributes that use unacceptable protocols.
|
|
@@ -105,8 +105,9 @@ class Sanitize
|
|
|
105
105
|
|
|
106
106
|
node.raw_attributes.delete_if do |key, value|
|
|
107
107
|
next false unless protocol.has_key?(key)
|
|
108
|
+
next true if value.nil?
|
|
108
109
|
|
|
109
|
-
if value.downcase =~ /^([^:]+)(?:\:|�*58;|�*3a;)/
|
|
110
|
+
if value.to_s.downcase =~ /^([^:]+)(?:\:|�*58;|�*3a;)/
|
|
110
111
|
!protocol[key].include?($1.downcase)
|
|
111
112
|
else
|
|
112
113
|
!protocol[key].include?(:relative)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-01-
|
|
12
|
+
date: 2009-01-04 00:00:00 -08:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|