RubyGems - sanitize - Versions diffs - 2.0.3 → 2.0.4 - Mend

sanitize 2.0.3 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of sanitize might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml +7 -0
data/HISTORY.md +13 -2
data/LICENSE +1 -1
data/README.rdoc +30 -25
data/lib/sanitize/config/basic.rb +4 -4
data/lib/sanitize/config/relaxed.rb +4 -4
data/lib/sanitize/config/restricted.rb +4 -4
data/lib/sanitize/config.rb +1 -1
data/lib/sanitize/transformers/clean_element.rb +1 -1
data/lib/sanitize/version.rb +1 -1
data/lib/sanitize.rb +32 -3
metadata +56 -60

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 80fc1e1df6ce565080a348c635645027839d8fbf
+  data.tar.gz: ae3afc1372f0db565647ab7f46310531a0f8b940
+SHA512:
+  metadata.gz: fc144309e028fcc172f3e4066dd34789c1a1b7f8abd341009052daa12672710a1e6ca52befd7f0cf39308c56fca70317e11c459f4b086d10c071d744477da70d
+  data.tar.gz: 962f5668cf47a557cc17d3f6eca26bcee0df23f93f76d11014fb53f5650560a5a8bbc171b63ddb00d926fa847154958f27d93c9b2e0a46cd4cc585f27cf4a309

data/HISTORY.md CHANGED Viewed

@@ -1,10 +1,21 @@
 Sanitize History
 ================================================================================
+Version 2.0.4 (2013-06-12)
+--------------------------
+  * Added `Sanitize.clean_document`, which sanitizes a full HTML document rather
+    than just a fragment. [Ben Anderson]
+  * Nokogiri dependency bumped to 1.6.x.
+  * Dropped support for Ruby versions older than 1.9.2.
 Version 2.0.3 (2011-07-01)
 --------------------------
- * Loosened the Nokogiri dependency to allow Nokogiri 1.5.x.
+  * Loosened the Nokogiri dependency to allow Nokogiri 1.5.x.
 Version 2.0.2 (2011-05-21)
@@ -90,7 +101,7 @@ Version 1.1.0 (2009-10-11)
   * Added an `:output` config setting to allow the output format to be
     specified. Supported formats are `:xhtml` (the default) and `:html` (which
     outputs HTML4).
-  * Changed protocol regex to ensure Sanitize doesn't kill URLs with colons in
+  * Changed protocol regex to ensure Sanitize doesn't kill URLs with colons in
     path segments. [Peter Cooper]

data/LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
+Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the 'Software'), to deal in

data/README.rdoc CHANGED Viewed

@@ -14,15 +14,12 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML, and will always output valid HTML or XHTML.
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   2.0.3 (2011-07-01)
-*Copyright*:: Copyright (c) 2011 Ryan Grove. All rights reserved.
+*Version*::   2.0.4 (2013-06-12)
+*Copyright*:: Copyright (c) 2013 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize
-== Requires
-* Nokogiri >= 1.4.4
-* libxml2 >= 2.7.2
+{<img src="https://secure.travis-ci.org/rgrove/sanitize.png?branch=master" alt="Build Status" />}[http://travis-ci.org/rgrove/sanitize]
 == Installation
@@ -47,6 +44,12 @@ behind.
   Sanitize.clean(html) # => 'foo'
+  ...
+  # or sanitize an entire HTML document (example assumes _html_ is whitelisted)
+  html = '<!DOCTYPE html><html><b><a href="http://foo.com/">foo</a></b><img src="http://foo.com/bar.jpg"></html>'
+  Sanitize.clean_document(html) # => '<!DOCTYPE html>\n<html>foo</html>\n'
 == Configuration
 In addition to the ultra-safe default settings, Sanitize comes with three other
@@ -289,25 +292,25 @@ your own hands.
 The following example demonstrates how to create a depth-first Sanitize
 transformer that will safely whitelist valid YouTube video embeds without having
 to blindly allow other kinds of embedded content, which would be the case if you
-tried to do this by just whitelisting all <iframe> elements:
+tried to do this by just whitelisting all <code><iframe></code> elements:
   lambda do |env|
     node      = env[:node]
     node_name = env[:node_name]
     # Don't continue if this node is already whitelisted or is not an element.
     return if env[:is_whitelisted] || !node.element?
     # Don't continue unless the node is an iframe.
     return unless node_name == 'iframe'
     # Verify that the video URL is actually a valid YouTube video URL.
-    return unless node['src'] =~ /\Ahttp:\/\/(?:www\.)?youtube\.com\//
+    return unless node['src'] =~ /\Ahttps?:\/\/(?:www\.)?youtube(?:-nocookie)?\.com\//
     # We're now certain that this is a YouTube embed, but we still need to run
     # it through a special Sanitize step to ensure that no unwanted elements or
     # attributes that don't belong in a YouTube embed can sneak in.
-    Sanitize.clean_node!(node.parent, {
+    Sanitize.clean_node!(node, {
       :elements => %w[iframe],
       :attributes => {
@@ -327,22 +330,24 @@ Sanitize was created and is maintained by Ryan Grove (ryan@wonko.com).
 The following lovely people have also contributed to Sanitize:
-* Wilson Bilkovich (wilson@supremetyrant.com)
-* Peter Cooper (git@peterc.org)
-* Gabe da Silveira (gabe@websaviour.com)
-* Nicholas Evans (owlmanatt@gmail.com)
-* Adam Hooper (adam@adamhooper.com)
-* Mutwin Kraus (mutle@blogage.de)
-* Eaden McKee (eadz@eadz.co.nz)
-* Dev Purkayastha (dev.purkayastha@gmail.com)
-* David Reese (work@whatcould.com)
-* Ardie Saeidi (ardalan.saeidi@gmail.com)
-* Rafael Souza (me@rafaelss.com)
-* Ben Wanicur (bwanicur@verticalresponse.com)
+* Ben Anderson
+* Wilson Bilkovich
+* Peter Cooper
+* Gabe da Silveira
+* Nicholas Evans
+* Nils Gemeinhardt
+* Adam Hooper
+* Mutwin Kraus
+* Eaden McKee
+* Dev Purkayastha
+* David Reese
+* Ardie Saeidi
+* Rafael Souza
+* Ben Wanicur
 == License
-Copyright (c) 2011 Ryan Grove (ryan@wonko.com)
+Copyright (c) 2013 Ryan Grove (ryan@wonko.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the 'Software'), to deal in

data/lib/sanitize/config/basic.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
-#
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

data/lib/sanitize/config/relaxed.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
-#
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

data/lib/sanitize/config/restricted.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
-#
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

data/lib/sanitize/config.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal

data/lib/sanitize/transformers/clean_element.rb CHANGED Viewed

@@ -14,7 +14,7 @@ class Sanitize; module Transformers
       @whitespace_elements     = Set.new(config[:whitespace_elements])
       if config[:remove_contents].is_a?(Array)
-        @remove_element_contents.merge(config[:remove_contents])
+        @remove_element_contents.merge(config[:remove_contents].map(&:to_s))
       else
         @remove_all_contents = !!config[:remove_contents]
       end

data/lib/sanitize/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Sanitize
-  VERSION = '2.0.3'
+  VERSION = '2.0.4'
 end

data/lib/sanitize.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # encoding: utf-8
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
@@ -59,6 +59,19 @@ class Sanitize
     Sanitize.new(config).clean!(html)
   end
+  # Performs a Sanitize#clean using a full-document HTML parser instead of
+  # the default fragment parser. This will add a DOCTYPE and html tag
+  # unless they are already present
+  def self.clean_document(html, config = {})
+    Sanitize.new(config).clean_document(html)
+  end
+  # Performs Sanitize#clean_document in place, returning _html_, or +nil+ if no
+  # changes were made.
+  def self.clean_document!(html, config = {})
+    Sanitize.new(config).clean_document!(html)
+  end
   # Sanitizes the specified Nokogiri::XML::Node and all its children.
   def self.clean_node!(node, config = {})
     Sanitize.new(config).clean_node!(node)
@@ -96,8 +109,8 @@ class Sanitize
   # Performs clean in place, returning _html_, or +nil+ if no changes were
   # made.
-  def clean!(html)
-    fragment = Nokogiri::HTML::DocumentFragment.parse(html)
+  def clean!(html, parser = Nokogiri::HTML::DocumentFragment)
+    fragment = parser.parse(html)
     clean_node!(fragment)
     output_method_params = {:encoding => @config[:output_encoding], :indent => 0}
@@ -116,6 +129,22 @@ class Sanitize
     return result == html ? nil : html[0, html.length] = result
   end
+  def clean_document(html)
+    unless html.nil?
+      clean_document!(html.dup) || html
+    end
+  end
+  def clean_document!(html)
+    if !@config[:elements].include?('html') && !@config[:remove_contents]
+      raise 'You must have the HTML element whitelisted to call #clean_document unless remove_contents is set to true'
+      # otherwise Nokogiri will raise for having multiple root nodes when
+      # it moves its children to the root document context
+    end
+    clean!(html, Nokogiri::HTML::Document)
+  end
   # Sanitizes the specified Nokogiri::XML::Node and all its children.
   def clean_node!(node)
     raise ArgumentError unless node.is_a?(Nokogiri::XML::Node)

metadata CHANGED Viewed

@@ -1,62 +1,63 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: sanitize
-version: !ruby/object:Gem::Version
-  prerelease:
-  version: 2.0.3
+version: !ruby/object:Gem::Version
+  version: 2.0.4
 platform: ruby
-authors:
+authors:
 - Ryan Grove
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-07-02 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2013-06-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: nokogiri
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.4
-    - - <
-      - !ruby/object:Gem::Version
-        version: "1.6"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: minitest
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
         version: 2.0.0
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: rake
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 0.8.0
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0.9'
   type: :development
-  version_requirements: *id003
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0.9'
 description:
 email: ryan@wonko.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - HISTORY.md
 - LICENSE
 - README.rdoc
@@ -71,30 +72,25 @@ files:
 - lib/sanitize.rb
 homepage: https://github.com/rgrove/sanitize/
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.2.0
 requirements: []
-rubyforge_project: riposte
-rubygems_version: 1.8.5
+rubyforge_project:
+rubygems_version: 2.0.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Whitelist-based HTML sanitizer.
 test_files: []