RubyGems - sanitize - Versions diffs - 2.0.3 → 2.0.4 - Mend

sanitize 2.0.3 → 2.0.4

Potentially problematic release.

This version of sanitize might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml +7 -0
data/HISTORY.md +13 -2
data/LICENSE +1 -1
data/README.rdoc +30 -25
data/lib/sanitize/config/basic.rb +4 -4
data/lib/sanitize/config/relaxed.rb +4 -4
data/lib/sanitize/config/restricted.rb +4 -4
data/lib/sanitize/config.rb +1 -1
data/lib/sanitize/transformers/clean_element.rb +1 -1
data/lib/sanitize/version.rb +1 -1
data/lib/sanitize.rb +32 -3
metadata +56 -60

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 80fc1e1df6ce565080a348c635645027839d8fbf
+  data.tar.gz: ae3afc1372f0db565647ab7f46310531a0f8b940
+SHA512:
+  metadata.gz: fc144309e028fcc172f3e4066dd34789c1a1b7f8abd341009052daa12672710a1e6ca52befd7f0cf39308c56fca70317e11c459f4b086d10c071d744477da70d
+  data.tar.gz: 962f5668cf47a557cc17d3f6eca26bcee0df23f93f76d11014fb53f5650560a5a8bbc171b63ddb00d926fa847154958f27d93c9b2e0a46cd4cc585f27cf4a309

data/HISTORY.md CHANGED Viewed

@@ -1,10 +1,21 @@
 Sanitize History
 ================================================================================
+Version 2.0.4 (2013-06-12)
+--------------------------
+  * Added `Sanitize.clean_document`, which sanitizes a full HTML document rather
+    than just a fragment. [Ben Anderson]
+  * Nokogiri dependency bumped to 1.6.x.
+  * Dropped support for Ruby versions older than 1.9.2.
 Version 2.0.3 (2011-07-01)
 --------------------------
- * Loosened the Nokogiri dependency to allow Nokogiri 1.5.x.
+  * Loosened the Nokogiri dependency to allow Nokogiri 1.5.x.
 Version 2.0.2 (2011-05-21)
@@ -90,7 +101,7 @@ Version 1.1.0 (2009-10-11)
   * Added an `:output` config setting to allow the output format to be
     specified. Supported formats are `:xhtml` (the default) and `:html` (which
     outputs HTML4).
-  * Changed protocol regex to ensure Sanitize doesn't kill URLs with colons in
+  * Changed protocol regex to ensure Sanitize doesn't kill URLs with colons in
     path segments. [Peter Cooper]

data/LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
+Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the 'Software'), to deal in

data/README.rdoc CHANGED Viewed

@@ -14,15 +14,12 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML, and will always output valid HTML or XHTML.
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   2.0.3 (2011-07-01)
-*Copyright*:: Copyright (c) 2011 Ryan Grove. All rights reserved.
+*Version*::   2.0.4 (2013-06-12)
+*Copyright*:: Copyright (c) 2013 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize
-== Requires
-* Nokogiri >= 1.4.4
-* libxml2 >= 2.7.2
+{<img src="https://secure.travis-ci.org/rgrove/sanitize.png?branch=master" alt="Build Status" />}[http://travis-ci.org/rgrove/sanitize]
 == Installation
@@ -47,6 +44,12 @@ behind.
   Sanitize.clean(html) # => 'foo'
+  ...
+  # or sanitize an entire HTML document (example assumes _html_ is whitelisted)
+  html = '<!DOCTYPE html><html><b><a href="http://foo.com/">foo</a></b><img src="http://foo.com/bar.jpg"></html>'
+  Sanitize.clean_document(html) # => '<!DOCTYPE html>\n<html>foo</html>\n'
 == Configuration
 In addition to the ultra-safe default settings, Sanitize comes with three other
@@ -289,25 +292,25 @@ your own hands.
 The following example demonstrates how to create a depth-first Sanitize
 transformer that will safely whitelist valid YouTube video embeds without having
 to blindly allow other kinds of embedded content, which would be the case if you
-tried to do this by just whitelisting all <iframe> elements:
+tried to do this by just whitelisting all <code><iframe></code> elements:
   lambda do |env|
     node      = env[:node]
     node_name = env[:node_name]
     # Don't continue if this node is already whitelisted or is not an element.
     return if env[:is_whitelisted] || !node.element?
     # Don't continue unless the node is an iframe.
     return unless node_name == 'iframe'
     # Verify that the video URL is actually a valid YouTube video URL.
-    return unless node['src'] =~ /\Ahttp:\/\/(?:www\.)?youtube\.com\//
+    return unless node['src'] =~ /\Ahttps?:\/\/(?:www\.)?youtube(?:-nocookie)?\.com\//
     # We're now certain that this is a YouTube embed, but we still need to run
     # it through a special Sanitize step to ensure that no unwanted elements or
     # attributes that don't belong in a YouTube embed can sneak in.
-    Sanitize.clean_node!(node.parent, {
+    Sanitize.clean_node!(node, {
       :elements => %w[iframe],
       :attributes => {
@@ -327,22 +330,24 @@ Sanitize was created and is maintained by Ryan Grove (ryan@wonko.com).
 The following lovely people have also contributed to Sanitize:
-* Wilson Bilkovich (wilson@supremetyrant.com)
-* Peter Cooper (git@peterc.org)
-* Gabe da Silveira (gabe@websaviour.com)
-* Nicholas Evans (owlmanatt@gmail.com)
-* Adam Hooper (adam@adamhooper.com)
-* Mutwin Kraus (mutle@blogage.de)
-* Eaden McKee (eadz@eadz.co.nz)
-* Dev Purkayastha (dev.purkayastha@gmail.com)
-* David Reese (work@whatcould.com)
-* Ardie Saeidi (ardalan.saeidi@gmail.com)
-* Rafael Souza (me@rafaelss.com)
-* Ben Wanicur (bwanicur@verticalresponse.com)
+* Ben Anderson
+* Wilson Bilkovich
+* Peter Cooper
+* Gabe da Silveira
+* Nicholas Evans
+* Nils Gemeinhardt
+* Adam Hooper
+* Mutwin Kraus
+* Eaden McKee
+* Dev Purkayastha
+* David Reese
+* Ardie Saeidi
+* Rafael Souza
+* Ben Wanicur
 == License
-Copyright (c) 2011 Ryan Grove (ryan@wonko.com)
+Copyright (c) 2013 Ryan Grove (ryan@wonko.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the 'Software'), to deal in

data/lib/sanitize/config/basic.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
-#
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

data/lib/sanitize/config/relaxed.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
-#
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

data/lib/sanitize/config/restricted.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
-#
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

data/lib/sanitize/config.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal

data/lib/sanitize/transformers/clean_element.rb CHANGED Viewed

@@ -14,7 +14,7 @@ class Sanitize; module Transformers
       @whitespace_elements     = Set.new(config[:whitespace_elements])
       if config[:remove_contents].is_a?(Array)
-        @remove_element_contents.merge(config[:remove_contents])
+        @remove_element_contents.merge(config[:remove_contents].map(&:to_s))
       else
         @remove_all_contents = !!config[:remove_contents]
       end

data/lib/sanitize/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Sanitize
-  VERSION = '2.0.3'
+  VERSION = '2.0.4'
 end

data/lib/sanitize.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # encoding: utf-8
 #--
-# Copyright (c) 2011 Ryan Grove <ryan@wonko.com>
+# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
@@ -59,6 +59,19 @@ class Sanitize
     Sanitize.new(config).clean!(html)
   end
+  # Performs a Sanitize#clean using a full-document HTML parser instead of
+  # the default fragment parser. This will add a DOCTYPE and html tag
+  # unless they are already present
+  def self.clean_document(html, config = {})
+    Sanitize.new(config).clean_document(html)
+  end
+  # Performs Sanitize#clean_document in place, returning _html_, or +nil+ if no
+  # changes were made.
+  def self.clean_document!(html, config = {})
+    Sanitize.new(config).clean_document!(html)
+  end
   # Sanitizes the specified Nokogiri::XML::Node and all its children.
   def self.clean_node!(node, config = {})
     Sanitize.new(config).clean_node!(node)
@@ -96,8 +109,8 @@ class Sanitize
   # Performs clean in place, returning _html_, or +nil+ if no changes were
   # made.
-  def clean!(html)
-    fragment = Nokogiri::HTML::DocumentFragment.parse(html)
+  def clean!(html, parser = Nokogiri::HTML::DocumentFragment)
+    fragment = parser.parse(html)
     clean_node!(fragment)
     output_method_params = {:encoding => @config[:output_encoding], :indent => 0}
@@ -116,6 +129,22 @@ class Sanitize
     return result == html ? nil : html[0, html.length] = result
   end
+  def clean_document(html)
+    unless html.nil?
+      clean_document!(html.dup) || html
+    end
+  end
+  def clean_document!(html)
+    if !@config[:elements].include?('html') && !@config[:remove_contents]
+      raise 'You must have the HTML element whitelisted to call #clean_document unless remove_contents is set to true'
+      # otherwise Nokogiri will raise for having multiple root nodes when
+      # it moves its children to the root document context
+    end
+    clean!(html, Nokogiri::HTML::Document)
+  end
   # Sanitizes the specified Nokogiri::XML::Node and all its children.
   def clean_node!(node)
     raise ArgumentError unless node.is_a?(Nokogiri::XML::Node)

metadata CHANGED Viewed

@@ -1,62 +1,63 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: sanitize
-version: !ruby/object:Gem::Version
-  prerelease:
-  version: 2.0.3
+version: !ruby/object:Gem::Version
+  version: 2.0.4
 platform: ruby
-authors:
+authors:
 - Ryan Grove
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-07-02 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2013-06-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: nokogiri
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.4
-    - - <
-      - !ruby/object:Gem::Version
-        version: "1.6"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: minitest
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
         version: 2.0.0
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: rake
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 0.8.0
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0.9'
   type: :development
-  version_requirements: *id003
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0.9'
 description:
 email: ryan@wonko.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - HISTORY.md
 - LICENSE
 - README.rdoc
@@ -71,30 +72,25 @@ files:
 - lib/sanitize.rb
 homepage: https://github.com/rgrove/sanitize/
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.2.0
 requirements: []
-rubyforge_project: riposte
-rubygems_version: 1.8.5
+rubyforge_project:
+rubygems_version: 2.0.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Whitelist-based HTML sanitizer.
 test_files: []