sanitize 4.6.1 → 4.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d60032db1fcb68aa04a8d78196d585a3d0df59d9690d2f031dcb85255ef87758
-  data.tar.gz: 00fecedff568f5445fcfc62db06fa7f29cb515acd29edcddc78e3b150073bc26
+  metadata.gz: fb775bea4edea52d04bbfca1b95cd52387951da8a257277c2a95e6371d59ef43
+  data.tar.gz: 7a94074ef83e2acecf446bed31fb2de9d5f5a164409481f9af50b5cc85b17608
 SHA512:
-  metadata.gz: 712428fde84e9c334f664d56263b228abc7213b6deb1ddb457c0ca779dbc3fd5eba294bfa5061b0b9f9767d6e41153b4e6d87d64227b1af536e45cee4e005cf6
-  data.tar.gz: 80a3f61453a74daad6fee51b2b7688108dbb61e42ab976eb5129f96ed834802b1d21aa1fd34bc76a631a6f93a6e9750f18b84e279e0adce6a2abf0675584f819
+  metadata.gz: b2c52aea4bd23c99c3cb5e55bcb2e6b63746d02532c19e8c7d5a2bc72e1e3ab571ac03c2aaf7ba4f8d02ab77cdf2be92407069670c3ff9878de6b54675fa5c6e
+  data.tar.gz: d384b9754d718205a5cb2532699d2c71f48d3e4e0854fdbff29cc8bd3f559a4e4b828e6311726605de85906c95d0342b960d67cc9e7426a4c5c00e0eb8b3b946

data/HISTORY.md

@@ -1,5 +1,11 @@
 # Sanitize History
 
+## 4.6.2 (2018-03-19)
+
+* Reduced string allocations to optimize memory usage. [@janklimo - #175][175]
+
+[175]:https://github.com/rgrove/sanitize/pull/175
+
 ## 4.6.1 (2018-03-15)
 
 * Added support for frozen string literals in Ruby 2.4+.

data/lib/sanitize.rb

@@ -198,7 +198,7 @@ class Sanitize
       # the original document didn't actually include a content-type meta tag.
       replace_meta = !@config[:elements].include?('meta') ||
         node.xpath('/html/head/meta[@http-equiv]').none? do |meta|
-          meta['http-equiv'].downcase == 'content-type'
+          meta['http-equiv'].casecmp('content-type').zero?
         end
     end
 
@@ -217,12 +217,14 @@ class Sanitize
   end
 
   def transform_node!(node, node_whitelist)
+    node_name = node.name.downcase
+
     @transformers.each do |transformer|
       result = transformer.call(
         :config         => @config,
         :is_whitelisted => node_whitelist.include?(node),
         :node           => node,
-        :node_name      => node.name.downcase,
+        :node_name      => node_name,
         :node_whitelist => node_whitelist
       )
 

data/lib/sanitize/transformers/clean_element.rb

@@ -99,7 +99,7 @@ class Sanitize; module Transformers; class CleanElement
           if @protocols.include?(name) && @protocols[name].include?(attr_name)
             attr_protocols = @protocols[name][attr_name]
 
-            if attr.value.to_s.downcase =~ REGEX_PROTOCOL
+            if attr.value =~ REGEX_PROTOCOL
               attr.unlink unless attr_protocols.include?($1.downcase)
             else
               attr.unlink unless attr_protocols.include?(:relative)

data/lib/sanitize/version.rb

@@ -1,5 +1,5 @@
 # encoding: utf-8
 
 class Sanitize
-  VERSION = '4.6.1'
+  VERSION = '4.6.2'
 end

data/test/test_clean_element.rb

@@ -402,6 +402,23 @@ describe 'Sanitize::Transformers::CleanElement' do
       s.fragment('foo<div>bar</div>baz').must_equal "foo\nbar\nbaz"
       s.fragment('foo<br>bar<br>baz').must_equal "foo\nbar\nbaz"
     end
-  end
 
+    it 'handles protocols correctly regardless of case' do
+      input = '<a href="hTTpS://foo.com/">Text</a>'
+
+      Sanitize.fragment(input, {
+        :elements   => ['a'],
+        :attributes => {'a' => ['href']},
+        :protocols  => {'a' => {'href' => ['https']}}
+      }).must_equal input
+
+      input = '<a href="mailto:someone@example.com?Subject=Hello">Text</a>'
+
+      Sanitize.fragment(input, {
+        :elements   => ['a'],
+        :attributes => {'a' => ['href']},
+        :protocols  => {'a' => {'href' => ['https']}}
+      }).must_equal "<a>Text</a>"
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sanitize
 version: !ruby/object:Gem::Version
-  version: 4.6.1
+  version: 4.6.2
 platform: ruby
 authors:
 - Ryan Grove
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-15 00:00:00.000000000 Z
+date: 2018-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: crass