sanitize 4.6.5 → 6.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +235 -16
- data/LICENSE +1 -1
- data/README.md +89 -76
- data/lib/sanitize/config/default.rb +15 -4
- data/lib/sanitize/config/relaxed.rb +1 -1
- data/lib/sanitize/css.rb +2 -2
- data/lib/sanitize/transformers/clean_comment.rb +1 -1
- data/lib/sanitize/transformers/clean_css.rb +3 -3
- data/lib/sanitize/transformers/clean_doctype.rb +1 -1
- data/lib/sanitize/transformers/clean_element.rb +105 -22
- data/lib/sanitize/version.rb +1 -1
- data/lib/sanitize.rb +53 -68
- data/test/common.rb +0 -31
- data/test/test_clean_comment.rb +16 -20
- data/test/test_clean_css.rb +6 -6
- data/test/test_clean_doctype.rb +22 -22
- data/test/test_clean_element.rb +200 -82
- data/test/test_config.rb +9 -9
- data/test/test_malicious_css.rb +7 -7
- data/test/test_malicious_html.rb +179 -32
- data/test/test_parser.rb +9 -38
- data/test/test_sanitize.rb +114 -29
- data/test/test_sanitize_css.rb +88 -61
- data/test/test_transformers.rb +52 -46
- metadata +17 -33
- data/test/test_unicode.rb +0 -95
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sanitize
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Grove
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: crass
|
@@ -30,59 +30,45 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.
|
33
|
+
version: 1.12.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: nokogumbo
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - "~>"
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: '1.4'
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - "~>"
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '1.4'
|
40
|
+
version: 1.12.0
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
42
|
name: minitest
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
58
44
|
requirements:
|
59
45
|
- - "~>"
|
60
46
|
- !ruby/object:Gem::Version
|
61
|
-
version: 5.
|
47
|
+
version: 5.14.4
|
62
48
|
type: :development
|
63
49
|
prerelease: false
|
64
50
|
version_requirements: !ruby/object:Gem::Requirement
|
65
51
|
requirements:
|
66
52
|
- - "~>"
|
67
53
|
- !ruby/object:Gem::Version
|
68
|
-
version: 5.
|
54
|
+
version: 5.14.4
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: rake
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
72
58
|
requirements:
|
73
59
|
- - "~>"
|
74
60
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
61
|
+
version: 13.0.6
|
76
62
|
type: :development
|
77
63
|
prerelease: false
|
78
64
|
version_requirements: !ruby/object:Gem::Requirement
|
79
65
|
requirements:
|
80
66
|
- - "~>"
|
81
67
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
83
|
-
description: Sanitize is
|
84
|
-
|
85
|
-
|
68
|
+
version: 13.0.6
|
69
|
+
description: Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all
|
70
|
+
HTML and/or CSS from a string except the elements, attributes, and properties you
|
71
|
+
choose to allow.
|
86
72
|
email: ryan@wonko.com
|
87
73
|
executables: []
|
88
74
|
extensions: []
|
@@ -116,12 +102,11 @@ files:
|
|
116
102
|
- test/test_sanitize.rb
|
117
103
|
- test/test_sanitize_css.rb
|
118
104
|
- test/test_transformers.rb
|
119
|
-
- test/test_unicode.rb
|
120
105
|
homepage: https://github.com/rgrove/sanitize/
|
121
106
|
licenses:
|
122
107
|
- MIT
|
123
108
|
metadata: {}
|
124
|
-
post_install_message:
|
109
|
+
post_install_message:
|
125
110
|
rdoc_options: []
|
126
111
|
require_paths:
|
127
112
|
- lib
|
@@ -129,16 +114,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
129
114
|
requirements:
|
130
115
|
- - ">="
|
131
116
|
- !ruby/object:Gem::Version
|
132
|
-
version:
|
117
|
+
version: 2.5.0
|
133
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
134
119
|
requirements:
|
135
120
|
- - ">="
|
136
121
|
- !ruby/object:Gem::Version
|
137
122
|
version: 1.2.0
|
138
123
|
requirements: []
|
139
|
-
|
140
|
-
|
141
|
-
signing_key:
|
124
|
+
rubygems_version: 3.4.1
|
125
|
+
signing_key:
|
142
126
|
specification_version: 4
|
143
|
-
summary:
|
127
|
+
summary: Allowlist-based HTML and CSS sanitizer.
|
144
128
|
test_files: []
|
data/test/test_unicode.rb
DELETED
@@ -1,95 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
require_relative 'common'
|
3
|
-
|
4
|
-
describe 'Unicode' do
|
5
|
-
make_my_diffs_pretty!
|
6
|
-
parallelize_me!
|
7
|
-
|
8
|
-
# http://www.w3.org/TR/unicode-xml/#Charlist
|
9
|
-
describe 'Unsuitable characters' do
|
10
|
-
before do
|
11
|
-
@s = Sanitize.new(Sanitize::Config::RELAXED)
|
12
|
-
end
|
13
|
-
|
14
|
-
it 'should not modify the input string' do
|
15
|
-
fragment = "a\u0340b\u0341c"
|
16
|
-
document = "a\u0340b\u0341c"
|
17
|
-
|
18
|
-
@s.document(document)
|
19
|
-
@s.fragment(fragment)
|
20
|
-
|
21
|
-
fragment.must_equal "a\u0340b\u0341c"
|
22
|
-
document.must_equal "a\u0340b\u0341c"
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'should strip deprecated grave and acute clones' do
|
26
|
-
@s.document("a\u0340b\u0341c").must_equal "<html><head></head><body>abc</body></html>\n"
|
27
|
-
@s.fragment("a\u0340b\u0341c").must_equal 'abc'
|
28
|
-
end
|
29
|
-
|
30
|
-
it 'should strip deprecated Khmer characters' do
|
31
|
-
@s.document("a\u17a3b\u17d3c").must_equal "<html><head></head><body>abc</body></html>\n"
|
32
|
-
@s.fragment("a\u17a3b\u17d3c").must_equal 'abc'
|
33
|
-
end
|
34
|
-
|
35
|
-
it 'should strip line and paragraph separator punctuation' do
|
36
|
-
@s.document("a\u2028b\u2029c").must_equal "<html><head></head><body>abc</body></html>\n"
|
37
|
-
@s.fragment("a\u2028b\u2029c").must_equal 'abc'
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'should strip bidi embedding control characters' do
|
41
|
-
@s.document("a\u202ab\u202bc\u202cd\u202de\u202e")
|
42
|
-
.must_equal "<html><head></head><body>abcde</body></html>\n"
|
43
|
-
|
44
|
-
@s.fragment("a\u202ab\u202bc\u202cd\u202de\u202e")
|
45
|
-
.must_equal 'abcde'
|
46
|
-
end
|
47
|
-
|
48
|
-
it 'should strip deprecated symmetric swapping characters' do
|
49
|
-
@s.document("a\u206ab\u206bc").must_equal "<html><head></head><body>abc</body></html>\n"
|
50
|
-
@s.fragment("a\u206ab\u206bc").must_equal 'abc'
|
51
|
-
end
|
52
|
-
|
53
|
-
it 'should strip deprecated Arabic form shaping characters' do
|
54
|
-
@s.document("a\u206cb\u206dc").must_equal "<html><head></head><body>abc</body></html>\n"
|
55
|
-
@s.fragment("a\u206cb\u206dc").must_equal 'abc'
|
56
|
-
end
|
57
|
-
|
58
|
-
it 'should strip deprecated National digit shape characters' do
|
59
|
-
@s.document("a\u206eb\u206fc").must_equal "<html><head></head><body>abc</body></html>\n"
|
60
|
-
@s.fragment("a\u206eb\u206fc").must_equal 'abc'
|
61
|
-
end
|
62
|
-
|
63
|
-
it 'should strip interlinear annotation characters' do
|
64
|
-
@s.document("a\ufff9b\ufffac\ufffb").must_equal "<html><head></head><body>abc</body></html>\n"
|
65
|
-
@s.fragment("a\ufff9b\ufffac\ufffb").must_equal 'abc'
|
66
|
-
end
|
67
|
-
|
68
|
-
it 'should strip BOM/zero-width non-breaking space characters' do
|
69
|
-
@s.document("a\ufeffbc").must_equal "<html><head></head><body>abc</body></html>\n"
|
70
|
-
@s.fragment("a\ufeffbc").must_equal 'abc'
|
71
|
-
end
|
72
|
-
|
73
|
-
it 'should strip object replacement characters' do
|
74
|
-
@s.document("a\ufffcbc").must_equal "<html><head></head><body>abc</body></html>\n"
|
75
|
-
@s.fragment("a\ufffcbc").must_equal 'abc'
|
76
|
-
end
|
77
|
-
|
78
|
-
it 'should strip musical notation scoping characters' do
|
79
|
-
@s.document("a\u{1d173}b\u{1d174}c\u{1d175}d\u{1d176}e\u{1d177}f\u{1d178}g\u{1d179}h\u{1d17a}")
|
80
|
-
.must_equal "<html><head></head><body>abcdefgh</body></html>\n"
|
81
|
-
|
82
|
-
@s.fragment("a\u{1d173}b\u{1d174}c\u{1d175}d\u{1d176}e\u{1d177}f\u{1d178}g\u{1d179}h\u{1d17a}")
|
83
|
-
.must_equal 'abcdefgh'
|
84
|
-
end
|
85
|
-
|
86
|
-
it 'should strip language tag code point characters' do
|
87
|
-
str = String.new 'a'
|
88
|
-
(0xE0000..0xE007F).each {|n| str << [n].pack('U') }
|
89
|
-
str << 'b'
|
90
|
-
|
91
|
-
@s.document(str).must_equal "<html><head></head><body>ab</body></html>\n"
|
92
|
-
@s.fragment(str).must_equal 'ab'
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|