RubyGems - sanitize - Versions diffs - 4.6.5 → 6.0.1 - Mend

sanitize 4.6.5 → 6.0.1

Potentially problematic release.

This version of sanitize might be problematic. Click here for more details.

Files changed (27) hide show

checksums.yaml +4 -4
data/HISTORY.md +235 -16
data/LICENSE +1 -1
data/README.md +89 -76
data/lib/sanitize/config/default.rb +15 -4
data/lib/sanitize/config/relaxed.rb +1 -1
data/lib/sanitize/css.rb +2 -2
data/lib/sanitize/transformers/clean_comment.rb +1 -1
data/lib/sanitize/transformers/clean_css.rb +3 -3
data/lib/sanitize/transformers/clean_doctype.rb +1 -1
data/lib/sanitize/transformers/clean_element.rb +105 -22
data/lib/sanitize/version.rb +1 -1
data/lib/sanitize.rb +53 -68
data/test/common.rb +0 -31
data/test/test_clean_comment.rb +16 -20
data/test/test_clean_css.rb +6 -6
data/test/test_clean_doctype.rb +22 -22
data/test/test_clean_element.rb +200 -82
data/test/test_config.rb +9 -9
data/test/test_malicious_css.rb +7 -7
data/test/test_malicious_html.rb +179 -32
data/test/test_parser.rb +9 -38
data/test/test_sanitize.rb +114 -29
data/test/test_sanitize_css.rb +88 -61
data/test/test_transformers.rb +52 -46
metadata +17 -33
data/test/test_unicode.rb +0 -95

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sanitize
 version: !ruby/object:Gem::Version
-  version: 4.6.5
+  version: 6.0.1
 platform: ruby
 authors:
 - Ryan Grove
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-17 00:00:00.000000000 Z
+date: 2023-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: crass
@@ -30,59 +30,45 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: 1.12.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.4
-- !ruby/object:Gem::Dependency
-  name: nokogumbo
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.4'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.4'
+        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.10.2
+        version: 5.14.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.10.2
+        version: 5.14.4
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.0.0
+        version: 13.0.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.0.0
-description: Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of
-  acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable
-  HTML and/or CSS from a string.
+        version: 13.0.6
+description: Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all
+  HTML and/or CSS from a string except the elements, attributes, and properties you
+  choose to allow.
 email: ryan@wonko.com
 executables: []
 extensions: []
@@ -116,12 +102,11 @@ files:
 - test/test_sanitize.rb
 - test/test_sanitize_css.rb
 - test/test_transformers.rb
-- test/test_unicode.rb
 homepage: https://github.com/rgrove/sanitize/
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -129,16 +114,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.2
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 1.2.0
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.3
-signing_key:
+rubygems_version: 3.4.1
+signing_key:
 specification_version: 4
-summary: Whitelist-based HTML and CSS sanitizer.
+summary: Allowlist-based HTML and CSS sanitizer.
 test_files: []

data/test/test_unicode.rb DELETED Viewed

@@ -1,95 +0,0 @@
-# encoding: utf-8
-require_relative 'common'
-describe 'Unicode' do
-  make_my_diffs_pretty!
-  parallelize_me!
-  # http://www.w3.org/TR/unicode-xml/#Charlist
-  describe 'Unsuitable characters' do
-    before do
-      @s = Sanitize.new(Sanitize::Config::RELAXED)
-    end
-    it 'should not modify the input string' do
-      fragment = "a\u0340b\u0341c"
-      document = "a\u0340b\u0341c"
-      @s.document(document)
-      @s.fragment(fragment)
-      fragment.must_equal "a\u0340b\u0341c"
-      document.must_equal "a\u0340b\u0341c"
-    end
-    it 'should strip deprecated grave and acute clones' do
-      @s.document("a\u0340b\u0341c").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\u0340b\u0341c").must_equal 'abc'
-    end
-    it 'should strip deprecated Khmer characters' do
-      @s.document("a\u17a3b\u17d3c").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\u17a3b\u17d3c").must_equal 'abc'
-    end
-    it 'should strip line and paragraph separator punctuation' do
-      @s.document("a\u2028b\u2029c").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\u2028b\u2029c").must_equal 'abc'
-    end
-    it 'should strip bidi embedding control characters' do
-      @s.document("a\u202ab\u202bc\u202cd\u202de\u202e")
-        .must_equal "<html><head></head><body>abcde</body></html>\n"
-      @s.fragment("a\u202ab\u202bc\u202cd\u202de\u202e")
-        .must_equal 'abcde'
-    end
-    it 'should strip deprecated symmetric swapping characters' do
-      @s.document("a\u206ab\u206bc").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\u206ab\u206bc").must_equal 'abc'
-    end
-    it 'should strip deprecated Arabic form shaping characters' do
-      @s.document("a\u206cb\u206dc").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\u206cb\u206dc").must_equal 'abc'
-    end
-    it 'should strip deprecated National digit shape characters' do
-      @s.document("a\u206eb\u206fc").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\u206eb\u206fc").must_equal 'abc'
-    end
-    it 'should strip interlinear annotation characters' do
-      @s.document("a\ufff9b\ufffac\ufffb").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\ufff9b\ufffac\ufffb").must_equal 'abc'
-    end
-    it 'should strip BOM/zero-width non-breaking space characters' do
-      @s.document("a\ufeffbc").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\ufeffbc").must_equal 'abc'
-    end
-    it 'should strip object replacement characters' do
-      @s.document("a\ufffcbc").must_equal "<html><head></head><body>abc</body></html>\n"
-      @s.fragment("a\ufffcbc").must_equal 'abc'
-    end
-    it 'should strip musical notation scoping characters' do
-      @s.document("a\u{1d173}b\u{1d174}c\u{1d175}d\u{1d176}e\u{1d177}f\u{1d178}g\u{1d179}h\u{1d17a}")
-        .must_equal "<html><head></head><body>abcdefgh</body></html>\n"
-      @s.fragment("a\u{1d173}b\u{1d174}c\u{1d175}d\u{1d176}e\u{1d177}f\u{1d178}g\u{1d179}h\u{1d17a}")
-        .must_equal 'abcdefgh'
-    end
-    it 'should strip language tag code point characters' do
-      str = String.new 'a'
-      (0xE0000..0xE007F).each {|n| str << [n].pack('U') }
-      str << 'b'
-      @s.document(str).must_equal "<html><head></head><body>ab</body></html>\n"
-      @s.fragment(str).must_equal 'ab'
-    end
-  end
-end