sanitize 4.6.6 → 5.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +147 -16
- data/README.md +61 -41
- data/lib/sanitize.rb +37 -61
- data/lib/sanitize/config/default.rb +10 -4
- data/lib/sanitize/css.rb +2 -2
- data/lib/sanitize/transformers/clean_comment.rb +1 -1
- data/lib/sanitize/transformers/clean_css.rb +3 -3
- data/lib/sanitize/transformers/clean_doctype.rb +1 -1
- data/lib/sanitize/transformers/clean_element.rb +54 -13
- data/lib/sanitize/version.rb +1 -1
- data/test/common.rb +0 -31
- data/test/test_clean_comment.rb +1 -5
- data/test/test_clean_css.rb +1 -1
- data/test/test_clean_doctype.rb +8 -8
- data/test/test_clean_element.rb +121 -26
- data/test/test_malicious_html.rb +50 -7
- data/test/test_parser.rb +3 -32
- data/test/test_sanitize.rb +103 -18
- data/test/test_sanitize_css.rb +43 -16
- data/test/test_transformers.rb +29 -23
- metadata +16 -18
- data/test/test_unicode.rb +0 -95
data/test/test_unicode.rb
DELETED
@@ -1,95 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
require_relative 'common'
|
3
|
-
|
4
|
-
describe 'Unicode' do
|
5
|
-
make_my_diffs_pretty!
|
6
|
-
parallelize_me!
|
7
|
-
|
8
|
-
# http://www.w3.org/TR/unicode-xml/#Charlist
|
9
|
-
describe 'Unsuitable characters' do
|
10
|
-
before do
|
11
|
-
@s = Sanitize.new(Sanitize::Config::RELAXED)
|
12
|
-
end
|
13
|
-
|
14
|
-
it 'should not modify the input string' do
|
15
|
-
fragment = "a\u0340b\u0341c"
|
16
|
-
document = "a\u0340b\u0341c"
|
17
|
-
|
18
|
-
@s.document(document)
|
19
|
-
@s.fragment(fragment)
|
20
|
-
|
21
|
-
fragment.must_equal "a\u0340b\u0341c"
|
22
|
-
document.must_equal "a\u0340b\u0341c"
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'should strip deprecated grave and acute clones' do
|
26
|
-
@s.document("a\u0340b\u0341c").must_equal "<html><head></head><body>abc</body></html>\n"
|
27
|
-
@s.fragment("a\u0340b\u0341c").must_equal 'abc'
|
28
|
-
end
|
29
|
-
|
30
|
-
it 'should strip deprecated Khmer characters' do
|
31
|
-
@s.document("a\u17a3b\u17d3c").must_equal "<html><head></head><body>abc</body></html>\n"
|
32
|
-
@s.fragment("a\u17a3b\u17d3c").must_equal 'abc'
|
33
|
-
end
|
34
|
-
|
35
|
-
it 'should strip line and paragraph separator punctuation' do
|
36
|
-
@s.document("a\u2028b\u2029c").must_equal "<html><head></head><body>abc</body></html>\n"
|
37
|
-
@s.fragment("a\u2028b\u2029c").must_equal 'abc'
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'should strip bidi embedding control characters' do
|
41
|
-
@s.document("a\u202ab\u202bc\u202cd\u202de\u202e")
|
42
|
-
.must_equal "<html><head></head><body>abcde</body></html>\n"
|
43
|
-
|
44
|
-
@s.fragment("a\u202ab\u202bc\u202cd\u202de\u202e")
|
45
|
-
.must_equal 'abcde'
|
46
|
-
end
|
47
|
-
|
48
|
-
it 'should strip deprecated symmetric swapping characters' do
|
49
|
-
@s.document("a\u206ab\u206bc").must_equal "<html><head></head><body>abc</body></html>\n"
|
50
|
-
@s.fragment("a\u206ab\u206bc").must_equal 'abc'
|
51
|
-
end
|
52
|
-
|
53
|
-
it 'should strip deprecated Arabic form shaping characters' do
|
54
|
-
@s.document("a\u206cb\u206dc").must_equal "<html><head></head><body>abc</body></html>\n"
|
55
|
-
@s.fragment("a\u206cb\u206dc").must_equal 'abc'
|
56
|
-
end
|
57
|
-
|
58
|
-
it 'should strip deprecated National digit shape characters' do
|
59
|
-
@s.document("a\u206eb\u206fc").must_equal "<html><head></head><body>abc</body></html>\n"
|
60
|
-
@s.fragment("a\u206eb\u206fc").must_equal 'abc'
|
61
|
-
end
|
62
|
-
|
63
|
-
it 'should strip interlinear annotation characters' do
|
64
|
-
@s.document("a\ufff9b\ufffac\ufffb").must_equal "<html><head></head><body>abc</body></html>\n"
|
65
|
-
@s.fragment("a\ufff9b\ufffac\ufffb").must_equal 'abc'
|
66
|
-
end
|
67
|
-
|
68
|
-
it 'should strip BOM/zero-width non-breaking space characters' do
|
69
|
-
@s.document("a\ufeffbc").must_equal "<html><head></head><body>abc</body></html>\n"
|
70
|
-
@s.fragment("a\ufeffbc").must_equal 'abc'
|
71
|
-
end
|
72
|
-
|
73
|
-
it 'should strip object replacement characters' do
|
74
|
-
@s.document("a\ufffcbc").must_equal "<html><head></head><body>abc</body></html>\n"
|
75
|
-
@s.fragment("a\ufffcbc").must_equal 'abc'
|
76
|
-
end
|
77
|
-
|
78
|
-
it 'should strip musical notation scoping characters' do
|
79
|
-
@s.document("a\u{1d173}b\u{1d174}c\u{1d175}d\u{1d176}e\u{1d177}f\u{1d178}g\u{1d179}h\u{1d17a}")
|
80
|
-
.must_equal "<html><head></head><body>abcdefgh</body></html>\n"
|
81
|
-
|
82
|
-
@s.fragment("a\u{1d173}b\u{1d174}c\u{1d175}d\u{1d176}e\u{1d177}f\u{1d178}g\u{1d179}h\u{1d17a}")
|
83
|
-
.must_equal 'abcdefgh'
|
84
|
-
end
|
85
|
-
|
86
|
-
it 'should strip language tag code point characters' do
|
87
|
-
str = String.new 'a'
|
88
|
-
(0xE0000..0xE007F).each {|n| str << [n].pack('U') }
|
89
|
-
str << 'b'
|
90
|
-
|
91
|
-
@s.document(str).must_equal "<html><head></head><body>ab</body></html>\n"
|
92
|
-
@s.fragment(str).must_equal 'ab'
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|