sanitize 1.1.0 → 1.1.1.dev.20091102
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- data/HISTORY +5 -0
- data/README.rdoc +4 -2
- data/lib/sanitize/config/relaxed.rb +4 -3
- data/lib/sanitize/version.rb +1 -1
- data/lib/sanitize.rb +7 -9
- metadata +5 -5
data/HISTORY
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
Sanitize History
|
|
2
2
|
================================================================================
|
|
3
3
|
|
|
4
|
+
Version 1.1.1.dev (git)
|
|
5
|
+
* Requires Nokogiri >= 1.4.0.
|
|
6
|
+
* Added elements h1 through h6 to the Relaxed whitelist. [Suggested by David
|
|
7
|
+
Reese]
|
|
8
|
+
|
|
4
9
|
Version 1.1.0 (2009-10-11)
|
|
5
10
|
* Migrated from Hpricot to Nokogiri. Requires libxml2 >= 2.7.2 [Adam Hooper]
|
|
6
11
|
* Added an :output config setting to allow the output format to be specified.
|
data/README.rdoc
CHANGED
|
@@ -15,14 +15,14 @@ or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
|
|
|
15
15
|
caution.
|
|
16
16
|
|
|
17
17
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
|
18
|
-
*Version*:: 1.1.
|
|
18
|
+
*Version*:: 1.1.1.dev (git)
|
|
19
19
|
*Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
|
|
20
20
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
|
21
21
|
*Website*:: http://github.com/rgrove/sanitize
|
|
22
22
|
|
|
23
23
|
== Requires
|
|
24
24
|
|
|
25
|
-
* Nokogiri
|
|
25
|
+
* Nokogiri >= 1.4.0
|
|
26
26
|
* libxml2 >= 2.7.2
|
|
27
27
|
|
|
28
28
|
== Installation
|
|
@@ -152,10 +152,12 @@ The following lovely people have contributed to Sanitize in the form of patches
|
|
|
152
152
|
or ideas that later became code:
|
|
153
153
|
|
|
154
154
|
* Peter Cooper <git@peterc.org>
|
|
155
|
+
* Gabe da Silveira <gabe@websaviour.com>
|
|
155
156
|
* Ryan Grove <ryan@wonko.com>
|
|
156
157
|
* Adam Hooper <adam@adamhooper.com>
|
|
157
158
|
* Mutwin Kraus <mutle@blogage.de>
|
|
158
159
|
* Dev Purkayastha <dev.purkayastha@gmail.com>
|
|
160
|
+
* David Reese <work@whatcould.com>
|
|
159
161
|
* Ben Wanicur <bwanicur@verticalresponse.com>
|
|
160
162
|
|
|
161
163
|
== License
|
|
@@ -25,9 +25,10 @@ class Sanitize
|
|
|
25
25
|
RELAXED = {
|
|
26
26
|
:elements => [
|
|
27
27
|
'a', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'col',
|
|
28
|
-
'colgroup', 'dd', 'dl', 'dt', 'em', '
|
|
29
|
-
'
|
|
30
|
-
'tfoot', 'th', 'thead', 'tr', 'u',
|
|
28
|
+
'colgroup', 'dd', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
|
|
29
|
+
'i', 'img', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong',
|
|
30
|
+
'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'u',
|
|
31
|
+
'ul'],
|
|
31
32
|
|
|
32
33
|
:attributes => {
|
|
33
34
|
'a' => ['href', 'title'],
|
data/lib/sanitize/version.rb
CHANGED
data/lib/sanitize.rb
CHANGED
|
@@ -113,23 +113,21 @@ class Sanitize
|
|
|
113
113
|
end
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
+
# Nokogiri 1.3.3 (and possibly earlier versions) always returns a US-ASCII
|
|
117
|
+
# string no matter what we ask for. This will be fixed in 1.4.0, but for
|
|
118
|
+
# now we have to hack around it to prevent errors.
|
|
119
|
+
output_method_params = {:encoding => 'utf-8', :indent => 0}
|
|
116
120
|
if @config[:output] == :xhtml
|
|
117
121
|
output_method = fragment.method(:to_xhtml)
|
|
122
|
+
output_method_params.merge!(:save_with => Nokogiri::XML::Node::SaveOptions::AS_XHTML)
|
|
118
123
|
elsif @config[:output] == :html
|
|
119
124
|
output_method = fragment.method(:to_html)
|
|
120
125
|
else
|
|
121
126
|
raise Error, "unsupported output format: #{@config[:output]}"
|
|
122
127
|
end
|
|
123
128
|
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
# string no matter what we ask for. This will be fixed in 1.4.0, but for
|
|
127
|
-
# now we have to hack around it to prevent errors.
|
|
128
|
-
result = output_method.call(:encoding => 'utf-8', :indent => 0).force_encoding('utf-8')
|
|
129
|
-
result.gsub!(">\n", '>')
|
|
130
|
-
else
|
|
131
|
-
result = output_method.call(:encoding => 'utf-8', :indent => 0).gsub(">\n", '>')
|
|
132
|
-
end
|
|
129
|
+
result = output_method.call(output_method_params)
|
|
130
|
+
result.force_encoding('utf-8') if RUBY_VERSION >= '1.9'
|
|
133
131
|
|
|
134
132
|
return result == html ? nil : html[0, html.length] = result
|
|
135
133
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1.dev.20091102
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-
|
|
12
|
+
date: 2009-11-02 00:00:00 -08:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
requirements:
|
|
21
21
|
- - ~>
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: 1.
|
|
23
|
+
version: 1.4.0
|
|
24
24
|
version:
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: bacon
|
|
@@ -77,9 +77,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
77
77
|
version:
|
|
78
78
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- - "
|
|
80
|
+
- - ">"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version:
|
|
82
|
+
version: 1.3.1
|
|
83
83
|
version:
|
|
84
84
|
requirements: []
|
|
85
85
|
|