RubyGems - sanitize - Versions diffs - 1.2.2.dev.20100822 → 1.2.2.dev.20101028 - Mend

sanitize 1.2.2.dev.20100822 → 1.2.2.dev.20101028

Potentially problematic release.

This version of sanitize might be problematic. Click here for more details.

Files changed (6) hide show

data/HISTORY CHANGED Viewed

@@ -1,7 +1,7 @@
 Sanitize History
 ================================================================================
-Version 1.2.? (git)
+Version 1.2.2 (git)
   * The environment hash passed into transformers now includes an
     :allowed_elements Hash to facilitate faster lookups when attempting to
     determine whether an element is in the whitelist. [Suggested by Nicholas
@@ -9,6 +9,8 @@ Version 1.2.? (git)
   * The environment hash passed into transformers now includes a
     :whitelist_nodes Array, so transformers now have insight into what nodes
     have been whitelisted by other transformers. [Suggested by Nicholas Evans]
+  * Added a :process_text_nodes config setting. If set to true, Sanitize will
+    pass text nodes to transformers. The default is false. [Ardie Saeidi]
   * Added a workaround for a bug in Nokogiri 1.4.2 and higher (issue #315) that
     causes "</body></html>" to be appended to the CDATA inside unterminated
     script and style elements.

data/README.rdoc CHANGED Viewed

@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML, and will always output valid HTML or XHTML.
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   1.2.? (git)
+*Version*::   1.2.2 (git)
 *Copyright*:: Copyright (c) 2010 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize
@@ -142,6 +142,11 @@ defaulting to <code>:xhtml</code>.
 Character encoding to use for HTML output. Default is <code>'utf-8'</code>.
+==== :process_text_nodes (Boolean)
+Whether or not to process text nodes. Enabling this will allow text nodes to be
+processed by transformers. The default is <code>false</code>.
 ==== :protocols (Hash)
 URL protocols to allow in specific attributes. If an attribute is listed here
@@ -318,6 +323,7 @@ or ideas that later became code:
 * Mutwin Kraus <mutle@blogage.de>
 * Dev Purkayastha <dev.purkayastha@gmail.com>
 * David Reese <work@whatcould.com>
+* Ardie Saeidi <ardalan.saeidi@gmail.com>
 * Rafael Souza <me@rafaelss.com>
 * Ben Wanicur <bwanicur@verticalresponse.com>

data/lib/sanitize/config.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 #--
 # Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
-#
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the 'Software'), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be included in all
 # copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@@ -23,6 +23,7 @@
 class Sanitize
   module Config
     DEFAULT = {
       # Whether or not to allow HTML comments. Allowing comments is strongly
       # discouraged, since IE allows script execution within conditional
       # comments.
@@ -47,6 +48,10 @@ class Sanitize
       # Character encoding to use for HTML output. Default is 'utf-8'.
       :output_encoding => 'utf-8',
+      # Whether or not to process text nodes. Enabling this will allow text
+      # nodes to be processed by transformers.
+      :process_text_nodes => false,
       # URL handling protocols to allow in specific attributes. By default, no
       # protocols are allowed. Use :relative in place of a protocol if you want
       # to allow relative URLs sans protocol.
@@ -65,6 +70,7 @@ class Sanitize
       # Transformers allow you to filter or alter nodes using custom logic. See
       # README.rdoc for details and examples.
       :transformers => []
     }
   end
 end

data/lib/sanitize/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Sanitize
-  VERSION = '1.2.2.dev.20100822'
+  VERSION = '1.2.2.dev.20101028'
 end

data/lib/sanitize.rb CHANGED Viewed

@@ -138,7 +138,7 @@ class Sanitize
     @whitelist_nodes = []
     node.traverse do |child|
-      if child.element?
+      if child.element? || (child.text? && @config[:process_text_nodes])
         clean_element!(child)
       elsif child.comment?
         child.unlink unless @config[:allow_comments]

metadata CHANGED Viewed

@@ -7,8 +7,8 @@ version: !ruby/object:Gem::Version
   - 2
   - 2
   - dev
-  - 20100822
-  version: 1.2.2.dev.20100822
+  - 20101028
+  version: 1.2.2.dev.20101028
 platform: ruby
 authors:
 - Ryan Grove
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-08-22 00:00:00 -07:00
+date: 2010-10-28 00:00:00 -07:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency