sanitize 1.2.2.dev.20101118 → 1.3.0.dev.20101210

data/HISTORY

@@ -1,7 +1,20 @@
 Sanitize History
 ================================================================================
 
-Version 1.2.2 (git)
+Version 1.3.0 (git)
+  * The default value for the :output config is now :html. Previously it was
+    :xhtml.
+  * Added a :whitespace_elements config, which specifies elements (such as <br>
+    and <p>) that should be replaced with whitespace when removed in order to
+    preserve readability. See the README for the default list of elements that
+    will be replaced with whitespace when removed.
+  * Added the `abbr`, `dfn`, `kbd`, `mark`, `s`, `samp`, `time`, and `var`
+    elements to the whitelists for `Sanitize::Config::BASIC` and
+    `Sanitize::Config::RELAXED`.
+  * Added the `bdo`, `del`, `figcaption`, `figure`, `hgroup`, `ins`, `rp`, `rt`,
+    `ruby`, and `wbr` elements to the whitelist for `Sanitize::Config::RELAXED`.
+  * The `dir`, `lang`, and `title` attributes are now whitelisted for all
+    elements in `Sanitize::Config::RELAXED`.
   * The environment hash passed into transformers now includes an
     :allowed_elements Hash to facilitate faster lookups when attempting to
     determine whether an element is in the whitelist. [Suggested by Nicholas

data/README.rdoc

@@ -14,14 +14,14 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML, and will always output valid HTML or XHTML.
 
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   1.2.2 (git)
+*Version*::   1.3.0 (git)
 *Copyright*:: Copyright (c) 2010 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize
 
 == Requires
 
-* Nokogiri ~> 1.4.1
+* Nokogiri ~> 1.4.4
 * libxml2 >= 2.7.2
 
 == Installation
@@ -136,7 +136,7 @@ Array of element names to allow. Specify all names in lowercase.
 ==== :output (Symbol)
 
 Output format. Supported formats are <code>:html</code> and <code>:xhtml</code>,
-defaulting to <code>:xhtml</code>.
+defaulting to <code>:html</code>.
 
 ==== :output_encoding (String)
 
@@ -181,6 +181,19 @@ The default value is <code>false</code>.
 
 See below.
 
+==== :whitespace_elements (Array)
+
+Array of lowercase element names that should be replaced with whitespace when
+removed in order to preserve readability. For example,
+<code>foo<div>bar</div>baz</code> will become
+<code>foo bar baz</code> when the <code><div></code> is removed.
+
+By default, the following elements are included in the
+<code>:whitespace_elements</code> array:
+
+  address article aside blockquote br dd div dl dt footer h1 h2 h3 h4 h5
+  h6 header hgroup hr li nav ol p pre section ul
+
 === Transformers
 
 Transformers allow you to filter and alter nodes using your own custom logic, on

data/lib/sanitize/config/basic.rb

@@ -23,15 +23,18 @@
 class Sanitize
   module Config
     BASIC = {
-      :elements => [
-        'a', 'b', 'blockquote', 'br', 'cite', 'code', 'dd', 'dl', 'dt', 'em',
-        'i', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub',
-        'sup', 'u', 'ul'],
+      :elements => %w[
+        a abbr b blockquote br cite code dd dfn dl dt em i kbd li mark ol p pre
+        q s samp small strike strong sub sup time u ul var
+      ],
 
       :attributes => {
         'a'          => ['href'],
+        'abbr'       => ['title'],
         'blockquote' => ['cite'],
-        'q'          => ['cite']
+        'dfn'        => ['title'],
+        'q'          => ['cite'],
+        'time'       => ['datetime', 'pubdate']
       },
 
       :add_attributes => {
@@ -39,8 +42,7 @@ class Sanitize
       },
 
       :protocols => {
-        'a'          => {'href' => ['ftp', 'http', 'https', 'mailto',
-                                    :relative]},
+        'a'          => {'href' => ['ftp', 'http', 'https', 'mailto', :relative]},
         'blockquote' => {'cite' => ['http', 'https', :relative]},
         'q'          => {'cite' => ['http', 'https', :relative]}
       }

data/lib/sanitize/config/relaxed.rb

@@ -23,33 +23,37 @@
 class Sanitize
   module Config
     RELAXED = {
-      :elements => [
-        'a', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'col',
-        'colgroup', 'dd', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
-        'i', 'img', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong',
-        'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'u',
-        'ul'],
+      :elements => %w[
+        a abbr b bdo blockquote br caption cite code col colgroup dd del dfn dl
+        dt em figcaption figure h1 h2 h3 h4 h5 h6 hgroup i img ins kbd li mark
+        ol p pre q rp rt ruby s samp small strike strong sub sup table tbody td
+        tfoot th thead time tr u ul var wbr
+      ],
 
       :attributes => {
-        'a'          => ['href', 'title'],
+        :all         => ['dir', 'lang', 'title'],
+        'a'          => ['href'],
         'blockquote' => ['cite'],
         'col'        => ['span', 'width'],
         'colgroup'   => ['span', 'width'],
-        'img'        => ['align', 'alt', 'height', 'src', 'title', 'width'],
-        'ol'         => ['start', 'type'],
+        'del'        => ['cite', 'datetime'],
+        'img'        => ['align', 'alt', 'height', 'src', 'width'],
+        'ins'        => ['cite', 'datetime'],
+        'ol'         => ['start', 'reversed', 'type'],
         'q'          => ['cite'],
         'table'      => ['summary', 'width'],
         'td'         => ['abbr', 'axis', 'colspan', 'rowspan', 'width'],
-        'th'         => ['abbr', 'axis', 'colspan', 'rowspan', 'scope',
-                         'width'],
+        'th'         => ['abbr', 'axis', 'colspan', 'rowspan', 'scope', 'width'],
+        'time'       => ['datetime', 'pubdate'],
         'ul'         => ['type']
       },
 
       :protocols => {
-        'a'          => {'href' => ['ftp', 'http', 'https', 'mailto',
-                                    :relative]},
+        'a'          => {'href' => ['ftp', 'http', 'https', 'mailto', :relative]},
         'blockquote' => {'cite' => ['http', 'https', :relative]},
+        'del'        => {'cite' => ['http', 'https', :relative]},
         'img'        => {'src'  => ['http', 'https', :relative]},
+        'ins'        => {'cite' => ['http', 'https', :relative]},
         'q'          => {'cite' => ['http', 'https', :relative]}
       }
     }

data/lib/sanitize/config/restricted.rb

@@ -23,7 +23,7 @@
 class Sanitize
   module Config
     RESTRICTED = {
-      :elements => ['b', 'em', 'i', 'strong', 'u']
+      :elements => %w[b em i strong u]
     }
   end
 end

data/lib/sanitize/config.rb

@@ -41,9 +41,8 @@ class Sanitize
       # that all HTML will be stripped).
       :elements => [],
 
-      # Output format. Supported formats are :html and :xhtml (which is the
-      # default).
-      :output => :xhtml,
+      # Output format. Supported formats are :html and :xhtml. Default is :html.
+      :output => :html,
 
       # Character encoding to use for HTML output. Default is 'utf-8'.
       :output_encoding => 'utf-8',
@@ -69,8 +68,16 @@ class Sanitize
 
       # Transformers allow you to filter or alter nodes using custom logic. See
       # README.rdoc for details and examples.
-      :transformers => []
+      :transformers => [],
 
+      # Elements which, when removed, should have their contents surrounded by
+      # space characters to preserve readability. For example,
+      # `foo<div>bar</div>baz` will become 'foo bar baz' when the <div> is
+      # removed.
+      :whitespace_elements => %w[
+        address article aside blockquote br dd div dl dt footer h1 h2 h3 h4 h5
+        h6 header hgroup hr li nav ol p pre section ul
+      ]
     }
   end
 end

data/lib/sanitize/version.rb

@@ -1,3 +1,3 @@
 class Sanitize
-  VERSION = '1.2.2.dev.20101118'
+  VERSION = '1.3.0.dev.20101210'
 end

data/lib/sanitize.rb

@@ -72,9 +72,12 @@ class Sanitize
     @config = Config::DEFAULT.merge(config)
     @config[:transformers] = Array(@config[:transformers].dup)
 
-    # Convert the list of allowed elements to a Hash for faster lookup.
-    @allowed_elements = {}
+    # Convert arrays to hashes for faster lookups.
+    @allowed_elements    = {}
+    @whitespace_elements = {}
+
     @config[:elements].each {|el| @allowed_elements[el] = true }
+    @config[:whitespace_elements].each {|el| @whitespace_elements[el] = true }
 
     # Convert the list of :remove_contents elements to a Hash for faster lookup.
     @remove_all_contents     = false
@@ -157,6 +160,13 @@ class Sanitize
 
     # Delete any element that isn't in the whitelist.
     unless transform[:whitelist] || @allowed_elements[name]
+      # Elements like br, div, p, etc. need to be replaced with whitespace in
+      # order to preserve readability.
+      if @whitespace_elements[name]
+        node.add_previous_sibling(' ')
+        node.add_next_sibling(' ') unless node.children.empty?
+      end
+
       unless @remove_all_contents || @remove_element_contents[name]
         node.children.each { |n| node.add_previous_sibling(n) }
       end

metadata

@@ -4,11 +4,11 @@ version: !ruby/object:Gem::Version
   prerelease: true
   segments: 
   - 1
-  - 2
-  - 2
+  - 3
+  - 0
   - dev
-  - 20101118
-  version: 1.2.2.dev.20101118
+  - 20101210
+  version: 1.3.0.dev.20101210
 platform: ruby
 authors: 
 - Ryan Grove
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-18 00:00:00 -08:00
+date: 2010-12-10 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -35,7 +35,7 @@ dependencies:
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: bacon
+  name: minitest
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
@@ -43,10 +43,10 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version 
         segments: 
-        - 1
-        - 1
+        - 2
+        - 0
         - 0
-        version: 1.1.0
+        version: 2.0.0
   type: :development
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
@@ -83,7 +83,7 @@ files:
 - lib/sanitize/version.rb
 - lib/sanitize.rb
 has_rdoc: true
-homepage: http://github.com/rgrove/sanitize/
+homepage: https://github.com/rgrove/sanitize/
 licenses: []
 
 post_install_message: