sanitize 2.0.1 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- data/HISTORY.md +9 -0
- data/README.rdoc +1 -1
- data/lib/sanitize.rb +1 -1
- data/lib/sanitize/version.rb +1 -1
- metadata +4 -28
data/HISTORY.md
CHANGED
@@ -1,6 +1,15 @@
|
|
1
1
|
Sanitize History
|
2
2
|
================================================================================
|
3
3
|
|
4
|
+
Version 2.0.2 (2011-05-21)
|
5
|
+
--------------------------
|
6
|
+
|
7
|
+
* Fixed a bug in which a protocol like "java\script:" would be translated to
|
8
|
+
"java%5Cscript:" and allowed through the filter when relative URLs were
|
9
|
+
enabled. This didn't actually allow malicious code to run, but it is
|
10
|
+
undesired behavior.
|
11
|
+
|
12
|
+
|
4
13
|
Version 2.0.1 (2011-03-16)
|
5
14
|
--------------------------
|
6
15
|
|
data/README.rdoc
CHANGED
@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
|
|
14
14
|
or maliciously-formed HTML, and will always output valid HTML or XHTML.
|
15
15
|
|
16
16
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
17
|
-
*Version*:: 2.0.
|
17
|
+
*Version*:: 2.0.2 (2011-05-21)
|
18
18
|
*Copyright*:: Copyright (c) 2011 Ryan Grove. All rights reserved.
|
19
19
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
20
20
|
*Website*:: http://github.com/rgrove/sanitize
|
data/lib/sanitize.rb
CHANGED
@@ -41,7 +41,7 @@ class Sanitize
|
|
41
41
|
# or more characters followed by a colon is considered a match, even if the
|
42
42
|
# colon is encoded as an entity and even if it's an incomplete entity (which
|
43
43
|
# IE6 and Opera will still parse).
|
44
|
-
REGEX_PROTOCOL = /\A([
|
44
|
+
REGEX_PROTOCOL = /\A([^\/]*?)(?:\:|�*58|�*3a)/i
|
45
45
|
|
46
46
|
#--
|
47
47
|
# Class Methods
|
data/lib/sanitize/version.rb
CHANGED
metadata
CHANGED
@@ -1,12 +1,8 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sanitize
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
prerelease:
|
5
|
-
|
6
|
-
- 2
|
7
|
-
- 0
|
8
|
-
- 1
|
9
|
-
version: 2.0.1
|
4
|
+
prerelease:
|
5
|
+
version: 2.0.2
|
10
6
|
platform: ruby
|
11
7
|
authors:
|
12
8
|
- Ryan Grove
|
@@ -14,8 +10,7 @@ autorequire:
|
|
14
10
|
bindir: bin
|
15
11
|
cert_chain: []
|
16
12
|
|
17
|
-
date: 2011-
|
18
|
-
default_executable:
|
13
|
+
date: 2011-05-21 00:00:00 Z
|
19
14
|
dependencies:
|
20
15
|
- !ruby/object:Gem::Dependency
|
21
16
|
name: nokogiri
|
@@ -25,10 +20,6 @@ dependencies:
|
|
25
20
|
requirements:
|
26
21
|
- - ~>
|
27
22
|
- !ruby/object:Gem::Version
|
28
|
-
segments:
|
29
|
-
- 1
|
30
|
-
- 4
|
31
|
-
- 4
|
32
23
|
version: 1.4.4
|
33
24
|
type: :runtime
|
34
25
|
version_requirements: *id001
|
@@ -40,10 +31,6 @@ dependencies:
|
|
40
31
|
requirements:
|
41
32
|
- - ~>
|
42
33
|
- !ruby/object:Gem::Version
|
43
|
-
segments:
|
44
|
-
- 2
|
45
|
-
- 0
|
46
|
-
- 0
|
47
34
|
version: 2.0.0
|
48
35
|
type: :development
|
49
36
|
version_requirements: *id002
|
@@ -55,10 +42,6 @@ dependencies:
|
|
55
42
|
requirements:
|
56
43
|
- - ~>
|
57
44
|
- !ruby/object:Gem::Version
|
58
|
-
segments:
|
59
|
-
- 0
|
60
|
-
- 8
|
61
|
-
- 0
|
62
45
|
version: 0.8.0
|
63
46
|
type: :development
|
64
47
|
version_requirements: *id003
|
@@ -83,7 +66,6 @@ files:
|
|
83
66
|
- lib/sanitize/transformers/clean_element.rb
|
84
67
|
- lib/sanitize/version.rb
|
85
68
|
- lib/sanitize.rb
|
86
|
-
has_rdoc: true
|
87
69
|
homepage: https://github.com/rgrove/sanitize/
|
88
70
|
licenses: []
|
89
71
|
|
@@ -97,23 +79,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
97
79
|
requirements:
|
98
80
|
- - ">="
|
99
81
|
- !ruby/object:Gem::Version
|
100
|
-
segments:
|
101
|
-
- 1
|
102
|
-
- 8
|
103
|
-
- 7
|
104
82
|
version: 1.8.7
|
105
83
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
106
84
|
none: false
|
107
85
|
requirements:
|
108
86
|
- - ">="
|
109
87
|
- !ruby/object:Gem::Version
|
110
|
-
segments:
|
111
|
-
- 0
|
112
88
|
version: "0"
|
113
89
|
requirements: []
|
114
90
|
|
115
91
|
rubyforge_project: riposte
|
116
|
-
rubygems_version: 1.
|
92
|
+
rubygems_version: 1.7.2
|
117
93
|
signing_key:
|
118
94
|
specification_version: 3
|
119
95
|
summary: Whitelist-based HTML sanitizer.
|