sanitize 2.0.5 → 2.0.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +8 -0
- data/README.rdoc +1 -1
- data/lib/sanitize.rb +0 -1
- data/lib/sanitize/config.rb +56 -9
- data/lib/sanitize/config/basic.rb +2 -2
- data/lib/sanitize/config/relaxed.rb +2 -2
- data/lib/sanitize/config/restricted.rb +2 -2
- data/lib/sanitize/version.rb +1 -1
- data/test/test_sanitize.rb +0 -31
- metadata +2 -3
- data/lib/sanitize/config/default.rb +0 -85
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 240d390dd3a6813197ab1e3ccafb42f2103bf136
|
4
|
+
data.tar.gz: 5813a179d76ec2e44a7eb0bd0a7582c23ea0696b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dbc7db8d41dbac5be557a50ab69d096fe5373cd8310196b4666e7e0d7fb3f12c5138e7605c86b4ccc713b500e9ad2c0e3e06374b891c12b0fed7b2949c90868c
|
7
|
+
data.tar.gz: 401cdf8549edce7742fb6b0498aa82da817926537f9eca32ec87b400290541aa1051645c7dea61de8edd128f8302a42d39359e5b1bc30d4a3fb25de673024c96
|
data/HISTORY.md
CHANGED
@@ -1,6 +1,14 @@
|
|
1
1
|
Sanitize History
|
2
2
|
================================================================================
|
3
3
|
|
4
|
+
Version 2.0.6 (2013-07-10)
|
5
|
+
--------------------------
|
6
|
+
|
7
|
+
* Fixed: Version 2.0.5 inadvertently included some work-in-progress changes that
|
8
|
+
shouldn't have made their way into the master branch. This is what happens
|
9
|
+
when I release before coffee instead of after.
|
10
|
+
|
11
|
+
|
4
12
|
Version 2.0.5 (2013-07-10)
|
5
13
|
--------------------------
|
6
14
|
|
data/README.rdoc
CHANGED
@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
|
|
14
14
|
or maliciously-formed HTML, and will always output valid HTML or XHTML.
|
15
15
|
|
16
16
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
17
|
-
*Version*:: 2.0.
|
17
|
+
*Version*:: 2.0.6 (2013-07-10)
|
18
18
|
*Copyright*:: Copyright (c) 2013 Ryan Grove. All rights reserved.
|
19
19
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
20
20
|
*Website*:: http://github.com/rgrove/sanitize
|
data/lib/sanitize.rb
CHANGED
data/lib/sanitize/config.rb
CHANGED
@@ -22,17 +22,64 @@
|
|
22
22
|
|
23
23
|
class Sanitize
|
24
24
|
module Config
|
25
|
+
DEFAULT = {
|
25
26
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
elsif Hash === config
|
31
|
-
config.each_value { |c| freeze_config(c) }
|
32
|
-
end
|
27
|
+
# Whether or not to allow HTML comments. Allowing comments is strongly
|
28
|
+
# discouraged, since IE allows script execution within conditional
|
29
|
+
# comments.
|
30
|
+
:allow_comments => false,
|
33
31
|
|
34
|
-
|
35
|
-
|
32
|
+
# HTML attributes to add to specific elements. By default, no attributes
|
33
|
+
# are added.
|
34
|
+
:add_attributes => {},
|
36
35
|
|
36
|
+
# HTML attributes to allow in specific elements. By default, no attributes
|
37
|
+
# are allowed.
|
38
|
+
:attributes => {},
|
39
|
+
|
40
|
+
# HTML elements to allow. By default, no elements are allowed (which means
|
41
|
+
# that all HTML will be stripped).
|
42
|
+
:elements => [],
|
43
|
+
|
44
|
+
# Output format. Supported formats are :html and :xhtml. Default is :html.
|
45
|
+
:output => :html,
|
46
|
+
|
47
|
+
# Character encoding to use for HTML output. Default is 'utf-8'.
|
48
|
+
:output_encoding => 'utf-8',
|
49
|
+
|
50
|
+
# URL handling protocols to allow in specific attributes. By default, no
|
51
|
+
# protocols are allowed. Use :relative in place of a protocol if you want
|
52
|
+
# to allow relative URLs sans protocol.
|
53
|
+
:protocols => {},
|
54
|
+
|
55
|
+
# If this is true, Sanitize will remove the contents of any filtered
|
56
|
+
# elements in addition to the elements themselves. By default, Sanitize
|
57
|
+
# leaves the safe parts of an element's contents behind when the element
|
58
|
+
# is removed.
|
59
|
+
#
|
60
|
+
# If this is an Array of element names, then only the contents of the
|
61
|
+
# specified elements (when filtered) will be removed, and the contents of
|
62
|
+
# all other filtered elements will be left behind.
|
63
|
+
:remove_contents => false,
|
64
|
+
|
65
|
+
# Transformers allow you to filter or alter nodes using custom logic. See
|
66
|
+
# README.rdoc for details and examples.
|
67
|
+
:transformers => [],
|
68
|
+
|
69
|
+
# By default, transformers perform depth-first traversal (deepest node
|
70
|
+
# upward). This setting allows you to specify transformers that should
|
71
|
+
# perform breadth-first traversal (top node downward).
|
72
|
+
:transformers_breadth => [],
|
73
|
+
|
74
|
+
# Elements which, when removed, should have their contents surrounded by
|
75
|
+
# space characters to preserve readability. For example,
|
76
|
+
# `foo<div>bar</div>baz` will become 'foo bar baz' when the <div> is
|
77
|
+
# removed.
|
78
|
+
:whitespace_elements => %w[
|
79
|
+
address article aside blockquote br dd div dl dt footer h1 h2 h3 h4 h5
|
80
|
+
h6 header hgroup hr li nav ol p pre section ul
|
81
|
+
]
|
82
|
+
|
83
|
+
}
|
37
84
|
end
|
38
85
|
end
|
@@ -22,7 +22,7 @@
|
|
22
22
|
|
23
23
|
class Sanitize
|
24
24
|
module Config
|
25
|
-
BASIC =
|
25
|
+
BASIC = {
|
26
26
|
:elements => %w[
|
27
27
|
a abbr b blockquote br cite code dd dfn dl dt em i kbd li mark ol p pre
|
28
28
|
q s samp small strike strong sub sup time u ul var
|
@@ -46,6 +46,6 @@ class Sanitize
|
|
46
46
|
'blockquote' => {'cite' => ['http', 'https', :relative]},
|
47
47
|
'q' => {'cite' => ['http', 'https', :relative]}
|
48
48
|
}
|
49
|
-
|
49
|
+
}
|
50
50
|
end
|
51
51
|
end
|
@@ -22,7 +22,7 @@
|
|
22
22
|
|
23
23
|
class Sanitize
|
24
24
|
module Config
|
25
|
-
RELAXED =
|
25
|
+
RELAXED = {
|
26
26
|
:elements => %w[
|
27
27
|
a abbr b bdo blockquote br caption cite code col colgroup dd del dfn dl
|
28
28
|
dt em figcaption figure h1 h2 h3 h4 h5 h6 hgroup i img ins kbd li mark
|
@@ -56,6 +56,6 @@ class Sanitize
|
|
56
56
|
'ins' => {'cite' => ['http', 'https', :relative]},
|
57
57
|
'q' => {'cite' => ['http', 'https', :relative]}
|
58
58
|
}
|
59
|
-
|
59
|
+
}
|
60
60
|
end
|
61
61
|
end
|
data/lib/sanitize/version.rb
CHANGED
data/test/test_sanitize.rb
CHANGED
@@ -590,34 +590,3 @@ describe 'bugs' do
|
|
590
590
|
Sanitize.clean!('foo <style>bar').must_equal('foo bar')
|
591
591
|
end
|
592
592
|
end
|
593
|
-
|
594
|
-
describe "default configurations" do
|
595
|
-
def assert_deep_frozen(config)
|
596
|
-
if Hash === config
|
597
|
-
config.each_value { |c| assert_deep_frozen(c) }
|
598
|
-
config.frozen?.must_equal(true)
|
599
|
-
elsif Array === config
|
600
|
-
config.each { |c| assert_deep_frozen(c) }
|
601
|
-
config.frozen?.must_equal(true)
|
602
|
-
end
|
603
|
-
end
|
604
|
-
|
605
|
-
{
|
606
|
-
"DEFAULT" => Sanitize::Config::DEFAULT,
|
607
|
-
"RESTRICTED" => Sanitize::Config::RESTRICTED,
|
608
|
-
"BASIC" => Sanitize::Config::BASIC,
|
609
|
-
"RELAXED" => Sanitize::Config::RELAXED,
|
610
|
-
}.each do |name, config|
|
611
|
-
describe name do
|
612
|
-
it "should be frozen" do
|
613
|
-
assert_deep_frozen(config)
|
614
|
-
end
|
615
|
-
end
|
616
|
-
end
|
617
|
-
|
618
|
-
it "cannot be modified" do
|
619
|
-
assert_raises(RuntimeError, "can't modify frozen") {
|
620
|
-
Sanitize::Config::RESTRICTED.dup[:elements].push("script")
|
621
|
-
}
|
622
|
-
end
|
623
|
-
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sanitize
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Grove
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-07-
|
11
|
+
date: 2013-07-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -62,7 +62,6 @@ files:
|
|
62
62
|
- LICENSE
|
63
63
|
- README.rdoc
|
64
64
|
- lib/sanitize/config/basic.rb
|
65
|
-
- lib/sanitize/config/default.rb
|
66
65
|
- lib/sanitize/config/relaxed.rb
|
67
66
|
- lib/sanitize/config/restricted.rb
|
68
67
|
- lib/sanitize/config.rb
|
@@ -1,85 +0,0 @@
|
|
1
|
-
#--
|
2
|
-
# Copyright (c) 2013 Ryan Grove <ryan@wonko.com>
|
3
|
-
#
|
4
|
-
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
5
|
-
# of this software and associated documentation files (the 'Software'), to deal
|
6
|
-
# in the Software without restriction, including without limitation the rights
|
7
|
-
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
8
|
-
# copies of the Software, and to permit persons to whom the Software is
|
9
|
-
# furnished to do so, subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
16
|
-
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
17
|
-
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
18
|
-
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
19
|
-
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
20
|
-
# SOFTWARE.
|
21
|
-
#++
|
22
|
-
|
23
|
-
class Sanitize
|
24
|
-
module Config
|
25
|
-
DEFAULT = freeze_config(
|
26
|
-
|
27
|
-
# Whether or not to allow HTML comments. Allowing comments is strongly
|
28
|
-
# discouraged, since IE allows script execution within conditional
|
29
|
-
# comments.
|
30
|
-
:allow_comments => false,
|
31
|
-
|
32
|
-
# HTML attributes to add to specific elements. By default, no attributes
|
33
|
-
# are added.
|
34
|
-
:add_attributes => {},
|
35
|
-
|
36
|
-
# HTML attributes to allow in specific elements. By default, no attributes
|
37
|
-
# are allowed.
|
38
|
-
:attributes => {},
|
39
|
-
|
40
|
-
# HTML elements to allow. By default, no elements are allowed (which means
|
41
|
-
# that all HTML will be stripped).
|
42
|
-
:elements => [],
|
43
|
-
|
44
|
-
# Output format. Supported formats are :html and :xhtml. Default is :html.
|
45
|
-
:output => :html,
|
46
|
-
|
47
|
-
# Character encoding to use for HTML output. Default is 'utf-8'.
|
48
|
-
:output_encoding => 'utf-8',
|
49
|
-
|
50
|
-
# URL handling protocols to allow in specific attributes. By default, no
|
51
|
-
# protocols are allowed. Use :relative in place of a protocol if you want
|
52
|
-
# to allow relative URLs sans protocol.
|
53
|
-
:protocols => {},
|
54
|
-
|
55
|
-
# If this is true, Sanitize will remove the contents of any filtered
|
56
|
-
# elements in addition to the elements themselves. By default, Sanitize
|
57
|
-
# leaves the safe parts of an element's contents behind when the element
|
58
|
-
# is removed.
|
59
|
-
#
|
60
|
-
# If this is an Array of element names, then only the contents of the
|
61
|
-
# specified elements (when filtered) will be removed, and the contents of
|
62
|
-
# all other filtered elements will be left behind.
|
63
|
-
:remove_contents => false,
|
64
|
-
|
65
|
-
# Transformers allow you to filter or alter nodes using custom logic. See
|
66
|
-
# README.rdoc for details and examples.
|
67
|
-
:transformers => [],
|
68
|
-
|
69
|
-
# By default, transformers perform depth-first traversal (deepest node
|
70
|
-
# upward). This setting allows you to specify transformers that should
|
71
|
-
# perform breadth-first traversal (top node downward).
|
72
|
-
:transformers_breadth => [],
|
73
|
-
|
74
|
-
# Elements which, when removed, should have their contents surrounded by
|
75
|
-
# space characters to preserve readability. For example,
|
76
|
-
# `foo<div>bar</div>baz` will become 'foo bar baz' when the <div> is
|
77
|
-
# removed.
|
78
|
-
:whitespace_elements => %w[
|
79
|
-
address article aside blockquote br dd div dl dt footer h1 h2 h3 h4 h5
|
80
|
-
h6 header hgroup hr li nav ol p pre section ul
|
81
|
-
]
|
82
|
-
|
83
|
-
)
|
84
|
-
end
|
85
|
-
end
|