RubyGems - sanitize - Versions diffs - 3.0.3 → 3.0.4 - Mend

sanitize 3.0.3 → 3.0.4

This version of sanitize might be problematic. Click here for more details.

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 04116455cb1ededd3413abade63532f93664c741
-  data.tar.gz: 608d034be8d8b305407f87be7e439e00917a1e62
+  metadata.gz: ba375648ad289cc08ce45eafc47ed464ce6e7f9e
+  data.tar.gz: 88022411ca58369ad7f0699f022c67c344891e69
 SHA512:
-  metadata.gz: d79b43a450dbc1336a9e648f2f33c8675da87dea4068784bafe56b0a71b9b2f11810a660657336a5ace1b7d406bcf9f1a0b16894d9d5bfd000d2ad1ec4bb326c
-  data.tar.gz: 5f800eafba144631a99b94f71de49cbf323bf6548ef3b19c2c019718b1d127743007ef9c53c28b2447a4faf89fcfd95fdd996491d6f582aeb95d648d7ccfede1
+  metadata.gz: 24abf590a86b592353ca6b5602afef29c30b1063a5bb1c907bd9a51d6ee6962a2a733abd7b4ef8923aee0221eb2c3935221615c9f257363a1cc0cae906e34026
+  data.tar.gz: 4b18f5dd27ccb560f96189eb081ab100d33604c87e08f7d24ce183b5cc5c5b58f6848a30d3aad51e9cffd3228c9baa6f4090ea185d6aaee0f2f55fb253069f42

data/HISTORY.md CHANGED

@@ -1,6 +1,16 @@
 Sanitize History
 ================================================================================
+Version 3.0.4 (2014-12-12)
+--------------------------
+* Fixed: Harmless whitespace preceding a URL protocol (such as " http://")
+  caused the URL to be removed even when the protocol was whitelisted.
+  [@benubois - #126][126]
+[126]:https://github.com/rgrove/sanitize/pull/126
 Version 3.0.3 (2014-10-29)
 --------------------------

data/lib/sanitize.rb CHANGED

@@ -24,7 +24,7 @@ class Sanitize
   # or more characters followed by a colon is considered a match, even if the
   # colon is encoded as an entity and even if it's an incomplete entity (which
   # IE6 and Opera will still parse).
-  REGEX_PROTOCOL = /\A([^\/#]*?)(?:\:|&#0*58|&#x0*3a)/i
+  REGEX_PROTOCOL = /\A\s*([^\/#]*?)(?:\:|&#0*58|&#x0*3a)/i
   # Matches Unicode characters that should be stripped from HTML before passing
   # it to the parser.

data/lib/sanitize/version.rb CHANGED

@@ -1,5 +1,5 @@
 # encoding: utf-8
 class Sanitize
-  VERSION = '3.0.3'
+  VERSION = '3.0.4'
 end

@@ -154,6 +154,14 @@ describe 'Sanitize::Transformers::CleanElement' do
       :restricted => '',
       :basic      => '',
       :relaxed    => '<img>'
+    },
+    'protocol whitespace' => {
+      :html       => '<a href=" http://example.com/"></a>',
+      :default    => '',
+      :restricted => '',
+      :basic      => '<a href="http://example.com/" rel="nofollow"></a>',
+      :relaxed    => '<a href="http://example.com/"></a>'
     }
   }

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sanitize
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.0.4
 platform: ruby
 authors:
 - Ryan Grove
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-29 00:00:00.000000000 Z
+date: 2014-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: crass
@@ -165,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.2.0
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: Whitelist-based HTML and CSS sanitizer.