sanitize 3.1.0 → 3.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 590de6883d3b0fe07e34fa62416a586e178146ff
-  data.tar.gz: b759297e620f13b37dd322c295c2dbfc974581b8
+  metadata.gz: f58c1c50884ecfb9f4b0e0370d7d9aecf26af343
+  data.tar.gz: 2dff24adc2c0f463049a6d2df74284a6fdf35263
 SHA512:
-  metadata.gz: e6844945a3a4de69cb1c8e91ae8134598b9757a39defc27a3390c34569129a2b0adeff04b403f51778fdcca3212e7d4d7f3586e10250f61b1f0894c1e5c8a13c
-  data.tar.gz: ba68e2d5e5145a3610248a16c988aac7e0f129d252c04dc1db8c2b562acac36f1c1bcb6db70516eae2d801d6dba0d110732df72b62a71445ab66deef9e7f80ef
+  metadata.gz: 5065f900b48a965b39e2cdbb817e8b52f71cd228fe6f7082f415c180e92f073b654e792f12237c3a4c16a140833de437087d0aa67a7867a0fe715c47fad634a1
+  data.tar.gz: 841711b2ff6216536443df8465d02bb948eb77bda5f6a91fe48db1a4b03a89b56008bd70f78a442a929d0cfd4d1bb34f506c989bf056d889d6d0bcb3c8085b9a

data/HISTORY.md

@@ -1,7 +1,18 @@
 Sanitize History
 ================================================================================
 
-Version 3.1.0 (2013-12-22)
+Version 3.1.1 (2015-02-04)
+--------------------------
+
+* Fixed: `#document` and `#fragment` failed on frozen strings, and could
+  unintentionally modify unfrozen strings if they used an encoding other than
+  UTF-8 or if they contained characters not allowed in HTML.
+  [@AnchorCat - #128][128]
+
+[128]:https://github.com/rgrove/sanitize/pull/128
+
+
+Version 3.1.0 (2014-12-22)
 --------------------------
 
 * Added the following CSS properties to the relaxed config. [@ehudc - #120][120]

data/lib/sanitize.rb

@@ -170,7 +170,7 @@ class Sanitize
 
   # Preprocesses HTML before parsing to remove undesirable Unicode chars.
   def preprocess(html)
-    html.to_s.dup
+    html = html.to_s.dup
 
     unless html.encoding.name == 'UTF-8'
       html.encode!('UTF-8',

data/lib/sanitize/version.rb

@@ -1,5 +1,5 @@
 # encoding: utf-8
 
 class Sanitize
-  VERSION = '3.1.0'
+  VERSION = '3.1.1'
 end

data/test/test_sanitize.rb

@@ -22,6 +22,10 @@ describe 'Sanitize' do
         @s.document(input)
         input.must_equal('<!DOCTYPE html><b>foo</b>')
       end
+
+      it 'should not choke on frozen documents' do
+        @s.document('<!doctype html><html><b>foo</b>'.freeze).must_equal "<html>foo</html>\n"
+      end
     end
 
     describe '#fragment' do
@@ -42,6 +46,10 @@ describe 'Sanitize' do
         @s.fragment('<html><body><b>foo</b></body></html>').must_equal 'foo'
         @s.fragment('<!DOCTYPE html><html><body><b>foo</b></body></html>').must_equal 'foo'
       end
+
+      it 'should not choke on frozen fragments' do
+        @s.fragment('<b>foo</b>'.freeze).must_equal 'foo'
+      end
     end
 
     describe '#node!' do

data/test/test_unicode.rb

@@ -11,6 +11,17 @@ describe 'Unicode' do
       @s = Sanitize.new(Sanitize::Config::RELAXED)
     end
 
+    it 'should not modify the input string' do
+      fragment = "a\u0340b\u0341c"
+      document = "a\u0340b\u0341c"
+
+      @s.document(document)
+      @s.fragment(fragment)
+
+      fragment.must_equal "a\u0340b\u0341c"
+      document.must_equal "a\u0340b\u0341c"
+    end
+
     it 'should strip deprecated grave and acute clones' do
       @s.document("a\u0340b\u0341c").must_equal "<html><head></head><body>abc</body></html>\n"
       @s.fragment("a\u0340b\u0341c").must_equal 'abc'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sanitize
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - Ryan Grove
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-23 00:00:00.000000000 Z
+date: 2015-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: crass
@@ -165,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.2.0
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Whitelist-based HTML and CSS sanitizer.