sanitize 3.1.2 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +41 -0
- data/LICENSE +1 -1
- data/README.md +15 -3
- data/lib/sanitize.rb +5 -5
- data/lib/sanitize/config/default.rb +11 -2
- data/lib/sanitize/config/relaxed.rb +167 -1
- data/lib/sanitize/css.rb +61 -11
- data/lib/sanitize/transformers/clean_comment.rb +1 -1
- data/lib/sanitize/transformers/clean_doctype.rb +1 -1
- data/lib/sanitize/transformers/clean_element.rb +1 -1
- data/lib/sanitize/version.rb +1 -1
- data/test/test_clean_css.rb +1 -0
- data/test/test_sanitize_css.rb +82 -1
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c091a4cdaf3adfc67749ddc66027e52a2da59f20
|
4
|
+
data.tar.gz: e4452cd3153dff04348fec739f669aa6508ca74b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c4bef65c744e3a500695f72853ece376e1dee02c4c4743482ffbf9d07e8dc845aff027c877d416caa2fbdf0abc28a4822797e856ad44b3057c877827b5710347
|
7
|
+
data.tar.gz: 9512c6f1b92e06be37d54e0e2bdd0ff5efbc271282a7c742a6c4b8b7e2af90bc76bee9ec10eae7dd1a941224e9b388fc98efb11cb6442e4ab9397cbb4c7075b4
|
data/HISTORY.md
CHANGED
@@ -1,6 +1,47 @@
|
|
1
1
|
Sanitize History
|
2
2
|
================================================================================
|
3
3
|
|
4
|
+
Version 4.0.0 (2015-04-20)
|
5
|
+
--------------------------
|
6
|
+
|
7
|
+
### Potentially breaking changes
|
8
|
+
|
9
|
+
* Added two new CSS config settings, `:at_rules_with_properties` and
|
10
|
+
`:at_rules_with_styles`. These allow you to define which at-rules should be
|
11
|
+
allowed to contain properties and which should be allowed to contain style
|
12
|
+
rules. Previously this was hard-coded internally. [#111][111]
|
13
|
+
|
14
|
+
The previous `:at_rules` setting still exists, and defines at-rules that may
|
15
|
+
not have associated blocks, such as `@import`. If you have a custom config
|
16
|
+
that contains an `:at_rules` setting, you may need to move rules can have
|
17
|
+
blocks to either `:at_rules_with_properties` or `:at_rules_with_styles`.
|
18
|
+
|
19
|
+
See Sanitize's relaxed config for an example.
|
20
|
+
|
21
|
+
### Other changes
|
22
|
+
|
23
|
+
* Added full support for CSS `@page` rules in the relaxed config, including
|
24
|
+
support for all page-margin box rules (such as `@top-left`, `@bottom-center`,
|
25
|
+
etc.)
|
26
|
+
|
27
|
+
* Added the following CSS at-rules to the relaxed config:
|
28
|
+
|
29
|
+
- `@-moz-keyframes`
|
30
|
+
- `@-o-keyframes`
|
31
|
+
- `@-webkit-keyframes`
|
32
|
+
- `@document`
|
33
|
+
|
34
|
+
* Added a whole bunch of CSS properties to the relaxed config. View the complete
|
35
|
+
list [here](https://gist.github.com/rgrove/044cc7e9a5b44f583c05).
|
36
|
+
|
37
|
+
* Small performance improvements.
|
38
|
+
|
39
|
+
* Fixed: Upgraded Crass to 1.0.2 to pick up a fix that affected the parsing of
|
40
|
+
CSS `@page` rules.
|
41
|
+
|
42
|
+
[111]:https://github.com/rgrove/sanitize/issues/111
|
43
|
+
|
44
|
+
|
4
45
|
Version 3.1.2 (2015-02-22)
|
5
46
|
--------------------------
|
6
47
|
|
data/LICENSE
CHANGED
data/README.md
CHANGED
@@ -364,11 +364,23 @@ default is `false`.
|
|
364
364
|
|
365
365
|
##### :css => :at_rules (Array or Set)
|
366
366
|
|
367
|
-
Names of CSS [
|
368
|
-
lowercase.
|
367
|
+
Names of CSS [at-rules][at-rules] to allow that may not have associated blocks,
|
368
|
+
such as `import` or `charset`. Names should be specified in lowercase.
|
369
369
|
|
370
370
|
[at-rules]:https://developer.mozilla.org/en-US/docs/Web/CSS/At-rule
|
371
371
|
|
372
|
+
##### :css => :at_rules_with_properties (Array or Set)
|
373
|
+
|
374
|
+
Names of CSS [at-rules][at-rules] to allow that may have associated blocks
|
375
|
+
containing CSS properties. At-rules like `font-face` and `page` fall into this
|
376
|
+
category. Names should be specified in lowercase.
|
377
|
+
|
378
|
+
##### :css => :at_rules_with_styles (Array or Set)
|
379
|
+
|
380
|
+
Names of CSS [at-rules][at-rules] to allow that may have associated blocks
|
381
|
+
containing style rules. At-rules like `media` and `keyframes` fall into this
|
382
|
+
category. Names should be specified in lowercase.
|
383
|
+
|
372
384
|
##### :css => :properties (Array or Set)
|
373
385
|
|
374
386
|
Whitelist of CSS property names to allow. Names should be specified in
|
@@ -618,7 +630,7 @@ Sanitize.fragment(html, :transformers => youtube_transformer)
|
|
618
630
|
License
|
619
631
|
-------
|
620
632
|
|
621
|
-
Copyright (c)
|
633
|
+
Copyright (c) 2015 Ryan Grove (ryan@wonko.com)
|
622
634
|
|
623
635
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
624
636
|
this software and associated documentation files (the 'Software'), to deal in
|
data/lib/sanitize.rb
CHANGED
@@ -131,7 +131,7 @@ class Sanitize
|
|
131
131
|
end
|
132
132
|
|
133
133
|
frag = doc.fragment
|
134
|
-
doc.xpath(path)
|
134
|
+
frag << doc.xpath(path)
|
135
135
|
|
136
136
|
node!(frag)
|
137
137
|
to_html(frag)
|
@@ -237,7 +237,7 @@ class Sanitize
|
|
237
237
|
# Performs top-down traversal of the given node, operating first on the node
|
238
238
|
# itself, then traversing each child (if any) in order.
|
239
239
|
def traverse(node, &block)
|
240
|
-
|
240
|
+
yield node
|
241
241
|
|
242
242
|
child = node.child
|
243
243
|
|
@@ -245,13 +245,13 @@ class Sanitize
|
|
245
245
|
prev = child.previous_sibling
|
246
246
|
traverse(child, &block)
|
247
247
|
|
248
|
-
if child.parent
|
248
|
+
if child.parent == node
|
249
|
+
child = child.next_sibling
|
250
|
+
else
|
249
251
|
# The child was unlinked or reparented, so traverse the previous node's
|
250
252
|
# next sibling, or the parent's first child if there is no previous
|
251
253
|
# node.
|
252
254
|
child = prev ? prev.next_sibling : node.child
|
253
|
-
else
|
254
|
-
child = child.next_sibling
|
255
255
|
end
|
256
256
|
end
|
257
257
|
end
|
@@ -32,11 +32,20 @@ class Sanitize
|
|
32
32
|
# invalid CSS.
|
33
33
|
:allow_hacks => false,
|
34
34
|
|
35
|
-
# CSS
|
35
|
+
# CSS at-rules to allow that may not have associated blocks (e.g.
|
36
|
+
# "import").
|
37
|
+
#
|
36
38
|
# https://developer.mozilla.org/en-US/docs/Web/CSS/At-rule
|
37
39
|
:at_rules => [],
|
38
40
|
|
39
|
-
# CSS
|
41
|
+
# CSS at-rules to allow whose blocks may contain properties (e.g.
|
42
|
+
# "font-face").
|
43
|
+
:at_rules_with_properties => [],
|
44
|
+
|
45
|
+
# CSS at-rules to allow whose blocks may contain styles (e.g. "media").
|
46
|
+
:at_rules_with_styles => [],
|
47
|
+
|
48
|
+
# CSS properties to allow.
|
40
49
|
:properties => [],
|
41
50
|
|
42
51
|
# URL protocols to allow in CSS URLs.
|
@@ -40,7 +40,37 @@ class Sanitize
|
|
40
40
|
:allow_comments => true,
|
41
41
|
:allow_hacks => true,
|
42
42
|
|
43
|
-
:
|
43
|
+
:at_rules_with_properties => %w[
|
44
|
+
bottom-center
|
45
|
+
bottom-left
|
46
|
+
bottom-left-corner
|
47
|
+
bottom-right
|
48
|
+
bottom-right-corner
|
49
|
+
font-face
|
50
|
+
left-bottom
|
51
|
+
left-middle
|
52
|
+
left-top
|
53
|
+
page
|
54
|
+
right-bottom
|
55
|
+
right-middle
|
56
|
+
right-top
|
57
|
+
top-center
|
58
|
+
top-left
|
59
|
+
top-left-corner
|
60
|
+
top-right
|
61
|
+
top-right-corner
|
62
|
+
],
|
63
|
+
|
64
|
+
:at_rules_with_styles => %w[
|
65
|
+
-moz-keyframes
|
66
|
+
-o-keyframes
|
67
|
+
-webkit-keyframes
|
68
|
+
document
|
69
|
+
keyframes
|
70
|
+
media
|
71
|
+
supports
|
72
|
+
],
|
73
|
+
|
44
74
|
:protocols => ['http', 'https', :relative],
|
45
75
|
|
46
76
|
:properties => %w[
|
@@ -321,6 +351,10 @@ class Sanitize
|
|
321
351
|
align-content
|
322
352
|
align-items
|
323
353
|
align-self
|
354
|
+
alignment-adjust
|
355
|
+
alignment-baseline
|
356
|
+
all
|
357
|
+
anchor-point
|
324
358
|
animation
|
325
359
|
animation-delay
|
326
360
|
animation-direction
|
@@ -330,6 +364,7 @@ class Sanitize
|
|
330
364
|
animation-name
|
331
365
|
animation-play-state
|
332
366
|
animation-timing-function
|
367
|
+
azimuth
|
333
368
|
backface-visibility
|
334
369
|
background
|
335
370
|
background-attachment
|
@@ -340,6 +375,12 @@ class Sanitize
|
|
340
375
|
background-position
|
341
376
|
background-repeat
|
342
377
|
background-size
|
378
|
+
baseline-shift
|
379
|
+
binding
|
380
|
+
bleed
|
381
|
+
bookmark-label
|
382
|
+
bookmark-level
|
383
|
+
bookmark-state
|
343
384
|
border
|
344
385
|
border-bottom
|
345
386
|
border-bottom-color
|
@@ -377,14 +418,19 @@ class Sanitize
|
|
377
418
|
box-decoration-break
|
378
419
|
box-shadow
|
379
420
|
box-sizing
|
421
|
+
box-snap
|
422
|
+
box-suppress
|
380
423
|
break-after
|
381
424
|
break-before
|
382
425
|
break-inside
|
383
426
|
caption-side
|
427
|
+
chains
|
384
428
|
clear
|
385
429
|
clip
|
386
430
|
clip-path
|
431
|
+
clip-rule
|
387
432
|
color
|
433
|
+
color-interpolation-filters
|
388
434
|
column-count
|
389
435
|
column-fill
|
390
436
|
column-gap
|
@@ -395,12 +441,23 @@ class Sanitize
|
|
395
441
|
column-span
|
396
442
|
column-width
|
397
443
|
columns
|
444
|
+
contain
|
398
445
|
content
|
399
446
|
counter-increment
|
400
447
|
counter-reset
|
448
|
+
counter-set
|
449
|
+
crop
|
450
|
+
cue
|
451
|
+
cue-after
|
452
|
+
cue-before
|
401
453
|
cursor
|
402
454
|
direction
|
403
455
|
display
|
456
|
+
display-inside
|
457
|
+
display-list
|
458
|
+
display-outside
|
459
|
+
dominant-baseline
|
460
|
+
elevation
|
404
461
|
empty-cells
|
405
462
|
filter
|
406
463
|
flex
|
@@ -411,6 +468,11 @@ class Sanitize
|
|
411
468
|
flex-shrink
|
412
469
|
flex-wrap
|
413
470
|
float
|
471
|
+
float-offset
|
472
|
+
flood-color
|
473
|
+
flood-opacity
|
474
|
+
flow-from
|
475
|
+
flow-into
|
414
476
|
font
|
415
477
|
font-family
|
416
478
|
font-feature-settings
|
@@ -429,6 +491,22 @@ class Sanitize
|
|
429
491
|
font-variant-numeric
|
430
492
|
font-variant-position
|
431
493
|
font-weight
|
494
|
+
grid
|
495
|
+
grid-area
|
496
|
+
grid-auto-columns
|
497
|
+
grid-auto-flow
|
498
|
+
grid-auto-rows
|
499
|
+
grid-column
|
500
|
+
grid-column-end
|
501
|
+
grid-column-start
|
502
|
+
grid-row
|
503
|
+
grid-row-end
|
504
|
+
grid-row-start
|
505
|
+
grid-template
|
506
|
+
grid-template-areas
|
507
|
+
grid-template-columns
|
508
|
+
grid-template-rows
|
509
|
+
hanging-punctuation
|
432
510
|
height
|
433
511
|
hyphens
|
434
512
|
icon
|
@@ -436,10 +514,23 @@ class Sanitize
|
|
436
514
|
image-rendering
|
437
515
|
image-resolution
|
438
516
|
ime-mode
|
517
|
+
initial-letters
|
518
|
+
inline-box-align
|
439
519
|
justify-content
|
520
|
+
justify-items
|
521
|
+
justify-self
|
440
522
|
left
|
441
523
|
letter-spacing
|
524
|
+
lighting-color
|
525
|
+
line-box-contain
|
526
|
+
line-break
|
527
|
+
line-grid
|
442
528
|
line-height
|
529
|
+
line-snap
|
530
|
+
line-stacking
|
531
|
+
line-stacking-ruby
|
532
|
+
line-stacking-shift
|
533
|
+
line-stacking-strategy
|
443
534
|
list-style
|
444
535
|
list-style-image
|
445
536
|
list-style-position
|
@@ -449,13 +540,35 @@ class Sanitize
|
|
449
540
|
margin-left
|
450
541
|
margin-right
|
451
542
|
margin-top
|
543
|
+
marker-offset
|
544
|
+
marker-side
|
452
545
|
marks
|
453
546
|
mask
|
547
|
+
mask-box
|
548
|
+
mask-box-outset
|
549
|
+
mask-box-repeat
|
550
|
+
mask-box-slice
|
551
|
+
mask-box-source
|
552
|
+
mask-box-width
|
553
|
+
mask-clip
|
554
|
+
mask-image
|
555
|
+
mask-origin
|
556
|
+
mask-position
|
557
|
+
mask-repeat
|
558
|
+
mask-size
|
559
|
+
mask-source-type
|
454
560
|
mask-type
|
455
561
|
max-height
|
562
|
+
max-lines
|
456
563
|
max-width
|
457
564
|
min-height
|
458
565
|
min-width
|
566
|
+
move-to
|
567
|
+
nav-down
|
568
|
+
nav-index
|
569
|
+
nav-left
|
570
|
+
nav-right
|
571
|
+
nav-up
|
459
572
|
object-fit
|
460
573
|
object-position
|
461
574
|
opacity
|
@@ -475,32 +588,73 @@ class Sanitize
|
|
475
588
|
padding-left
|
476
589
|
padding-right
|
477
590
|
padding-top
|
591
|
+
page
|
478
592
|
page-break-after
|
479
593
|
page-break-before
|
480
594
|
page-break-inside
|
595
|
+
page-policy
|
596
|
+
pause
|
597
|
+
pause-after
|
598
|
+
pause-before
|
481
599
|
perspective
|
482
600
|
perspective-origin
|
601
|
+
pitch
|
602
|
+
pitch-range
|
603
|
+
play-during
|
483
604
|
position
|
605
|
+
presentation-level
|
484
606
|
quotes
|
607
|
+
region-fragment
|
485
608
|
resize
|
609
|
+
rest
|
610
|
+
rest-after
|
611
|
+
rest-before
|
612
|
+
richness
|
486
613
|
right
|
614
|
+
rotation
|
615
|
+
rotation-point
|
616
|
+
ruby-align
|
617
|
+
ruby-merge
|
618
|
+
ruby-position
|
619
|
+
shape-image-threshold
|
620
|
+
shape-margin
|
621
|
+
shape-outside
|
622
|
+
size
|
623
|
+
speak
|
624
|
+
speak-as
|
625
|
+
speak-header
|
626
|
+
speak-numeral
|
627
|
+
speak-punctuation
|
628
|
+
speech-rate
|
629
|
+
stress
|
630
|
+
string-set
|
487
631
|
tab-size
|
488
632
|
table-layout
|
489
633
|
text-align
|
490
634
|
text-align-last
|
491
635
|
text-combine-horizontal
|
636
|
+
text-combine-upright
|
492
637
|
text-decoration
|
493
638
|
text-decoration-color
|
494
639
|
text-decoration-line
|
640
|
+
text-decoration-skip
|
495
641
|
text-decoration-style
|
642
|
+
text-emphasis
|
643
|
+
text-emphasis-color
|
644
|
+
text-emphasis-position
|
645
|
+
text-emphasis-style
|
646
|
+
text-height
|
496
647
|
text-indent
|
648
|
+
text-justify
|
497
649
|
text-orientation
|
498
650
|
text-overflow
|
499
651
|
text-rendering
|
500
652
|
text-shadow
|
501
653
|
text-size-adjust
|
654
|
+
text-space-collapse
|
502
655
|
text-transform
|
503
656
|
text-underline-position
|
657
|
+
text-wrap
|
504
658
|
top
|
505
659
|
touch-action
|
506
660
|
transform
|
@@ -515,12 +669,24 @@ class Sanitize
|
|
515
669
|
unicode-range
|
516
670
|
vertical-align
|
517
671
|
visibility
|
672
|
+
voice-balance
|
673
|
+
voice-duration
|
674
|
+
voice-family
|
675
|
+
voice-pitch
|
676
|
+
voice-range
|
677
|
+
voice-rate
|
678
|
+
voice-stress
|
679
|
+
voice-volume
|
680
|
+
volume
|
518
681
|
white-space
|
519
682
|
widows
|
520
683
|
width
|
684
|
+
will-change
|
521
685
|
word-break
|
522
686
|
word-spacing
|
523
687
|
word-wrap
|
688
|
+
wrap-flow
|
689
|
+
wrap-through
|
524
690
|
writing-mode
|
525
691
|
z-index
|
526
692
|
]
|
data/lib/sanitize/css.rb
CHANGED
@@ -6,12 +6,6 @@ require 'set'
|
|
6
6
|
class Sanitize; class CSS
|
7
7
|
attr_reader :config
|
8
8
|
|
9
|
-
# Names of CSS at-rules whose blocks may contain properties.
|
10
|
-
AT_RULES_WITH_PROPERTIES = Set.new(%w[font-face page])
|
11
|
-
|
12
|
-
# Names of CSS at-rules whose blocks may contain style rules.
|
13
|
-
AT_RULES_WITH_STYLES = Set.new(%w[document media supports])
|
14
|
-
|
15
9
|
# -- Class Methods -----------------------------------------------------------
|
16
10
|
|
17
11
|
# Sanitizes inline CSS style properties.
|
@@ -28,10 +22,50 @@ class Sanitize; class CSS
|
|
28
22
|
self.new(config).properties(css)
|
29
23
|
end
|
30
24
|
|
25
|
+
# Sanitizes a full CSS stylesheet.
|
26
|
+
#
|
27
|
+
# A stylesheet may include selectors, at-rules, and comments. To sanitize only
|
28
|
+
# inline style properties such as the contents of an HTML `style` attribute,
|
29
|
+
# use {.properties}.
|
30
|
+
#
|
31
|
+
# @example
|
32
|
+
# css = %[
|
33
|
+
# .foo {
|
34
|
+
# background: url(foo.png);
|
35
|
+
# color: #fff;
|
36
|
+
# }
|
37
|
+
#
|
38
|
+
# #bar {
|
39
|
+
# font: 42pt 'Comic Sans MS';
|
40
|
+
# }
|
41
|
+
# ]
|
42
|
+
#
|
43
|
+
# Sanitize::CSS.stylesheet(css, Sanitize::Config::RELAXED)
|
44
|
+
#
|
45
|
+
# @return [String] Sanitized CSS stylesheet.
|
31
46
|
def self.stylesheet(css, config = {})
|
32
47
|
self.new(config).stylesheet(css)
|
33
48
|
end
|
34
49
|
|
50
|
+
# Sanitizes the given Crass CSS parse tree and all its children, modifying it
|
51
|
+
# in place.
|
52
|
+
#
|
53
|
+
# @example
|
54
|
+
# css = %[
|
55
|
+
# .foo {
|
56
|
+
# background: url(foo.png);
|
57
|
+
# color: #fff;
|
58
|
+
# }
|
59
|
+
#
|
60
|
+
# #bar {
|
61
|
+
# font: 42pt 'Comic Sans MS';
|
62
|
+
# }
|
63
|
+
# ]
|
64
|
+
#
|
65
|
+
# tree = Crass.parse(css)
|
66
|
+
# Sanitize::CSS.tree!(tree, Sanitize::Config::RELAXED)
|
67
|
+
#
|
68
|
+
# @return [Array] Sanitized Crass CSS parse tree.
|
35
69
|
def self.tree!(tree, config = {})
|
36
70
|
self.new(config).tree!(tree)
|
37
71
|
end
|
@@ -42,6 +76,10 @@ class Sanitize; class CSS
|
|
42
76
|
# _config_.
|
43
77
|
def initialize(config = {})
|
44
78
|
@config = Config.merge(Config::DEFAULT[:css], config[:css] || config)
|
79
|
+
|
80
|
+
@at_rules = Set.new(@config[:at_rules])
|
81
|
+
@at_rules_with_properties = Set.new(@config[:at_rules_with_properties])
|
82
|
+
@at_rules_with_styles = Set.new(@config[:at_rules_with_styles])
|
45
83
|
end
|
46
84
|
|
47
85
|
# Sanitizes inline CSS style properties.
|
@@ -66,7 +104,7 @@ class Sanitize; class CSS
|
|
66
104
|
|
67
105
|
# Sanitizes a full CSS stylesheet.
|
68
106
|
#
|
69
|
-
# A stylesheet may include selectors,
|
107
|
+
# A stylesheet may include selectors, at-rules, and comments. To sanitize only
|
70
108
|
# inline style properties such as the contents of an HTML `style` attribute,
|
71
109
|
# use {#properties}.
|
72
110
|
#
|
@@ -99,6 +137,17 @@ class Sanitize; class CSS
|
|
99
137
|
# in place.
|
100
138
|
#
|
101
139
|
# @example
|
140
|
+
# css = %[
|
141
|
+
# .foo {
|
142
|
+
# background: url(foo.png);
|
143
|
+
# color: #fff;
|
144
|
+
# }
|
145
|
+
#
|
146
|
+
# #bar {
|
147
|
+
# font: 42pt 'Comic Sans MS';
|
148
|
+
# }
|
149
|
+
# ]
|
150
|
+
#
|
102
151
|
# scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
|
103
152
|
# tree = Crass.parse(css)
|
104
153
|
#
|
@@ -154,24 +203,25 @@ class Sanitize; class CSS
|
|
154
203
|
# current config doesn't allow this at-rule.
|
155
204
|
def at_rule!(rule)
|
156
205
|
name = rule[:name].downcase
|
157
|
-
return nil unless @config[:at_rules].include?(name)
|
158
206
|
|
159
|
-
if
|
207
|
+
if @at_rules_with_styles.include?(name)
|
160
208
|
styles = Crass::Parser.parse_rules(rule[:block],
|
161
209
|
:preserve_comments => @config[:allow_comments],
|
162
210
|
:preserve_hacks => @config[:allow_hacks])
|
163
211
|
|
164
212
|
rule[:block] = tree!(styles)
|
165
213
|
|
166
|
-
elsif
|
214
|
+
elsif @at_rules_with_properties.include?(name)
|
167
215
|
props = Crass::Parser.parse_properties(rule[:block],
|
168
216
|
:preserve_comments => @config[:allow_comments],
|
169
217
|
:preserve_hacks => @config[:allow_hacks])
|
170
218
|
|
171
219
|
rule[:block] = tree!(props)
|
172
220
|
|
221
|
+
elsif @at_rules.include?(name)
|
222
|
+
return nil if rule.has_key?(:block)
|
173
223
|
else
|
174
|
-
|
224
|
+
return nil
|
175
225
|
end
|
176
226
|
|
177
227
|
rule
|
@@ -73,7 +73,7 @@ class Sanitize; module Transformers; class CleanElement
|
|
73
73
|
end
|
74
74
|
|
75
75
|
unless @remove_all_contents || @remove_element_contents.include?(name)
|
76
|
-
node.
|
76
|
+
node.add_previous_sibling(node.children)
|
77
77
|
end
|
78
78
|
|
79
79
|
node.unlink
|
data/lib/sanitize/version.rb
CHANGED
data/test/test_clean_css.rb
CHANGED
data/test/test_sanitize_css.rb
CHANGED
@@ -220,7 +220,7 @@ describe 'Sanitize::CSS' do
|
|
220
220
|
end
|
221
221
|
end
|
222
222
|
|
223
|
-
describe '
|
223
|
+
describe 'functionality' do
|
224
224
|
before do
|
225
225
|
@default = Sanitize::CSS.new
|
226
226
|
@relaxed = Sanitize::CSS.new(Sanitize::Config::RELAXED[:css])
|
@@ -235,6 +235,10 @@ describe 'Sanitize::CSS' do
|
|
235
235
|
@media (max-width: 720px) {
|
236
236
|
p.foo > .bar { float: right; width: expression(body.scrollLeft + 50 + 'px'); }
|
237
237
|
#baz { color: green; }
|
238
|
+
|
239
|
+
@media (orientation: portrait) {
|
240
|
+
#baz { color: red; }
|
241
|
+
}
|
238
242
|
}
|
239
243
|
].strip
|
240
244
|
|
@@ -242,8 +246,85 @@ describe 'Sanitize::CSS' do
|
|
242
246
|
@media (max-width: 720px) {
|
243
247
|
p.foo > .bar { float: right; }
|
244
248
|
#baz { color: green; }
|
249
|
+
|
250
|
+
@media (orientation: portrait) {
|
251
|
+
#baz { color: red; }
|
252
|
+
}
|
253
|
+
}
|
254
|
+
].strip
|
255
|
+
end
|
256
|
+
|
257
|
+
it 'should parse @page rules properly' do
|
258
|
+
css = %[
|
259
|
+
@page { margin: 2cm } /* All margins set to 2cm */
|
260
|
+
|
261
|
+
@page :right {
|
262
|
+
@top-center { content: "Preliminary edition" }
|
263
|
+
@bottom-center { content: counter(page) }
|
264
|
+
}
|
265
|
+
|
266
|
+
@page {
|
267
|
+
size: 8.5in 11in;
|
268
|
+
margin: 10%;
|
269
|
+
|
270
|
+
@top-left {
|
271
|
+
content: "Hamlet";
|
272
|
+
}
|
273
|
+
@top-right {
|
274
|
+
content: "Page " counter(page);
|
275
|
+
}
|
245
276
|
}
|
246
277
|
].strip
|
278
|
+
|
279
|
+
@relaxed.stylesheet(css).must_equal css
|
280
|
+
end
|
281
|
+
|
282
|
+
describe ":at_rules" do
|
283
|
+
it "should remove blockless at-rules that aren't whitelisted" do
|
284
|
+
css = %[
|
285
|
+
@charset 'utf-8';
|
286
|
+
@import url('foo.css');
|
287
|
+
.foo { color: green; }
|
288
|
+
].strip
|
289
|
+
|
290
|
+
@relaxed.stylesheet(css).strip.must_equal %[
|
291
|
+
.foo { color: green; }
|
292
|
+
].strip
|
293
|
+
end
|
294
|
+
|
295
|
+
describe "when blockless at-rules are whitelisted" do
|
296
|
+
before do
|
297
|
+
@scss = Sanitize::CSS.new(Sanitize::Config.merge(Sanitize::Config::RELAXED[:css], {
|
298
|
+
:at_rules => ['charset', 'import']
|
299
|
+
}))
|
300
|
+
end
|
301
|
+
|
302
|
+
it "should not remove them" do
|
303
|
+
css = %[
|
304
|
+
@charset 'utf-8';
|
305
|
+
@import url('foo.css');
|
306
|
+
.foo { color: green; }
|
307
|
+
].strip
|
308
|
+
|
309
|
+
@scss.stylesheet(css).must_equal %[
|
310
|
+
@charset 'utf-8';
|
311
|
+
@import url('foo.css');
|
312
|
+
.foo { color: green; }
|
313
|
+
].strip
|
314
|
+
end
|
315
|
+
|
316
|
+
it "should remove them if they have invalid blocks" do
|
317
|
+
css = %[
|
318
|
+
@charset { color: green }
|
319
|
+
@import { color: green }
|
320
|
+
.foo { color: green; }
|
321
|
+
].strip
|
322
|
+
|
323
|
+
@scss.stylesheet(css).strip.must_equal %[
|
324
|
+
.foo { color: green; }
|
325
|
+
].strip
|
326
|
+
end
|
327
|
+
end
|
247
328
|
end
|
248
329
|
end
|
249
330
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sanitize
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Grove
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: crass
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.0.
|
19
|
+
version: 1.0.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.0.
|
26
|
+
version: 1.0.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,56 +44,56 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - '='
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.4.1
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - '='
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1.
|
54
|
+
version: 1.4.1
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: minitest
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 5.
|
61
|
+
version: 5.6.0
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 5.
|
68
|
+
version: 5.6.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
75
|
+
version: 10.4.2
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
82
|
+
version: 10.4.2
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: redcarpet
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 3.
|
89
|
+
version: 3.2.3
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: 3.
|
96
|
+
version: 3.2.3
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: yard
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|