sanitize 4.1.0 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +12 -0
- data/lib/sanitize.rb +1 -1
- data/lib/sanitize/config/relaxed.rb +1 -0
- data/lib/sanitize/transformers/clean_doctype.rb +7 -1
- data/lib/sanitize/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: abb1df5c4bd3af158380b4fd3125ab354f0d8cfa
|
|
4
|
+
data.tar.gz: 9e418edd6b360cb64579d5cd1e57f9e4acb8e527
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 78570f43744763cddcc1eee64bc62f2d315cbf544b21c022ee49184b30f680d294388d8d63fac8bd6fefdaff7acc202bdcd30ff3dc7418d0bd802c661eeb2fad
|
|
7
|
+
data.tar.gz: 2fe95ba29fede36ba37f0d28e58336369cf3745936ef9397ee27872f8586e25ba10568911d67225928aa905141b6a692a2afc5d959f25dc329014cd5ecff9def
|
data/HISTORY.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Sanitize History
|
|
2
2
|
|
|
3
|
+
## 4.2.0 (2016-08-22)
|
|
4
|
+
|
|
5
|
+
* Added `-webkit-font-smoothing` to the relaxed CSS config. [@louim - #154][154]
|
|
6
|
+
|
|
7
|
+
* Fixed: Nokogumbo >=1.4.9 changed its behavior in a way that allowed invalid
|
|
8
|
+
doctypes (like `<!DOCTYPE nonsense>`) when the `:allow_doctype` config setting
|
|
9
|
+
was `true`. Invalid doctypes are now coerced to valid ones as they were prior
|
|
10
|
+
to this Nokogumbo change.
|
|
11
|
+
|
|
12
|
+
[154]:https://github.com/rgrove/sanitize/pull/154
|
|
13
|
+
|
|
14
|
+
|
|
3
15
|
## 4.1.0 (2016-06-17)
|
|
4
16
|
|
|
5
17
|
* Added a new CSS config setting, `:import_url_validator`. This is a Proc or
|
data/lib/sanitize.rb
CHANGED
|
@@ -82,7 +82,6 @@ class Sanitize
|
|
|
82
82
|
# Default transformers always run at the end of the chain, after any custom
|
|
83
83
|
# transformers.
|
|
84
84
|
@transformers << Transformers::CleanComment unless @config[:allow_comments]
|
|
85
|
-
@transformers << Transformers::CleanDoctype unless @config[:allow_doctype]
|
|
86
85
|
|
|
87
86
|
if @config[:elements].include?('style')
|
|
88
87
|
scss = Sanitize::CSS.new(config)
|
|
@@ -95,6 +94,7 @@ class Sanitize
|
|
|
95
94
|
end
|
|
96
95
|
|
|
97
96
|
@transformers <<
|
|
97
|
+
Transformers::CleanDoctype <<
|
|
98
98
|
Transformers::CleanCDATA <<
|
|
99
99
|
Transformers::CleanElement.new(@config)
|
|
100
100
|
end
|
|
@@ -3,10 +3,16 @@
|
|
|
3
3
|
class Sanitize; module Transformers
|
|
4
4
|
|
|
5
5
|
CleanDoctype = lambda do |env|
|
|
6
|
+
return if env[:is_whitelisted]
|
|
7
|
+
|
|
6
8
|
node = env[:node]
|
|
7
9
|
|
|
8
10
|
if node.type == Nokogiri::XML::Node::DTD_NODE
|
|
9
|
-
|
|
11
|
+
if env[:config][:allow_doctype]
|
|
12
|
+
node.name = 'html'
|
|
13
|
+
else
|
|
14
|
+
node.unlink
|
|
15
|
+
end
|
|
10
16
|
end
|
|
11
17
|
end
|
|
12
18
|
|
data/lib/sanitize/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: crass
|