sanitize 4.1.0 → 4.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +12 -0
- data/lib/sanitize.rb +1 -1
- data/lib/sanitize/config/relaxed.rb +1 -0
- data/lib/sanitize/transformers/clean_doctype.rb +7 -1
- data/lib/sanitize/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: abb1df5c4bd3af158380b4fd3125ab354f0d8cfa
|
|
4
|
+
data.tar.gz: 9e418edd6b360cb64579d5cd1e57f9e4acb8e527
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 78570f43744763cddcc1eee64bc62f2d315cbf544b21c022ee49184b30f680d294388d8d63fac8bd6fefdaff7acc202bdcd30ff3dc7418d0bd802c661eeb2fad
|
|
7
|
+
data.tar.gz: 2fe95ba29fede36ba37f0d28e58336369cf3745936ef9397ee27872f8586e25ba10568911d67225928aa905141b6a692a2afc5d959f25dc329014cd5ecff9def
|
data/HISTORY.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Sanitize History
|
|
2
2
|
|
|
3
|
+
## 4.2.0 (2016-08-22)
|
|
4
|
+
|
|
5
|
+
* Added `-webkit-font-smoothing` to the relaxed CSS config. [@louim - #154][154]
|
|
6
|
+
|
|
7
|
+
* Fixed: Nokogumbo >=1.4.9 changed its behavior in a way that allowed invalid
|
|
8
|
+
doctypes (like `<!DOCTYPE nonsense>`) when the `:allow_doctype` config setting
|
|
9
|
+
was `true`. Invalid doctypes are now coerced to valid ones as they were prior
|
|
10
|
+
to this Nokogumbo change.
|
|
11
|
+
|
|
12
|
+
[154]:https://github.com/rgrove/sanitize/pull/154
|
|
13
|
+
|
|
14
|
+
|
|
3
15
|
## 4.1.0 (2016-06-17)
|
|
4
16
|
|
|
5
17
|
* Added a new CSS config setting, `:import_url_validator`. This is a Proc or
|
data/lib/sanitize.rb
CHANGED
|
@@ -82,7 +82,6 @@ class Sanitize
|
|
|
82
82
|
# Default transformers always run at the end of the chain, after any custom
|
|
83
83
|
# transformers.
|
|
84
84
|
@transformers << Transformers::CleanComment unless @config[:allow_comments]
|
|
85
|
-
@transformers << Transformers::CleanDoctype unless @config[:allow_doctype]
|
|
86
85
|
|
|
87
86
|
if @config[:elements].include?('style')
|
|
88
87
|
scss = Sanitize::CSS.new(config)
|
|
@@ -95,6 +94,7 @@ class Sanitize
|
|
|
95
94
|
end
|
|
96
95
|
|
|
97
96
|
@transformers <<
|
|
97
|
+
Transformers::CleanDoctype <<
|
|
98
98
|
Transformers::CleanCDATA <<
|
|
99
99
|
Transformers::CleanElement.new(@config)
|
|
100
100
|
end
|
|
@@ -3,10 +3,16 @@
|
|
|
3
3
|
class Sanitize; module Transformers
|
|
4
4
|
|
|
5
5
|
CleanDoctype = lambda do |env|
|
|
6
|
+
return if env[:is_whitelisted]
|
|
7
|
+
|
|
6
8
|
node = env[:node]
|
|
7
9
|
|
|
8
10
|
if node.type == Nokogiri::XML::Node::DTD_NODE
|
|
9
|
-
|
|
11
|
+
if env[:config][:allow_doctype]
|
|
12
|
+
node.name = 'html'
|
|
13
|
+
else
|
|
14
|
+
node.unlink
|
|
15
|
+
end
|
|
10
16
|
end
|
|
11
17
|
end
|
|
12
18
|
|
data/lib/sanitize/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: crass
|