sanitize 5.2.3 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/HISTORY.md +11 -0
- data/LICENSE +1 -1
- data/README.md +3 -25
- data/lib/sanitize.rb +1 -1
- data/lib/sanitize/version.rb +1 -1
- data/test/test_sanitize.rb +4 -4
- metadata +10 -24
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94a37503617774f9317150c834cc3025cd32a718be754fb72eea1b9dd7347571
|
|
4
|
+
data.tar.gz: 597c76746d742db21842377bafab2911e7b84f389baf4dffafb2e53ecf67de92
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c6d2dedfa9d6a589788d4156babae09cf14b3bebc765a9bb04a492aa5b5702f82dc3ae26d45199da3e8f9c096dfd191d15c53fea8d62084a3679604be5f7ddba
|
|
7
|
+
data.tar.gz: 70bbb00756f1a4a085ad5901b27fd91ebc4308d5f42bfa57ec54c8cc7982ded8395eff9b59546ca62f3dba6e7a012351d62f9ec81b06aa8ccbb563211f39bd3c
|
data/HISTORY.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Sanitize History
|
|
2
2
|
|
|
3
|
+
## 6.0.0 (2021-08-03)
|
|
4
|
+
|
|
5
|
+
### Potentially Breaking Changes
|
|
6
|
+
|
|
7
|
+
* Ruby 2.5.0 is now the oldest officially supported Ruby version.
|
|
8
|
+
|
|
9
|
+
* Sanitize now requires Nokogiri 1.12.0 or higher, which includes Nokogumbo.
|
|
10
|
+
The separate dependency on Nokogumbo has been removed. [@lis2 - #211][211]
|
|
11
|
+
|
|
12
|
+
[211]:https://github.com/rgrove/sanitize/pull/211
|
|
13
|
+
|
|
3
14
|
## 5.2.3 (2021-01-11)
|
|
4
15
|
|
|
5
16
|
### Bug Fixes
|
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -11,7 +11,7 @@ protocols within attributes that contain URLs. You can also allow specific CSS
|
|
|
11
11
|
properties, @ rules, and URL protocols in elements or attributes containing CSS.
|
|
12
12
|
Any HTML or CSS that you don't explicitly allow will be removed.
|
|
13
13
|
|
|
14
|
-
Sanitize is based on [
|
|
14
|
+
Sanitize is based on the [Nokogumbo HTML5 parser][nokogumbo], which parses HTML
|
|
15
15
|
exactly the same way modern browsers do, and [Crass][crass], which parses CSS
|
|
16
16
|
exactly the same way modern browsers do. As long as your allowlist config only
|
|
17
17
|
allows safe markup and CSS, even the most malformed or malicious input will be
|
|
@@ -21,7 +21,7 @@ transformed into safe output.
|
|
|
21
21
|
[](https://github.com/rgrove/sanitize/actions?query=workflow%3ATests)
|
|
22
22
|
|
|
23
23
|
[crass]:https://github.com/rgrove/crass
|
|
24
|
-
[
|
|
24
|
+
[nokogumbo]:https://github.com/rubys/nokogumbo
|
|
25
25
|
|
|
26
26
|
Links
|
|
27
27
|
-----
|
|
@@ -428,7 +428,7 @@ removed by Sanitize.
|
|
|
428
428
|
|
|
429
429
|
#### :parser_options (Hash)
|
|
430
430
|
|
|
431
|
-
[Parsing options](https://github.com/rubys/nokogumbo/tree/
|
|
431
|
+
[Parsing options](https://github.com/rubys/nokogumbo/tree/master#parsing-options) to be supplied to `nokogumbo`.
|
|
432
432
|
|
|
433
433
|
```ruby
|
|
434
434
|
:parser_options => {
|
|
@@ -667,25 +667,3 @@ html = %[
|
|
|
667
667
|
Sanitize.fragment(html, :transformers => youtube_transformer)
|
|
668
668
|
# => '<iframe width="420" height="315" src="//www.youtube.com/embed/dQw4w9WgXcQ" frameborder="0" allowfullscreen=""></iframe>'
|
|
669
669
|
```
|
|
670
|
-
|
|
671
|
-
License
|
|
672
|
-
-------
|
|
673
|
-
|
|
674
|
-
Copyright (c) 2015 Ryan Grove (ryan@wonko.com)
|
|
675
|
-
|
|
676
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
677
|
-
this software and associated documentation files (the 'Software'), to deal in
|
|
678
|
-
the Software without restriction, including without limitation the rights to
|
|
679
|
-
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
680
|
-
the Software, and to permit persons to whom the Software is furnished to do so,
|
|
681
|
-
subject to the following conditions:
|
|
682
|
-
|
|
683
|
-
The above copyright notice and this permission notice shall be included in all
|
|
684
|
-
copies or substantial portions of the Software.
|
|
685
|
-
|
|
686
|
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
687
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
688
|
-
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
689
|
-
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
690
|
-
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
691
|
-
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/lib/sanitize.rb
CHANGED
data/lib/sanitize/version.rb
CHANGED
data/test/test_sanitize.rb
CHANGED
|
@@ -53,9 +53,9 @@ describe 'Sanitize' do
|
|
|
53
53
|
@s.document("a#{sample_non_chars}z").must_equal "<html>az</html>"
|
|
54
54
|
end
|
|
55
55
|
|
|
56
|
-
describe 'when html body exceeds
|
|
56
|
+
describe 'when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH' do
|
|
57
57
|
let(:content) do
|
|
58
|
-
content = nest_html_content('<b>foo</b>',
|
|
58
|
+
content = nest_html_content('<b>foo</b>', Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH)
|
|
59
59
|
"<html>#{content}</html>"
|
|
60
60
|
end
|
|
61
61
|
|
|
@@ -115,9 +115,9 @@ describe 'Sanitize' do
|
|
|
115
115
|
@s.fragment("a#{sample_non_chars}z").must_equal "az"
|
|
116
116
|
end
|
|
117
117
|
|
|
118
|
-
describe 'when html body exceeds
|
|
118
|
+
describe 'when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH' do
|
|
119
119
|
let(:content) do
|
|
120
|
-
content = nest_html_content('<b>foo</b>',
|
|
120
|
+
content = nest_html_content('<b>foo</b>', Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH)
|
|
121
121
|
"<body>#{content}</body>"
|
|
122
122
|
end
|
|
123
123
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 6.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-08-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: crass
|
|
@@ -30,56 +30,42 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 1.
|
|
33
|
+
version: 1.12.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 1.
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: nokogumbo
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - "~>"
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '2.0'
|
|
48
|
-
type: :runtime
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - "~>"
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '2.0'
|
|
40
|
+
version: 1.12.0
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
42
|
name: minitest
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
|
58
44
|
requirements:
|
|
59
45
|
- - "~>"
|
|
60
46
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 5.
|
|
47
|
+
version: 5.14.4
|
|
62
48
|
type: :development
|
|
63
49
|
prerelease: false
|
|
64
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
51
|
requirements:
|
|
66
52
|
- - "~>"
|
|
67
53
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 5.
|
|
54
|
+
version: 5.14.4
|
|
69
55
|
- !ruby/object:Gem::Dependency
|
|
70
56
|
name: rake
|
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
|
72
58
|
requirements:
|
|
73
59
|
- - "~>"
|
|
74
60
|
- !ruby/object:Gem::Version
|
|
75
|
-
version:
|
|
61
|
+
version: 13.0.6
|
|
76
62
|
type: :development
|
|
77
63
|
prerelease: false
|
|
78
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
65
|
requirements:
|
|
80
66
|
- - "~>"
|
|
81
67
|
- !ruby/object:Gem::Version
|
|
82
|
-
version:
|
|
68
|
+
version: 13.0.6
|
|
83
69
|
description: Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all
|
|
84
70
|
HTML and/or CSS from a string except the elements, attributes, and properties you
|
|
85
71
|
choose to allow.
|
|
@@ -128,14 +114,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
128
114
|
requirements:
|
|
129
115
|
- - ">="
|
|
130
116
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 2.
|
|
117
|
+
version: 2.5.0
|
|
132
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
133
119
|
requirements:
|
|
134
120
|
- - ">="
|
|
135
121
|
- !ruby/object:Gem::Version
|
|
136
122
|
version: 1.2.0
|
|
137
123
|
requirements: []
|
|
138
|
-
rubygems_version: 3.2.
|
|
124
|
+
rubygems_version: 3.2.22
|
|
139
125
|
signing_key:
|
|
140
126
|
specification_version: 4
|
|
141
127
|
summary: Allowlist-based HTML and CSS sanitizer.
|