sanitizer 0.1.6 → 0.1.7

data/lib/sanitizer/htmlentries.rb

@@ -1,14 +1,8 @@
+# encoding: utf-8
 class HTMLEntities
   class Encoder #:nodoc:     
     def basic_entity_regexp
-      @basic_entity_regexp ||= (
-        case @flavor
-        when /^html/
-          /[<>"]|(\&(?!\w))/
-        else
-          /[<>'"]|(\&(?!\w))/
-        end
-      )
+      @basic_entity_regexp ||= /[<>'"]|(\&(?!(\w+\;)))/
     end
   end
 end

data/lib/sanitizer/version.rb

@@ -1,3 +1,4 @@
+# encoding: utf-8
 module Sanitizer
-  VERSION = "0.1.6"
+  VERSION = "0.1.7"
 end

data/lib/sanitizer.rb

@@ -4,6 +4,5 @@ require 'htmlentities'
 
 # Local Libs
 $:.unshift(File.dirname(__FILE__) + '/../../lib')
-require 'sanitizer/whitelist'
 require 'sanitizer/htmlentries'
 require 'sanitizer/sanitizer'

data/spec/sanitizer_spec.rb

@@ -1,3 +1,4 @@
+# encoding: utf-8
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
 describe Sanitizer do
@@ -35,6 +36,12 @@ describe Sanitizer do
       output = Sanitizer.sanitize(html)
       output.should == "Eu & você"
     end
+    
+    it "should clean '&' entries even when it is attached to a letter" do
+      html = "M&M"
+      output = Sanitizer.sanitize(html)
+      output.should == "M&M"
+    end
   end
   
   describe "html_encode" do

metadata

@@ -1,13 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: sanitizer
 version: !ruby/object:Gem::Version 
-  hash: 23
   prerelease: 
-  segments: 
-  - 0
-  - 1
-  - 6
-  version: 0.1.6
+  version: 0.1.7
 platform: ruby
 authors: 
 - Marcelo Eden
@@ -15,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-11 00:00:00 -03:00
+date: 2011-05-12 00:00:00 -03:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -26,44 +21,20 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 2
-        - 3
-        - 0
         version: 2.3.0
   type: :development
   version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: ruby-debug
-  prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  type: :development
-  version_requirements: *id002
 - !ruby/object:Gem::Dependency 
   name: htmlentities
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 51
-        segments: 
-        - 4
-        - 3
-        - 0
         version: 4.3.0
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id002
 description: Sanitizer.clean(text)
 email: 
 - edendroid@gmail.com
@@ -77,7 +48,6 @@ files:
 - lib/sanitizer/htmlentries.rb
 - lib/sanitizer/sanitizer.rb
 - lib/sanitizer/version.rb
-- lib/sanitizer/whitelist.rb
 - lib/sanitizer.rb
 - spec/sanitizer_spec.rb
 has_rdoc: true
@@ -94,18 +64,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
       version: "0"
 requirements: []
 

data/lib/sanitizer/whitelist.rb

@@ -1,180 +0,0 @@
-#
-#  HTML whitelist lifted from HTML5 sanitizer code
-#    http://code.google.com/p/html5lib/
-#
-module Sanitizer
-  module WhiteList
-    # <html5_license>
-    #
-    #   Copyright (c) 2006-2008 The Authors
-    #
-    #   Contributors:
-    #   James Graham - jg307@cam.ac.uk
-    #   Anne van Kesteren - annevankesteren@gmail.com
-    #   Lachlan Hunt - lachlan.hunt@lachy.id.au
-    #   Matt McDonald - kanashii@kanashii.ca
-    #   Sam Ruby - rubys@intertwingly.net
-    #   Ian Hickson (Google) - ian@hixie.ch
-    #   Thomas Broyer - t.broyer@ltgt.net
-    #   Jacques Distler - distler@golem.ph.utexas.edu
-    #   Henri Sivonen - hsivonen@iki.fi
-    #   The Mozilla Foundation (contributions from Henri Sivonen since 2008)
-    #
-    #   Permission is hereby granted, free of charge, to any person
-    #   obtaining a copy of this software and associated documentation
-    #   files (the "Software"), to deal in the Software without
-    #   restriction, including without limitation the rights to use, copy,
-    #   modify, merge, publish, distribute, sublicense, and/or sell copies
-    #   of the Software, and to permit persons to whom the Software is
-    #   furnished to do so, subject to the following conditions:
-    #
-    #   The above copyright notice and this permission notice shall be
-    #   included in all copies or substantial portions of the Software.
-    #
-    #   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-    #   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-    #   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-    #   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-    #   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-    #   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    #   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-    #   DEALINGS IN THE SOFTWARE.
-    #
-    # </html5_license>
-
-    # ACCEPTABLE_ELEMENTS = %w[a abbr acronym address area b big blockquote br
-    #   button caption center cite code col colgroup dd del dfn dir div dl dt
-    #   em fieldset font form h1 h2 h3 h4 h5 h6 hr i img input ins kbd label
-    #   legend li map menu ol optgroup option p pre q s samp select small span
-    #   strike strong sub sup table tbody td textarea tfoot th thead tr tt u
-    #   ul var]
-    #
-    # MATHML_ELEMENTS = %w[maction math merror mfrac mi mmultiscripts mn mo
-    #   mover mpadded mphantom mprescripts mroot mrow mspace msqrt mstyle msub
-    #   msubsup msup mtable mtd mtext mtr munder munderover none]
-    #
-    # SVG_ELEMENTS = %w[a animate animateColor animateMotion animateTransform
-    #   circle defs desc ellipse font-face font-face-name font-face-src g
-    #   glyph hkern image linearGradient line marker metadata missing-glyph
-    #   mpath path polygon polyline radialGradient rect set stop svg switch
-    #   text title tspan use]
-    #
-    # ACCEPTABLE_ATTRIBUTES = %w[abbr accept accept-charset accesskey action
-    #   align alt axis border cellpadding cellspacing char charoff charset
-    #   checked cite class clear cols colspan color compact coords datetime
-    #   dir disabled enctype for frame headers height href hreflang hspace id
-    #   ismap label lang longdesc maxlength media method multiple name nohref
-    #   noshade nowrap prompt readonly rel rev rows rowspan rules scope
-    #   selected shape size span src start style summary tabindex target title
-    #   type usemap valign value vspace width xml:lang]
-    #
-    # MATHML_ATTRIBUTES = %w[actiontype align columnalign columnalign
-    #   columnalign columnlines columnspacing columnspan depth display
-    #   displaystyle equalcolumns equalrows fence fontstyle fontweight frame
-    #   height linethickness lspace mathbackground mathcolor mathvariant
-    #   mathvariant maxsize minsize other rowalign rowalign rowalign rowlines
-    #   rowspacing rowspan rspace scriptlevel selection separator stretchy
-    #   width width xlink:href xlink:show xlink:type xmlns xmlns:xlink]
-    #
-    # SVG_ATTRIBUTES = %w[accent-height accumulate additive alphabetic
-    #    arabic-form ascent attributeName attributeType baseProfile bbox begin
-    #    by calcMode cap-height class color color-rendering content cx cy d dx
-    #    dy descent display dur end fill fill-rule font-family font-size
-    #    font-stretch font-style font-variant font-weight from fx fy g1 g2
-    #    glyph-name gradientUnits hanging height horiz-adv-x horiz-origin-x id
-    #    ideographic k keyPoints keySplines keyTimes lang marker-end
-    #    marker-mid marker-start markerHeight markerUnits markerWidth
-    #    mathematical max min name offset opacity orient origin
-    #    overline-position overline-thickness panose-1 path pathLength points
-    #    preserveAspectRatio r refX refY repeatCount repeatDur
-    #    requiredExtensions requiredFeatures restart rotate rx ry slope stemh
-    #    stemv stop-color stop-opacity strikethrough-position
-    #    strikethrough-thickness stroke stroke-dasharray stroke-dashoffset
-    #    stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity
-    #    stroke-width systemLanguage target text-anchor to transform type u1
-    #    u2 underline-position underline-thickness unicode unicode-range
-    #    units-per-em values version viewBox visibility width widths x
-    #    x-height x1 x2 xlink:actuate xlink:arcrole xlink:href xlink:role
-    #    xlink:show xlink:title xlink:type xml:base xml:lang xml:space xmlns
-    #    xmlns:xlink y y1 y2 zoomAndPan]
-
-    ATTR_VAL_IS_URI = %w[href src cite action longdesc xlink:href xml:base]
-
-    ACCEPTABLE_CSS_PROPERTIES = %w[azimuth background-color
-      border-bottom-color border-collapse border-color border-left-color
-      border-right-color border-top-color clear color cursor direction
-      display elevation float font font-family font-size font-style
-      font-variant font-weight height letter-spacing line-height overflow
-      pause pause-after pause-before pitch pitch-range richness speak
-      speak-header speak-numeral speak-punctuation speech-rate stress
-      text-align text-decoration text-indent unicode-bidi vertical-align
-      voice-family volume white-space width]
-
-    ACCEPTABLE_CSS_KEYWORDS = %w[auto aqua black block blue bold both bottom
-      brown center collapse dashed dotted fuchsia gray green !important
-      italic left lime maroon medium none navy normal nowrap olive pointer
-      purple red right solid silver teal top transparent underline white
-      yellow]
-
-    ACCEPTABLE_SVG_PROPERTIES = %w[fill fill-opacity fill-rule stroke
-      stroke-width stroke-linecap stroke-linejoin stroke-opacity]
-
-    ACCEPTABLE_PROTOCOLS = %w[ed2k ftp http https irc mailto news gopher nntp
-      telnet webcal xmpp callto feed urn aim rsync tag ssh sftp rtsp afs]
-
-    # subclasses may define their own versions of these constants
-    #ALLOWED_ELEMENTS = ACCEPTABLE_ELEMENTS + MATHML_ELEMENTS + SVG_ELEMENTS
-    #ALLOWED_ATTRIBUTES = ACCEPTABLE_ATTRIBUTES + MATHML_ATTRIBUTES + SVG_ATTRIBUTES
-    ALLOWED_ELEMENTS = ['a', 'abbr', 'acronym', 'address', 'area', 'b',
-      'big', 'blockquote', 'br', 'caption', 'center', 'cite',
-      'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt',
-      'em', 'embed', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i',
-      'img', 'ins', 'kbd', 'li', 'map', 'menu', 'object', 'ol', 'p', 'param', 'pre', 'q',
-      's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup',
-      'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u',
-      'ul', 'var'
-    ]
-
-    ALLOWED_ATTRIBUTES = ['abbr', 'accept', 'accept-charset', 'accesskey',
-      'align', 'alt', 'axis', 'border', 'cellpadding',
-      'cellspacing', 'char', 'charoff', 'charset', 'checked', 'cite', 'clear',
-      'cols', 'colspan', 'color', 'compact', 'coords', 'data', 'datetime', 'dir',
-      'disabled', 'enctype', 'flashvars', 'for', 'frame', 'headers', 'href', 'hreflang',
-      'hspace', 'ismap', 'label', 'lang', 'longdesc', 'maxlength', 'media',
-      'multiple', 'name', 'nohref', 'noshade', 'nowrap', 'prompt',
-      'readonly', 'rel', 'rev', 'rows', 'rowspan', 'rules', 'scope', 'selected',
-      'shape', 'span', 'src', 'start', 'summary', 'tabindex', 'target',
-      'title', 'type', 'usemap', 'valign', 'value', 'vspace', 'xml:lang', 'width'
-    ]
-
-    ALLOWED_CSS_PROPERTIES = ACCEPTABLE_CSS_PROPERTIES
-    ALLOWED_CSS_KEYWORDS = ACCEPTABLE_CSS_KEYWORDS
-    ALLOWED_SVG_PROPERTIES = ACCEPTABLE_SVG_PROPERTIES
-    ALLOWED_PROTOCOLS = ACCEPTABLE_PROTOCOLS
-
-    VOID_ELEMENTS = %w[
-      base
-      link
-      meta
-      hr
-      br
-      img
-      embed
-      param
-      area
-      col
-      input
-    ]
-  end
-
-  module HashedWhiteList
-    #  turn each of the whitelist arrays into a hash for faster lookup
-    WhiteList.constants.each do |constant|
-      next unless WhiteList.module_eval("#{constant}").is_a?(Array)
-      module_eval <<-CODE
-        #{constant} = {}
-        WhiteList::#{constant}.each { |c| #{constant}[c] = true ; #{constant}[c.downcase] = true }
-      CODE
-    end
-  end
-end