sutty-liquid 0.11.12 → 0.12.0rc0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/jekyll/filters/strings.rb +54 -0
- metadata +18 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a115b92ca64ac9e835375765973be8644207695da46a8eb542780365f963081
|
|
4
|
+
data.tar.gz: 5ed09726684f3a905e11afc6dd82b822dfe8cba9ba50eb1a5b5677e348c36c94
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a135688c8a8bba5d0742e4c7536b44eb6db8a0c24ed0123394dfa257835d854f25fdccc5c668c7710c3fac4a5fa09bbbd4878476dd361f58c82abd89b8e56abd
|
|
7
|
+
data.tar.gz: a2d4bf13672469e9f4e39598c2f103163a89e8673a58e5a866108c241aac367a36a8dea657f2e1392d0f2711caed43cff9264e163b25890acaed265bcb1ff1a3
|
|
@@ -75,6 +75,60 @@ module Jekyll
|
|
|
75
75
|
|
|
76
76
|
Addressable::URI.encode_component input.to_s, Addressable::URI::CharacterClasses::UNRESERVED
|
|
77
77
|
end
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
# Sanitizes HTML. By default follows Sutty CMS allowlist.
|
|
81
|
+
#
|
|
82
|
+
# @todo Benchmark Jekyll cache, because it'll need to hash all params
|
|
83
|
+
# @param input [String]
|
|
84
|
+
# @param tags [String,Array<String>] Allowed elements. Can be a comma-separated string
|
|
85
|
+
# @param attrs [String,Array<String>] Allowed attributes. Can be a comma-separated string
|
|
86
|
+
def sanitize_html(input, tags = nil, attrs = nil)
|
|
87
|
+
tags = list_to_array(tags, ALLOWED_TAGS)
|
|
88
|
+
attrs = list_to_array(attrs, ALLOWED_ATTRIBUTES)
|
|
89
|
+
|
|
90
|
+
sanitizer.sanitize(input.to_s.tr("\r", '').unicode_normalize, tags: tags, attributes: attrs).strip
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
ALLOWED_ATTRIBUTES = %w[style href src alt controls data-align data-multimedia data-multimedia-inner id name rel target referrerpolicy class colspan rowspan role data-turbo start type reversed].freeze
|
|
94
|
+
ALLOWED_TAGS = %w[strong em del u mark p h1 h2 h3 h4 h5 h6 ul ol li img iframe audio video div figure blockquote figcaption a sub sup small table thead tbody tfoot tr th td br code].freeze
|
|
95
|
+
|
|
96
|
+
private
|
|
97
|
+
|
|
98
|
+
# Turn values to arrays or return a default array if empty. Use a
|
|
99
|
+
# class-level cache because we'll probably parse tags and
|
|
100
|
+
# attributes many times.
|
|
101
|
+
#
|
|
102
|
+
# @param input [String,Array<String>]
|
|
103
|
+
# @param default [Array<String>]
|
|
104
|
+
# @return [Array<String>]
|
|
105
|
+
def list_to_array(input, default)
|
|
106
|
+
@@list_to_array ||= {}
|
|
107
|
+
@@list_to_array[input] ||=
|
|
108
|
+
begin
|
|
109
|
+
array =
|
|
110
|
+
case input
|
|
111
|
+
when Array then input
|
|
112
|
+
else input.to_s.split(',').map(&:strip)
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
if array.empty?
|
|
116
|
+
default
|
|
117
|
+
else
|
|
118
|
+
array
|
|
119
|
+
end
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
def sanitizer
|
|
124
|
+
@@sanitizer ||=
|
|
125
|
+
begin
|
|
126
|
+
require 'rails/html/sanitizer'
|
|
127
|
+
require 'rails/html/scrubbers'
|
|
128
|
+
|
|
129
|
+
Rails::HTML5::Sanitizer.safe_list_sanitizer.new
|
|
130
|
+
end
|
|
131
|
+
end
|
|
78
132
|
end
|
|
79
133
|
end
|
|
80
134
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sutty-liquid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.12.0rc0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- f
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-07-
|
|
11
|
+
date: 2024-07-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fast_blank
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '4'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: rails-html-sanitizer
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 1.6.0
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 1.6.0
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: minitest
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -176,9 +190,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
176
190
|
version: 2.7.0
|
|
177
191
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
178
192
|
requirements:
|
|
179
|
-
- - "
|
|
193
|
+
- - ">"
|
|
180
194
|
- !ruby/object:Gem::Version
|
|
181
|
-
version:
|
|
195
|
+
version: 1.3.1
|
|
182
196
|
requirements: []
|
|
183
197
|
rubygems_version: 3.3.26
|
|
184
198
|
signing_key:
|