Hello community,
here is the log from the commit of package rubygem-rails-html-sanitizer for
openSUSE:Factory checked in at 2015-03-18 13:05:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rails-html-sanitizer (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rails-html-sanitizer.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rails-html-sanitizer"
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-rails-html-sanitizer/rubygem-rails-html-sanitizer.changes
2015-02-18 12:08:35.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-rails-html-sanitizer.new/rubygem-rails-html-sanitizer.changes
2015-03-18 13:05:01.000000000 +0100
@@ -1,0 +2,5 @@
+Mon Mar 16 06:51:40 UTC 2015 - [email protected]
+
+- updated to version 1.0.2, no changelog
+
+-------------------------------------------------------------------
Old:
----
rails-html-sanitizer-1.0.1.gem
New:
----
rails-html-sanitizer-1.0.2.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rails-html-sanitizer.spec ++++++
--- /var/tmp/diff_new_pack.qkUR7q/_old 2015-03-18 13:05:02.000000000 +0100
+++ /var/tmp/diff_new_pack.qkUR7q/_new 2015-03-18 13:05:02.000000000 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-rails-html-sanitizer
-Version: 1.0.1
+Version: 1.0.2
Release: 0
%define mod_name rails-html-sanitizer
%define mod_full_name %{mod_name}-%{version}
@@ -40,12 +40,12 @@
Url: https://github.com/rafaelfranca/rails-html-sanitizer
Source: http://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
-Summary: This gem is responsible to sanitize HTML fragments in Rails
+Summary: HTML sanitization to Rails applications (part of Rails)
License: MIT
Group: Development/Languages/Ruby
%description
-HTML sanitization to Rails applications.
+HTML sanitization for Rails applications.
%prep
++++++ gem2rpm.yml ++++++
--- /var/tmp/diff_new_pack.qkUR7q/_old 2015-03-18 13:05:02.000000000 +0100
+++ /var/tmp/diff_new_pack.qkUR7q/_new 2015-03-18 13:05:02.000000000 +0100
@@ -1,74 +1,5 @@
# ---
-# ## used by gem2rpm
:summary: HTML sanitization to Rails applications (part of Rails)
-# ## used by gem2rpm
-# :description: |-
-# this is a custom description
-#
-# it can be multiline
-# ## used by gem2rpm
-# :license: MIT or Ruby
-# ## used by gem2rpm and gem_packages
-# :version_suffix: -x_y
-# ## used by gem2rpm and gem_packages
-# :disable_docs: true
-# ## used by gem2rpm
-# :disable_automatic_rdoc_dep: true
-# ## used by gem2rpm
-# :preamble: |-
-# BuildRequires: foobar
-# Requires: foobar
-# ## used by gem2rpm
-# :patches:
-# foo.patch: -p1
-# bar.patch:
-# ## used by gem2rpm
-# :sources:
-# - foo.desktop
-# - bar.desktop
-# :gem_install_args: '....'
-# ## used by gem2rpm
-# :pre_install: |-
-# %if 0%{?use_system_libev}
-# export USE_VENDORED_LIBEV="no"
-# %endif
-# ## used by gem2rpm
-# :post_install: |-
-# # delete custom files here or do other fancy stuff
-# install -D -m 0644 %{S:1} %{buildroot}%{_bindir}/gem2rpm-opensuse
-# ## used by gem2rpm
-# :testsuite_command: |-
-# (pushd %{buildroot}%{gem_base}/gems/%{mod_full_name} && rake test)
-# ## used by gem2rpm
-# :filelist: |-
-# /usr/bin/gem2rpm-opensuse
-# ## used by gem2rpm
-# :scripts:
-# :post: |-
-# /bin/echo foo
-# ## used by gem_packages
-# :main:
-# :preamble: |-
-# Requires: util-linux
-# Recommends: pwgen
-# :filelist: |-
-# /usr/bin/gem2rpm-opensuse
-# ## used by gem_packages
-# :custom:
-# apache:
-# :preamble: |-
-# Requires: .....
-# :filelist: |-
-# /etc/apache2/conf.d/passenger.conf
-# :summary: Custom summary is optional
-# :description: |-
-# Custom description is optional
-#
-# bar
-# :post: |-
-# /bin/echo foo
-#
----
:preamble: |-
%if 0%{?suse_version} == 1110
%define rb_build_versions ruby21
++++++ rails-html-sanitizer-1.0.1.gem -> rails-html-sanitizer-1.0.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2014-09-25 18:06:54.000000000 +0200
+++ new/README.md 2015-03-10 21:28:27.000000000 +0100
@@ -1,9 +1,9 @@
# Rails Html Sanitizers
-In Rails 5 this gem will be responsible for sanitizing HTML fragments in Rails
applications,
-i.e. in the `sanitize`, `sanitize_css`, `strip_tags` and `strip_links` methods.
+In Rails 4.2 and above this gem will be responsible for sanitizing HTML
fragments in Rails
+applications, i.e. in the `sanitize`, `sanitize_css`, `strip_tags` and
`strip_links` methods.
-Include it in your Gemfile now to test for any incompatibilities and enjoy a
safer and cleaner future.
+Rails Html Sanitizer is only intended to be used with Rails applications. If
you need similar functionality in non Rails apps consider using
[Loofah](https://github.com/flavorjones/loofah) directly (that's what handles
sanitization under the hood).
## Installation
Files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rails/html/sanitizer/version.rb
new/lib/rails/html/sanitizer/version.rb
--- old/lib/rails/html/sanitizer/version.rb 2014-09-25 18:06:54.000000000
+0200
+++ new/lib/rails/html/sanitizer/version.rb 2015-03-10 21:28:27.000000000
+0100
@@ -1,7 +1,7 @@
module Rails
module Html
class Sanitizer
- VERSION = "1.0.1"
+ VERSION = "1.0.2"
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rails/html/sanitizer.rb
new/lib/rails/html/sanitizer.rb
--- old/lib/rails/html/sanitizer.rb 2014-09-25 18:06:54.000000000 +0200
+++ new/lib/rails/html/sanitizer.rb 2015-03-10 21:28:27.000000000 +0100
@@ -28,7 +28,7 @@
Loofah.fragment(html).tap do |fragment|
remove_xpaths(fragment, XPATHS_TO_REMOVE)
- end.text
+ end.text(options)
end
end
@@ -120,7 +120,7 @@
loofah_fragment.scrub!(:strip)
end
- loofah_fragment.to_s
+ properly_encode(loofah_fragment, encoding: 'UTF-8')
end
def sanitize_css(style_string)
@@ -136,6 +136,10 @@
def allowed_attributes(options)
options[:attributes] || self.class.allowed_attributes
end
+
+ def properly_encode(fragment, options)
+ fragment.xml? ? fragment.to_xml(options) : fragment.to_html(options)
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2014-09-25 18:06:54.000000000 +0200
+++ new/metadata 2015-03-10 21:28:27.000000000 +0100
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: rails-html-sanitizer
version: !ruby/object:Gem::Version
- version: 1.0.1
+ version: 1.0.2
platform: ruby
authors:
- Rafael Mendonça França
@@ -9,7 +9,7 @@
autorequire:
bindir: bin
cert_chain: []
-date: 2014-09-25 00:00:00.000000000 Z
+date: 2015-03-10 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: loofah
@@ -81,7 +81,7 @@
- - ">="
- !ruby/object:Gem::Version
version: '0'
-description: HTML sanitization to Rails applications
+description: HTML sanitization for Rails applications
email:
- [email protected]
- [email protected]
@@ -118,7 +118,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.2.1
+rubygems_version: 2.4.5
signing_key:
specification_version: 4
summary: This gem is responsible to sanitize HTML fragments in Rails
applications.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/sanitizer_test.rb new/test/sanitizer_test.rb
--- old/test/sanitizer_test.rb 2014-09-25 18:06:54.000000000 +0200
+++ new/test/sanitizer_test.rb 2015-03-10 21:28:27.000000000 +0100
@@ -104,6 +104,11 @@
assert_equal "Frozen string with no tags", full_sanitize("Frozen string
with no tags".freeze)
end
+ def test_full_sanitize_allows_turning_off_encoding_special_chars
+ assert_equal '&', full_sanitize('&')
+ assert_equal '&', full_sanitize('&', encode_special_chars: false)
+ end
+
def test_strip_links_with_tags_in_tags
expected = "a href='hello'>all <b>day</b> long/a>"
input = "<<a>a href='hello'>all <b>day</b> long<</A>/a>"
@@ -173,7 +178,7 @@
end
def test_should_allow_anchors
- assert_sanitized %(<a href="foo" onclick="bar"><script>baz</script></a>),
%(<a href=\"foo\">baz</a>)
+ assert_sanitized %(<a href="foo" onclick="bar"><script>baz</script></a>),
%(<a href=\"foo\"></a>)
end
def test_video_poster_sanitization
@@ -441,6 +446,13 @@
assert_sanitized %(<a href="http://legit">), %(<a
href="http://legit";>)
end
+ def test_sanitize_ascii_8bit_string
+ white_list_sanitize('<a>hello</a>'.encode('ASCII-8BIT')).tap do |sanitized|
+ assert_equal '<a>hello</a>', sanitized
+ assert_equal Encoding::UTF_8, sanitized.encoding
+ end
+ end
+
protected
def xpath_sanitize(input, options = {})
@@ -472,7 +484,7 @@
end
def scope_allowed_tags(tags)
- Rails::Html::WhiteListSanitizer.allowed_tags = %w(u)
+ Rails::Html::WhiteListSanitizer.allowed_tags = tags
yield Rails::Html::WhiteListSanitizer.new
ensure
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
