Hello community, here is the log from the commit of package rubygem-loofah for openSUSE:Factory checked in at 2015-08-27 08:56:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-loofah (Old) and /work/SRC/openSUSE:Factory/.rubygem-loofah.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-loofah" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-loofah/rubygem-loofah.changes 2015-05-07 08:29:22.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-loofah.new/rubygem-loofah.changes 2015-08-27 08:56:06.000000000 +0200 @@ -1,0 +2,12 @@ +Tue Aug 18 04:32:46 UTC 2015 - [email protected] + +- updated to version 2.0.3 + see installed CHANGELOG.rdoc + + == 2.0.3 / 2015-08-17 + + Bug fixes: + + * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.) + +------------------------------------------------------------------- Old: ---- loofah-2.0.2.gem New: ---- loofah-2.0.3.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-loofah.spec ++++++ --- /var/tmp/diff_new_pack.bgLSks/_old 2015-08-27 08:56:06.000000000 +0200 +++ /var/tmp/diff_new_pack.bgLSks/_new 2015-08-27 08:56:06.000000000 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-loofah -Version: 2.0.2 +Version: 2.0.3 Release: 0 %define mod_name loofah %define mod_full_name %{mod_name}-%{version} ++++++ loofah-2.0.2.gem -> loofah-2.0.3.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.rdoc new/CHANGELOG.rdoc --- old/CHANGELOG.rdoc 2015-05-05 21:59:35.000000000 +0200 +++ new/CHANGELOG.rdoc 2015-08-17 20:10:12.000000000 +0200 @@ -1,5 +1,12 @@ = Changelog +== 2.0.3 / 2015-08-17 + +Bug fixes: + +* Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.) + + == 2.0.2 / 2015-05-05 Bug fixes: Files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/scrub.rb new/lib/loofah/html5/scrub.rb --- old/lib/loofah/html5/scrub.rb 2015-05-05 21:59:35.000000000 +0200 +++ new/lib/loofah/html5/scrub.rb 2015-08-17 20:10:12.000000000 +0200 @@ -67,7 +67,7 @@ style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ') # gauntlet - return '' unless style =~ /\A([-:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ + return '' unless style =~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ return '' unless style =~ /\A\s*([-\w]+\s*:[^:;]*(;\s*|$))*\z/ clean = [] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah.rb new/lib/loofah.rb --- old/lib/loofah.rb 2015-05-05 21:59:35.000000000 +0200 +++ new/lib/loofah.rb 2015-08-17 20:10:12.000000000 +0200 @@ -27,7 +27,7 @@ # module Loofah # The version of Loofah you are using - VERSION = '2.0.2' + VERSION = '2.0.3' class << self # Shortcut for Loofah::HTML::Document.parse diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2015-05-05 21:59:35.000000000 +0200 +++ new/metadata 2015-08-17 20:10:12.000000000 +0200 @@ -1,170 +1,170 @@ --- !ruby/object:Gem::Specification name: loofah version: !ruby/object:Gem::Version - version: 2.0.2 + version: 2.0.3 platform: ruby authors: - Mike Dalessio - Bryan Helmkamp -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2015-05-05 00:00:00.000000000 Z +date: 2015-08-17 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: nokogiri - version_requirements: !ruby/object:Gem::Requirement - requirements: - - - '>=' - - !ruby/object:Gem::Version - version: 1.5.9 requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: 1.5.9 - prerelease: false type: :runtime -- !ruby/object:Gem::Dependency - name: rdoc + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - ~> + - - ">=" - !ruby/object:Gem::Version - version: '4.0' + version: 1.5.9 +- !ruby/object:Gem::Dependency + name: rdoc requirement: !ruby/object:Gem::Requirement requirements: - - - ~> + - - "~>" - !ruby/object:Gem::Version version: '4.0' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: rake + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - "~>" - !ruby/object:Gem::Version - version: '0.8' + version: '4.0' +- !ruby/object:Gem::Dependency + name: rake requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0.8' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: minitest + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - ~> + - - ">=" - !ruby/object:Gem::Version - version: '2.2' + version: '0.8' +- !ruby/object:Gem::Dependency + name: minitest requirement: !ruby/object:Gem::Requirement requirements: - - - ~> + - - "~>" - !ruby/object:Gem::Version version: '2.2' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: rr + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - ~> + - - "~>" - !ruby/object:Gem::Version - version: 1.1.0 + version: '2.2' +- !ruby/object:Gem::Dependency + name: rr requirement: !ruby/object:Gem::Requirement requirements: - - - ~> + - - "~>" - !ruby/object:Gem::Version version: 1.1.0 - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: json + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - "~>" - !ruby/object:Gem::Version - version: '0' + version: 1.1.0 +- !ruby/object:Gem::Dependency + name: json requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: hoe-gemspec + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' +- !ruby/object:Gem::Dependency + name: hoe-gemspec requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: hoe-debugging + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' +- !ruby/object:Gem::Dependency + name: hoe-debugging requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: hoe-bundler + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' +- !ruby/object:Gem::Dependency + name: hoe-bundler requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: hoe-git + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' +- !ruby/object:Gem::Dependency + name: hoe-git requirement: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' - prerelease: false type: :development -- !ruby/object:Gem::Dependency - name: hoe + prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - ~> + - - ">=" - !ruby/object:Gem::Version - version: '3.13' + version: '0' +- !ruby/object:Gem::Dependency + name: hoe requirement: !ruby/object:Gem::Requirement requirements: - - - ~> + - - "~>" - !ruby/object:Gem::Version version: '3.13' - prerelease: false type: :development + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '3.13' description: |- Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so @@ -189,7 +189,7 @@ - Manifest.txt - README.rdoc files: -- .gemtest +- ".gemtest" - CHANGELOG.rdoc - Gemfile - MIT-LICENSE.txt @@ -230,26 +230,27 @@ licenses: - MIT metadata: {} -post_install_message: +post_install_message: rdoc_options: -- --main +- "--main" - README.rdoc require_paths: - lib required_ruby_version: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' required_rubygems_version: !ruby/object:Gem::Requirement requirements: - - - '>=' + - - ">=" - !ruby/object:Gem::Version version: '0' requirements: [] -rubyforge_project: -rubygems_version: 2.4.5 -signing_key: +rubyforge_project: +rubygems_version: 2.4.6 +signing_key: specification_version: 4 -summary: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments +summary: Loofah is a general library for manipulating and transforming HTML/XML documents + and fragments test_files: [] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/html5/test_sanitizer.rb new/test/html5/test_sanitizer.rb --- old/test/html5/test_sanitizer.rb 2015-05-05 21:59:35.000000000 +0200 +++ new/test/html5/test_sanitizer.rb 2015-08-17 20:10:12.000000000 +0200 @@ -31,6 +31,12 @@ %Q{given: "#{input}"\nexpected: "#{htmloutput}"\ngot: "#{sane}"}) end + def assert_completes_in_reasonable_time &block + t0 = Time.now + block.call + assert_in_delta t0, Time.now, 0.01 # arbitrary seconds + end + (HTML5::WhiteList::ALLOWED_ELEMENTS).each do |tag_name| define_method "test_should_allow_#{tag_name}_tag" do input = "<#{tag_name} title='1'>foo <bad>bar</bad> baz</#{tag_name}>" @@ -223,16 +229,26 @@ end def test_css_negative_value_sanitization + skip "pending better CSS parsing, see https://github.com/flavorjones/loofah/issues/90"; html = "<span style=\"letter-spacing:-0.03em;\">" sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml) assert_match %r/-0.03em/, sane.inner_html end def test_css_negative_value_sanitization_shorthand_css_properties + skip "pending better CSS parsing, see https://github.com/flavorjones/loofah/issues/90"; html = "<span style=\"margin-left:-0.05em;\">" sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml) assert_match %r/-0.05em/, sane.inner_html end + + def test_issue_90_slow_regex + html = %q{<span style="background: url('data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20width%3D%2232%22%20height%3D%2232%22%20viewBox%3D%220%200%2032%2032%22%3E%3Cpath%20fill%3D%22%23D4C8AE%22%20d%3D%22M0%200h32v32h-32z%22%2F%3E%3Cpath%20fill%3D%22%2383604B%22%20d%3D%22M0%200h31.99v11.75h-31.99z%22%2F%3E%3Cpath%20fill%3D%22%233D2319%22%20d%3D%22M0%2011.5h32v.5h-32z%22%2F%3E%3Cpath%20fill%3D%22%23F83651%22%20d%3D%22M5%200h1v10.5h-1z%22%2F%3E%3Cpath%20fill%3D%22%23FCD050%22%20d%3D%22M6%200h1v10.5h-1z%22%2F%3E%3Cpath%20fill%3D%22%2371C797%22%20d%3D%22M7%200h1v10.5h-1z%22%2F%3E%3Cpath%20fill%3D%22%23509CF9%22%20d%3D%22M8%200h1v10.5h-1z%22%2F%3E%3ClinearGradient%20id%3D%22a%22%20gradientUnits%3D%22userSpaceOnUse%22%20x1%3D%2224.996%22%20y1%3D%2210.5%22%20x2%3D%2224.996%22%20y2%3D%224.5%22%3E%3Cstop%20offset%3D%220%22%20stop-color%3D%22%23796055%22%2F%3E%3Cstop%20offset%3D%22.434%22%20stop-color%3D%22%23614C43%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%233D2D28%22%2F%3E%3C%2FlinearGradient%3E%3Cpath%20fill%3D%22url(%23a)%22%20d%3D%22M28%208.5c0%201.1-.9%202-2%202h-2c-1.1%200-2-.9-2-2v-2c0-1.1.9-2%202-2h2c1.1%200%202%20.9%202%202v2z%22%2F%3E%3Cpath%20fill%3D%22%235F402E%22%20d%3D%22M28%208c0%201.1-.9%202-2%202h-2c-1.1%200-2-.9-2-2v-2c0-1.1.9-2%202-2h2c1.1%200%202%20.9%202%202v2z%22%2F%3E%3C');"></span>} + + assert_completes_in_reasonable_time { + sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_html) + } + end end # <html5_license>
