Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rubygem-loofah for openSUSE:Factory checked in at 2021-08-25 20:58:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-loofah (Old) and /work/SRC/openSUSE:Factory/.rubygem-loofah.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-loofah" Wed Aug 25 20:58:08 2021 rev:19 rq:914125 version:2.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-loofah/rubygem-loofah.changes 2021-07-02 13:28:39.432206542 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-loofah.new.1899/rubygem-loofah.changes 2021-08-25 20:59:39.893046449 +0200 @@ -1,0 +2,25 @@ +Wed Aug 25 05:14:19 UTC 2021 - Manuel Schnitzer <mschnit...@suse.com> + +- updated to version 2.12.0 + + ## 2.12.0 / 2021-08-11 + + ### Features + + * Support empty HTML5 data attributes. [[#215](https://github.com/flavorjones/loofah/issues/215)] + + + ## 2.11.0 / 2021-07-31 + + ### Features + + * Allow HTML5 element `wbr`. + * Allow all CSS property values for `border-collapse`. [[#201](https://github.com/flavorjones/loofah/issues/201)] + + + ### Changes + + * Deprecating `Loofah::HTML5::SafeList::VOID_ELEMENTS` which is not a canonical list of void HTML4 or HTML5 elements. + * Removed some elements from `Loofah::HTML5::SafeList::VOID_ELEMENTS` that either are not acceptable elements or aren't considered "void" by libxml2. + +------------------------------------------------------------------- Old: ---- loofah-2.10.0.gem New: ---- loofah-2.12.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-loofah.spec ++++++ --- /var/tmp/diff_new_pack.QZNntp/_old 2021-08-25 20:59:40.373045819 +0200 +++ /var/tmp/diff_new_pack.QZNntp/_new 2021-08-25 20:59:40.377045814 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-loofah -Version: 2.10.0 +Version: 2.12.0 Release: 0 %define mod_name loofah %define mod_full_name %{mod_name}-%{version} @@ -45,7 +45,6 @@ Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure. - %prep %build ++++++ loofah-2.10.0.gem -> loofah-2.12.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2021-06-06 19:00:32.000000000 +0200 +++ new/CHANGELOG.md 2021-08-11 19:30:17.000000000 +0200 @@ -1,5 +1,26 @@ # Changelog +## 2.12.0 / 2021-08-11 + +### Features + +* Support empty HTML5 data attributes. [[#215](https://github.com/flavorjones/loofah/issues/215)] + + +## 2.11.0 / 2021-07-31 + +### Features + +* Allow HTML5 element `wbr`. +* Allow all CSS property values for `border-collapse`. [[#201](https://github.com/flavorjones/loofah/issues/201)] + + +### Changes + +* Deprecating `Loofah::HTML5::SafeList::VOID_ELEMENTS` which is not a canonical list of void HTML4 or HTML5 elements. +* Removed some elements from `Loofah::HTML5::SafeList::VOID_ELEMENTS` that either are not acceptable elements or aren't considered "void" by libxml2. + + ## 2.10.0 / 2021-06-06 ### Features diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2021-06-06 19:00:32.000000000 +0200 +++ new/README.md 2021-08-11 19:30:17.000000000 +0200 @@ -6,8 +6,7 @@ ## Status -[](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/loofah) -[](https://codeclimate.com/github/flavorjones/loofah) +[](https://github.com/flavorjones/loofah/actions/workflows/ci.yml) [](https://tidelift.com/subscription/pkg/rubygems-loofah?utm_source=rubygems-loofah&utm_medium=referral&utm_campaign=readme) Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/safelist.rb new/lib/loofah/html5/safelist.rb --- old/lib/loofah/html5/safelist.rb 2021-06-06 19:00:32.000000000 +0200 +++ new/lib/loofah/html5/safelist.rb 2021-08-11 19:30:17.000000000 +0200 @@ -140,6 +140,7 @@ "ul", "var", "video", + "wbr", ]) MATHML_ELEMENTS = Set.new([ @@ -637,6 +638,8 @@ "green", "groove", "hidden", + "inherit", + "initial", "inset", "italic", "left", @@ -652,16 +655,19 @@ "pointer", "purple", "red", + "revert", "ridge", "right", + "separate", "silver", "solid", "teal", - "thin", "thick", + "thin", "top", "transparent", "underline", + "unset", "white", "yellow", ]) @@ -788,18 +794,14 @@ ALLOWED_PROTOCOLS = ACCEPTABLE_PROTOCOLS ALLOWED_URI_DATA_MEDIATYPES = ACCEPTABLE_URI_DATA_MEDIATYPES + # TODO: remove VOID_ELEMENTS in a future major release + # and put it in the tests (it is used only for testing, not for functional behavior) VOID_ELEMENTS = Set.new([ "area", - "base", "br", - "col", - "embed", "hr", "img", "input", - "link", - "meta", - "param", ]) # additional tags we should consider safe since we have libxml2 fixing up our documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/scrub.rb new/lib/loofah/html5/scrub.rb --- old/lib/loofah/html5/scrub.rb 2021-06-06 19:00:32.000000000 +0200 +++ new/lib/loofah/html5/scrub.rb 2021-08-11 19:30:17.000000000 +0200 @@ -10,6 +10,7 @@ CRASS_SEMICOLON = { node: :semicolon, raw: ";" } CSS_IMPORTANT = '!important' CSS_PROPERTY_STRING_WITHOUT_EMBEDDED_QUOTES = /\A(["'])?[^"']+\1\z/ + DATA_ATTRIBUTE_NAME = /\Adata-[\w-]+\z/ class << self def allowed_element?(element_name) @@ -25,7 +26,7 @@ attr_node.node_name end - if attr_name =~ /\Adata-[\w-]+\z/ + if attr_name =~ DATA_ATTRIBUTE_NAME next end @@ -62,7 +63,9 @@ scrub_css_attribute(node) node.attribute_nodes.each do |attr_node| - node.remove_attribute(attr_node.name) if attr_node.value !~ /[^[:space:]]/ + if attr_node.value !~ /[^[:space:]]/ && attr_node.name !~ DATA_ATTRIBUTE_NAME + node.remove_attribute(attr_node.name) + end end force_correct_attribute_escaping!(node) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/version.rb new/lib/loofah/version.rb --- old/lib/loofah/version.rb 2021-06-06 19:00:32.000000000 +0200 +++ new/lib/loofah/version.rb 2021-08-11 19:30:17.000000000 +0200 @@ -1,5 +1,5 @@ # frozen_string_literal: true module Loofah # The version of Loofah you are using - VERSION = "2.10.0" + VERSION = "2.12.0" end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2021-06-06 19:00:32.000000000 +0200 +++ new/metadata 2021-08-11 19:30:17.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: loofah version: !ruby/object:Gem::Version - version: 2.10.0 + version: 2.12.0 platform: ruby authors: - Mike Dalessio @@ -9,23 +9,9 @@ autorequire: bindir: bin cert_chain: [] -date: 2021-06-06 00:00:00.000000000 Z +date: 2021-08-11 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency - name: nokogiri - requirement: !ruby/object:Gem::Requirement - requirements: - - - ">=" - - !ruby/object:Gem::Version - version: 1.5.9 - type: :runtime - prerelease: false - version_requirements: !ruby/object:Gem::Requirement - requirements: - - - ">=" - - !ruby/object:Gem::Version - version: 1.5.9 -- !ruby/object:Gem::Dependency name: crass requirement: !ruby/object:Gem::Requirement requirements: @@ -40,47 +26,33 @@ - !ruby/object:Gem::Version version: 1.0.2 - !ruby/object:Gem::Dependency - name: rake - requirement: !ruby/object:Gem::Requirement - requirements: - - - "~>" - - !ruby/object:Gem::Version - version: '13.0' - type: :development - prerelease: false - version_requirements: !ruby/object:Gem::Requirement - requirements: - - - "~>" - - !ruby/object:Gem::Version - version: '13.0' -- !ruby/object:Gem::Dependency - name: minitest + name: nokogiri requirement: !ruby/object:Gem::Requirement requirements: - - - "~>" + - - ">=" - !ruby/object:Gem::Version - version: '5.14' - type: :development + version: 1.5.9 + type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - "~>" + - - ">=" - !ruby/object:Gem::Version - version: '5.14' + version: 1.5.9 - !ruby/object:Gem::Dependency - name: rr + name: hoe-markdown requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: 1.2.0 + version: '1.3' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: 1.2.0 + version: '1.3' - !ruby/object:Gem::Dependency name: json requirement: !ruby/object:Gem::Requirement @@ -96,33 +68,33 @@ - !ruby/object:Gem::Version version: '2.2' - !ruby/object:Gem::Dependency - name: concourse + name: minitest requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '0.33' + version: '5.14' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '0.33' + version: '5.14' - !ruby/object:Gem::Dependency - name: rubocop + name: rake requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '1.1' + version: '13.0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '1.1' + version: '13.0' - !ruby/object:Gem::Dependency name: rdoc requirement: !ruby/object:Gem::Requirement @@ -144,19 +116,33 @@ - !ruby/object:Gem::Version version: '7' - !ruby/object:Gem::Dependency - name: hoe-markdown + name: rr requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '1.3' + version: 1.2.0 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '1.3' + version: 1.2.0 +- !ruby/object:Gem::Dependency + name: rubocop + requirement: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '1.1' + type: :development + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '1.1' description: |- Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
