Hello community, here is the log from the commit of package rubygem-loofah for openSUSE:Factory checked in at 2019-11-28 10:17:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-loofah (Old) and /work/SRC/openSUSE:Factory/.rubygem-loofah.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-loofah" Thu Nov 28 10:17:50 2019 rev:11 rq:751497 version:2.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-loofah/rubygem-loofah.changes 2019-11-13 13:26:28.943582334 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-loofah.new.26869/rubygem-loofah.changes 2019-11-28 10:18:03.287639558 +0100 @@ -1,0 +2,11 @@ +Thu Nov 28 07:22:05 UTC 2019 - Manuel Schnitzer <mschnit...@suse.com> + +- updated to version 2.4.0 + + ### Features + + * Allow CSS property `max-width` [#175] (Thanks, @bchaney!) + * Allow CSS sizes expressed in `rem` [#176, #177] + * Add `frozen_string_literal: true` magic comment to all `lib` files. [#118] + +------------------------------------------------------------------- Old: ---- loofah-2.3.1.gem New: ---- loofah-2.4.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-loofah.spec ++++++ --- /var/tmp/diff_new_pack.5vAum4/_old 2019-11-28 10:18:03.707639563 +0100 +++ /var/tmp/diff_new_pack.5vAum4/_new 2019-11-28 10:18:03.707639563 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-loofah -Version: 2.3.1 +Version: 2.4.0 Release: 0 %define mod_name loofah %define mod_full_name %{mod_name}-%{version} ++++++ loofah-2.3.1.gem -> loofah-2.4.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2019-10-22 15:10:42.000000000 +0200 +++ new/CHANGELOG.md 2019-11-25 19:45:25.000000000 +0100 @@ -1,5 +1,14 @@ # Changelog +## 2.4.0 / 2019-11-25 + +### Features + +* Allow CSS property `max-width` [#175] (Thanks, @bchaney!) +* Allow CSS sizes expressed in `rem` [#176, #177] +* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118] + + ## 2.3.1 / 2019-10-22 ### Security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2019-10-22 15:10:42.000000000 +0200 +++ new/Gemfile 2019-11-25 19:45:25.000000000 +0100 @@ -7,16 +7,17 @@ gem "nokogiri", ">=1.5.9" gem "crass", "~>1.0.2" -gem "rake", ">=0.8", :group => [:development, :test] +gem "rake", "~>12.3", :group => [:development, :test] gem "minitest", "~>2.2", :group => [:development, :test] gem "rr", "~>1.2.0", :group => [:development, :test] -gem "json", ">=0", :group => [:development, :test] -gem "hoe-gemspec", ">=0", :group => [:development, :test] -gem "hoe-debugging", ">=0", :group => [:development, :test] -gem "hoe-bundler", ">=0", :group => [:development, :test] -gem "hoe-git", ">=0", :group => [:development, :test] +gem "json", "~>2.2.0", :group => [:development, :test] +gem "hoe-gemspec", "~>1.0", :group => [:development, :test] +gem "hoe-debugging", "~>2.0", :group => [:development, :test] +gem "hoe-bundler", "~>1.5", :group => [:development, :test] +gem "hoe-git", "~>1.6", :group => [:development, :test] gem "concourse", ">=0.26.0", :group => [:development, :test] +gem "rubocop", ">=0.76.0", :group => [:development, :test] gem "rdoc", ">=4.0", "<7", :group => [:development, :test] -gem "hoe", "~>3.17", :group => [:development, :test] +gem "hoe", "~>3.20", :group => [:development, :test] # vim: syntax=ruby diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Rakefile new/Rakefile --- old/Rakefile 2019-10-22 15:10:42.000000000 +0200 +++ new/Rakefile 2019-11-25 19:45:25.000000000 +0100 @@ -28,6 +28,7 @@ extra_dev_deps << ["hoe-bundler", "~> 1.5"] extra_dev_deps << ["hoe-git", "~> 1.6"] extra_dev_deps << ["concourse", ">=0.26.0"] + extra_dev_deps << ["rubocop", ">=0.76.0"] end task :gemspec do @@ -75,6 +76,15 @@ load "tasks/generate-safelists" end +task :rubocop => [:rubocop_security, :rubocop_frozen_string_literals] +task :rubocop_security do + sh "rubocop lib --only Security" +end +task :rubocop_frozen_string_literals do + sh "rubocop lib --auto-correct --only Style/FrozenStringLiteralComment" +end +Rake::Task[:test].prerequisites << :rubocop + Concourse.new("loofah", fly_target: "ci") do |c| c.add_pipeline "loofah", "loofah.yml" c.add_pipeline "loofah-pr", "loofah-pr.yml" Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/elements.rb new/lib/loofah/elements.rb --- old/lib/loofah/elements.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/elements.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true require 'set' module Loofah diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/helpers.rb new/lib/loofah/helpers.rb --- old/lib/loofah/helpers.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/helpers.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah module Helpers class << self diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html/document.rb new/lib/loofah/html/document.rb --- old/lib/loofah/html/document.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/html/document.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah module HTML # :nodoc: # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html/document_fragment.rb new/lib/loofah/html/document_fragment.rb --- old/lib/loofah/html/document_fragment.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/html/document_fragment.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah module HTML # :nodoc: # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/libxml2_workarounds.rb new/lib/loofah/html5/libxml2_workarounds.rb --- old/lib/loofah/html5/libxml2_workarounds.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/html5/libxml2_workarounds.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,4 +1,5 @@ # coding: utf-8 +# frozen_string_literal: true require 'set' module Loofah diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/safelist.rb new/lib/loofah/html5/safelist.rb --- old/lib/loofah/html5/safelist.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/html5/safelist.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "set" module Loofah @@ -573,6 +574,7 @@ "line-height", "list-style", "list-style-type", + "max-width", "overflow", "pause", "pause-after", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/scrub.rb new/lib/loofah/html5/scrub.rb --- old/lib/loofah/html5/scrub.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/html5/scrub.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true require 'cgi' require 'crass' @@ -6,7 +7,7 @@ module Scrub CONTROL_CHARACTERS = /[`\u0000-\u0020\u007f\u0080-\u0101]/ - CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/ + CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(cm|r?em|ex|in|mm|pc|pt|px|%|,|\))?)\z/ CRASS_SEMICOLON = {:node => :semicolon, :raw => ";"} class << self diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/instance_methods.rb new/lib/loofah/instance_methods.rb --- old/lib/loofah/instance_methods.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/instance_methods.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah # # Mixes +scrub!+ into Document, DocumentFragment, Node and NodeSet. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/metahelpers.rb new/lib/loofah/metahelpers.rb --- old/lib/loofah/metahelpers.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/metahelpers.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah module MetaHelpers # :nodoc: def self.add_downcased_set_members_to_all_set_constants mojule diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/scrubber.rb new/lib/loofah/scrubber.rb --- old/lib/loofah/scrubber.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/scrubber.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah # # A RuntimeError raised when Loofah could not find an appropriate scrubber. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/scrubbers.rb new/lib/loofah/scrubbers.rb --- old/lib/loofah/scrubbers.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/scrubbers.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah # # Loofah provides some built-in scrubbers for sanitizing with diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/xml/document.rb new/lib/loofah/xml/document.rb --- old/lib/loofah/xml/document.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/xml/document.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah module XML # :nodoc: # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/xml/document_fragment.rb new/lib/loofah/xml/document_fragment.rb --- old/lib/loofah/xml/document_fragment.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah/xml/document_fragment.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true module Loofah module XML # :nodoc: # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah.rb new/lib/loofah.rb --- old/lib/loofah.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/lib/loofah.rb 2019-11-25 19:45:25.000000000 +0100 @@ -1,3 +1,4 @@ +# frozen_string_literal: true $LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__))) unless $LOAD_PATH.include?(File.expand_path(File.dirname(__FILE__))) require "nokogiri" @@ -28,7 +29,7 @@ # module Loofah # The version of Loofah you are using - VERSION = "2.3.1" + VERSION = "2.4.0" class << self # Shortcut for Loofah::HTML::Document.parse diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2019-10-22 15:10:42.000000000 +0200 +++ new/metadata 2019-11-25 19:45:25.000000000 +0100 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: loofah version: !ruby/object:Gem::Version - version: 2.3.1 + version: 2.4.0 platform: ruby authors: - Mike Dalessio @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2019-10-22 00:00:00.000000000 Z +date: 2019-11-25 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: nokogiri @@ -166,6 +166,20 @@ - !ruby/object:Gem::Version version: 0.26.0 - !ruby/object:Gem::Dependency + name: rubocop + requirement: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: 0.76.0 + type: :development + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: 0.76.0 +- !ruby/object:Gem::Dependency name: rdoc requirement: !ruby/object:Gem::Requirement requirements: @@ -191,14 +205,14 @@ requirements: - - "~>" - !ruby/object:Gem::Version - version: '3.18' + version: '3.20' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '3.18' + version: '3.20' description: |- Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. @@ -261,7 +275,8 @@ homepage: https://github.com/flavorjones/loofah licenses: - MIT -metadata: {} +metadata: + homepage_uri: https://github.com/flavorjones/loofah post_install_message: rdoc_options: - "--main" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/html5/test_sanitizer.rb new/test/html5/test_sanitizer.rb --- old/test/html5/test_sanitizer.rb 2019-10-22 15:10:42.000000000 +0200 +++ new/test/html5/test_sanitizer.rb 2019-11-25 19:45:25.000000000 +0100 @@ -294,6 +294,12 @@ assert_match %r/0.3333333334em/, sane.inner_html end + def test_css_rem_value + html = "<span style=\"margin-top:10rem;\">" + sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml) + assert_match %r/10rem/, sane.inner_html + end + def test_css_function_sanitization_leaves_safelisted_functions_calc html = "<span style=\"width:calc(5%)\">" sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_html) @@ -326,6 +332,13 @@ assert_match %r/<span><\/span>/, sane.inner_html end + def test_css_max_width + html = '<div style="max-width: 100%;"></div>' + sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml) + assert_match %r/max-width/, sane.inner_html + end + + def test_issue_90_slow_regex skip("timing tests are hard to make pass and have little regression-testing value")