Hello community, here is the log from the commit of package rubygem-rails-html-sanitizer for openSUSE:Factory checked in at 2015-03-18 13:05:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-rails-html-sanitizer (Old) and /work/SRC/openSUSE:Factory/.rubygem-rails-html-sanitizer.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rails-html-sanitizer" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-rails-html-sanitizer/rubygem-rails-html-sanitizer.changes 2015-02-18 12:08:35.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-rails-html-sanitizer.new/rubygem-rails-html-sanitizer.changes 2015-03-18 13:05:01.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Mar 16 06:51:40 UTC 2015 - co...@suse.com + +- updated to version 1.0.2, no changelog + +------------------------------------------------------------------- Old: ---- rails-html-sanitizer-1.0.1.gem New: ---- rails-html-sanitizer-1.0.2.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-rails-html-sanitizer.spec ++++++ --- /var/tmp/diff_new_pack.qkUR7q/_old 2015-03-18 13:05:02.000000000 +0100 +++ /var/tmp/diff_new_pack.qkUR7q/_new 2015-03-18 13:05:02.000000000 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-rails-html-sanitizer -Version: 1.0.1 +Version: 1.0.2 Release: 0 %define mod_name rails-html-sanitizer %define mod_full_name %{mod_name}-%{version} @@ -40,12 +40,12 @@ Url: https://github.com/rafaelfranca/rails-html-sanitizer Source: http://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml -Summary: This gem is responsible to sanitize HTML fragments in Rails +Summary: HTML sanitization to Rails applications (part of Rails) License: MIT Group: Development/Languages/Ruby %description -HTML sanitization to Rails applications. +HTML sanitization for Rails applications. %prep ++++++ gem2rpm.yml ++++++ --- /var/tmp/diff_new_pack.qkUR7q/_old 2015-03-18 13:05:02.000000000 +0100 +++ /var/tmp/diff_new_pack.qkUR7q/_new 2015-03-18 13:05:02.000000000 +0100 @@ -1,74 +1,5 @@ # --- -# ## used by gem2rpm :summary: HTML sanitization to Rails applications (part of Rails) -# ## used by gem2rpm -# :description: |- -# this is a custom description -# -# it can be multiline -# ## used by gem2rpm -# :license: MIT or Ruby -# ## used by gem2rpm and gem_packages -# :version_suffix: -x_y -# ## used by gem2rpm and gem_packages -# :disable_docs: true -# ## used by gem2rpm -# :disable_automatic_rdoc_dep: true -# ## used by gem2rpm -# :preamble: |- -# BuildRequires: foobar -# Requires: foobar -# ## used by gem2rpm -# :patches: -# foo.patch: -p1 -# bar.patch: -# ## used by gem2rpm -# :sources: -# - foo.desktop -# - bar.desktop -# :gem_install_args: '....' -# ## used by gem2rpm -# :pre_install: |- -# %if 0%{?use_system_libev} -# export USE_VENDORED_LIBEV="no" -# %endif -# ## used by gem2rpm -# :post_install: |- -# # delete custom files here or do other fancy stuff -# install -D -m 0644 %{S:1} %{buildroot}%{_bindir}/gem2rpm-opensuse -# ## used by gem2rpm -# :testsuite_command: |- -# (pushd %{buildroot}%{gem_base}/gems/%{mod_full_name} && rake test) -# ## used by gem2rpm -# :filelist: |- -# /usr/bin/gem2rpm-opensuse -# ## used by gem2rpm -# :scripts: -# :post: |- -# /bin/echo foo -# ## used by gem_packages -# :main: -# :preamble: |- -# Requires: util-linux -# Recommends: pwgen -# :filelist: |- -# /usr/bin/gem2rpm-opensuse -# ## used by gem_packages -# :custom: -# apache: -# :preamble: |- -# Requires: ..... -# :filelist: |- -# /etc/apache2/conf.d/passenger.conf -# :summary: Custom summary is optional -# :description: |- -# Custom description is optional -# -# bar -# :post: |- -# /bin/echo foo -# ---- :preamble: |- %if 0%{?suse_version} == 1110 %define rb_build_versions ruby21 ++++++ rails-html-sanitizer-1.0.1.gem -> rails-html-sanitizer-1.0.2.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2014-09-25 18:06:54.000000000 +0200 +++ new/README.md 2015-03-10 21:28:27.000000000 +0100 @@ -1,9 +1,9 @@ # Rails Html Sanitizers -In Rails 5 this gem will be responsible for sanitizing HTML fragments in Rails applications, -i.e. in the `sanitize`, `sanitize_css`, `strip_tags` and `strip_links` methods. +In Rails 4.2 and above this gem will be responsible for sanitizing HTML fragments in Rails +applications, i.e. in the `sanitize`, `sanitize_css`, `strip_tags` and `strip_links` methods. -Include it in your Gemfile now to test for any incompatibilities and enjoy a safer and cleaner future. +Rails Html Sanitizer is only intended to be used with Rails applications. If you need similar functionality in non Rails apps consider using [Loofah](https://github.com/flavorjones/loofah) directly (that's what handles sanitization under the hood). ## Installation Files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rails/html/sanitizer/version.rb new/lib/rails/html/sanitizer/version.rb --- old/lib/rails/html/sanitizer/version.rb 2014-09-25 18:06:54.000000000 +0200 +++ new/lib/rails/html/sanitizer/version.rb 2015-03-10 21:28:27.000000000 +0100 @@ -1,7 +1,7 @@ module Rails module Html class Sanitizer - VERSION = "1.0.1" + VERSION = "1.0.2" end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rails/html/sanitizer.rb new/lib/rails/html/sanitizer.rb --- old/lib/rails/html/sanitizer.rb 2014-09-25 18:06:54.000000000 +0200 +++ new/lib/rails/html/sanitizer.rb 2015-03-10 21:28:27.000000000 +0100 @@ -28,7 +28,7 @@ Loofah.fragment(html).tap do |fragment| remove_xpaths(fragment, XPATHS_TO_REMOVE) - end.text + end.text(options) end end @@ -120,7 +120,7 @@ loofah_fragment.scrub!(:strip) end - loofah_fragment.to_s + properly_encode(loofah_fragment, encoding: 'UTF-8') end def sanitize_css(style_string) @@ -136,6 +136,10 @@ def allowed_attributes(options) options[:attributes] || self.class.allowed_attributes end + + def properly_encode(fragment, options) + fragment.xml? ? fragment.to_xml(options) : fragment.to_html(options) + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2014-09-25 18:06:54.000000000 +0200 +++ new/metadata 2015-03-10 21:28:27.000000000 +0100 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: rails-html-sanitizer version: !ruby/object:Gem::Version - version: 1.0.1 + version: 1.0.2 platform: ruby authors: - Rafael Mendonça França @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2014-09-25 00:00:00.000000000 Z +date: 2015-03-10 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: loofah @@ -81,7 +81,7 @@ - - ">=" - !ruby/object:Gem::Version version: '0' -description: HTML sanitization to Rails applications +description: HTML sanitization for Rails applications email: - rafaelmfra...@gmail.com - kas...@gmail.com @@ -118,7 +118,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.2.1 +rubygems_version: 2.4.5 signing_key: specification_version: 4 summary: This gem is responsible to sanitize HTML fragments in Rails applications. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/sanitizer_test.rb new/test/sanitizer_test.rb --- old/test/sanitizer_test.rb 2014-09-25 18:06:54.000000000 +0200 +++ new/test/sanitizer_test.rb 2015-03-10 21:28:27.000000000 +0100 @@ -104,6 +104,11 @@ assert_equal "Frozen string with no tags", full_sanitize("Frozen string with no tags".freeze) end + def test_full_sanitize_allows_turning_off_encoding_special_chars + assert_equal '&', full_sanitize('&') + assert_equal '&', full_sanitize('&', encode_special_chars: false) + end + def test_strip_links_with_tags_in_tags expected = "a href='hello'>all <b>day</b> long/a>" input = "<<a>a href='hello'>all <b>day</b> long<</A>/a>" @@ -173,7 +178,7 @@ end def test_should_allow_anchors - assert_sanitized %(<a href="foo" onclick="bar"><script>baz</script></a>), %(<a href=\"foo\">baz</a>) + assert_sanitized %(<a href="foo" onclick="bar"><script>baz</script></a>), %(<a href=\"foo\"></a>) end def test_video_poster_sanitization @@ -441,6 +446,13 @@ assert_sanitized %(<a href="http://legit">), %(<a href="http://legit">) end + def test_sanitize_ascii_8bit_string + white_list_sanitize('<a>hello</a>'.encode('ASCII-8BIT')).tap do |sanitized| + assert_equal '<a>hello</a>', sanitized + assert_equal Encoding::UTF_8, sanitized.encoding + end + end + protected def xpath_sanitize(input, options = {}) @@ -472,7 +484,7 @@ end def scope_allowed_tags(tags) - Rails::Html::WhiteListSanitizer.allowed_tags = %w(u) + Rails::Html::WhiteListSanitizer.allowed_tags = tags yield Rails::Html::WhiteListSanitizer.new ensure -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org