This is an automated email from the git hooks/post-receive script. fsfs pushed a commit to annotated tag release/0.12-TRIAL in repository libhtml-scrubber-perl.
commit b9270e4bfab112b17d3f0db00d394b3aabc61b48 Author: Nigel Metheringham <[email protected]> Date: Sat Mar 14 18:25:31 2015 +0000 v0.12 - Travis integration (thanks to mrcaron) - Fix some packaging/dist-zilla issues (thanks to mrcaron) --- Changes | 2 + README.pod | 152 ++++++++++++++++++++++++++++++------------------------------- 2 files changed, 77 insertions(+), 77 deletions(-) diff --git a/Changes b/Changes index 30d0f5a..248bda0 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,8 @@ Revision history for Perl extension HTML::Scrubber. {{$NEXT}} + +0.12 2015-03-14 18:25:06+00:00 Europe/London (TRIAL RELEASE) - Travis integration (thanks to mrcaron) - Fix some packaging/dist-zilla issues (thanks to mrcaron) diff --git a/README.pod b/README.pod index a2805b1..ecdd090 100644 --- a/README.pod +++ b/README.pod @@ -37,20 +37,20 @@ version 0.12 =head1 DESCRIPTION -If you want to "scrub" or "sanitize" html input in a reliable and -flexible fashion, then this module is for you. +If you want to "scrub" or "sanitize" html input in a reliable and flexible +fashion, then this module is for you. I wasn't satisfied with HTML::Sanitizer because it is based on -HTML::TreeBuilder, so I thought I'd write something similar that -works directly with HTML::Parser. +HTML::TreeBuilder, so I thought I'd write something similar that works directly +with HTML::Parser. =head1 METHODS -First a note on documentation: just study the L<EXAMPLE|"EXAMPLE"> below. -It's all the documentation you could need +First a note on documentation: just study the L<EXAMPLE|"EXAMPLE"> below. It's +all the documentation you could need -Also, be sure to read all the comments as well as -L<How does it work?|"How does it work?">. +Also, be sure to read all the comments as well as L<How does it work?|"How does +it work?">. If you're new to perl, good luck to you. @@ -70,10 +70,9 @@ If you're new to perl, good luck to you. if $p->script; # off by default $p->script( 0 || 1 ); -B<**> Please note that this is implemented -using HTML::Parser's ignore_elements function, -so if C<script> is set to true, -all script tags encountered will be validated like all other tags. +B<**> Please note that this is implemented using HTML::Parser's ignore_elements +function, so if C<script> is set to true, all script tags encountered will be +validated like all other tags. =head2 style @@ -81,10 +80,9 @@ all script tags encountered will be validated like all other tags. if $p->style; # off by default $p->style( 0 || 1 ); -B<**> Please note that this is implemented -using HTML::Parser's ignore_elements function, -so if C<style> is set to true, -all style tags encountered will be validated like all other tags. +B<**> Please note that this is implemented using HTML::Parser's ignore_elements +function, so if C<style> is set to true, all style tags encountered will be +validated like all other tags. =head2 allow @@ -109,11 +107,11 @@ all style tags encountered will be validated like all other tags. ... ); -Updates set of attribute rules. Each rule can be 1/0, regular expression -or a callback. Values longer than 1 char are treated as regexps. Callback -is called with the following arguments: this object, tag name, attribute -name and attribute value, should return empty list to drop attribute, -C<undef> to keep it without value or a new scalar value. +Updates set of attribute rules. Each rule can be 1/0, regular expression or a +callback. Values longer than 1 char are treated as regexps. Callback is called +with the following arguments: this object, tag name, attribute name and +attribute value, should return empty list to drop attribute, C<undef> to keep +it without value or a new scalar value. =head2 default @@ -153,30 +151,28 @@ Takes tag, rule('_' || $tag), attrref. =for comment _scrub_str -I<default> handler, used by both _scrub and _scrub_fh -Moved all the common code (basically all of it) into a single routine for -ease of maintenance +I<default> handler, used by both _scrub and _scrub_fh Moved all the common code +(basically all of it) into a single routine for ease of maintenance =for comment _scrub_fh -I<default> handler, does the scrubbing if we're scrubbing out to a file. -Now calls _scrub_str and pushes that out to a file. +I<default> handler, does the scrubbing if we're scrubbing out to a file. Now +calls _scrub_str and pushes that out to a file. =for comment _scrub -I<default> handler, does the scrubbing if we're returning a giant string. -Now calls _scrub_str and appends that to the output string. +I<default> handler, does the scrubbing if we're returning a giant string. Now +calls _scrub_str and appends that to the output string. =head1 How does it work? -When a tag is encountered, HTML::Scrubber -allows/denies the tag using the explicit rule if one exists. +When a tag is encountered, HTML::Scrubber allows/denies the tag using the +explicit rule if one exists. If no explicit rule exists, Scrubber applies the default rule. -If an explicit rule exists, -but it's a simple rule(1), -the default attribute rule is applied. +If an explicit rule exists, but it's a simple rule(1), the default attribute +rule is applied. =head2 EXAMPLE @@ -190,24 +186,25 @@ the default attribute rule is applied. my @rules = ( script => 0, - img => { - src => qr{^(?!http://)}i, # only relative image links allowed - alt => 1, # alt attribute allowed - '*' => 0, # deny all other attributes + img => { + src => qr{^(?!http://)}i, # only relative image links allowed + alt => 1, # alt attribute allowed + '*' => 0, # deny all other attributes }, ); my @default = ( - 0 => # default rule, deny all tags - { - '*' => 1, # default rule, allow all attributes - 'href' => qr{^(?:http|https|ftp)://}i, - 'src' => qr{^(?:http|https|ftp)://}i, - # If your perl doesn't have qr - # just use a string with length greater than 1 + 0 => # default rule, deny all tags + { + '*' => 1, # default rule, allow all attributes + 'href' => qr{^(?:http|https|ftp)://}i, + 'src' => qr{^(?:http|https|ftp)://}i, + + # If your perl doesn't have qr + # just use a string with length greater than 1 'cite' => '(?i-xsm:^(?:http|https|ftp):)', 'language' => 0, - 'name' => 1, # could be sneaky, but hey ;) + 'name' => 1, # could be sneaky, but hey ;) 'onblur' => 0, 'onchange' => 0, 'onclick' => 0, @@ -229,14 +226,14 @@ the default attribute rule is applied. 'onunload' => 0, 'src' => 0, 'type' => 0, - } + } ); my $scrubber = HTML::Scrubber->new(); - $scrubber->allow( @allow ); - $scrubber->rules( @rules ); # key/value pairs - $scrubber->default( @default ); - $scrubber->comment(1); # 1 allow, 0 deny + $scrubber->allow(@allow); + $scrubber->rules(@rules); # key/value pairs + $scrubber->default(@default); + $scrubber->comment(1); # 1 allow, 0 deny ## preferred way to create the same object $scrubber = HTML::Scrubber->new( @@ -247,7 +244,7 @@ the default attribute rule is applied. process => 0, ); - require Data::Dumper,die Data::Dumper::Dumper($scrubber) if @ARGV; + require Data::Dumper, die Data::Dumper::Dumper($scrubber) if @ARGV; my $it = q[ <?php echo(" EVIL EVIL EVIL "); ?> <!-- asdf --> @@ -263,21 +260,13 @@ the default attribute rule is applied. </A> <br> ]; - print "#original text",$/, $it, $/; + print "#original text", $/, $it, $/; print - "#scrubbed text (default ", - $scrubber->default(), # no arguments returns the current value - " comment ", - $scrubber->comment(), - " process ", - $scrubber->process(), - " )", - $/, - $scrubber->scrub($it), - $/; + "#scrubbed text (default ", $scrubber->default(), # no arguments returns the current value + " comment ", $scrubber->comment(), " process ", $scrubber->process(), " )", $/, $scrubber->scrub($it), $/; - $scrubber->default(1); # allow all tags by default - $scrubber->comment(0); # deny comments + $scrubber->default(1); # allow all tags by default + $scrubber->comment(0); # deny comments print "#scrubbed text (default ", @@ -286,15 +275,14 @@ the default attribute rule is applied. $scrubber->comment(), " process ", $scrubber->process(), - " )", - $/, + " )", $/, $scrubber->scrub($it), $/; - $scrubber->process(1); # allow process instructions (dangerous) - $default[0] = 1; # allow all tags by default - $default[1]->{'*'} = 0; # deny all attributes by default - $scrubber->default(@default); # set the default again + $scrubber->process(1); # allow process instructions (dangerous) + $default[0] = 1; # allow all tags by default + $default[1]->{'*'} = 0; # deny all attributes by default + $scrubber->default(@default); # set the default again print "#scrubbed text (default ", @@ -303,8 +291,7 @@ the default attribute rule is applied. $scrubber->comment(), " process ", $scrubber->process(), - " )", - $/, + " )", $/, $scrubber->scrub($it), $/; @@ -321,15 +308,26 @@ If you have Test::Inline (and you've installed HTML::Scrubber), try L<HTML::Parser>, L<Test::Inline>. -The HTML::Sanitizer module is no longer available on CPAN. +The C<HTML::Sanitizer> module is no longer available on CPAN. -=head1 INSTALLATION +=head1 CONTRIBUTING -See perlmodinstall for information and options on installing Perl modules. +If you want to contribute to the development of this module, the code is on +L<GitHub|http://github.com/nigelm/html-scrubber>. You'll need a perl +environment with L<Dist::Zilla>, and if you're just getting started, there's +some documentation on using Vagrant and Perlbrew +L<here|http://mrcaron.github.io/2015/03/06/Perl-CPAN-Pull-Request.html>. -=head1 CONTRIBUTING +There is now a C<.perltidyrc> and a <.tidyallrc> file within the respository +for the standard perltidy settings used - I will apply these before new +releases. Please do not let formatting prevent you from sending in patches etc +- this can be sorted out as part of the release process. Info on C<tidyall> +can be found at +L<https://metacpan.org/pod/distribution/Code-TidyAll/bin/tidyall>. + +=head1 INSTALLATION -If you want to contribute to the development of this module, the code is on L<GitHub|http://github.com/nigelm/html-scrubber>. You'll need a perl environment with L<Dist::Zilla>, and if you're just getting started, there's some documentation on using Vagrant and Perlbrew L<here|http://mrcaron.github.io/2015/03/06/Perl-CPAN-Pull-Request.html>. +See perlmodinstall for information and options on installing Perl modules. =head1 BUGS AND LIMITATIONS -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libhtml-scrubber-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
