Skip to content

Commit f77dfa5

Browse files
author
Juanito Fatas
committed
Fix build: should we escape < & >?
1 parent 7d30b71 commit f77dfa5

File tree

2 files changed

+16
-5
lines changed

2 files changed

+16
-5
lines changed

Gemfile

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,16 @@ source 'https://rubygems.org'
33
# Specify your gem's dependencies in html-sanitizer.gemspec
44
gemspec
55

6-
gem "nokogiri", RUBY_VERSION < "2.1" ? "~> 1.6.0" : ">= 1.7"
6+
nokogiri_version = begin
7+
case
8+
when RUBY_VERSION < "2.1"
9+
"~> 1.6.0"
10+
when RUBY_VERSION < "2.3"
11+
"~> 1.9.1"
12+
else
13+
">= 1.10.0"
14+
end
15+
end
16+
17+
gem "nokogiri", nokogiri_version
718
gem "activesupport", RUBY_VERSION < "2.2.2" ? "~> 4.2.0" : ">= 5"

test/sanitizer_test.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -489,31 +489,31 @@ def test_uri_escaping_of_href_attr_in_a_tag_in_white_list_sanitizer
489489

490490
text = white_list_sanitize(html)
491491

492-
assert_equal %{<a href="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>}, text
492+
assert_equal %{<a href=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>}, text
493493
end
494494

495495
def test_uri_escaping_of_src_attr_in_a_tag_in_white_list_sanitizer
496496
html = %{<a src='examp<!--" unsafeattr=foo()>-->le.com'>test</a>}
497497

498498
text = white_list_sanitize(html)
499499

500-
assert_equal %{<a src="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>}, text
500+
assert_equal %{<a src=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>}, text
501501
end
502502

503503
def test_uri_escaping_of_name_attr_in_a_tag_in_white_list_sanitizer
504504
html = %{<a name='examp<!--" unsafeattr=foo()>-->le.com'>test</a>}
505505

506506
text = white_list_sanitize(html)
507507

508-
assert_equal %{<a name="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>}, text
508+
assert_equal %{<a name=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>}, text
509509
end
510510

511511
def test_uri_escaping_of_name_action_in_a_tag_in_white_list_sanitizer
512512
html = %{<a action='examp<!--" unsafeattr=foo()>-->le.com'>test</a>}
513513

514514
text = white_list_sanitize(html, attributes: ['action'])
515515

516-
assert_equal %{<a action="examp<!--%22%20unsafeattr=foo()>-->le.com">test</a>}, text
516+
assert_equal %{<a action=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>}, text
517517
end
518518

519519
protected

0 commit comments

Comments
 (0)