wiki.ohea.xyz/gollum
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

remove contents of script and style elements

Browse Source 
Avoids rendering HTML-ized CSS and/or Javascript by removing the
contents of script and style elements as well as the elements
themselves.

/cc @technoweenie

Pull Request: master
This commit is contained in:
Jesse Newland
2012-01-08 22:07:33 -05:00
parent 5163f11ecb
commit be4c52202c
2 changed files with 39 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/gollum/sanitization.rb
+27 -14
View File
@@ -55,6 +55,13 @@ module Gollum
end end
end end
# Default elements whose contents will be removed in addition
# to the elements themselve
REMOVE_CONTENTS = [
'script',
'style'
].freeze
# Default transformers to force @id attributes with 'wiki-' prefix # Default transformers to force @id attributes with 'wiki-' prefix
TRANSFORMERS = [ TRANSFORMERS = [
lambda do |env| lambda do |env|
@@ -104,18 +111,23 @@ module Gollum
# Default: {} # Default: {}
attr_reader :add_attributes attr_reader :add_attributes
# Gets an Array of element names whose contents will be removed in addition
# to the elements themselves. Default: REMOVE_CONTENTS
attr_reader :remove_contents
# Sets a boolean determining whether Sanitize allows HTML comments in the # Sets a boolean determining whether Sanitize allows HTML comments in the
# output. Default: false. # output. Default: false.
attr_writer :allow_comments attr_writer :allow_comments
def initialize def initialize
@elements = ELEMENTS @elements = ELEMENTS
@attributes = ATTRIBUTES @attributes = ATTRIBUTES
@protocols = PROTOCOLS @protocols = PROTOCOLS
@transformers = TRANSFORMERS @transformers = TRANSFORMERS
@add_attributes = {} @add_attributes = {}
@allow_comments = false @remove_contents = REMOVE_CONTENTS
@id_prefix = 'wiki-' @allow_comments = false
@id_prefix = 'wiki-'
yield self if block_given? yield self if block_given?
end end
@@ -140,13 +152,14 @@ module Gollum
# #
# Returns a Hash. # Returns a Hash.
def to_hash def to_hash
{ :elements => elements, { :elements => elements,
:attributes => attributes, :attributes => attributes,
:protocols => protocols, :protocols => protocols,
:add_attributes => add_attributes, :add_attributes => add_attributes,
:allow_comments => allow_comments?, :remove_contents => remove_contents,
:transformers => transformers, :allow_comments => allow_comments?,
:id_prefix => id_prefix :transformers => transformers,
:id_prefix => id_prefix
} }
end end
test/test_markup.rb
+12
View File
@@ -459,6 +459,18 @@ np.array([[2,2],[1,3]],np.float)
compare(content, output) compare(content, output)
end end
test "removes style blocks completely" do
content = "<style>body { color: red }</style>foobar"
output = "<p>foobar</p>"
compare(content, output)
end
test "removes script blocks completely" do
content = "<script>alert('hax');</script>foobar"
output = "<p>foobar</p>"
compare(content, output)
end
test "escaped wiki link" do test "escaped wiki link" do
content = "a '[[Foo]], b" content = "a '[[Foo]], b"
output = "<p>a [[Foo]], b</p>" output = "<p>a [[Foo]], b</p>"