Giter Site home page Giter Site logo

Comments (6)

boutil avatar boutil commented on September 3, 2024

using loofah 2.7.0 makes all the tests pass.

from rails-html-sanitizer.

Segaja avatar Segaja commented on September 3, 2024

Is it possible to fix that? I have similar errors when trying to package this for Archlinux:

/usr/bin/ruby -w -I"lib" /usr/lib/ruby/gems/2.7.0/gems/rake-13.0.3/lib/rake/rake_test_loader.rb "test/sanitizer_test.rb" "test/scrubbers_test.rb"
Run options: --seed 23644

# Running:

............................................F

Failure:
SanitizersTest#test_uri_escaping_of_src_attr_in_a_tag_in_safe_list_sanitizer [/build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:500]:
--- expected
+++ actual
@@ -1 +1 @@
-"<a src=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>"
+"<a src=\"examp<!--%22%20unsafeattr=foo()>-->le.com\">test</a>"


rails test build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:493

.........................................................................................................................................................F

Failure:
SanitizersTest#test_uri_escaping_of_name_attr_in_a_tag_in_safe_list_sanitizer [/build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:510]:
--- expected
+++ actual
@@ -1 +1 @@
-"<a name=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>"
+"<a name=\"examp<!--%22%20unsafeattr=foo()>-->le.com\">test</a>"


rails test build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:503

.......F

Failure:
SanitizersTest#test_uri_escaping_of_href_attr_in_a_tag_in_safe_list_sanitizer [/build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:490]:
--- expected
+++ actual
@@ -1 +1 @@
-"<a href=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>"
+"<a href=\"examp<!--%22%20unsafeattr=foo()>-->le.com\">test</a>"


rails test build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:483

...................................................F

Failure:
SanitizersTest#test_should_sanitize_div_background_image_unicode_encoded [/build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:417]:
--- expected
+++ actual
@@ -1 +1,3 @@
-""
+# encoding: ASCII-8BIT
+#    valid: true
+"background-image:\a 5 \a 2 \x06 \x02 8 \x02 9;"


rails test build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:415

...............F

Failure:
SanitizersTest#test_scrub_style_if_style_attribute_option_is_passed [/build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:274]:
--- expected
+++ actual
@@ -1 +1 @@
-"<p style=\"color: #000;\"></p>"
+"<p style=\"color:#000;\"></p>"


rails test build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:272

....F

Failure:
SanitizersTest#test_uri_escaping_of_name_action_in_a_tag_in_safe_list_sanitizer [/build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:520]:
--- expected
+++ actual
@@ -1 +1 @@
-"<a action=\"examp&lt;!--%22%20unsafeattr=foo()&gt;--&gt;le.com\">test</a>"
+"<a action=\"examp<!--%22%20unsafeattr=foo()>-->le.com\">test</a>"


rails test build/ruby-rails-html-sanitizer/src/rails-html-sanitizer-1.3.0/test/sanitizer_test.rb:513

..........................

Finished in 0.257575s, 1188.0049 runs/s, 1254.0052 assertions/s.
306 runs, 323 assertions, 6 failures, 0 errors, 0 skips
rake aborted!
Command failed with status (1): [ruby -w -I"lib" /usr/lib/ruby/gems/2.7.0/gems/rake-13.0.3/lib/rake/rake_test_loader.rb "test/sanitizer_test.rb" "test/scrubbers_test.rb" ]

Tasks: TOP => test
(See full trace by running task with --trace)

from rails-html-sanitizer.

jacobherrington avatar jacobherrington commented on September 3, 2024

There was a breaking change in Loofah 2.9.0 #112 fixes one of the two tests that fail. I have read quite a bit of Loofah and Nokogiri code today, so I'll try to fix the other failing test as well. 😅

from rails-html-sanitizer.

jacobherrington avatar jacobherrington commented on September 3, 2024

I can say that the second test is also a regression in Loofah 2.9.0; it probably makes the most sense to open an issue in that repository regarding this issue.

# with Loofah 2.9.0
require "loofah"
Loofah::VERSION
# => "2.9.0"
input = %(background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029)
Loofah::HTML5::Scrub.scrub_css(input)
# => "background-image:\a 5 \a 2 \x06 \x02 8 \x02 9;"

# with Loofah 2.8.0
require "loofah"
Loofah::VERSION
# => "2.8.0"
input = %(background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029)
Loofah::HTML5::Scrub.scrub_css(input)
=> ""

Unfortunately, upgrading to Loofah 2.9.1 (released earlier today to address a regression) does not fix the issue:

require "loofah"
Loofah::VERSION
# => "2.9.1"
input = %(background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029)
Loofah::HTML5::Scrub.scrub_css(input)
# => "background-image:\a 5 \a 2 \x06 \x02 8 '\x06a\x061\a6\x061\a3\x063\a2\x069\a0\a4\x03a\x061\x06c\x065\a2\a4\x028.1027\x058.1053\x053\x027\x029' \x02 9;"

from rails-html-sanitizer.

flavorjones avatar flavorjones commented on September 3, 2024

I'm on it.

from rails-html-sanitizer.

flavorjones avatar flavorjones commented on September 3, 2024

See #113.

from rails-html-sanitizer.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.