Skip to content

Commit

Permalink
Bump bluemonday to 1.0.15 (#27)
Browse files Browse the repository at this point in the history
* Bump bluemonday to 1.0.15
  • Loading branch information
ColdHeat authored Jul 10, 2021
1 parent 2700d14 commit 83aafcd
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 6 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# 0.0.7 / 2021-07-09

- Bump bluemonday version to 1.0.15

# 0.0.6 / 2021-06-10

- Bump bluemonday version to 1.0.10
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ module pybluemonday

go 1.14

require github.com/microcosm-cc/bluemonday v1.0.10
require github.com/microcosm-cc/bluemonday v1.0.15
5 changes: 5 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
github.com/chris-ramon/douceur v0.2.0 h1:IDMEdxlEUUBYBKE4z/mJnFyVXox+MjuEVDJNN27glkU=
Expand All @@ -10,12 +11,16 @@ github.com/microcosm-cc/bluemonday v1.0.9 h1:dpCwruVKoyrULicJwhuY76jB+nIxRVKv/e2
github.com/microcosm-cc/bluemonday v1.0.9/go.mod h1:B2riunDr9benLHghZB7hjIgdwSUzzs0pjCxFrWYEZFU=
github.com/microcosm-cc/bluemonday v1.0.10 h1:hsW4ch5StWWscflW8orGkX3TP2AVelTmwYO26qwGjqg=
github.com/microcosm-cc/bluemonday v1.0.10/go.mod h1:beubO5lmWoy1tU8niaMyXNriNgROO37H3U/tsrcZsy0=
github.com/microcosm-cc/bluemonday v1.0.15 h1:J4uN+qPng9rvkBZBoBb8YGR+ijuklIMpSOZZLjYpbeY=
github.com/microcosm-cc/bluemonday v1.0.15/go.mod h1:ZLvAzeakRwrGnzQEvstVzVt3ZpqOF2+sdFr0Om+ce30=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20210421230115-4e50805a0758 h1:aEpZnXcAmXkd6AvLb2OPt+EN1Zu/8Ne3pCqPjja5PXY=
golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
golang.org/x/net v0.0.0-20210610132358-84b48f89b13b h1:k+E048sYJHyVnsr1GDrRZWQ32D2C7lWs9JRc0bel53A=
golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
Expand Down
2 changes: 1 addition & 1 deletion pybluemonday/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from pybluemonday.bluemonday import ffi, lib

__version__ = "0.0.6"
__version__ = "0.0.7"


class AttrPolicyBuilder:
Expand Down
24 changes: 20 additions & 4 deletions tests/bluemonday/test_sanitize.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ def test_Links():
Case("""<a href="#">""", ""),
Case("""<a href="#top">""", """<a href="#top" rel="nofollow">"""),
Case("""<a href="?q=1">""", """<a href="?q=1" rel="nofollow">"""),
Case("""<a href="?q=1&r=2">""", """<a href="?q=1&r=2" rel="nofollow">"""),
Case("""<a href="?q=1&q=2">""", """<a href="?q=1&q=2" rel="nofollow">"""),
Case("""<a href="?q=1&r=2">""", """<a href="?q=1&amp;r=2" rel="nofollow">"""),
Case("""<a href="?q=1&q=2">""", """<a href="?q=1&amp;q=2" rel="nofollow">"""),
Case(
"""<a href="?q=%7B%22value%22%3A%22a%22%7D">""",
"""<a href="?q=%7B%22value%22%3A%22a%22%7D" rel="nofollow">""",
),
Case(
"""<a href="?q=1&r=2&s=:foo@">""",
"""<a href="?q=1&r=2&s=%3Afoo%40" rel="nofollow">""",
"""<a href="?q=1&amp;r=2&amp;s=:foo@" rel="nofollow">""",
),
Case(
"""<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />""",
Expand All @@ -60,7 +60,7 @@ def test_Links():
Case("""<img src="giraffe.gif" />""", """<img src="giraffe.gif"/>"""),
Case(
"""<img src="giraffe.gif?height=500&width=500" />""",
"""<img src="giraffe.gif?height=500&width=500"/>""",
"""<img src="giraffe.gif?height=500&amp;width=500"/>""",
),
]

Expand Down Expand Up @@ -115,3 +115,19 @@ def test_AllowComments():
assert p.sanitize("1 <!-- 2 --> 3") == "1 3"
p.AllowComments()
assert p.sanitize("1 <!-- 2 --> 3") == "1 <!-- 2 --> 3"


def test_HrefSanitization():
cases = [
Case(
"""abc<a href="https://abc&quot;&gt;<script&gt;alert(1)<&#x2f;script/">CLICK""",
"""abc<a href="https://abc&amp;quot;&gt;&lt;script&gt;alert(1)&lt;/script/" rel="nofollow">CLICK""",
),
Case(
"""<a href="https://abc&quot;&gt;<script&gt;alert(1)<&#x2f;script/">""",
"""<a href="https://abc&amp;quot;&gt;&lt;script&gt;alert(1)&lt;/script/" rel="nofollow">""",
),
]
p = UGCPolicy()
for case in cases:
assert p.sanitize(case.input) == case.output

0 comments on commit 83aafcd

Please sign in to comment.