mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: ruby-sanitize: Update to 6.0.0.
* gnu/packages/ruby.scm (ruby-sanitize): Update to 6.0.0. Re-indent inputs. [source]: Delete patch. * gnu/packages/patches/ruby-sanitize-system-libxml.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): De-register it.
This commit is contained in:
parent
d163a379b9
commit
b0f92620d8
3 changed files with 5 additions and 47 deletions
|
@ -19,7 +19,7 @@
|
||||||
# Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
|
# Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
|
||||||
# Copyright © 2018, 2019, 2020, 2021, 2022 Oleg Pykhalov <go.wigust@gmail.com>
|
# Copyright © 2018, 2019, 2020, 2021, 2022 Oleg Pykhalov <go.wigust@gmail.com>
|
||||||
# Copyright © 2018 Stefan Stefanović <stefanx2ovic@gmail.com>
|
# Copyright © 2018 Stefan Stefanović <stefanx2ovic@gmail.com>
|
||||||
# Copyright © 2018, 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
# Copyright © 2018, 2020, 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
||||||
# Copyright © 2019, 2020, 2021, 2022 Guillaume Le Vaillant <glv@posteo.net>
|
# Copyright © 2019, 2020, 2021, 2022 Guillaume Le Vaillant <glv@posteo.net>
|
||||||
# Copyright © 2019, 2020 John Soo <jsoo1@asu.edu>
|
# Copyright © 2019, 2020 John Soo <jsoo1@asu.edu>
|
||||||
# Copyright © 2019 Jonathan Brielmaier <jonathan.brielmaier@web.de>
|
# Copyright © 2019 Jonathan Brielmaier <jonathan.brielmaier@web.de>
|
||||||
|
@ -1813,7 +1813,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/ruby-anystyle-fix-dictionary-populate.patch \
|
%D%/packages/patches/ruby-anystyle-fix-dictionary-populate.patch \
|
||||||
%D%/packages/patches/ruby-latex-decode-fix-test.patch \
|
%D%/packages/patches/ruby-latex-decode-fix-test.patch \
|
||||||
%D%/packages/patches/ruby-mustache-1.1.1-fix-race-condition-tests.patch \
|
%D%/packages/patches/ruby-mustache-1.1.1-fix-race-condition-tests.patch \
|
||||||
%D%/packages/patches/ruby-sanitize-system-libxml.patch \
|
|
||||||
%D%/packages/patches/rustc-1.54.0-src.patch \
|
%D%/packages/patches/rustc-1.54.0-src.patch \
|
||||||
%D%/packages/patches/rust-1.64-fix-riscv64-bootstrap.patch \
|
%D%/packages/patches/rust-1.64-fix-riscv64-bootstrap.patch \
|
||||||
%D%/packages/patches/rust-adblock-ignore-live-tests.patch \
|
%D%/packages/patches/rust-adblock-ignore-live-tests.patch \
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
Fix test failures that occur when nokogiri is using system libxml:
|
|
||||||
|
|
||||||
https://github.com/rgrove/sanitize/issues/198
|
|
||||||
|
|
||||||
Taken from upstream:
|
|
||||||
https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba
|
|
||||||
|
|
||||||
diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
|
|
||||||
index 2c23074..0756de0 100644
|
|
||||||
--- a/test/test_malicious_html.rb
|
|
||||||
+++ b/test/test_malicious_html.rb
|
|
||||||
@@ -135,6 +135,8 @@
|
|
||||||
# The relevant libxml2 code is here:
|
|
||||||
# <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
|
|
||||||
describe 'unsafe libxml2 server-side includes in attributes' do
|
|
||||||
+ using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system?
|
|
||||||
+
|
|
||||||
tag_configs = [
|
|
||||||
{
|
|
||||||
tag_name: 'a',
|
|
||||||
@@ -166,6 +168,8 @@
|
|
||||||
input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
|
|
||||||
|
|
||||||
it 'should escape unsafe characters in attributes' do
|
|
||||||
+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
|
|
||||||
+
|
|
||||||
# This uses Nokogumbo's HTML-compliant serializer rather than
|
|
||||||
# libxml2's.
|
|
||||||
@s.fragment(input).
|
|
||||||
@@ -191,6 +195,8 @@
|
|
||||||
input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
|
|
||||||
|
|
||||||
it 'should not escape characters unnecessarily' do
|
|
||||||
+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
|
|
||||||
+
|
|
||||||
# This uses Nokogumbo's HTML-compliant serializer rather than
|
|
||||||
# libxml2's.
|
|
||||||
@s.fragment(input).
|
|
|
@ -6365,7 +6365,7 @@ (define-public ruby-nokogumbo
|
||||||
(define-public ruby-sanitize
|
(define-public ruby-sanitize
|
||||||
(package
|
(package
|
||||||
(name "ruby-sanitize")
|
(name "ruby-sanitize")
|
||||||
(version "5.1.0")
|
(version "6.0.0")
|
||||||
(home-page "https://github.com/rgrove/sanitize")
|
(home-page "https://github.com/rgrove/sanitize")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method git-fetch)
|
(method git-fetch)
|
||||||
|
@ -6375,15 +6375,12 @@ (define-public ruby-sanitize
|
||||||
(url home-page)
|
(url home-page)
|
||||||
(commit (string-append "v" version))))
|
(commit (string-append "v" version))))
|
||||||
(file-name (git-file-name name version))
|
(file-name (git-file-name name version))
|
||||||
(patches (search-patches "ruby-sanitize-system-libxml.patch"))
|
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0lj0q9yhjp0q0in5majkshnki07mw8m2vxgndx4m5na6232aszl0"))))
|
"0p1a28vx95vscy9xzzyyddzgb9496x42a5i2ka39cpxbl5f3gkl0"))))
|
||||||
(build-system ruby-build-system)
|
(build-system ruby-build-system)
|
||||||
(propagated-inputs
|
(propagated-inputs (list ruby-crass ruby-nokogiri))
|
||||||
(list ruby-crass ruby-nokogiri ruby-nokogumbo))
|
(native-inputs (list ruby-minitest))
|
||||||
(native-inputs
|
|
||||||
(list ruby-minitest))
|
|
||||||
(synopsis "Whitelist-based HTML and CSS sanitizer")
|
(synopsis "Whitelist-based HTML and CSS sanitizer")
|
||||||
(description
|
(description
|
||||||
"Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of
|
"Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of
|
||||||
|
|
Loading…
Reference in a new issue