mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-17 04:07:10 -05:00
f362b53c40
* gnu/packages/patches/ruby-sanitize-system-libxml.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/ruby.scm (ruby-sanitize): Update to 5.1.0. [source]: Change to GIT-FETCH. Add patch. [native-inputs]: Remove BUNDLER, RUBY-REDCARPET, and RUBY-YARD.
38 lines
1.6 KiB
Diff
38 lines
1.6 KiB
Diff
Fix test failures that occur when nokogiri is using system libxml:
|
|
|
|
https://github.com/rgrove/sanitize/issues/198
|
|
|
|
Taken from upstream:
|
|
https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba
|
|
|
|
diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
|
|
index 2c23074..0756de0 100644
|
|
--- a/test/test_malicious_html.rb
|
|
+++ b/test/test_malicious_html.rb
|
|
@@ -135,6 +135,8 @@
|
|
# The relevant libxml2 code is here:
|
|
# <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
|
|
describe 'unsafe libxml2 server-side includes in attributes' do
|
|
+ using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system?
|
|
+
|
|
tag_configs = [
|
|
{
|
|
tag_name: 'a',
|
|
@@ -166,6 +168,8 @@
|
|
input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
|
|
|
|
it 'should escape unsafe characters in attributes' do
|
|
+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
|
|
+
|
|
# This uses Nokogumbo's HTML-compliant serializer rather than
|
|
# libxml2's.
|
|
@s.fragment(input).
|
|
@@ -191,6 +195,8 @@
|
|
input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
|
|
|
|
it 'should not escape characters unnecessarily' do
|
|
+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
|
|
+
|
|
# This uses Nokogumbo's HTML-compliant serializer rather than
|
|
# libxml2's.
|
|
@s.fragment(input).
|