Overview

File bfe032858077bb2946abe25e95e485ba6da86bd5.patch of Package rubygem-actionpack-2_1

From bfe032858077bb2946abe25e95e485ba6da86bd5 Mon Sep 17 00:00:00 2001
From: Gabe da Silveira <gabe@websaviour.com>
Date: Mon, 16 Nov 2009 21:17:35 -0800
Subject: [PATCH] Make sure strip_tags removes tags which start with a non-printable character

Signed-off-by: Michael Koziarski <michael@koziarski.com>
---
 .../vendor/html-scanner/html/node.rb               |    2 +-
 .../test/controller/html-scanner/sanitizer_test.rb |    1 +
 2 files changed, 2 insertions(+), 1 deletions(-)

Index: lib/action_controller/vendor/html-scanner/html/node.rb
===================================================================
--- lib/action_controller/vendor/html-scanner/html/node.rb.orig	1970-01-01 01:00:00.000000000 +0100
+++ lib/action_controller/vendor/html-scanner/html/node.rb	2010-02-02 01:58:01.696093629 +0100
@@ -155,7 +155,7 @@ module HTML #:nodoc:
           end
           
           closing = ( scanner.scan(/\//) ? :close : nil )
-          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
           name.downcase!
   
           unless closing
Index: test/controller/html-scanner/sanitizer_test.rb
===================================================================
--- test/controller/html-scanner/sanitizer_test.rb.orig	1970-01-01 01:00:00.000000000 +0100
+++ test/controller/html-scanner/sanitizer_test.rb	2010-02-02 01:58:41.612090842 +0100
@@ -17,6 +17,7 @@ class SanitizerTest < Test::Unit::TestCa
     %{This is a test.\n\n\nIt no longer contains any HTML.\n}, sanitizer.sanitize(
     %{<title>This is <b>a <a href="" target="_blank">test</a></b>.</title>\n\n<!-- it has a comment -->\n\n<p>It no <b>longer <strong>contains <em>any <strike>HTML</strike></em>.</strong></b></p>\n}))
     assert_equal "This has a  here.", sanitizer.sanitize("This has a <!-- comment --> here.")
+    assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag</a>")
     [nil, '', '   '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) }
   end
openSUSE Build Service is sponsored by
Places