@@ -1,6 +1,11 @@
Sanitize History
================================================================================
+Version 1.0.4 (2009-01-16)
+ * Fixed a bug that made it possible to sneak a non-whitelisted element through
+ by repeating it several times in a row. All versions of Sanitize prior to
+ 1.0.4 are vulnerable. [Reported by Cristobal]
+
Version 1.0.3 (2009-01-15)
* Fixed a bug whereby incomplete Unicode or hex entities could be used to
prevent non-whitelisted protocols from being cleaned. Since IE6 and Opera
HISTORY
@@ -84,7 +84,7 @@ class Sanitize
def clean!(html)
fragment = Hpricot(html)
- fragment.traverse_element do |node|
+ fragment.search('*') do |node|
if node.bogusetag? || node.doctype? || node.procins? || node.xmldecl?
node.swap('')
next
lib/sanitize.rb
@@ -106,6 +106,10 @@ describe 'Config::DEFAULT' do
Sanitize.clean("Don't tasé me & bro!").should.equal("Don't tasé me & bro!")
end
+ should 'not choke on several instances of the same element in a row' do
+ Sanitize.clean('<img src="http://www.google.com/intl/en_ALL/images/logo.gif"><img src="http://www.google.com/intl/en_ALL/images/logo.gif"><img src="http://www.google.com/intl/en_ALL/images/logo.gif"><img src="http://www.google.com/intl/en_ALL/images/logo.gif">').should.equal('')
+ end
+
strings.each do |name, data|
should "clean #{name} HTML" do
Sanitize.clean(data[:html]).should.equal(data[:default])
test/spec_sanitize.rb
152999220c4d3167b8a850f5fede97e3152380e2
Ryan Grove
ryan@wonko.com
http://github.com/rgrove/sanitize/commit/c00234abcf01a57788835ec74ad6552c3e3c2590
c00234abcf01a57788835ec74ad6552c3e3c2590
2009-01-16T15:40:11-08:00
2009-01-16T15:40:11-08:00
Fix a bug that made it possible to sneak a non-whitelisted element through by repeating it several times in a row. All versions of Sanitize prior to 1.0.4 are vulnerable. [Reported by Cristobal]
268750e1e9defaf137ce51b368a92b8977dcc17b
Ryan Grove
ryan@wonko.com