File: libxml2_workarounds.rb

package info (click to toggle)
ruby-loofah 2.24.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 240 kB
  • sloc: ruby: 1,824; makefile: 5
file content (28 lines) | stat: -rw-r--r-- 639 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# coding: utf-8
# frozen_string_literal: true

require "set"

module Loofah
  #
  #  constants related to working around unhelpful libxml2 behavior
  #
  #  ಠ_ಠ
  #
  module LibxmlWorkarounds
    #
    #  these attributes and qualifying parent tags are determined by the code at:
    #
    #    https://git.gnome.org/browse/libxml2/tree/HTMLtree.c?h=v2.9.2#n714
    #
    #  see comments about CVE-2018-8048 within the tests for more information
    #
    BROKEN_ESCAPING_ATTRIBUTES = Set.new([
      "href",
      "action",
      "src",
      "name",
    ])
    BROKEN_ESCAPING_ATTRIBUTES_QUALIFYING_TAG = { "name" => "a" }
  end
end