From a5c388ea3a0166cdb3b23a27824c16bca21a04b1 Mon Sep 17 00:00:00 2001 From: Peter Dedene Date: Tue, 28 Nov 2023 09:47:10 +0100 Subject: [PATCH] Fix various rubocop offences --- lib/loofah/html5/safelist.rb | 7 +++---- lib/loofah/html5/scrub.rb | 8 +++++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/loofah/html5/safelist.rb b/lib/loofah/html5/safelist.rb index 1bf5ad8..b5df027 100644 --- a/lib/loofah/html5/safelist.rb +++ b/lib/loofah/html5/safelist.rb @@ -229,7 +229,6 @@ module SafeList "use", ]) - ACCEPTABLE_EMPTY_ATTRIBUTES = { "*" => Set.new([ "hidden", @@ -265,7 +264,7 @@ module SafeList "details" => Set.new([ "open", ]), - "fieldset" => Set.new([ + "fieldset" => Set.new([ "disabled", ]), "form" => Set.new([ @@ -302,7 +301,7 @@ module SafeList "ol" => Set.new([ "reversed", ]), - "optgroup" => Set.new([ + "optgroup" => Set.new([ "disabled", ]), "option" => Set.new([ @@ -438,7 +437,7 @@ module SafeList "vspace", "width", "xml:lang", - ].concat(ACCEPTABLE_EMPTY_ATTRIBUTES.values.flat_map(&:to_a))) + ].concat(ACCEPTABLE_EMPTY_ATTRIBUTES.values.flat_map(&:to_a))) MATHML_ATTRIBUTES = Set.new([ "actiontype", diff --git a/lib/loofah/html5/scrub.rb b/lib/loofah/html5/scrub.rb index 0b656f4..1aa887f 100644 --- a/lib/loofah/html5/scrub.rb +++ b/lib/loofah/html5/scrub.rb @@ -56,9 +56,11 @@ def scrub_attributes(node) scrub_css_attribute(node) node.attribute_nodes.each do |attr_node| - if attr_node.value !~ /[^[:space:]]/ && attr_node.name !~ DATA_ATTRIBUTE_NAME && !SafeList::ACCEPTABLE_EMPTY_ATTRIBUTES["*"].include?(attr_node.name) && !SafeList::ACCEPTABLE_EMPTY_ATTRIBUTES[node.name]&.include?(attr_node.name) - node.remove_attribute(attr_node.name) - end + next if attr_node.value =~ /[^[:space:]]/ || attr_node.name =~ DATA_ATTRIBUTE_NAME || + SafeList::ACCEPTABLE_EMPTY_ATTRIBUTES["*"].include?(attr_node.name) || + SafeList::ACCEPTABLE_EMPTY_ATTRIBUTES[node.name]&.include?(attr_node.name) + + node.remove_attribute(attr_node.name) end force_correct_attribute_escaping!(node)