[libhtml-scrubber-perl] 13/13: v0.10

Florian Schlichting fsfs at moszumanska.debian.org
Sat Nov 11 13:46:06 UTC 2017 

This is an automated email from the git hooks/post-receive script.

fsfs pushed a commit to annotated tag release/0.10-TRIAL
in repository libhtml-scrubber-perl.

commit 53b037e034b8e92dd2e04b3a0f9bd768ceefa293
Author: Nigel Metheringham <nigelm at cpan.org>
Date:   Fri Sep 27 15:05:26 2013 +0100

    v0.10
    
        - RT3008 Changed examples to be XSS free
        - RT19063, RT25477 fixed handling of self closing tags,
          for example '<hr />'
        - * attribute rule can be a regexp
        - callbacks in rules to check or adjust attributes with
          custom code (RT15747)
---
 Changes    |  2 ++
 README.pod | 40 ++++++++++++++++++++++++----------------
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/Changes b/Changes
index d08551f..9f00805 100644
--- a/Changes
+++ b/Changes
@@ -1,6 +1,8 @@
 Revision history for Perl extension HTML::Scrubber.
 
 {{$NEXT}}
+
+0.10      2013-09-27 15:05:03 Europe/London
     - RT3008 Changed examples to be XSS free
     - RT19063, RT25477 fixed handling of self closing tags,
       for example '<hr />'
diff --git a/README.pod b/README.pod
index 9b2cc0b..9ced386 100644
--- a/README.pod
+++ b/README.pod
@@ -1,4 +1,6 @@
-=for stopwords html
+=pod
+
+=for stopwords html cpan callback homepage
 
 =head1 NAME
 
@@ -35,7 +37,7 @@ version 0.10
 
 =head1 DESCRIPTION
 
-If you wanna "scrub" or "sanitize" html input in a reliable and
+If you want to "scrub" or "sanitize" html input in a reliable and
 flexible fashion, then this module is for you.
 
 I wasn't satisfied with HTML::Sanitizer because it is based on
@@ -100,10 +102,19 @@ all style tags encountered will be validated like all other tags.
             alt => 1,                 # alt attribute allowed
             '*' => 0,                 # deny all other attributes
         },
+        a => {
+            href => sub { ... },      # check or adjust with a callback
+        },
         b => 1,
         ...
     );
 
+Updates set of attribute rules. Each rule can be 1/0, regular expression
+or a callback. Values longer than 1 char are treated as regexps. Callback
+is called with the following arguments: this object, tag name, attribute
+name and attribute value, should return empty list to drop attribute,
+C<undef> to keep it without value or a new scalar value.
+
 =head2 default
 
     print "default is ", $p->default();
@@ -190,11 +201,11 @@ the default attribute rule is applied.
         0   =>    # default rule, deny all tags
         {
             '*'           => 1, # default rule, allow all attributes
-            'href'        => qr{^(?!(?:java)?script)}i,
-            'src'         => qr{^(?!(?:java)?script)}i,
+            'href'        => qr{^(?:http|https|ftp)://}i,
+            'src'         => qr{^(?:http|https|ftp)://}i,
     #   If your perl doesn't have qr
     #   just use a string with length greater than 1
-            'cite'        => '(?i-xsm:^(?!(?:java)?script))',
+            'cite'        => '(?i-xsm:^(?:http|https|ftp):)',
             'language'    => 0,
             'name'        => 1, # could be sneaky, but hey ;)
             'onblur'      => 0,
@@ -316,10 +327,8 @@ See perlmodinstall for information and options on installing Perl modules.
 
 =head1 BUGS AND LIMITATIONS
 
-No bugs have been reported.
-
-Please report any bugs or feature requests through the web interface at
-L<http://rt.cpan.org/Public/Dist/Display.html?Name=HTML-Scrubber>.
+You can make new bug reports, and view existing ones, through the
+web interface at L<http://rt.cpan.org/Public/Dist/Display.html?Name=HTML-Scrubber>.
 
 =head1 AVAILABILITY
 
@@ -327,12 +336,7 @@ The project homepage is L<https://metacpan.org/release/HTML-Scrubber>.
 
 The latest version of this module is available from the Comprehensive Perl
 Archive Network (CPAN). Visit L<http://www.perl.com/CPAN/> to find a CPAN
-site near you, or see L<http://search.cpan.org/dist/HTML-Scrubber/>.
-
-The development version lives at L<http://github.com/nigelm/html-scrubber>
-and may be cloned from L<git://github.com/nigelm/html-scrubber.git>.
-Instead of sending patches, please fork this project using the standard
-git and github infrastructure.
+site near you, or see L<https://metacpan.org/module/HTML::Scrubber/>.
 
 =head1 AUTHORS
 
@@ -340,6 +344,10 @@ git and github infrastructure.
 
 =item *
 
+Ruslan Zakirov <Ruslan.Zakirov at gmail.com>
+
+=item *
+
 Nigel Metheringham <nigelm at cpan.org>
 
 =item *
@@ -350,7 +358,7 @@ D. H. <podmaster at cpan.org>
 
 =head1 COPYRIGHT AND LICENSE
 
-This software is copyright (c) 2012 by Nigel Metheringham, 2003-2004 D. H..
+This software is copyright (c) 2013 by Ruslan Zakirov, Nigel Metheringham, 2003-2004 D. H..
 
 This is free software; you can redistribute it and/or modify it under
 the same terms as the Perl 5 programming language system itself.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libhtml-scrubber-perl.git

More information about the Pkg-perl-cvs-commits mailing list