gnu/packages/patches/ruby-sanitize-system-libxml.patch

   1 Fix test failures that occur when nokogiri is using system libxml:
   2
   3   https://github.com/rgrove/sanitize/issues/198
   4
   5 Taken from upstream:
   6 https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba
   7
   8 diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
   9 index 2c23074..0756de0 100644
  10 --- a/test/test_malicious_html.rb
  11 +++ b/test/test_malicious_html.rb
  12 @@ -135,6 +135,8 @@
  13    # The relevant libxml2 code is here:
  14    # <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
  15    describe 'unsafe libxml2 server-side includes in attributes' do
  16 +    using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system?
  17 +
  18      tag_configs = [
  19        {
  20          tag_name: 'a',
  21 @@ -166,6 +168,8 @@
  22          input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
  23
  24          it 'should escape unsafe characters in attributes' do
  25 +          skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
  26 +
  27            # This uses Nokogumbo's HTML-compliant serializer rather than
  28            # libxml2's.
  29            @s.fragment(input).
  30 @@ -191,6 +195,8 @@
  31          input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
  32
  33          it 'should not escape characters unnecessarily' do
  34 +          skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
  35 +
  36            # This uses Nokogumbo's HTML-compliant serializer rather than
  37            # libxml2's.
  38            @s.fragment(input).