From 5995c0e67656f4cd215a0fb7a576bdafbfe6eadf Mon Sep 17 00:00:00 2001 From: Martin Gruner Date: Tue, 24 May 2022 09:22:58 +0200 Subject: [PATCH] Maintenance: Security update for nokogiri gem. --- Gemfile.lock | 2 +- test/unit/html_sanitizer_test.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 53b3c5dfc..f8ccf1165 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -305,7 +305,7 @@ GEM net-ldap (0.17.0) netrc (0.11.0) nio4r (2.5.8) - nokogiri (1.13.4) + nokogiri (1.13.6) mini_portile2 (~> 2.8.0) racc (~> 1.4) nori (2.6.0) diff --git a/test/unit/html_sanitizer_test.rb b/test/unit/html_sanitizer_test.rb index 0b530ae42..93ec7b0a4 100644 --- a/test/unit/html_sanitizer_test.rb +++ b/test/unit/html_sanitizer_test.rb @@ -76,8 +76,8 @@ tt p://6 6.000146.0x7.147/">XSS', true), 'CLICKME'), 'CLICKME') assert_equal(HtmlSanitizer.strict('CLICKME', true), 'CLICKME') assert_equal(HtmlSanitizer.strict(''), '') - assert_equal(HtmlSanitizer.strict(''), '') - assert_equal(HtmlSanitizer.strict('><image xlink:href="'), '') + assert_equal(HtmlSanitizer.strict(''), '<![>') + assert_equal(HtmlSanitizer.strict('><image xlink:href="'), '<![CDATA[>') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '')