From 67638b6195e96c9897e6900fae4227eec539bbe5 Mon Sep 17 00:00:00 2001 From: jxy_git Date: Wed, 26 Jul 2023 17:15:03 +0800 Subject: [PATCH] Upgrade to 1.4.3 (cherry picked from commit 219143a6ce95f6e0db61c2448614133f8efeb61a) --- 0001-fix-test-failures.patch | 266 ------------------ rails-html-sanitizer-1.4.2.gem | Bin 16896 -> 0 bytes rails-html-sanitizer-1.4.3.gem | Bin 0 -> 17920 bytes ...bxml2-2_10_0-parsing-comments-change.patch | 85 ++++++ rubygem-rails-html-sanitizer.spec | 25 +- 5 files changed, 97 insertions(+), 279 deletions(-) delete mode 100644 0001-fix-test-failures.patch delete mode 100644 rails-html-sanitizer-1.4.2.gem create mode 100644 rails-html-sanitizer-1.4.3.gem create mode 100644 rubygem-rails-html-sanitizer-1.4.3-tests-libxml2-2_10_0-parsing-comments-change.patch diff --git a/0001-fix-test-failures.patch b/0001-fix-test-failures.patch deleted file mode 100644 index 6a7a2a6..0000000 --- a/0001-fix-test-failures.patch +++ /dev/null @@ -1,266 +0,0 @@ -From 4c9638008fdcfb4c71b1ed660f6ab6d120b7f02d Mon Sep 17 00:00:00 2001 -From: baizg1107 -Date: Thu, 14 Jul 2022 15:23:03 +0800 -Subject: [PATCH] fix test failures - ---- - lib/rails/html/sanitizer.rb | 19 +++++- - test/sanitizer_test.rb | 122 +++++++++++++++++++++++++++++++----- - 2 files changed, 124 insertions(+), 17 deletions(-) - -diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb -index 5633ca1..13fb963 100644 ---- a/lib/rails/html/sanitizer.rb -+++ b/lib/rails/html/sanitizer.rb -@@ -141,8 +141,25 @@ module Rails - - private - -+ def loofah_using_html5? -+ # future-proofing, see https://github.com/flavorjones/loofah/pull/239 -+ Loofah.respond_to?(:html5_mode?) && Loofah.html5_mode? -+ end -+ -+ def remove_safelist_tag_combinations(tags) -+ if !loofah_using_html5? && tags.include?("select") && tags.include?("style") -+ warn("WARNING: #{self.class}: removing 'style' from safelist, should not be combined with 'select'") -+ tags.delete("style") -+ end -+ tags -+ end -+ - def allowed_tags(options) -- options[:tags] || self.class.allowed_tags -+ if options[:tags] -+ remove_safelist_tag_combinations(options[:tags]) -+ else -+ self.class.allowed_tags -+ end - end - - def allowed_attributes(options) -diff --git a/test/sanitizer_test.rb b/test/sanitizer_test.rb -index 7938433..c6800a2 100644 ---- a/test/sanitizer_test.rb -+++ b/test/sanitizer_test.rb -@@ -2,6 +2,8 @@ require "minitest/autorun" - require "rails-html-sanitizer" - require "rails/dom/testing/assertions/dom_assertions" - -+puts Nokogiri::VERSION_INFO -+ - class SanitizersTest < Minitest::Test - include Rails::Dom::Testing::Assertions::DomAssertions - -@@ -12,13 +14,11 @@ class SanitizersTest < Minitest::Test - end - - def test_sanitize_nested_script -- sanitizer = Rails::Html::SafeListSanitizer.new -- assert_equal '<script>alert("XSS");</script>', sanitizer.sanitize('alert("XSS");/', tags: %w(em)) -+ assert_equal '<script>alert("XSS");</script>', safe_list_sanitize('alert("XSS");/', tags: %w(em)) - end - - def test_sanitize_nested_script_in_style -- sanitizer = Rails::Html::SafeListSanitizer.new -- assert_equal '<script>alert("XSS");</script>', sanitizer.sanitize('alert("XSS");/', tags: %w(em)) -+ assert_equal '<script>alert("XSS");</script>', safe_list_sanitize('alert("XSS");/', tags: %w(em)) - end - - class XpathRemovalTestSanitizer < Rails::Html::Sanitizer -@@ -54,7 +54,8 @@ class SanitizersTest < Minitest::Test - - def test_strip_tags_with_quote - input = '<" hi' -- assert_equal ' hi', full_sanitize(input) -+ expected = libxml_2_9_14_recovery? ? %{<" hi} : %{ hi} -+ assert_equal(expected, full_sanitize(input)) - end - - def test_strip_invalid_html -@@ -75,15 +76,21 @@ class SanitizersTest < Minitest::Test - end - - def test_remove_unclosed_tags -- assert_equal "This is ", full_sanitize("This is <-- not\n a comment here.") -+ input = "This is <-- not\n a comment here." -+ expected = libxml_2_9_14_recovery? ? %{This is <-- not\n a comment here.} : %{This is } -+ assert_equal(expected, full_sanitize(input)) - end - - def test_strip_cdata -- assert_equal "This has a ]]> here.", full_sanitize("This has a ]]> here.") -+ input = "This has a ]]> here." -+ expected = libxml_2_9_14_recovery? ? %{This has a <![CDATA[]]> here.} : %{This has a ]]> here.} -+ assert_equal(expected, full_sanitize(input)) - end - - def test_strip_unclosed_cdata -- assert_equal "This has an unclosed ]] here...", full_sanitize("This has an unclosed ]] here...") -+ input = "This has an unclosed ]] here..." -+ expected = libxml_2_9_14_recovery? ? %{This has an unclosed <![CDATA[]] here...} : %{This has an unclosed ]] here...} -+ assert_equal(expected, full_sanitize(input)) - end - - def test_strip_blank_string -@@ -414,8 +421,25 @@ class SanitizersTest < Minitest::Test - end - - def test_should_sanitize_div_background_image_unicode_encoded -- raw = %(background-image:\u0075\u0072\u006C\u0028\u0027\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0032\u0033\u0034\u0029\u0027\u0029) -- assert_equal '', sanitize_css(raw) -+ [ -+ convert_to_css_hex("url(javascript:alert(1))", false), -+ convert_to_css_hex("url(javascript:alert(1))", true), -+ convert_to_css_hex("url(https://example.com)", false), -+ convert_to_css_hex("url(https://example.com)", true), -+ ].each do |propval| -+ raw = "background-image:" + propval -+ assert_empty(sanitize_css(raw)) -+ end -+ end -+ -+ def test_should_allow_div_background_image_unicode_encoded_safe_functions -+ [ -+ convert_to_css_hex("rgb(255,0,0)", false), -+ convert_to_css_hex("rgb(255,0,0)", true), -+ ].each do |propval| -+ raw = "background-image:" + propval -+ assert_includes(sanitize_css(raw), "background-image") -+ end - end - - def test_should_sanitize_div_style_expression -@@ -433,11 +457,15 @@ class SanitizersTest < Minitest::Test - end - - def test_should_sanitize_cdata_section -- assert_sanitized "section]]>", "section]]>" -+ input = "section]]>" -+ expected = libxml_2_9_14_recovery? ? %{<![CDATA[section]]>} : %{section]]>} -+ assert_sanitized(input, expected) - end - - def test_should_sanitize_unterminated_cdata_section -- assert_sanitized "neverending...", "neverending..." -+ input = "neverending..." -+ expected = libxml_2_9_14_recovery? ? %{<![CDATA[neverending...} : %{neverending...} -+ assert_sanitized(input, expected) - end - - def test_should_not_mangle_urls_with_ampersand -@@ -488,7 +516,13 @@ class SanitizersTest < Minitest::Test - - text = safe_list_sanitize(html) - -- assert_equal %{test}, text -+ acceptable_results = [ -+ # nokogiri w/vendored+patched libxml2 -+ %{test}, -+ # nokogiri w/ system libxml2 -+ %{test}, -+ ] -+ assert_includes(acceptable_results, text) - end - - def test_uri_escaping_of_src_attr_in_a_tag_in_safe_list_sanitizer -@@ -498,7 +532,13 @@ class SanitizersTest < Minitest::Test - - text = safe_list_sanitize(html) - -- assert_equal %{test}, text -+ acceptable_results = [ -+ # nokogiri w/vendored+patched libxml2 -+ %{test}, -+ # nokogiri w/system libxml2 -+ %{test}, -+ ] -+ assert_includes(acceptable_results, text) - end - - def test_uri_escaping_of_name_attr_in_a_tag_in_safe_list_sanitizer -@@ -508,7 +548,13 @@ class SanitizersTest < Minitest::Test - - text = safe_list_sanitize(html) - -- assert_equal %{test}, text -+ acceptable_results = [ -+ # nokogiri w/vendored+patched libxml2 -+ %{test}, -+ # nokogiri w/system libxml2 -+ %{test}, -+ ] -+ assert_includes(acceptable_results, text) - end - - def test_uri_escaping_of_name_action_in_a_tag_in_safe_list_sanitizer -@@ -518,7 +564,13 @@ class SanitizersTest < Minitest::Test - - text = safe_list_sanitize(html, attributes: ['action']) - -- assert_equal %{test}, text -+ acceptable_results = [ -+ # nokogiri w/vendored+patched libxml2 -+ %{test}, -+ # nokogiri w/system libxml2 -+ %{test}, -+ ] -+ assert_includes(acceptable_results, text) - end - - def test_exclude_node_type_processing_instructions -@@ -529,6 +581,25 @@ class SanitizersTest < Minitest::Test - assert_equal("
text
text", safe_list_sanitize("
text
text")) - end - -+ def test_disallow_the_dangerous_safelist_combination_of_select_and_style -+ input = "" -+ tags = ["select", "style"] -+ warning = /WARNING: Rails::Html::SafeListSanitizer: removing 'style' from safelist/ -+ sanitized = nil -+ invocation = Proc.new { sanitized = safe_list_sanitize(input, tags: tags) } -+ -+ if html5_mode? -+ # if Loofah is using an HTML5 parser, -+ # then "style" should be removed by the parser as an invalid child of "select" -+ assert_silent(&invocation) -+ else -+ # if Loofah is using an HTML4 parser, -+ # then SafeListSanitizer should remove "style" from the safelist -+ assert_output(nil, warning, &invocation) -+ end -+ refute_includes(sanitized, "style") -+ end -+ - protected - - def xpath_sanitize(input, options = {}) -@@ -567,6 +638,25 @@ protected - Rails::Html::SafeListSanitizer.allowed_tags = old_tags - end - -+ # note that this is used for testing CSS hex encoding: \\[0-9a-f]{1,6} -+ def convert_to_css_hex(string, escape_parens=false) -+ string.chars.map do |c| -+ if !escape_parens && (c == "(" || c == ")") -+ c -+ else -+ format('\00%02X', c.ord) -+ end -+ end.join -+ end -+ -+ def libxml_2_9_14_recovery? -+ Nokogiri.method(:uses_libxml?).arity == -1 && Nokogiri.uses_libxml?(">= 2.9.14") -+ end -+ -+ def html5_mode? -+ ::Loofah.respond_to?(:html5_mode?) && ::Loofah.html5_mode? -+ end -+ - def scope_allowed_attributes(attributes) - old_attributes = Rails::Html::SafeListSanitizer.allowed_attributes - Rails::Html::SafeListSanitizer.allowed_attributes = attributes --- -2.27.0 - diff --git a/rails-html-sanitizer-1.4.2.gem b/rails-html-sanitizer-1.4.2.gem deleted file mode 100644 index aab9fa6cfb71613964858952d0c428b3067ed468..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16896 zcmeIZWo#x*lO<|DW@ct)W@c_PyUonZ%*@Qp%*@=j+sw?&%-(nI{V}V#(jDz;M>{{h zP)S*(P-aD(R2^k0;@Frt8yFin8_=710{vGR<3GmA$_n&v<3IKvMV!9_V3C4hw1-a z9|@u$fyB8<4FDil>RYx8jHtaY%IRB|)KVL8P-2FL>l5q^fz7Jg{tAbrWf2zE5F2Z1 z^zL~0!59aeQhtLIrxP>5&CN>ZPI9q*-u!+~ym9<;?+6NaHGh?DVjFDl)o?&e2%N%(;(+XO+p}BwzC9Z!7k(=MvHeTxn{Mqu?SiAoeK z2OYIr1wkddVxyxy;Tc@9D*}tOhQw`*$|P8gf#?sTNb3wSl0e z;jp3g!ADTkFg0?;7Xxku<2j7EYK^t@o4=?s5pwOqI(7=ULTD&e)@+{<%D?GWag=J- zQ1P=*wtvPQ?Tli<#_pj;`R_m7JZ!nuDuYi}kD0wly=7*p(nTNUmjf5>PP1D{1o;RR zE{|8c609dC8qLSRMFjJwT9kBNT$l!IbL%lOP(C7%%QFmrx4lI|+7edKM!{GQ*18SF zfSvi%re=z9t4gu%Ib|JVc=B-bdHXQ)`Z?`Kp{5lzHMse@vU>Y)IS-B8-nz3|vx3D1 zxjaPI9jMyuHV=fZ=bKpfs0Id)na`T*@Y3f+Z#t?nap+PylI0s?jf&gaSPT-5xBsnL zRa~}ha^)Rr5`4yXjE5ucXU+~ykBV%cASPwWAoiDj@alwbXF|h#401}HVoYqZ=^hS= z465>^hvhDlpvrYP5^jett-ZOpu-XA*%zV|BQ;83F{R94YT&hAbMUGHf1$tw*89RSO zO4`JFxTK+)k{Eb&5kllVU&SSs)nKjEK!rJLg~FeS38OS&h+vC}-!18VEcu%Bv2LLw zX$lWAwgVz$PK|ABg^ttfyZ=UjEYu9S%8fMy>)u-JCyUnRC88o&A6s^mivyKUvD<=? z3?FhVP`D;Djm|t06TP^4JI}GB)cLbmWOf#-%6dTJNPi!MSVYYd>$cErza0QA_F3-AhUa!?OW3x)Nk|Bi*B!u)Q zZ2#~)xjpF#D$2_;`UtCgY@65BT-((CF%bJS`O)!ed^-$#_Uziy)!ZMJ2zwyot**Nm#Et!_r9Eljx8Z*MSi-1Xl#TZ~M%LKw491hfi(mWJFnjRElyn68v{G0oFa40oyi`#!O z8c3~x*+~Ez`?n(XZ`kr;j7DBuwbd9x`q3J!=iZLF&y_q$Nc2sI8xXIbpg*ufSMCO=zaWtOVKwOvv*}tkaGo-Z+7fZP z+MxP<@CfhYPgqvMbioVl1Y5rGcv^8eE}eBHjM^4FCW9JKa>lO>C+$GsgP7p9y1<)O zH+(Sr%|Ul~VM1HLi;VkO`wkNnAtpqFkl3v~96%CWs3NyDh#X=_OSV88AN)mNkeg^` z`tCHwAr|^0^j-UDfnoy(o*-h;fGI68$1xoRMUd98cxuHC3f+UbkfNVRcSUyThWjP% zMe2-o1}X?$c-ij)6nxT}40hu*%{}A}KcQ4VEm$+eMcvb(6|f-;M>(t6)Z-s{T4R*K zF+sElGy<>tB_VnRn#HZrCZQ;QZikRQ)?RD~lK_p>{ zDwyCmPwbF~QC){f(So3~TlyS=uK7$Lcg+1|tc%tl!N{{!Gi%Or>ATkRymMK2inBlp&xmcnrkR4(r$I0lB`2n+6+GjWz+vXng(DVT>gX z{I}Hi!P}JeQoB&-jcm?#pS#q<1_s~p$GSUxA=fdu7+8|Y8=wg%M4c*vE^zJ${ZN%Z zZD@spye^|g&+GTX*Hr6m2f)TRB39`X9EC-*hbBhE;n=f4>$8Ngd~jAtF@@&Hu39xR z`g<0AP}S?uh!%Gpyn!8UxFD9YrL`NL@1ph-s01IEDQKE|Br!tUasER)Fw=bY-Bl>E z(*wmYz-C-%_RGK~#hVs@#TmhqHA^UNuQn8n5;7(j#_TJvrSR3XQzkrl)Sm-?7BkGa z&ua#+y|0D=i)&FjuPxusPWDx60jza)bD@hFc6RmUJlH(gkD;ZOJ^S|7MgtrEiy5rf z6w}}Eyt_DZ6et4W;U-}6H4C>-9>z71OXUc~aaFb9EzFQ4n9gaxiK?6K-hWJgoZs~Q z+-`1-Z^G&-e`?as{i?2(TB5((-i>>{bbdb2{kpyn=>=uumcU&!iZ-k!ZySK4*_zuY zx9t&3Cw{&J(7n(!UhRU8I+~S$=>ymJc5kbc3Pv<5jfrF_G}UTg1mvm zAQuiGW_d?j1<;sfFD}+)?hF}f+z+$ix z&{EqG&IGn-ZZ<=wNfS~aPUSlD8gU1>3j%4$u}qxs zJMcZI^%^@KkcHu44j@h!z7Lmo)%WFU9UeUU;XkdL`Ru$Z7{Fhtz`-}KnfJk&v+ z1HsLBQpA=orl9+*ODKeM_Rv;JoXE&<%l)%u=s&w4Duy%~-ls*qK`<-*FVezU!MT`M>!q}VuLJqioQY_UsYTSbB?GrR1Mss!ZA_q5sHGXLt2A81MKj&m!vred} z?XwF$SI5Wm$CaD|zE;1%ZG3{S#vjKUG8R|4-L^UXzU#bReowcF{NcOly|bIkQ?w1P z&z!H9@4ZQJlbg1-F)s>=%hU9$J`b<@zL&; zgCOL^Z~R3sRgWgOZkW>Bv+1a>ps$4;oXe%}GonFnFhRG~jhuspuPrwSp0UfTu7frS z3a{DE$%(zWz3;s$BXg6RzuS8jC|V(K{?&qT%7r(uG_%RW5GMua~nHxFMhs0 z6S@R=-J3yS4A0aMA3O~3&!Wn+6YB;i<5SLnJAsbc|{Nleq*<96%D9~U;;V5c@)~TDL-wvo?_)-`lX8yZR%g2JR+2#_icFwW#0$&mizg$oHts7}5v@u~K~Y zAY+_>h*)?`h1a1^sFSt zu71(hJuoF}=TH#0t*@gTb>X!#3t^gt5m>Bq~>z-4z8?4E-mbkkL{I+be0*wj zn4Olc8eaq*kkcpcevK7F^J`o6J2wZz-)aYT?co|TlS zBF!d#>S`BL5p0JL`REwV<^5F&SE{w_Pq6U{Y^yCs2^4$irJkq$v%=-D1%=lY+P)J5 znv15w8F{p`S`dQqy>>fGVk}IIOD4_ZIuh+jAx3{9i|73aZs96-3=r%r6GHA;1J7)N z-Vz0i(qjLD(|fiIolYM;!Ky8KvHQEg<%CR#c@og7l)!Hw&7>@VQ{`CDVU+@RD2oVS zLBwycY={l$Rz24YESc;EL2BZ^)*{r<54?APd6#g8Ry+$q4(t6PxJYtAIYuXPv@Li= z(^YxA8X+Z3px+cY+<`!nQ%X>yF_9}&EL7vR*!JIZIk4gZy)knyJ_4jrJ4k<@vnbHeYGVxn!!|!9xXXo0_Rsc`8=q8?!78 z!pDtZuc*i?WIuLJzc!9|Dv1_bvO--3Wd`Q@;JulSOO|6oLK0$TKBh}8Ngt`-@AS;X zjtyf;u2>_bAR7WWPNS@gn47rB+0o2jOtS5BkJzQs8JdsV-fMU4V(7-KI^^{DL?f-6 z?VooKEx>&O=_N8s@uN?RB*OSf6W)^_Y|nZZb^uU zNorulOF{CPA&+GF^y>vx{bT^j>OGaD4ty0;&{3#?p&iB8qdx)-X&OWG3i)l8_Mv~Y z(MNw!s1nZ1CP$k4;E!`AYx+?v5p0%sUH|A8FM41DD-a#RSO4uXz4K4Fp_&__NpUOC z_Y|ZQap=Gidj1s@O1+lgAdENLGGsUWZFcIG=y1uuDTm&XN1E|u!m>cv$mg}Hyg3@% zVWJ#IgVu4fE6JCq;)#)CR;)%kK|fIye4&4gPBrs)qOp;qJn$3y;jvIW+#a%b%pf#` zw!IiQilct6f%Etd2&sel0q|kuAv`x0W7+@mRp57|#~rY6_W69AzrZEB8*IOq1*$6F zYx6!}LId<{QE^X4xji^vY_Wor>Pc2`doYbH9+V3EONVDJ{1>Bm02#Gbp zcT}1#XLdNh;dgiK{BwH}mHA!8rKXm5-;-uY$Kh-J*PM4D`x%4HhM;`=^Lp?j?oA}6 zNFf#U%dX|8t+%r?;qJ$#*6-!VCrbcT3LcV9nu_Mh! z5s>&CdzfGB!&ssKO}mX--VITVs;vkc25zTj1xfQI`&p&J&IZkMIQuzLFpJHGx;gSC zUP(qkWjsOyrP;eNQs6su=uBSA7JnX%ZiP0wJY^K}Y{X97{o93x<}cF&BD zP0cZQ%4$2dJ5*m@V{UjThG+>$QVa z-rsH|@g`698?`o*qt2dknmd0+?7JU=Xn3HtRgl1%l+LX*pa^(z=aG(S{+%UckPudO z5ybfHiX+S+^T86F>sR%eDKzv~y!ZHtvvfN`V-o~{40abJqR^>wi z)p6q0ejGwEspo-sOjRg^)x{x=FqU2Xx9ad^pr$sE;&rXUA$3SVyrR{dI3lKt@QO^l zmK+2)IuPkk=q9OU;Tx*qBMU(08KNv{vcHk5E88%cH4>Nk6fcf=G(tQS+--aCQHSp5 z`Q1-k;=}db&&$Qf!o$-T|E7oQ-6YOCgdnpf^^s|i!;wpx zLZjxpLaDfa$a4G6dxOB4`i-qSG#4*?J6(j0y%z(dzE4Ps z`FfeFehmH)mHa_ zn5%w@?rdQcmHq0oR!)frb8P)b@El>xij2~pL9_NK{~z`@cjPTT`9}-`|Cx0Pq-_Pb z^690F^O#N8y0n(!XLY$Zo8YXk4B0)=KIsSdS|QJC_cS~;AGdeQH;X5J@65IV6n-CT zJ~{Rmd=eJkWjLa=-_2x~Cjhkh&53Iq6-A9JnGv;OMv%~&=_>UlclHn~s2S7N)Y}`1 zxfElWI(>|~_UcwNlcmWCW4GLR&L_iwj@jVEPx;%wi?rs(nY9b#yL_uPtMW;~WD##P zqI#GUJ|+9(DBM&MM(o+(&J)wmcHN$tFNgtpb9*Rq{q<=Gen;hx>Ld=u2yJ-uW#}Ob zMfPf5rj78oz|35Y05JWc_FR7^LW4ha1yr>emQBS(ZJV|L7*ZZLNUo?W!!JLL74&QL zuv22FDLBJc?a;gapD!(#1F ztGdDpNJ2G|;>D7JMET4y-mF=-_Ln-jBC*4)<9CKTapD%C!y1GQNtA1dUqZ^wTmjN} zP`kQ{&_uHarrE;K8=Id=sWSfvp~bs=f<_m~eEoYf{$ ze@^bLuBBfq^PCFDnPc02AufOE8;fa^8`6jsEd;tJb6x|vGpxDEYP(l%*o}0h$D-pc z9f8<7t-JN4dii)1279!wqf934SIxkW$gl_^!+_IHi?BhVVIRfN;gXlOy(obWI5Q9U z!;Ar@$H;Mz(oJ4SA?<99cYSbZq7ah(kHw%;jWQ81x&NF17->*CVXhzbA!L*B z3?LJmisV;4OdRnyhr!4S4d#=6f+fOT;l?3lV&bIWN2_OW*$v7Up`l_;kKG4r-`Trb zPpg%q!C-ls!tinWh5O&9$zaCJ#We2^pD6uJBG#taf>Z&IU+g$FjdR#IHBEEiI5vaA zJ_2j24dDI@c;(pj=ep;2eC%T^wgx@Ai*3mY^Pb`F7%)M=)rIWz zgxP9*lQE$0?t)mUCa3i%9n#71ESQ(Gu~u_b7rqL0>c{3O#IwIvXkdup1@z!PmtE0- z<~xZUxG&1hFf#j`pq%MUEGhY5jgiItDCNN?NbjVk?+uX zG`40VN^qE5_8DJa6OOnFQ=J44A%0Q4gy@?s$=sCCF1kv|H{~nyE&IIZ**vDQZxQ7* z>9$tfsz+}FFZoYr| z0)F~95l_;34wAl#L^k0{4;4pW__}}ej{BhZ-uFNJj!yhm)OU4ke{Q_KbWTKLGBQ^Cd$IykjTOnrXEo(65#n>_sh# z>eo~3X$loTIk`R%KYq_YWiz@GDu9&~qpsW~;-Aq?@ESErDIM%PG9j9@P~haAeTs1; z4?!oPOSKi2Iv#L!#3ymAJ}l`%;M>qs$*j$|7h5M=rVr;*a?o@hunKY(Iz)EEqK%*I zy*V0#QU5_Av#y${;-5H^H-tSmD0V7_p(F?)h*$ zahAZxB@HH%CzYsH*|_Ph{-G3C3${gf z(~0aDub{kwYox;G-hpv&_$gE3r`oaAAH%8`s_0)NIcrSM9WQ5u0XHKckM74z4X_9T z%YdgwOv|3BJ<79GF{YtzCKt1V^t~j;AQBp$3RQYw8C(LH1_4Qibe=Z0k5x6kii)Y6 z66dOrvF6m~a4;7wEBN%O$GO5?R7PmPFr^?XOAH{~W4FCRE`oBQBGbMX9rw%Qmq&^{ z4g>OAVkqvRk^8mHcP6{f#Jps+C{N4jbCw3By4 zHvHWk(Xxh-I~kN6q%4YGHA}^20pSs* z8E*3+;bmpd2s>A3!Q&?r@j(ncb^C+!eG>haN=5RUjI86C+8vYv8DO<{^|# zCnxQ>zINqCpw=4G7$|sk?thKi!kZk!Zd5Pl7&t^RtH)ry%~<6C7@tNIdL_n2EUvGn z%tOsoJr#S#(QN|l^X}bOj9R@kQEM0M4{qLyWm03UXw2(bc{oMZ1wj3d$hJs8HhrH=}jWE6CbH1$Ufnl<|k%pk+yS=Qv_>1qAl z=%jz0mwprbf^vq7Qkc8`UC07iJj=X-r8H<{3#R`Tw6qH0V^1qwR-U8s4F?BZAJ6sV z&RIVTxn|lWaKo`=SFIuANwwPK0oAHn6Q0L|$1U#Ttbg6RJ>VSSHAWF**|I$xUmcKA zNWx@RdGupaY}9&2>U-dAlhl*awCduC3>UNFv<@Z!2l1I!TEMcK#biO^pdlKV zu+U7NK$tmS57i=r#ZC@$l~db%!^0PwxUazLR8Ro&yP^Xf{_)Y~nW(H^5YeVaul;g) zSHr(~HRW;33rjBl0LdTRxAU6J_-Io)Ol%-yOnhbIahX$@g)yowYyl~^^usXewfM!m z6JOWFnpI7k1pdl@g=Mg9HIHaYw-zagFZK5!lgK9Z25)m@7%*G=d8tovQHK7xU$)i) zo2`aQZ6v=JcamfE5y*YXyMx%Lkaqp&=jx5D?HhgdXG23rbMp9SYt{SS=jUhR_y@D- zP}sD8_d);M#L3%K74kmGrly7CX2_!X?R!m=pu|Q}&t9WS=E+s1$b|UE+Xl#GE~CmEm_QV50BPgLX*NJZ%nGd|0T=H14h2*sU2^_oMSmI3HEx(MW+S3S*=v_Q1J7`?WAyK^0MK~)&z;{#70gNgK5 zGjjN_K9C4RtQ_G-9uY!C@gD06hI_G6TP~a7;Ws!E?6{E8$OWOeLVDBj3BE$}6Y)ND zG4*4)hFq87ESRfq)jLp0;KV-Rh5KQYN=c!vjZ1?X9?KVT+(+Kh)0l!(1Y}z)p#V?c zbY-@RXx=3&Q%K@^!ih16Y?zEDP^%TTuK|5%@njDFo$va3i~_sVx!woj3w9E37EHAR zrcs6^)<)T$wSUs{U1UnTQq-^spsZlO$BZB?!lqXx%u?+k7;(SsO18tW!<|9jt&jAp zrd0*P;O&j8ixRWXw$;-Y{yn$Yc_3R#NnEKDWFV}@%Uf?F8gSDo@~ErJEdm1Kv=su|16q-d(T8nC}Dh&FgR&t}q)!nOVvp0ye>T6yc9*Wq>$O|LbFJ$$E zj98&dU3@LYjXlGJ-#knM+_>fS8gMUbq>rL%nd`Oh_mSXALxOM8jN4s3*F};?hx(Cx zemI1n!%a7@yxZw>YVVD>9xs<}Gj!RN>Spp-&vZ$Te{SdcyO5cE)2F^WdQUi=bS%<{ zBsFbhQc9i>e3#5t$3eFY<6!mZ0DnJ%A)97f#M_~vgkTH3+h$(AI=H5YcKF&GIC4^x zFT~+lB&T5hveG=+Y$e@O5JW+9hA##*xj-KrWnt7)(<(3%17o}pS;^s`Q2%8BOH3?h z#Olw8m>oU1L*GeJ;FznZfuJ;*UV2EPS^;DSrYM)|usaxF%W3mh(`~W70o(m4me`1W z5`{W40X?zP+4LZ1G7;Qs3FqvkJk@W<-k7NmvCOQYd?j+!@TG|K(=Ce`sJ$RErygll zQEqrPjuGRylk5-{`+1sSh0AbrO2c)Xg*C`&7&|bqy>Z#XY$-0s;evXwF|8-5*c3hJ*A~|-WhWV z!GXmhr)Vk=S)OGQ9-n5_OBKzu56vVsVGn9HBrxlzS~`;&kk38Co~0=vBc03mm7d4( z2X9<6>}5$%2=-|>U26UTHw|}qI6S#Nu^-g1l5&Ui=MA_dlXxEnDpzExiq%1Ztw~h* zLql^}Q39q{L}57+HfgY&Ssk2aTy{u{XlHeijJh3n%a>T?e?Ff$I5=dx zo%&zKC#C;z=@aP`qiX5T_xHPdwyD)Um#Y?-{eC$GGQCh3z{DE-oi@Ge)CHU}2~B^{ z;RtNuVfliwl9 z7Zl~c#Amd0i}`EJR#prY0HHQt!WW~*SBtBHIr-0{!i;bdbJjT!hmMF z`~-a9Mop6!(RWFNFdcHl>%*0hoCTC@G(sm_FJn+^Ix4@Ot8oW>jNcOWb5pq(Rl za;i!ja$q@eaCeRPQPIYR){A@lvr}Z*RM^7H`xROV{-lyUWfTVJ=X}c&II>w#;bsNM&sGqm!r2Vsur# zCbPE1o2&$)t9w_4)9CV&d^bg;nVl2uu4;j;)(r_aso(E~L~|Jfh^X@hl^Y~t!Fb5( z?y+K!y2zUfh_H#=hb0v=Z`VcTr94!MNAZR-zgV#E!Ge{r8Z(E#-zhJK+9>zK6UR$s zxYMS1PTWamm!%9OO&%BT(eUT~t~uyy<9f!vz5mlDN{5~&Af!vsQuSME*t7FtE&o+S zz*DRv^hPF(G|8O%@6M%(7@~m#zMwXa6WPc7Rf{P zS3(G70d=~0aeDIpM)NP^$|wa;H0#UfG3}G1FKNH9*hw++vr3ndyLFlrh>T{sg|Y7A z(p=Zqothiz$|LngmZ=vSTs!l@0Dft5OP#I-7$32F?=+L0bD2ve+ViORBjoy4iej;`Zo#4sC>%sQ>;^RXOvE-iWaIej8q$pr3OvAYX0EI&0gn_Qy*o z@8%8pq&l3}CoCVGv6&RO_g?8d4HFWo?)zl^4JixihF$=H732XGx_f6S|LK~iR~00| zL_k|3Rc|$~7ja&5-f^yVImOIkl8dU32%n~^9%_FKZgxu9xeN~sMQuwjabNYHR<&Ge zPWhEay?y43t3vo~+v{BjR@V<>mhaZko!f&y)V^M!J8HKe_8mG=R@T@1W1-X%cItWi z5Y8v)JZ@bL|MueZCSK(6lasl^?AQ|E*@>o_kLA@4x0tl375#qGi{H^(M$?uLI2D#Q zf2(f!AvQVr?-=#`%(p`H(e-7EzI)3U=uW9bGuYj9GRP1@hLHMvGh33&h1(q>6Q|P| zz7Bk7Hv>;0zR_L;Z!^Dm7C>aImbL7A6D2pCl1opNwj(i|iv1e>$cIuebp5qvlQH}5 z#l|(<(I%|%QLsd5@j`*+wdwcI-hty&B#x>S=FXdzEM1h{6)xo?^%a5(@1*y*hk#UR z9`7(*)b+0%k;L4uU24QWaKdh<*4g4BrcD{%XSx{B$sflZ!vf3iW1BN*KB_}j%P*pP z!!waMTUpXOzgdeth`rGq=OOc8nx(L(JKB7%u}-!LPI6tYbr#Irui>V9b~l}-d;WA_ zlyg(2ec@^Al zwnC)p0`oG4+u1dG9@Y!vylO~KAfA&#hyI508OEN%eU*|D_S?})>igAc?atbF!=lVv zVK4&Zl;knn?)qxESP; zSqMxi^6d~L9rFY+F)~Tk_#R@}2T}sExT$%JcDHe-|6R#kS5Bv9nklt(Su5}JkM=dl z%I=z$afoFEX0W3>!4a}|&GN+vMFKyBNQ+=4X28Cbo|nb~Nw#@Ham?OYR5AXpiaM|y zaj^x`=4_2=M^b`VL(=P{D}By5u78WcKtAXh=PK@edkt}$CIRi&$`FColf=)5`+uE+`hFIE*ub#6)j{F;jPQ%Q`mfZ zB2gcQ$TA$Zs--VCSue?nVR>lrEzLL7cl#QZFm7SyLULzMsiWL zPV$6+b15wH{9JD#DKK82t-K=nO2qa`>NTveG@lQy8*sNWo zq&kwRi_D(!tx{$$z$Fh4ocrot;F#vloFtN3f*Zo@-WFh}EHBlKtxiAe_p14!w@Bd$ zBqhn4V1ynee7nhBu(rT9NKnBly6?NZwlj|~q=F7}*+*!EzDb~#+L^DgJ-DQ=XPK{lCeV>mb-&Elf zrpB^L0c6i(jpON{D#Q|3g@az_`&H9j3+l(pHO|Ug5iOE|sENEVm?4qDbgYZ8-CfgK zsRiGt!hP$6ycaDu|nvIj7N<~^~t*d=|~x_3>}`rFl&v7;+3s}K%L-I zGT0XZY){}M6Y2b}`a(_~=@RY%_h5&pLf95s`|KR0_XR9B8KLSKS(E5s!jOIx2gDTZ>|Tqsk;uAkQI8Z<&)7%$C(N1 zL$ayy)M7Kcn$khCe4x=aHXwm5o^~D`6#JHycY7`#=Gyah#zu9z_Kn(lE#goiwwZ>VaEnXg20$_lXKX-5Pa4E0e_;(64Khn)4OD9>0@V`GzlSPKktrBA4t-OD) zD<YzGb&gkf5Bf zYNXfO42U~@lWJ-?)sI5)W*0zi{GzE$FJ!zj8}Z^LO>g9v+Hpy=SCt`PE|XJRkbNU+ z4tyb0?5u?EI-J5}+wHmwS%KNMBH%%~QN+(5Te`-*UXLQXKv5_06E~_m5`Dx`~=jh$} zdE=P*sbYSU-lm#7$m;Ns)@wXkN>l1tMz`i$DHn(t7J|u$SIJ(IEFrV0&)dJ{yDm(!E4tYoM)R-({Jyg*K*Eq|n+F51TB7SaHcIs=qnPh5~FE4TpC_u=d7Q{jZr z(~|Xl-3$PWG8>9x>Yp<3^wuOrQ9h(A` z?9dFb6NBR`RSeOWfMqMHYvWkJ{SLI#m3DkLpYgW7TtE4f4zCPD+~`DtYFJJ44%pQM ztznWGtJ;Idp(7}?;Kfp*szs4VeA1d6JU-VW!+KCq%RB7g;7x6C_ylRa0+nY%ql86D&M@Ma zP9FfEd-rLqML_N+_vz>*UFg5j+uFK?NnRG*VauOX3;1je0)@IcjC91UUzz>T6r3+UtDTlH&_? zDt`9)ziJs;WD>7b^ z01)Q^={-dq!0*=<4=B*c@O-yC#o^odmcO#S(0=q}TT~A*84r6%Q1O8hH~Aqyksh4s zdTQ7*)tO{;s>KJd-81!%9P!cqW;&O{%a+T}*UiVyOCQ+xH^Dywke?qAAc;MOQ=rZN zL=Ey!L#>gOlZ%ZLy@!E~^?!{D=-;G~|3CUqMpicF|DgY5W#eG`m;UEJ*}DHD?tj<+ zm?ZEtq6$KaJ!psOb)u`#f)xPf`c{Hl)7?zw_t1BvX+p7iO_jl0?DwM~s1dw6Tw z(fxjA5b*WmMUa@}J`?pK5aiM@g2tP|aZbIUj_OBlUN|uES2d_|HN0Q?SoHj;lkchK zowx96UBzltqFp>D@d`Ub1R|-`4fB?e=J`_$SWRVrpZrt*a{yZcgJoK4p?Fk@e92Ee zy-CPoO>|u!+G#-FY;js2MW8Iu>$T-UVw{3}S>j(6&unF?E`eAu8X4m7n7-)*HRxV& zpqDo;(t+&C{NPME(VI6kZUWXioG7Q!rqiX?A;o~VL6;VwUX4O4(hiBP5M#Ebw!6Fe xx08!;h#2e+W@~$h0%^cjckcTYrOI zR^)otT2Dk()?;VpYGi8UYQ$jS4fG#nO#c`g8ynDn9sjX^KQgm%umUl&v9L3-aWb=V z{u9T{%ErzNM8xzTRnY(VTsIe2Bj|Dy3*bdIzkbY8)CHp(DkZ zwlf6<7DOuK{eEVDQ_XMUt5#=H3eF>8g%UE^h_*wdhs&dFL?w(FRO&>cJ(2?3l#*EE zefoX`mCXS~yO%G$JFN9DInUlkUr#>GF@2=eDIJUxp(5}n&$#$=bY-u~@YG?-CTWLF z;3R?@YNon$%a&WrQBEL0QmkZrO}cdk{%eO&tRiSKgdkn!gby zd@Hp|R8mDv_?xZ#3)@2uzaESC&$CGlN;>#>vAxPEA%`EQ3vn63KO!uK#Z~UOG}-50 zdGuExVf%E@y)I| zXvbOkU`^|ZA=imO=!UH#J1Ziq>4aI5p+PFx`pYi^aaDqZ1h_0F;YhhRM`Uy>xH_s% zhYDQ0Qx32-7(y=%FW&q5`kwWGilgR_HNmkX^KBPmb5d~B&cTXAOBsj#L1hz{6Mf!S&eYGKLPlME}WGCvgh)`KRmg-lUqT1 z89s_wc4{uZ+rg}Nkl!lCo)nFq5~vv@v*vI0lS8iQ8PZT?0Mir~5diXNHiXK7mtzg( za+TJf;IeR|UsD&?)akSr=?c27 z;oxBU_x#Vw$?`A$|36&P|E;utOCHG6!6Bnmsd@m$%gHZ5Mc zck*-HJ~Ek9dhQj`v>tNqbgOQIQ@#nWM$o_#(F_!H9-GG2=Zy_(AD7mz7G;1l1fk-TW$}+Ly#b?%~&8&Azz)Bkg&hyTGXP zuyy#^qbp(~1-&LVM_1iSHK6|IJ6y<{Z)P5;@6CN};a^5qgSan?MvQcbJjW1-G^x>N z?>M*K7Oh{VZg%+H{#TuthilztH>Nlc8VK1u`&3YrX#%blao1E?a=Jgkz(uHM;CmQ6 zwkV;?>CmpE1UmeFWN(F05idTF>Xocx? zt_;F7XQb?P4TiY5@tM~fKy2nJu-d4ainPcvpd?;wa26p!MC(pWQu(4x6@ja*VIinY zXZ~1SZ6d9<7N)a38SpucZpRSBaY*nni>rflX%k?59AB2*(!7WYC@!6jI-!v&)iaA!Prd@DgDDy8g0Ue_r8p!(z>6YSBorL)Cc z@da@pc1OC;KVU+L5uloek*4AM?q5_079w-ItrJdb(&f!c`MmDeTWh^?z&DjZi4mWH zUci4@WIOyEs}+jd<++>=O#ph_sau8^UhVK1wGJ<@H7ywqgAFT&DR93XG39NSgIMkz zW8roBcyc`fHW?-p?7=DSs1rA#2rWcR-G4)D^2O#HF%FJAj4*&C2KOLDR-=K@*x^iL z@dQOs)^j`Z#12WkLOYpbpV(Z*2XrEZ0*@l}qq=fbg!bMmudu@gL&c2CHt8}(m$YhR zJ@F#B4;yxDtA%IX3!Vy*R0kwKgqWJfY~iP!sD5CIn0?T}IDSikXdMd1=Rm`N?>gCL z&E3|I+h1i6M3Sf&WA$ll68#p~ElV&2Gd4Vj=!R$ljl+&iC+06LG{+@M3DgITm@VT_ z!VqW9;#ma}7s)mMpc~TSg)`5ay#k8(jd)LlgvJx3EO|HZWHN+Reyxvwh8?<3-!@CP zc_OKG|EtCsNCoFKL`5u55f_{T+HX#{E%?R_Nnf0cj%v{920j?~Y-jE1caUeN9FiA* zkqo%$YTyeHUio`~HZsfzst1cvJ-vXluhfS;OJD<8;NE;9E+Em8$IN6X3TF{$V}S_n z7rae!+@U9qn@%mP;r@C7bj=0~vekDdPk3j07Lc`^Mc%6SLx#%~93kXYDY^~-G)!nG zA!vBlWp3N!YuZF?ZXZWH21gD&$4wBM*dq(*iFLuNOFek*W_DS`N@@lK&H~b(o#L6? zdxk<~@`r102A`Z1vD(tr!`3mY+iBY0R6t9I(B7RO!4?;7Kth3&LueTH7XiGu&1Esb zvbWdBjvt>6>(#xP6oTL`&V0!VX>6n^rr(j^R-`n@sl9^^wT=G;Vu4S;M24IUH20Z)1PbTja$?;Z9U9G zMU(5ckj;zB)GeNN*vJ`=cyRFZO&HS)NB`MA_@L6N49oz6%;~zPQ7ViRy&yxHL|rhf zE9mz786GL3fMXB`cmt1$93D+5Eg;6*F*JGus2!z&K$T7tP}c6t4$P#)6kV@`SSXcO zh3C$cQ@C(svjmlfyD%f@uNG^fG+d!V+GgSvTT(E5M60anI15rrgrK)LjH76IHtWb; zGqFl=##97eBmbA=34NsrVjr5u->{qXbG6W3&H_}^cPuXYn#6J;bk8UhF-jW#N&;5H z4N_GxaE~WZmz&&O6(Y5my3#jTbou59YXz;AQm_aBhjC&#Gs;5+q9jQF4eUc58ayfi zOyk$#J#0SfE){jAPE&B|G$`e_e+6Wd#Cvp92Aok=OrtMmvNZsg14D_`GOhMd!b{A7 zxHO%hSMUqQzLQy1DI)df=!t=s-`DHm@)^Le$!qSAfDo|m)A$jLy*YljY1v@#BCk)_ z$7`f`VEM6ku86 zHm`WQhlJ&dxP}&(hsR>87`U++=FLd!;GW>FKRkb(|ML7I@9)r%?n4O)^+*o1ZSK&X zAph*XbL~Lb*nS(oLqKpV{K!ZH83E}7$(T@(y3N@QNhxQEo@LzKKY-}|>FpDcpS9r+ zxkiZW&l}+oAh6-{^d8#FzZK93ix{v|dv$B~)6+kl9V~x+<#5|;)quI_&}MM0Tq_dj zJkpRcaI?DF{TFIuGyKP0{uu$0Mld;dI3$_$bv;m@AeT%nV4HWxuHm}4*Mw|hx>y7# z;V2X*0u1Z||H_$4(z+}T3T<%rHr_);SO3cX7PQ8srUoM%@Yz@K9r7LT-fqyd{uMpe zANDNZ+1Zw<_rtlldmXSl_D%WMl8vEZBnd-}#>cgd}KBG5F)l|LVwcz zY_ruGSJ+>%4wdAnW_n`6D%s|Qv}PF=tcR$bVhCS`k_uy=ZZ#4piQtaig<6#x3Zc)9 zs+!%^foQ_k@~6m754|9fVQ)bEX$(79n6&B>@`@O_SNfQV3>EtVsG#0Zr(h>mP)|mh z#8a!J0{vpRd!no0*H-jc;-+Pdj6dvHaggkKcqGu1{!siY7x?@4m(QBduDbXgS1V)# z{dP;4n)UmfTbZwle>HZm(9h{WvrnxM;Weq{d+)gBym80rZq>mp#dFPufP1JJ7W%&a z^aW?OT(Q2Ek&a(DQObq35>>cm%=hmvqFutHuZM5T)CvLbw-y1lsLuT@&E(2cq5zyP zksRg;L(PQIIk_C!4;c#_&PHA}K)RS&>f90Bi&X@SEbqGh@$B~+tDx|Tp+=q9NeXVp zMIx*)Y#~c%bXR$ck2I}=QZ}`jf0LjMK8O%Rke|-!EZKl*I)HA!bCF$Why_FXM{j_$ z!asexzit#`Y6+{X9ey(%4X4-Dj^pn_i$Y(bHw5j)FWjN7a10eI%05_(CgpUy$J0gU zu#~x$G=!z!wo^*K<3T5`JFklj>(wAv?jA_s1Vd{OKp6woH4MLeA$-ZX!zZ7GpvVj+ zsqhzWD5mIzP4`9ar{yLs_hcm{Npd#_CMJPNa!N>Q)tz~xvQau0qpsm?d+I<(&Ad?mv6A=X( zQZ1S=sL`exOh&%(^Af0dP+cvFsY*vdZxt{!#Z7IUV7=7*hP6&|&O2t8%3y3gX@}5f zvXrA+b?~|oqVun{-6}P~;T$ z0Xp${DL%xEMG@}3bFV4Q$flveg>v<4E(#v06RMILtehI`^zlXJE=9f`B@aaYjqtPz zpMeow>XCOQN3;xH1acb&yAp?dNJOb}A&|iWpD9h4jG@J&15>tb#M|Y|=j;w!h?QYO zQP4bz0Q?fZ*VvLDM@o2TDo|GVtaFL$-V-DMp7F;9B4_BriahMYOHEt00*q<`9l*pR z(J9atp5Md&R_zoPzyNdj6O}UY_wl&MzCOh3lw1AGr8R<2{freSzLZCS6o@9&QDifI zmyUp`=~t<@XXyjOfh;1F85M&rOH01hf?}yXHK#JLUgsRU2Z)3aC;s@(SFLN}htzK^ zJq}iQlFjB1ze&5RiALKCr&1C;#=3<^snVAPPjPFps;inwqIE2sI=F z)I5E6)FJrbTc->oVpvAY0Tf1l91Kc%7D3UvnVx}fO@58P0G$LOe8@pF$Ng~o_K(f% zFZ&muAk?8S2W3^i`!?)Q%vz+ia`Nf+0#8_((N~m0KE=z)u(G38FdJ2xNYbU_2)zjRP<>xCYup(LnYp&d_52eL(3Hg@jQy zTvmSvngLnF(EY-$Wa|iN6kPy0QH%#K7n?(e^zW90thwdpaN%6Q0q3#(NulTmF)r$s zxwalK8DxMCpc!>k%d0}oh=i=wN(oX<^%UhW#BS;7g>ALIY%8d0BV6DaRuwq zk{5u~7L+gZfcC0R|Mk6owCbo<;}s_2v;pqNfDjH0MGX18f^ilS*K&MA=ZYS9ksUND zq3uVZge9IBT7jj$%Md@VqeGQ3MM z8fni=O8zwk>3cs}K_zD7sJqMjc2kh1TGNbZ<(h{rn<%&3o-Zwg)q_s+Vl^!&NI09| zW!UMQA3bi3)1{#(=fH>25%^pNoYu3Ae>o>s#=Q9TA-60kUom z!MjAnVqUNzP}ZSy5-UE(WZ&fBf91{6lvKvx4W0DcW~=&Pz-$czQxI(j9cH(b329?l z`v@vn4uADYxkUZxYyu?EbQej!h{8Uf1P)ljurk1rqZf*P(+HCl4qYNq1lN1Dyuqs| zv2Z}Ig~?B2y1(~39{}j<_%^utG1xt`J^A}HcX<2$)BdVc5c%`${&Dow=;drlaNWoK zX_jsqMwnHb*1$Z($-)gos#*J8sa!HJY`yaY%8TVr`^MfAp0kQXf||aGn6Equ+k?%0 zMHKn6Kp$nt^=ywd^bSJ{uob)>!1)zqG;+w(BWazBY9SdbZBPFDGB6k^0hZIDOr0-& zVrSj(Qz9C1o&VhEI>>YN=&6O|?YRNC55=dQA}i9ioWgEN>U7B+rTJ-g#Ahy#^-nB( zf^`$frFH%9lvX$(*BG`6s=^3v&0EIX$P`-2BWSr_*?}IS{3g*txA>as^Mv zZD%o{uIkm^ik0-gy)LgZUVAF~D+^$$T-|OudBwS&7{-4g@JF$xGs}90EY8FR0^G_-FR}{f3rv7AJ#BIUVr?--Q(NfOI#m;@ls&M_OcO{r-mz>x8DVnaj zmDjK1uiOb!c=WkTQ6SVtR5{%dF%6Hn5T9_NbB2cO6a>%JS=S4pfvNVZT!VpUHC($W z@>UD8VAqxLd*JoP)^qm!mRJ8If!n$Ff(h)qa>5>)ih*aF9iER^;O9RkCR<; za|YQ7+K#?vv(iM#@7Mh+mUu^tE|It3B!trpperd3cXzyAb=wgE^A`(IU<-@u^?a=k zkq%%#ImH27J2E#@PstGajPZzPe(Ud<{HEjp83D8fW6)#+Ie0%Y}?+e@HLsDEP~E z1zv3e`2iRiT2BlCku#_l6H`@Gkro4)8blGSV&(v-UCvYZm1CYb!WZYr(+O$BB$t>O zBhm*29JlC~Ww?)gfwBfrhf0btm}>@Zd4W-Ow!l_4LJ7ooY|@*og~;2!6E_de3W+SL zgaI^T=`r&@tH1FqO47Vb9iGBK`j;+}SQ>MWS#ZM*1S#zS3$hMQoIK2dQc?%#Uhnd4 zR@R+q`|g7WG(J5~{S_SkCUO5|>fO_E6w2|sbvmO$QawK}nu0|j8wQ-_R@4z$ie(CC zn`=hK#ttk2*wQQ*C<8uh2UfPNsA1an5>ZcBVvvVj4IRHCkTx2*X1o=@?%hoVJrs^A zXP8#zg3jVn2tJ#VyC|~cTpf=QX6mGtqY5foLO6i(rxBHOgPn+!jvd(CJEH;EWj&=( zd77Ndo|RI?ox5Q@Rm>t6h0bs-^Vh>V5(Wr|BcmqUpk4}je13w6W?IIzKC>pd;O=e1 zJq~Vt^F1lYj^Ux4CY09R;49OniTjLgY#(7sJiZMS*LH9faP>_X&aMfs=NNs}YRr2X zG#{G>%4I6JHaQ}j z%F|SEPiV`aM_eM@h%*wYq@B?VACVnlbZ-Sp}`qH*>}yx?Bxn z(8V#AQCQ9_qrgR)zf4%jm*O&zZOYogtxx6axmjGDMq`7I+UYoKlvu`^76RW?(^LsD z)a2rt)_D_gWl54$Q=SG!JX^G9RBe&q*(4JmUbB1a5wYF?+LGEr7Fch8>#_PxiGN-~ z>jlZ*1X0pY9?I=;!u3nD)G|jyi{VP}R2C6pC-5iOBp>*cQxBE?WRdy`P7D*!B*b0N ztF4T{ZJ*5R6RD6)HjH@r%crX7)@$)_s-UpLraNx)ss_IE0TTCqWAI2MYAje*%Kv7Q z(Q(q#ST`2q2nwh>teW{D6$$7ICA1X!=9GOY`v_Rs$Q{qU{m$y!m1LHozWwf&c1H*tlcB{CWHJGreo{jkz}B0;#H8Jv7V>PB_QiBR-}& zLr+;tMt?n`|A-J5`A8CFlR+tx$YEgxqkCLt8spol3_on0zEu+|o)~eyo<6cuw(7E! zlcFj_gE8v%*&<;bL$aP{nY8>`q6;FbZKoX3o;Pxth08 zVqM=tR|@26+$m8jZgrK&)?Cc34jf9FbrdzD7-XyOPb8jJoJ63MoW+Q!nS}I3HHOO4 z^94S8+nqkg9u8IDL88!KW5oWXZ3=&RwoBJk zB3#0Wbo(X+C(SQ0=gL`D8xTvK_)2WWJ$I}w66WFlwGQUe=-o*zd|!^ZgiKOIDapf0 zVxWMbVVPXFquJ^`5A;)tHTkV> zbs*s&*HOv$O(8h9uE4EjeWw~)^pEj6{!?&)6@EEd6Us~tO3_S3*oZ2Y3KmWza|F10>UoEvnkD#%z^B%$Ef&t4boD94TZpO;^8&w zmQu9+r)2x*B7(~Mh4p=U6n^le@(jl4QTXp|l@5i$GQ31(VNk1pMOj%}`ybZlD&Y_t z_ta?>t9W8s-Z`F82!sjo?=o(@?mT=RfBasj4j>JdtvXSHxpI3|!Q@~Uco4^j@P^pM zV&K<ZloL2tD+3CDVe2vVVw{jitSIQ^%R;cp~zGSzy2g*t(X{ zls%W1qvi?kL0N97=!Jaq$DEIUVp9>p!?H7Qw|n1~|LhDw3TzvrflM`#C$CemC_x+~8;5#y=~c=O7i;bqbur!BDr%xJaZtZ8i$8y$#nn0ln{q z`iNKH)Bi++fNM_Vyveh*IHERFXkO`8sQn|bS**MO_+~Lv@kh3UfQ-nQu!&sL(l=w7zxZNK3J-M&+)#9gLkA~<)!J}v4_w>;NEbx7t znhD4AbhyU1;n!)n$4W{fzeug{iqvXe=z;Nzt9o$!ykBFk=y54vb)Jx4pt_v`Uft|Z z7k_2N#i<)GGv^DUM*(I%`{&XzE~HZCyiSdGh*7p4TyjMjW2!!}2w4RuVGBhn`Iu0) zjWn>>)>)Deaj+;IOhg#gHfXH;kKYEl(c&)w2elKQg!^aUaXbj(8x>_R*#n8y{*Lrt zOAS=^>WEl#V~#`oetpOeZ>Dlm1xZOw)S$ZK$3|XLW!)KyNh#yx6e-=>qX>a#v8cKVXC0dsc=rgci3A~wP5+J zKmEh{THDh52L7DY)j(7B!B*W-pJm*XS$%}_pS$;v2bA)?-xS}UNp=0?p8?s|@~2K? zKkfG&kJ~>lc8~qCiq6EWd;1}dCl)RprVpUU$~|j?C1FoOdX|MT(Uc$Kg6aW%GxC5uosm zuJ(>ob7c3>mFk;(+XPf4J<-Klxte}ccK&W|t^IoNB{pI0aqdyp-V^J)o@6i*BfI?& z@0|7x52}>VQ4|$h1<{Y$EPaeHI1d|=787jj5|N z4x`r;toV5F^^6e>Ou75s=$4EegAG?biFKG>6>qCz*QRffMW{9-=7R>WM`DWVS7-1lZ{*wwrR1QL;A zUg5JrC`Mr5@!mfQLYBQb3f*sX%!8zDp4g&oJ}&}_WlnHbMbfjZ`9BVf>I~$gA~k6- z|MYI#O>4u9^IPP1ein*dg#DoFI0F$VCHCNr{MT7#f-K(B#R+kTZ;W{&%DMe_1R_@ZE>`oc~2O(5*k0s0Vk*{)pc!x=W&}tQYD`Ze*M|=)2Vkv)R>NP@y0FRriBv&!;u9|c@az=EnLs1W zmjVOtl1G5%lz}S^Rz90X4l8pRl)miNhd|+@Uhs_Vnc;|zE?lD1Kp|vk##$7skg|+K zcm-ELLYkra@a&75`7q0pDeK))7GK1mQ&(Z&_i66K9fXu2w@j_N`^%wx;Dnqd$pU-4 z(P9uu{K7;{WsGCPn!&@bfmSrHr}`m-Og2>8B;d*)LA4Gt-9iawsO6$74P~UdRe)wp zq?Sr9sj3ALriAr*{#r^?ai6rq`mI0K3NU9$0OT~u^=LdQltYoiM^cj*N`*+{@pW8A zjmLZK>(36Rdfw9UJ$eOMWAtBrcmqzhvt;v+ZN5FrhyHf74CP3dqJt_%xOETBM>ssJ zgu=~~TBou?Z|kN>!?bvzS?B3qA1&o`$f()B-YI@G*6K`!hG`?Q+wD)so=pCcM;God z@UCCoxLNAOa$zH)p9PTQs+=3?V@^c{;I{ypz0(@eu6U!KWNBq$+)96`7R)AwSU~x0 z=E#-HM=F7?wSvHb}i8vCZLc)nmbOQ1xZiZ35eHz&OY`?lDtLFX^Wn>hQa+-*iz#eG$?%FyOpLNEo23 zX3y0P4|B~_?qJ8*5swZp@zT})&NUvoEu6os+BjyCo>bM_+10;JaQeP!C0B@8;u9X z`!<7|Fe+@`908Y@2TYW4WOr8NGGXEfxVQpX0lFFY?z;ToMkG5ZaGjZ3H*N+OoLNCe@?c(IewJd#3b*_kr#B2# z5xpDqQk!)a4lo==rgJ}|uu@(D$m9o(7+%IXGCH`Z&Fym7mV|X09PZH+5r7h=;3AZ% zEN@`QU1O3A#vGiyB@Fm+=KgFdV$%?%?se=k20pyeZgJ_=DJ9J!ikL9)_9*iuwV{_W z-f!64W>=KF{TeP(7UnH7r-waEj)w26)|7WYGK|RRk5=V1@dyzRqR~H>rNFp2kX50L zpZi=;#m4d-1~O&2NJPSIKoH^wpG2xC>EU4vku60fKM+v zW00O97t5Ds!xf@x#H3*&V}tXAY6Dq&4^bip)Z1Q;z;Gc5PMXH{nLw>(cL7#7oIe>u zGZ(ED@kD~$6{A4>s1m@MnJtTf{dD%+XfRqKDEn1(DaNABUR4*BjzB@CWfEu@FpvyU8vGO1 z`O4o)U}6Bp0w&c9bUD-&6gEbN&5Kn`1+_Zxg04IluaYy>+QEh{BnZw0a-J3HTqY4p zRdj!~(Q8D)H3^y*=3SUy7Gbd2s3u2Y9BOhgb*zzTnJZj%%{*}iD5>{K<-KcVFXjVf z&HQgqF(}v1V!-5H_RwCeROQAdS|e^kprqQ1LCcrsgTWYN8`zE$X-@c|d3KJjF}yWu zN#6s(bCkIEO$3i{0lv0JM%NQF8J?`2ATCA2XM8pc#L?9kz+kC~rwitYLa?#vqE?L|37Y=)|mv2)R}Jen0u!r}dr5GLxj&l;QKYzQ($ zgLY}Z(rrZSk(E0asigan(k}1{WvlBZp%~AcIX?0OT}V9xK9>e zZ=g=O`tcl$HI-MNLy+nl^TeAc4TLo;082D2ioY1IK*f?CWnFJ1eWeo6?>tGD;$-tS zIZ$(%jw7bp;MnJBRUY~mtG3OW7pg1G5iUWgMU&NoHs$1&F&MaS_LcSXxFEUQa6*k7Wj%4JkmMvzoyQpx z^kqtv;7U9jh1_C(3^2c&-(AOPtMG(v@2$i|`a%_HMAQ@43<%BKUem zLG=RQHh8Gvw8M4De@=ate@ao7eqzZ_y?(Eb=Uz1b1q=0J_-7xoS?$Xmp2DocV@tay41ve2!V#co$R?Ij z5z}ULNHJ5J^;u<-siqe~(X6dqCv?umM8@`ujE|BeyZ`BOy~E+o)W~U}XC3eXk!6p2 z5vaXYt~%CeQklu0g?H!(1NBR3t8hDx=W9Wadc1(;%-(_?KzyXpk=-IrCO$MWTs-WR-LAZ=xpXM~?V%q{M1r?mLK2h62u zR*kE>ct$~=EMPmKip>g;Xo7hOiOw^f$ebcWT*Vu52Xz_$@I(9&?0TQTl-N>Hz*Y$eG;^)bw zJYR+Xd{61)ADVxL@G~e@sA)>Xuooztm)Fjc=Cd9i=Na-02G6URM)ZEJc&vdUoT6Ua zIWpK#AdI2RrR=1{eV9~vJ4&qSBhIgxWJK8$N09%B`dpkGlCu6~9m9B8RQrqyeLCs= zETep)R9+FnnZ5Z69JkH4BimPd$oc8n6TX{w(9Yox#K3te6*r6jx%T_`?0N(BGw^21 z@YJ4TL}w`?ccrIwuO?S|lQpHxLU`u^6SgGaLI720Pli#D-ZDDD;ElwT zt{28EXIvD5Kqg}FkIMZ1y=w^4#Kp*QwIbl+vF6W(m8arWf;bbEFu=3aaa$>}3Vq`> zrfa(K8IM5B^W>$*>?1q$ZsswIQqknt3(9hrt&miEM^|Abl1jZarJgoSi4vt_|=%10%@hA<2)H{Ae zmw`oLA(DjVijD{1rKS=otu;Qyd@`m7oYnNqx4ctb&AbMxQcNAnc-Qw~rN(V2KX*N4 zwfw?>nbPip8X+`K!3c{P7jdWduh`K+v>)Pf<@P1}-2e(*nS=5C>N*Er&h3A?00-iD zf`o;qwkjT+a+OT>T_Ul`@U0Q;Vu&IZ7n)A#KaVweyvvEiA&U~NG347cLlsbk?>&w} z*TS$^g=XTJ5~9YYsMvT(f2H`8hbG|c7y|iK23{A>wr6^3q*P)SD{JM01vDTB*gf&E zwFVfiR`6!CogavU znKK%SkOoT)WGW_wF?5U9j}pxGWl9!2P?5u;FUCS=be3}~Er6!}9_Eu)lmUUtZF{Y= z5}S()PHck+hDr+vS)mhrW(hWt7G~=NOlvvWBhZ?5=|Y_)$`!2uZIqY{(EX zlPc?;_~1#kb?cu4OWZM|2~cA=fm-fb4(D_@8;TLKvok3M*tet?YnKhJ7OEbEOd?k& zLYge!HuMYOI13@dLg;T%kOG$!oL*AP?5-?Rs|P%Ti}C2cL6|<}+Q9Lzu4c35lY;P= zVN(>S_zxa~g8}{+4pIn?(W{$H-jH=+fpH4cXmoy7!n~>I6>0IPaRVj9lMp7hy^D663h`b?B?i&yZ`A=8w8df$bR)8`v!I#s=JGDM2~a=TB2R z0+S6ttyQ)pHMjY9);D$h9v*j~YanOWvaE>}p2wRqYSC1?G}pw!JdV*Lwmm2rXDOx6 z%X+>XGi@cvuF{w^BvINHLJjxmOIND6LWTERr9LazTLXn4FCMJm*j)+@T!9PEe-^#-(8e z21#{Ojf+v(OS+~Tho5mtAO|Havz3;nBj6`J#T-VM7gpoTiAgI8IR2Oc+~GKl-!`M( zaynegGg$A>w&(k^AF7%NSXb_fSmd|Tw!gQwH8e4TY6KZJJaT1Ny{Eg zts0s#I_L!UFkWdJK`U#1uxWR*(UaQ4E)O*f(E*7LQ*_$dKO$Eo_UOgSYZNrjXCgR7qazX= zz@y$}YeOwPT;lWY_3uy}t3wXGL9fhIQ9RRXo(TCVLeuvqwcdW*s?$lCzQD^Y=W-Y% z7Tw6JOw3l1c1GXyuD>ZXL}*uqm%QaPw2}t}(1v)w`R6Zd(L)l($>5tw};f771A#az(r(C-~C~8 z$cG62G#&4s@L?qq3ZavLlBs-?{7wCv1v(QUvYKh)PwDS7whR-*zSueG*uN)}Mb!>T z@iy;ZB{6szg{u;J7@{=fh!LAXW^b;7po1h(_m%OilcBN1cl7w%Pc_`uUXpC%;I-=t z4jz_-F+yB|F=JG44F}&9)po(q%QP$sx$5G9R8%^7$J_KN&8_^FFiSN z=R!6dy3VbhWe0?EAmxdgQ!d5S3iiUZmNE<2fZ7uh)Y zGvWd0SEc(U4-qJaM=THWtneu-PI7OS1k~|K!_{_#rd~Iz)8q;(L_O~+ipC`sQ6EiX zOZXFiwZ*6(Uqm=0`75|0*^iO`UMVe!8s8>2zq!e2xD={UdTwrRn?}BNb@3x&?$`+> zGYI&Nm_0;T=akFFpf(8p`hmVwpXj5ec`RLI7OK%b9z_JN#8sX;y2D~6{JHy5R#0+A zKt1kx;ipmQUJ<;kiqUB6g;uv;fA6zS>tOgS5uNnp!Y63~tqmKr&RKFH4okgr@+PLu zHg;M0DSO^(w))vvd*p#Nq>_Skb*Z&@Kuj%rJ_m0?6T^3nF>q4$DZ(m4wTd)gR#J+( z_x+_>=o|175DCf*_!;>k%$+-Yl7IeAm>u7}{dvva{UK(&MCws-SCcq-)>1n^VE<=h zDylL(ErQgIlylaj)nZ~YWd3p?w!6> zyo}drqzWWu?b6|fxjJs6s0NbpiLh6Z_KRhlk$U7KSJ_A0iT9zy?XDAkAAfk7oy6!a zK(5PPzIKu^MYyy!Fk{2>49TB{hd66b_!Vt?jXp#EE3?8DD1W!{DcPC9X|B~JiX}zv zSgzVAGz$_~`HB%{;|*6I_L>4=+lnZX+i`3qwR)GHloGu9Sr9&TN8>X(V#4cYE-dhP z8)K*h6`ftNItiKT4u2E^%>dH$r%*G&6OSi8@}q(Sh7oRdXkxXRG42W_twVWhvISxy zfOaO;Hj=_Oh6m_%Hi0#eZ*vxTQtcdk8r1ow4-9~ z+i{#CO@gn?5W?JgQgl-ksdE3@pj%RGqGl@^=c{@we)=Ky8JGqLosh;u2Q+L;{(+s? zWM=^hUk7!X^-BNxm7<~IwJ-)PKDZON*t+4K9b_0N$bA1-Maf~ot@P4LD?QoXK)D3< zrFr>$ZpJGu@gRiG*n;76+CJI2-#_|D{s~J`MzMCo5&m{YAfklRU?KXw$@&ocp&dRm zG-BEtL}X3tS6rNs`NMtiRGIhOX_;&&XzA9V`j}?lkc)AfWQG!Yvn=}#AcXS2NE+ir zY@=!yEEp;FYU-#F%Plq3(mTUj1FHMGRdsjg>*&reRgagR&FNJkH#<2%&MRTby>CJe z&4aP1p}%>E8{lB<)1IT_6eVbRmdhxtK7yAQxEiP44(v^phf)#ZENd3l79{XwZ33Fg>T8JIjW~a%W=acZjIO20DfvqO%3YU0x9V zA=)l@cqMul)Ak53m7&{oXUKNbkYuA>Y0xF8Pqe;V5L#WF(=!_+kWf$yJ=4-s;jM}mifjv-~Zknb62q>YN{Xw>h!$-DCCb8-_ic}spa za%O;Nw>!!(@hC?6TyvTu@<*PZ#PQtzB-D@<;2QIXDWa#OO%*2n->(+PXSc#@l|NH=Ind!cF)ZV+; zmn_{$mhL0J<<~wE@bmHg^5qcK{{smG^z#D>G#rcx0J{3$l6L(s1)Er!nb^3v*|{)y z8QIzX$EX1Rt2FxmNB{lbeE(nlHyZ~t`@i&m|4R$_e;M>|`aiP-Ze>s=Bruo$Aws6o zU#%phq^ICMQIVm}BbSM}JlnphAVjr+vGH4`t?o-1)g|cXO6a#_#XxTJ*9P zN_p5~oD}r@v#@ZBa1X)|xQIYFGlU587x3@l+4MXqIYyBd50 ci>em{F9ZKy0{pM^e +Date: Wed, 17 Aug 2022 10:54:37 -0400 +Subject: [PATCH] tests: handle libxml 2.10.0 incorrectly-opened comment + parsing + +Related, see: + +- https://github.com/sparklemotion/nokogiri/pull/2625 +- https://gitlab.gnome.org/GNOME/libxml2/-/issues/380 +--- + test/sanitizer_test.rb | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/test/sanitizer_test.rb b/test/sanitizer_test.rb +index e3ce218..e83c54d 100644 +--- a/test/sanitizer_test.rb ++++ b/test/sanitizer_test.rb +@@ -54,7 +54,7 @@ def test_remove_xpaths_called_with_enumerable_xpaths + + def test_strip_tags_with_quote + input = '<" hi' +- expected = libxml_2_9_14_recovery? ? %{<" hi} : %{ hi} ++ expected = libxml_2_9_14_recovery_lt? ? %{<" hi} : %{ hi} + assert_equal(expected, full_sanitize(input)) + end + +@@ -77,19 +77,19 @@ def test_strip_tags_multiline + + def test_remove_unclosed_tags + input = "This is <-- not\n a comment here." +- expected = libxml_2_9_14_recovery? ? %{This is <-- not\n a comment here.} : %{This is } ++ expected = libxml_2_9_14_recovery_lt? ? %{This is <-- not\n a comment here.} : %{This is } + assert_equal(expected, full_sanitize(input)) + end + + def test_strip_cdata + input = "This has a ]]> here." +- expected = libxml_2_9_14_recovery? ? %{This has a <![CDATA[]]> here.} : %{This has a ]]> here.} ++ expected = libxml_2_9_14_recovery_lt_bang? ? %{This has a <![CDATA[]]> here.} : %{This has a ]]> here.} + assert_equal(expected, full_sanitize(input)) + end + + def test_strip_unclosed_cdata + input = "This has an unclosed ]] here..." +- expected = libxml_2_9_14_recovery? ? %{This has an unclosed <![CDATA[]] here...} : %{This has an unclosed ]] here...} ++ expected = libxml_2_9_14_recovery_lt_bang? ? %{This has an unclosed <![CDATA[]] here...} : %{This has an unclosed ]] here...} + assert_equal(expected, full_sanitize(input)) + end + +@@ -464,13 +464,13 @@ def test_should_sanitize_img_vbscript + + def test_should_sanitize_cdata_section + input = "section]]>" +- expected = libxml_2_9_14_recovery? ? %{<![CDATA[section]]>} : %{section]]>} ++ expected = libxml_2_9_14_recovery_lt_bang? ? %{<![CDATA[section]]>} : %{section]]>} + assert_sanitized(input, expected) + end + + def test_should_sanitize_unterminated_cdata_section + input = "neverending..." +- expected = libxml_2_9_14_recovery? ? %{<![CDATA[neverending...} : %{neverending...} ++ expected = libxml_2_9_14_recovery_lt_bang? ? %{<![CDATA[neverending...} : %{neverending...} + assert_sanitized(input, expected) + end + +@@ -663,10 +663,17 @@ def convert_to_css_hex(string, escape_parens=false) + end.join + end + +- def libxml_2_9_14_recovery? ++ def libxml_2_9_14_recovery_lt? ++ # changed in 2.9.14, see https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5 + Nokogiri.method(:uses_libxml?).arity == -1 && Nokogiri.uses_libxml?(">= 2.9.14") + end + ++ def libxml_2_9_14_recovery_lt_bang? ++ # changed in 2.9.14, see https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5 ++ # then reverted in 2.10.0, see https://gitlab.gnome.org/GNOME/libxml2/-/issues/380 ++ Nokogiri.method(:uses_libxml?).arity == -1 && Nokogiri.uses_libxml?("= 2.9.14") ++ end ++ + def html5_mode? + ::Loofah.respond_to?(:html5_mode?) && ::Loofah.html5_mode? + end diff --git a/rubygem-rails-html-sanitizer.spec b/rubygem-rails-html-sanitizer.spec index af3d13f..9380714 100644 --- a/rubygem-rails-html-sanitizer.spec +++ b/rubygem-rails-html-sanitizer.spec @@ -1,15 +1,15 @@ %global gem_name rails-html-sanitizer Name: rubygem-%{gem_name} -Version: 1.4.2 -Release: 2 +Version: 1.4.3 +Release: 1 Summary: This gem is responsible to sanitize HTML fragments in Rails applications License: MIT URL: https://github.com/rails/rails-html-sanitizer Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem -#From: https://github.com/rails/rails-html-sanitizer/commit/45a5c10fed3d9aa141594c80afa06d748fa0967d -Patch0: 0001-fix-test-failures.patch - +# https://github.com/rails/rails-html-sanitizer/pull/143 +# libxml2 2.10.x changes incorrectly opened comments parsing +Patch0: %{name}-1.4.3-tests-libxml2-2_10_0-parsing-comments-change.patch BuildRequires: ruby(release) BuildRequires: rubygems-devel BuildRequires: ruby @@ -21,6 +21,7 @@ BuildArch: noarch %description HTML sanitization for Rails applications. + %package doc Summary: Documentation for %{name} Requires: %{name} = %{version}-%{release} @@ -30,7 +31,8 @@ BuildArch: noarch Documentation for %{name}. %prep -%autosetup -n %{gem_name}-%{version} -p1 +%setup -q -n %{gem_name}-%{version} +%patch0 -p1 %build gem build ../%{gem_name}-%{version}.gemspec @@ -43,12 +45,6 @@ cp -a .%{gem_dir}/* \ %check pushd .%{gem_instdir} -sed -i '/def test_uri_escaping.*_in_a_tag_in_safe_list_sanitizer/,/^ end$/ { - s/<//g - }' \ - test/sanitizer_test.rb - ruby -Ilib -e 'Dir.glob "./test/**/*_test.rb", &method(:require)' popd @@ -66,6 +62,9 @@ popd %{gem_instdir}/test %changelog +* Mon Aug 14 2023 liqiuyu - 1.4.3-1 +- Upgrade to 1.4.3 + * Thu Jul 14 2022 baizhonggui - 1.4.2-2 - Fix test failures @@ -73,4 +72,4 @@ popd - Upgrade to 1.4.2 * Tue Aug 25 2020 huangyangke - 1.0.4-1 -- package init +- package init \ No newline at end of file -- Gitee