From f362b53c40b166b6e1fae1c38b00023d88e0cedd Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Fri, 29 May 2020 14:31:29 +0200
Subject: gnu: ruby-sanitize: Update to 5.1.0.

* gnu/packages/patches/ruby-sanitize-system-libxml.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ruby.scm (ruby-sanitize): Update to 5.1.0.
[source]: Change to GIT-FETCH.  Add patch.
[native-inputs]: Remove BUNDLER, RUBY-REDCARPET, and RUBY-YARD.
---
 .../patches/ruby-sanitize-system-libxml.patch      | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 gnu/packages/patches/ruby-sanitize-system-libxml.patch

(limited to 'gnu/packages/patches')

diff --git a/gnu/packages/patches/ruby-sanitize-system-libxml.patch b/gnu/packages/patches/ruby-sanitize-system-libxml.patch
new file mode 100644
index 0000000000..d19eb07294
--- /dev/null
+++ b/gnu/packages/patches/ruby-sanitize-system-libxml.patch
@@ -0,0 +1,38 @@
+Fix test failures that occur when nokogiri is using system libxml:
+
+  https://github.com/rgrove/sanitize/issues/198
+
+Taken from upstream:
+https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba
+
+diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
+index 2c23074..0756de0 100644
+--- a/test/test_malicious_html.rb
++++ b/test/test_malicious_html.rb
+@@ -135,6 +135,8 @@
+   # The relevant libxml2 code is here:
+   # <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
+   describe 'unsafe libxml2 server-side includes in attributes' do
++    using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system?
++
+     tag_configs = [
+       {
+         tag_name: 'a',
+@@ -166,6 +168,8 @@
+         input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
+ 
+         it 'should escape unsafe characters in attributes' do
++          skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
++
+           # This uses Nokogumbo's HTML-compliant serializer rather than
+           # libxml2's.
+           @s.fragment(input).
+@@ -191,6 +195,8 @@
+         input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
+ 
+         it 'should not escape characters unnecessarily' do
++          skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
++
+           # This uses Nokogumbo's HTML-compliant serializer rather than
+           # libxml2's.
+           @s.fragment(input).
-- 
cgit v1.2.3