fix: Work around a Nokogumbo 1.4.9 change that allows invalid doctypes.

icelab · Aug 23, 2016 · 82cb243 · 82cb243
1 parent 926df4a
commit 82cb243
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,5 +1,13 @@
 # Sanitize History
 
+## 4.2.0 (git)
+
+* Fixed: Nokogumbo >=1.4.9 changed its behavior in a way that allowed invalid
+  doctypes (like `<!DOCTYPE nonsense>`) when the `:allow_doctype` config setting
+  was `true`. Invalid doctypes are now coerced to valid ones as they were prior
+  to this Nokogumbo change.
+
+
 ## 4.1.0 (2016-06-17)
 
 * Added a new CSS config setting, `:import_url_validator`. This is a Proc or

diff --git a/lib/sanitize.rb b/lib/sanitize.rb
@@ -82,7 +82,6 @@ def initialize(config = {})
     # Default transformers always run at the end of the chain, after any custom
     # transformers.
     @transformers << Transformers::CleanComment unless @config[:allow_comments]
-    @transformers << Transformers::CleanDoctype unless @config[:allow_doctype]
 
     if @config[:elements].include?('style')
       scss = Sanitize::CSS.new(config)
@@ -95,6 +94,7 @@ def initialize(config = {})
     end
 
     @transformers <<
+        Transformers::CleanDoctype <<
         Transformers::CleanCDATA <<
         Transformers::CleanElement.new(@config)
   end

diff --git a/lib/sanitize/transformers/clean_doctype.rb b/lib/sanitize/transformers/clean_doctype.rb
@@ -3,10 +3,16 @@
 class Sanitize; module Transformers
 
   CleanDoctype = lambda do |env|
+    return if env[:is_whitelisted]
+
     node = env[:node]
 
     if node.type == Nokogiri::XML::Node::DTD_NODE
-      node.unlink unless env[:is_whitelisted]
+      if env[:config][:allow_doctype]
+        node.name = 'html'
+      else
+        node.unlink
+      end
     end
   end