Disable html injection #392
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Is there anything blocking this PR? We've been holding roo down to v2.3.2 for quite a while now due to problems caused by HTML injection in our importers, and we're getting a lot of deprecation warnings from ruby 2.4.1 in our tests. |
|
@edslocomb ... It is up to @stevendaniels to merge this pull request. I think that my tests and code is good. Don't know what else to do. |
|
OK, it looks like this gem is not actively maintained. For those who are experiencing bugs related to this, want to use the most recent version, and don't mind a monkeypatch to disable roo's html injection, try this: module Roo
class Excelx
class SharedStrings < Excelx::Extractor
def use_html?(_index)
false
end
end
end
endfor a Rails project, I suggest putting it in |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jan 20, 2019
pkgsrc change: add "USE_LANGUAGES= # none". ## [2.8.0] 2019-01-18 ### Fixed - Fixed inconsistent column length for CSV [375](roo-rb/roo#375) - Fixed formatted_value with `%` for Excelx [416](roo-rb/roo#416) - Improved Memory consumption and performance [434](roo-rb/roo#434) [449](roo-rb/roo#449) [454](roo-rb/roo#454) [456](roo-rb/roo#456) [458](roo-rb/roo#458) [462](roo-rb/roo#462) [466](roo-rb/roo#466) - Accept both Transitional and Strict Type for Excelx's worksheets [441](roo-rb/roo#441) - Fixed ruby warnings [442](roo-rb/roo#442) [476](roo-rb/roo#476) - Restore support for URL as file identifier for CSV [462](roo-rb/roo#462) - Fixed missing location for Excelx's links [482](roo-rb/roo#482) ### Changed / Added - Drop support for ruby 2.2.x and lower - Updated rubyzip version for fixing security issue. Now minimal version is 1.2.1 - Roo::Excelx::Coordinate now inherits Array [458](roo-rb/roo#458) - Improved Roo::HeaderRowNotFoundError exception's message [461](roo-rb/roo#461) - Added `empty_cell` option which by default disable allocation for Roo::Excelx::Cell::Empty [464](roo-rb/roo#464) - Added support for variable number of decimals for Excelx's formatted_value [387](roo-rb/roo#387) - Added `disable_html_injection` option to disable html injection for shared string in `Roo::Excelx` [392](roo-rb/roo#392) - Added image extraction for Excelx [414](roo-rb/roo#414) [397](roo-rb/roo#397) - Added support for `1e6` as scientific notation for Excelx [433](roo-rb/roo#433) - Added support for Integer as 0 based index for Excelx's `sheet_for` [455](roo-rb/roo#455) - Extended `no_hyperlinks` option for non streaming Excelx methods [459](roo-rb/roo#459) - Added `empty_cell` option to disable Roo::Excelx::Cell::Empty allocation for Excelx [464](roo-rb/roo#464) - Added support for Integer with leading zero for Roo:Excelx [479](roo-rb/roo#479) - Refactored Excelx code [453](roo-rb/roo#453) [477](roo-rb/roo#477) [483](roo-rb/roo#483) [484](roo-rb/roo#484) ### Deprecations - Roo::Excelx::Sheet#present_cells is deprecated [454](roo-rb/roo#454) - Roo::Utils.split_coordinate is deprecated [458](roo-rb/roo#458) - Roo::Excelx::Cell::Base#link is deprecated [457](roo-rb/roo#457)
|
NOTE: The actually-implemented option is called |
|
Thanks @cdlb-og, I've updated the OP. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
From the initial pull request on HTML importing
Comment on Disable HTML,
this is an attempt to add the ability to disable HTML injection.
To disable, the desired function would be: