Diff of the two buildlogs: -- --- b1/build.log 2023-04-07 22:07:13.093955420 +0000 +++ b2/build.log 2023-04-07 22:08:50.366713278 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Thu May 9 16:29:11 -12 2024 -I: pbuilder-time-stamp: 1715315351 +I: Current time: Sat Apr 8 12:07:17 +14 2023 +I: pbuilder-time-stamp: 1680905237 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/bookworm-reproducible-base.tgz] I: copying local configuration @@ -16,7 +16,7 @@ I: copying [./ruby-sanitize_6.0.0.orig.tar.gz] I: copying [./ruby-sanitize_6.0.0-1.1.debian.tar.xz] I: Extracting source -gpgv: Signature made Mon Feb 20 07:44:02 2023 -12 +gpgv: Signature made Tue Feb 21 09:44:02 2023 +14 gpgv: using RSA key 4644409808C171E05531DDEE054CB8F31343CF44 gpgv: issuer "carnil@debian.org" gpgv: Can't check signature: No public key @@ -31,11 +31,20 @@ dpkg-source: info: applying Always-remove-noscript-elements.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/27500/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D01_modify_environment starting +debug: Running on codethink12-arm64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +lrwxrwxrwx 1 root root 4 Jan 6 03:20 /bin/sh -> dash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME='pbuilder2' BUILD_ARCH='arm64' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=8' @@ -45,38 +54,38 @@ IFS=' ' LANG='C' - LANGUAGE='en_US:en' + LANGUAGE='nl_BE:nl' LC_ALL='C' MAIL='/var/mail/root' OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' + PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' - PPID='27500' + PPID='12600' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/pbuilderrc_PWvx --distribution bookworm --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/b1 --logfile b1/build.log ruby-sanitize_6.0.0-1.1.dsc' + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/pbuilderrc_DztI --distribution bookworm --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/b2 --logfile b2/build.log --extrapackages usrmerge ruby-sanitize_6.0.0-1.1.dsc' SUDO_GID='117' SUDO_UID='110' SUDO_USER='jenkins' TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' + TZ='/usr/share/zoneinfo/Etc/GMT-14' USER='root' USERNAME='root' _='/usr/bin/systemd-run' http_proxy='http://192.168.101.16:3128' I: uname -a - Linux codethink13-arm64 4.15.0-208-generic #220-Ubuntu SMP Mon Mar 20 14:28:12 UTC 2023 aarch64 GNU/Linux + Linux i-capture-the-hostname 4.15.0-208-generic #220-Ubuntu SMP Mon Mar 20 14:28:12 UTC 2023 aarch64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 May 7 04:48 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/27500/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 Apr 7 00:25 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -253,7 +262,7 @@ Get: 129 http://deb.debian.org/debian bookworm/main arm64 ruby-mini-portile2 all 2.8.1-1 [17.4 kB] Get: 130 http://deb.debian.org/debian bookworm/main arm64 ruby-pkg-config all 1.5.1-1 [8332 B] Get: 131 http://deb.debian.org/debian bookworm/main arm64 ruby-nokogiri arm64 1.13.10+dfsg-2+b1 [247 kB] -Fetched 45.8 MB in 6s (7224 kB/s) +Fetched 45.8 MB in 3s (17.4 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libpython3.11-minimal:arm64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19616 files and directories currently installed.) @@ -800,8 +809,17 @@ Writing extended state information... Building tag database... -> Finished parsing the build-deps +Reading package lists... +Building dependency tree... +Reading state information... +usrmerge is already the newest version (35). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. I: Building the package -I: Running cd /build/ruby-sanitize-6.0.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-sanitize_6.0.0-1.1_source.changes +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/A99_set_merged_usr starting +Re-configuring usrmerge... +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/A99_set_merged_usr finished +hostname: Temporary failure in name resolution +I: Running cd /build/ruby-sanitize-6.0.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-sanitize_6.0.0-1.1_source.changes dpkg-buildpackage: info: source package ruby-sanitize dpkg-buildpackage: info: source version 6.0.0-1.1 dpkg-buildpackage: info: source distribution unstable @@ -830,7 +848,7 @@ dh_prep -O--buildsystem=ruby dh_auto_install --destdir=debian/ruby-sanitize/ -O--buildsystem=ruby dh_ruby --install /build/ruby-sanitize-6.0.0/debian/ruby-sanitize -/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20240509-1598-7x425a/gemspec +/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20230408-24272-iy5gvo/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: open-ended dependency on nokogiri (>= 1.12.0) is not recommended if nokogiri is semantically versioned, use: @@ -840,7 +858,7 @@ Name: sanitize Version: 6.0.0 File: sanitize-6.0.0.gem -/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-sanitize/usr/share/rubygems-integration/all /tmp/d20240509-1598-7x425a/sanitize-6.0.0.gem +/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-sanitize/usr/share/rubygems-integration/all /tmp/d20230408-24272-iy5gvo/sanitize-6.0.0.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/ruby-sanitize-6.0.0/debian/ruby-sanitize/usr/share/rubygems-integration/all/gems/sanitize-6.0.0/lib/sanitize.rb /build/ruby-sanitize-6.0.0/debian/ruby-sanitize/usr/share/rubygems-integration/all/gems/sanitize-6.0.0/lib/sanitize/config.rb @@ -885,289 +903,289 @@ RUBYLIB=. GEM_PATH=/build/ruby-sanitize-6.0.0/debian/ruby-sanitize/usr/share/rubygems-integration/all:/build/ruby-sanitize-6.0.0/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.1.0:/var/lib/gems/3.1.0:/usr/local/lib/ruby/gems/3.1.0:/usr/lib/ruby/gems/3.1.0:/usr/lib/aarch64-linux-gnu/ruby/gems/3.1.0:/usr/share/rubygems-integration/3.1.0:/usr/share/rubygems-integration/all:/usr/lib/aarch64-linux-gnu/rubygems-integration/3.1.0 ruby3.1 -S rake -f debian/ruby-tests.rake /usr/bin/ruby3.1 -w -I"test" /usr/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/rake_test_loader.rb "test/test_clean_comment.rb" "test/test_clean_css.rb" "test/test_clean_doctype.rb" "test/test_clean_element.rb" "test/test_config.rb" "test/test_malicious_css.rb" "test/test_malicious_html.rb" "test/test_parser.rb" "test/test_sanitize.rb" "test/test_sanitize_css.rb" "test/test_transformers.rb" -v /usr/lib/aarch64-linux-gnu/rubygems-integration/3.1.0/gems/nokogiri-1.13.10/lib/nokogiri/version/info.rb:85: warning: possibly useless use of a variable in void context -Run options: -v --seed 37288 +Run options: -v --seed 32533 # Running: -Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.03 s = . -Sanitize::instance methods::#node!#test_0001_should sanitize a Nokogiri::XML::Node = 0.00 s = . +Sanitize::class methods::.node!#test_0001_should sanitize a Nokogiri::XML::Node with the given config = 0.02 s = . +Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . +Sanitize::instance methods::#fragment#test_0003_should not choke on fragments containing or = 0.00 s = . Sanitize::instance methods::#fragment#test_0007_should strip non-characters = 0.00 s = . +Sanitize::instance methods::#fragment#test_0001_should sanitize an HTML fragment = 0.01 s = . +Sanitize::instance methods::#fragment#test_0005_should normalize newlines = 0.00 s = . Sanitize::instance methods::#fragment#test_0002_should not modify the input string = 0.00 s = . Sanitize::instance methods::#fragment#test_0004_should not choke on frozen fragments = 0.00 s = . -Sanitize::instance methods::#fragment#test_0005_should normalize newlines = 0.00 s = . Sanitize::instance methods::#fragment#test_0006_should strip control characters (except ASCII whitespace) = 0.00 s = . -Sanitize::instance methods::#fragment#test_0001_should sanitize an HTML fragment = 0.00 s = . -Sanitize::instance methods::#fragment#test_0003_should not choke on fragments containing or = 0.00 s = . -Sanitize::initializer#test_0001_should not modify a transformers array in the given config = 0.00 s = . -Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . -Sanitize::class methods::.fragment#test_0001_should sanitize an HTML fragment with the given config = 0.00 s = . -Sanitize::instance methods::#document#test_0005_should strip control characters (except ASCII whitespace) = 0.00 s = . -Sanitize::instance methods::#document#test_0004_should normalize newlines = 0.00 s = . -Sanitize::instance methods::#document#test_0001_should sanitize an HTML document = 0.00 s = . +Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.06 s = . +Sanitize::class methods::.document#test_0001_should sanitize an HTML document with the given config = 0.00 s = . +Sanitize::instance methods::#document#test_0002_should not modify the input string = 0.00 s = . Sanitize::instance methods::#document#test_0003_should not choke on frozen documents = 0.00 s = . +Sanitize::instance methods::#document#test_0004_should normalize newlines = 0.00 s = . Sanitize::instance methods::#document#test_0006_should strip non-characters = 0.00 s = . -Sanitize::instance methods::#document#test_0002_should not modify the input string = 0.00 s = . -Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . -Sanitize::class methods::.node!#test_0001_should sanitize a Nokogiri::XML::Node with the given config = 0.00 s = . -Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.02 s = . +Sanitize::instance methods::#document#test_0005_should strip control characters (except ASCII whitespace) = 0.00 s = . +Sanitize::instance methods::#document#test_0001_should sanitize an HTML document = 0.01 s = . +Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . +Sanitize::instance methods::#node!#test_0001_should sanitize a Nokogiri::XML::Node = 0.00 s = . +Sanitize::class methods::.fragment#test_0001_should sanitize an HTML fragment with the given config = 0.00 s = . Sanitize::instance methods::#node!::when the given node is a document and isn't allowlisted#test_0001_should raise a Sanitize::Error = 0.00 s = . -Sanitize::class methods::.document#test_0001_should sanitize an HTML document with the given config = 0.00 s = . -Sanitize::CSS::functionality:::at_rules#test_0001_should remove blockless at-rules that aren't allowlisted = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0019_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0002_should clean basic HTML = 0.01 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0010_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0004_should clean unclosed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0006_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0007_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0020_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0011_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0016_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0015_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0017_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0005_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0009_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0003_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0008_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0003_forcibly escapes text content inside `` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0007_forcibly escapes text content inside `<script>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0009_forcibly escapes text content inside `<xmp>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0008_forcibly escapes text content inside `<script>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0002_forcibly escapes text content inside `<noembed>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0010_forcibly escapes text content inside `<xmp>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0004_forcibly escapes text content inside `<noframes>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0013_removes `<noscript>` elements in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0011_removes text content inside `<iframe>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0014_removes `<noscript>` elements in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0006_forcibly escapes text content inside `<plaintext>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0001_forcibly escapes text content inside `<noembed>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0016_removes `<style>` elements in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0012_removes text content inside `<iframe>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0005_forcibly escapes text content inside `<plaintext>` in a MathML namespace = 0.01 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0015_removes `<style>` elements in a MathML namespace = 0.00 s = . -Malicious HTML::<iframe>#test_0001_should not be possible to inject an iframe using an improperly closed tag = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when validating @import rules::with no validation proc specified#test_0001_should allow any URL value = 0.00 s = . -Transformers#test_0004_should allowlist nodes in the node allowlist = 0.00 s = . -Transformers#test_0001_should receive a complete env Hash as input = 0.00 s = . -Transformers#test_0003_should perform top-down traversal = 0.00 s = . -Transformers#test_0006_should accept a method transformer = 0.00 s = . -Transformers#test_0002_should traverse all node types, including the fragment itself = 0.00 s = . -Transformers#test_0005_should clear the node allowlist after each fragment = 0.00 s = . -Transformers::DOM modification transformer#test_0001_should allow the <b> tag to be changed to a <strong> tag = 0.00 s = . -Sanitize::Transformers::CSS::CleanAttribute#test_0001_should sanitize CSS properties in style attributes = 0.00 s = . -Sanitize::Transformers::CSS::CleanAttribute#test_0002_should remove the style attribute if the sanitized CSS is empty = 0.00 s = . -Sanitize::Transformers::CSS::CleanElement#test_0002_should remove the <style> element if the sanitized CSS is empty = 0.00 s = . +Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.04 s = . +Sanitize::initializer#test_0001_should not modify a transformers array in the given config = 0.01 s = . +Malicious HTML::<body>#test_0001_should not be possible to inject JS via a malformed event attribute = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0010_should not preserve the content of removed `script` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0021_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0025_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0029_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0007_should not preserve the content of removed `noframes` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0017_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0032_should not allow protocol whitespace = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0030_should not allow protocol-based JS injection: invalid URL char = Sanitize::Transformers::CleanElement::Default config#test_0012_should not preserve the content of removed `svg` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0015_should clean malformed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0006_should not preserve the content of removed `noembed` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0002_should surround the contents of :whitespace_elements with space characters when removing the element = 0.01 s = . +Sanitize::Transformers::CleanElement::Default config#test_0003_should not choke on several instances of the same element in a row = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0004_should not preserve the content of removed `iframe` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0031_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0009_should not preserve the content of removed `plaintext` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0014_should clean basic HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0008_should not preserve the content of removed `noscript` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0028_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0020_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0001_should remove non-allowlisted elements, leaving safe contents behind = 0.01 s = . +Sanitize::Transformers::CleanElement::Default config#test_0005_should not preserve the content of removed `math` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0016_should clean unclosed HTML = 0.01 s = . +Sanitize::Transformers::CleanElement::Default config#test_0019_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0024_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0027_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0022_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0011_should not preserve the content of removed `style` elements = 0.00 s = . +Malicious HTML::comments#test_0001_should not allow script injection via conditional comments = 0.01 s = . +Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0001_should not remove them = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0002_should remove them if they have invalid blocks = 0.00 s = . Sanitize::Transformers::CSS::CleanElement#test_0001_should sanitize CSS stylesheets in <style> elements = 0.01 s = . -Parser#test_0004_should not have the Nokogiri 1.4.2+ unterminated script/style element bug = 0.00 s = . -Parser#test_0005_ambiguous non-tag brackets like "1 > 2 and 2 < 1" should be parsed correctly = 0.00 s = . -Parser#test_0001_should translate valid entities into characters = 0.00 s = . -Parser#test_0002_should translate orphaned ampersands into entities = 0.00 s = . -Parser#test_0003_should not add newlines after tags when serializing a fragment = 0.00 s = . -Malicious HTML::interpolation (ERB, PHP, etc.)#test_0001_should escape ERB-style tags = 0.00 s = . -Malicious HTML::interpolation (ERB, PHP, etc.)#test_0002_should remove PHP-style tags = 0.00 s = . +Sanitize::Transformers::CSS::CleanElement#test_0002_should remove the <style> element if the sanitized CSS is empty = 0.01 s = . +Sanitize::Transformers::CSS::CleanAttribute#test_0001_should sanitize CSS properties in style attributes = 0.00 s = . +Sanitize::Transformers::CSS::CleanAttribute#test_0002_should remove the style attribute if the sanitized CSS is empty = Sanitize::Transformers::CleanElement::Default config#test_0023_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . +Sanitize::CSS::instance methods::#tree!#test_0001_should sanitize a Crass CSS parse tree = 0.00 s = . Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0005_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0016_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0010_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0008_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0009_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0004_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0003_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0013_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0015_should not escape characters unnecessarily = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0002_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0012_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0014_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0006_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes = 0.00 s = S -Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0006_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0007_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0010_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0018_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0003_should clean basic HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0009_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0017_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0014_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0002_should downcase attribute names = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0015_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0019_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0020_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0016_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0008_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0001_should not choke on valueless attributes = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0021_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0004_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0011_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0005_should clean unclosed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0012_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Malicious HTML::<body>#test_0001_should not be possible to inject JS via a malformed event attribute = 0.00 s = . -Malicious HTML::foreign content bypass in relaxed config#test_0001_prevents a sanitization bypass via carefully crafted foreign content = 0.01 s = . +Sanitize::Transformers::CleanComment::when :allow_comments is true#test_0001_should allow comments = 0.00 s = . +Transformers::YouTube transformer#test_0001_should allow HTTP YouTube video embeds = 0.01 s = . +Transformers::YouTube transformer#test_0002_should allow HTTPS YouTube video embeds = 0.00 s = . +Transformers::YouTube transformer#test_0003_should allow protocol-relative YouTube video embeds = 0.00 s = . +Transformers::YouTube transformer#test_0005_should not allow non-YouTube video embeds = 0.00 s = . +Transformers::YouTube transformer#test_0004_should allow privacy-enhanced YouTube video embeds = 0.00 s = . +Malicious HTML::<script>#test_0002_should not be possible to inject <script> via extraneous open brackets = 0.01 s = . +Malicious HTML::<script>#test_0001_should not be possible to inject <script> using a malformed non-alphanumeric tag name = 0.00 s = . +Sanitize::CSS::class methods::.stylesheet#test_0001_should sanitize a CSS stylesheet with the given config = 0.02 s = . +Sanitize::CSS::functionality#test_0001_should parse the contents of @media rules properly = 0.02 s = . +Sanitize::CSS::functionality#test_0002_should parse @page rules properly = 0.00 s = . +Parser::when siblings are added after a node during traversal#test_0001_the added siblings should be traversed = 0.01 s = . Config::.merge#test_0001_should deeply merge a configuration Hash = 0.00 s = . Config::.merge#test_0002_should raise an ArgumentError if either argument is not a Hash = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0014_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0004_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0013_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0017_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Config#test_0001_built-in configs should be deeply frozen = Sanitize::Transformers::CleanElement::Default config#test_0026_should not allow protocol-based JS injection: hex encoding = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0003_should not allow doctype definitions in fragments = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0001_should allow doctype declarations in documents = 0.01 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0002_should not allow obviously invalid doctype declarations in documents = 0.01 s = . +Config::.freeze_config#test_0001_should deeply freeze and return a configuration Hash = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0005_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0009_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0019_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0002_should clean malformed HTML = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0007_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0008_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0019_should not allow protocol whitespace = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0006_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0011_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0001_should clean basic HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0013_should not allow protocol-based JS injection: hex encoding = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0016_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0017_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0003_should clean unclosed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0008_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0014_should not allow protocol-based JS injection: long hex encoding = 0.01 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0018_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0006_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0004_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0002_should clean malformed HTML = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0015_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0009_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0001_should clean basic HTML = 0.01 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0010_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0003_should clean unclosed HTML = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0006_should not allow behaviors = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0005_should not allow expressions = 0.01 s = . -Sanitize::CSS::instance methods::#properties#test_0003_should not allow non-allowlisted URL protocols = 0.01 s = . -Sanitize::CSS::instance methods::#properties#test_0002_should allow allowlisted URL protocols = 0.01 s = . -Sanitize::CSS::instance methods::#properties#test_0001_should sanitize CSS properties = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0004_should not allow -moz-binding = 0.00 s = . -Sanitize::CSS::class methods::.tree!#test_0001_should sanitize a Crass CSS parse tree with the given config = 0.00 s = . -Sanitize::CSS::class methods::.stylesheet#test_0001_should sanitize a CSS stylesheet with the given config = 0.01 s = . -Malicious HTML::<img>#test_0004_should not be possible to inject protocol-based JS = 0.00 s = . -Malicious HTML::<img>#test_0006_should not be possible to inject JS using a half-open <img> tag = 0.00 s = . -Malicious HTML::<img>#test_0002_should not be possible to inject JS using grave accents as <img> src delimiters = 0.00 s = . -Malicious HTML::<img>#test_0001_should not be possible to inject JS via an unquoted <img> src attribute = 0.00 s = . -Malicious HTML::<img>#test_0003_should not be possible to inject <script> via a malformed <img> tag = 0.00 s = . -Malicious HTML::<img>#test_0005_should not be possible to inject protocol-based JS via whitespace = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0002_should not allow obviously invalid doctype declarations in documents = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0003_should not allow doctype definitions in fragments = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0001_should allow doctype declarations in documents = 0.00 s = . -Config#test_0001_built-in configs should be deeply frozen = 0.01 s = . -Config::.freeze_config#test_0001_should deeply freeze and return a configuration Hash = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . +Transformers#test_0005_should clear the node allowlist after each fragment = 0.00 s = . +Transformers#test_0001_should receive a complete env Hash as input = 0.00 s = . +Transformers#test_0003_should perform top-down traversal = 0.00 s = . +Transformers#test_0004_should allowlist nodes in the node allowlist = 0.00 s = . +Transformers#test_0006_should accept a method transformer = 0.00 s = . +Transformers#test_0002_should traverse all node types, including the fragment itself = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when validating @import rules::with no validation proc specified#test_0001_should allow any URL value = 0.00 s = . +Sanitize::CSS::instance methods::#properties::when :allow_comments is false#test_0001_should strip comments = 0.01 s = . +Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0003_forcibly escapes text content inside `<noframes>` in a MathML namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0009_forcibly escapes text content inside `<xmp>` in a MathML namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0001_forcibly escapes text content inside `<noembed>` in a MathML namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0004_forcibly escapes text content inside `<noframes>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0016_removes `<style>` elements in an SVG namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0002_forcibly escapes text content inside `<noembed>` in an SVG namespace = Sanitize::Transformers::CleanElement::Default config#test_0013_should not preserve the content of removed `xmp` elements = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0007_forcibly escapes text content inside `<script>` in a MathML namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0010_forcibly escapes text content inside `<xmp>` in an SVG namespace = Sanitize::Transformers::CleanElement::Default config#test_0018_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0013_removes `<noscript>` elements in a MathML namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0005_forcibly escapes text content inside `<plaintext>` in a MathML namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0008_forcibly escapes text content inside `<script>` in an SVG namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0011_removes text content inside `<iframe>` in a MathML namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0015_removes `<style>` elements in a MathML namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0006_forcibly escapes text content inside `<plaintext>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0012_removes text content inside `<iframe>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0014_removes `<noscript>` elements in an SVG namespace = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0004_should clean unclosed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0007_should not allow protocol-based JS injection: simple, spaces before = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0011_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0016_should not allow protocol-based JS injection: hex encoding without semicolons = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0017_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0001_should encode special chars in attribute values = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0006_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0015_should not allow protocol-based JS injection: long hex encoding = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0019_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0008_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0002_should clean basic HTML = Malicious HTML::<iframe>#test_0001_should not be possible to inject an iframe using an improperly closed tag = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0003_should clean malformed HTML = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0009_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0020_should not allow protocol whitespace = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0005_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0010_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0014_should not allow protocol-based JS injection: hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0018_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Malicious HTML::foreign content bypass in relaxed config#test_0001_prevents a sanitization bypass via carefully crafted foreign content = 0.02 s = . +Parser#test_0001_should translate valid entities into characters = 0.00 s = . +Parser#test_0002_should translate orphaned ampersands into entities = 0.00 s = . +Parser#test_0003_should not add newlines after tags when serializing a fragment = 0.00 s = . +Parser#test_0005_ambiguous non-tag brackets like "1 > 2 and 2 < 1" should be parsed correctly = 0.00 s = . +Parser#test_0004_should not have the Nokogiri 1.4.2+ unterminated script/style element bug = 0.00 s = . +Transformers::Image allowlist transformer#test_0001_should allow images with relative URLs = 0.02 s = . +Transformers::Image allowlist transformer#test_0002_should allow images at the example.com domain = 0.02 s = . +Transformers::Image allowlist transformer#test_0003_should not allow images at other domains = Sanitize::CSS::instance methods::#properties::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . +Malicious CSS#test_0002_should not be possible to inject an expression by munging it with a newline = 0.00 s = . +Malicious CSS#test_0003_should not allow the javascript protocol = 0.00 s = . +Malicious CSS#test_0004_should not allow behaviors = 0.00 s = . +Malicious CSS#test_0001_should not be possible to inject an expression by munging it with a comment = 0.01 s = . +Sanitize::CSS::instance methods::#properties::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . Sanitize::Transformers::CleanComment::when :allow_comments is false#test_0001_should remove comments = 0.00 s = . -Transformers::Image allowlist transformer#test_0003_should not allow images at other domains = 0.00 s = . -Transformers::Image allowlist transformer#test_0001_should allow images with relative URLs = 0.00 s = . -Transformers::Image allowlist transformer#test_0002_should allow images at the example.com domain = 0.00 s = . -Sanitize::CSS::instance methods::#tree!#test_0001_should sanitize a Crass CSS parse tree = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0001_should allow a google fonts url = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0002_should not allow a nasty url = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0003_should not allow a blank url = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0001_should not remove them = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0002_should remove them if they have invalid blocks = 0.00 s = . -Parser::when siblings are added after a node during traversal#test_0001_the added siblings should be traversed = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_comments is false#test_0001_should strip comments = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0004_should allow relative URLs containing colons when the colon is part of an anchor = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0015_should not modify `<meta>` tags that already set a UTF-8 charset = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0007_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as symbols = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0011_should replace whitespace_elements with configured :before and :after values = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0009_should not allow arbitrary HTML5 data attributes by default = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0013_should sanitize protocols in data attributes even if data attributes are generically allowed = 0.01 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0005_should remove the contents of filtered nodes when :remove_contents is true = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0004_should allow relative URLs containing colons when the colon is part of an anchor = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0010_should allow arbitrary HTML5 data attributes when the :attributes config includes :data = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0015_should not modify `<meta>` tags that already set a UTF-8 charset = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0003_should allow relative URLs containing colons when the colon is not in the first path segment = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0012_should handle protocols correctly regardless of case = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0005_should remove the contents of filtered nodes when :remove_contents is true = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0016_always removes `<noscript>` elements even if `noscript` is in the allowlist = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0014_should prevent `<meta>` tags from being used to set a non-UTF-8 charset = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0001_should allow attributes on all elements if allowlisted under :all = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0013_should sanitize protocols in data attributes even if data attributes are generically allowed = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0014_should prevent `<meta>` tags from being used to set a non-UTF-8 charset = 0.01 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0008_should remove the contents of allowlisted iframes = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0003_should allow relative URLs containing colons when the colon is not in the first path segment = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0006_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as strings = 0.00 s = . Sanitize::Transformers::CleanElement::Custom configs#test_0002_should not allow relative URLs when relative URLs aren't allowlisted = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0007_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as symbols = 0.00 s = . -Malicious HTML::sanitization bypass by exploiting scripting-disabled <noscript> behavior#test_0001_is prevented by removing `<noscript>` elements regardless of the allowlist = 0.00 s = . -Transformers::YouTube transformer#test_0001_should allow HTTP YouTube video embeds = 0.00 s = . -Transformers::YouTube transformer#test_0005_should not allow non-YouTube video embeds = 0.00 s = . -Transformers::YouTube transformer#test_0002_should allow HTTPS YouTube video embeds = 0.00 s = . -Transformers::YouTube transformer#test_0003_should allow protocol-relative YouTube video embeds = 0.00 s = . -Transformers::YouTube transformer#test_0004_should allow privacy-enhanced YouTube video embeds = 0.00 s = . -Malicious CSS#test_0002_should not be possible to inject an expression by munging it with a newline = 0.00 s = . -Malicious CSS#test_0003_should not allow the javascript protocol = 0.00 s = . -Malicious CSS#test_0004_should not allow behaviors = 0.00 s = . -Malicious CSS#test_0001_should not be possible to inject an expression by munging it with a comment = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0008_should not preserve the content of removed `noscript` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0013_should not preserve the content of removed `xmp` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0029_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0016_should clean unclosed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0005_should not preserve the content of removed `math` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0002_should surround the contents of :whitespace_elements with space characters when removing the element = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0010_should not preserve the content of removed `script` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0027_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0026_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0021_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0014_should clean basic HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0024_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0018_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0004_should not preserve the content of removed `iframe` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0009_should not preserve the content of removed `plaintext` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0017_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0032_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0011_should not preserve the content of removed `style` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0022_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0015_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0001_should remove non-allowlisted elements, leaving safe contents behind = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0003_should not choke on several instances of the same element in a row = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0020_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0012_should not preserve the content of removed `svg` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0025_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0031_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0006_should not preserve the content of removed `noembed` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0030_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0019_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0007_should not preserve the content of removed `noframes` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0023_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0028_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Malicious HTML::comments#test_0001_should not allow script injection via conditional comments = 0.00 s = . -Sanitize::CSS::functionality#test_0002_should parse @page rules properly = 0.00 s = . -Sanitize::CSS::functionality#test_0001_should parse the contents of @media rules properly = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet#test_0001_should sanitize a CSS stylesheet = 0.01 s = . -Sanitize::Transformers::CleanComment::when :allow_comments is true#test_0001_should allow comments = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0001_should remove doctype declarations = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0002_should not allow doctype definitions in fragments = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0014_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0001_should encode special chars in attribute values = 0.00 s = . -Malicious HTML::<script>#test_0001_should not be possible to inject <script> using a malformed non-alphanumeric tag name = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0006_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as strings = 0.00 s = . +Transformers::DOM modification transformer#test_0001_should allow the <b> tag to be changed to a <strong> tag = 0.00 s = . Sanitize::CSS::class methods::.properties#test_0001_should sanitize CSS properties with the given config = 0.00 s = . -Malicious HTML::<script>#test_0002_should not be possible to inject <script> via extraneous open brackets = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0018_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Sanitize::CSS::class methods::.tree!#test_0001_should sanitize a Crass CSS parse tree with the given config = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0001_should allow a google fonts url = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0002_should not allow a nasty url = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0003_should not allow a blank url = 0.00 s = . Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is false#test_0001_should strip comments = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0015_should not escape characters unnecessarily = 0.01 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0016_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0012_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0013_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0006_should round-trip to the same output = 0.13 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0002_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0005_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0003_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0008_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0009_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0014_should round-trip to the same output = 0.01 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0010_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0004_should round-trip to the same output = 0.00 s = . +Sanitize::CSS::instance methods::#properties::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . +Malicious HTML::interpolation (ERB, PHP, etc.)#test_0001_should escape ERB-style tags = 0.00 s = . +Malicious HTML::interpolation (ERB, PHP, etc.)#test_0002_should remove PHP-style tags = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0001_should remove doctype declarations = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0002_should not allow doctype definitions in fragments = 0.00 s = . +Sanitize::CSS::functionality:::at_rules#test_0001_should remove blockless at-rules that aren't allowlisted = 0.00 s = . +Malicious HTML::sanitization bypass by exploiting scripting-disabled <noscript> behavior#test_0001_is prevented by removing `<noscript>` elements regardless of the allowlist = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0006_should clean malicious HTML = 0.01 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0002_should downcase attribute names = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0020_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0004_should clean malformed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0001_should not choke on valueless attributes = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0008_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0009_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0018_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0007_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0011_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0012_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0019_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0003_should clean basic HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0010_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0005_should clean unclosed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0014_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0016_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0015_should not allow protocol-based JS injection: hex encoding = 0.01 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0017_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0021_should not allow protocol whitespace = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet#test_0001_should sanitize a CSS stylesheet = 0.01 s = . +Malicious HTML::<img>#test_0003_should not be possible to inject <script> via a malformed <img> tag = 0.33 s = . +Malicious HTML::<img>#test_0001_should not be possible to inject JS via an unquoted <img> src attribute = 0.00 s = . +Malicious HTML::<img>#test_0004_should not be possible to inject protocol-based JS = 0.01 s = . +Malicious HTML::<img>#test_0006_should not be possible to inject JS using a half-open <img> tag = 0.00 s = . +Malicious HTML::<img>#test_0002_should not be possible to inject JS using grave accents as <img> src delimiters = 0.00 s = . +Malicious HTML::<img>#test_0005_should not be possible to inject protocol-based JS via whitespace = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . +Sanitize::CSS::instance methods::#properties#test_0003_should not allow non-allowlisted URL protocols = 0.01 s = . +Sanitize::CSS::instance methods::#properties#test_0004_should not allow -moz-binding = 0.00 s = . +Sanitize::CSS::instance methods::#properties#test_0005_should not allow expressions = 0.01 s = . +Sanitize::CSS::instance methods::#properties#test_0002_should allow allowlisted URL protocols = 0.01 s = . +Sanitize::CSS::instance methods::#properties#test_0001_should sanitize CSS properties = 0.01 s = . +Sanitize::CSS::instance methods::#properties#test_0006_should not allow behaviors = 0.00 s = . +0.22 s = . +0.49 s = . +0.07 s = . +0.49 s = . +0.00 s = . +0.39 s = . +0.29 s = . -Finished in 0.614840s, 400.1039 runs/s, 2486.8247 assertions/s. +Finished in 1.085524s, 226.6186 runs/s, 1408.5361 assertions/s. 1) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0005_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0015_should not escape characters unnecessarily [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:198]: behavior should only exist in nokogiri's patched libxml 2) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0013_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 3) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0009_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 4) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0003_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 5) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0013_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 6) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0015_should not escape characters unnecessarily [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:198]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0005_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 7) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0003_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 8) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0009_should escape unsafe characters in attributes [/build/ruby-sanitize-6.0.0/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 246 runs, 1529 assertions, 0 failures, 0 errors, 8 skips @@ -1204,12 +1222,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: not including original source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/27500 and its subdirectories -I: Current time: Thu May 9 16:30:12 -12 2024 -I: pbuilder-time-stamp: 1715315412 +I: removing directory /srv/workspace/pbuilder/12600 and its subdirectories +I: Current time: Sat Apr 8 12:08:49 +14 2023 +I: pbuilder-time-stamp: 1680905329