search

flavorjones / loofah

Ruby library for HTML/XML transformation and sanitization
MIT License
934 stars 137 forks source link

tests fail with latest versions of dependencies #230

Closed Segaja closed 2 years ago

Segaja commented 2 years ago

Hello,

when running the tests (rake test) with latest (or almost latest) versions of the dependencies, they fail:

=> testing with Nokogiri {"warnings"=>[], "nokogiri"=>{"version"=>"1.13.1", "cppflags"=>["-I/usr/lib/ruby/gems/3.0.0/gems/nokogiri-1.13.1/ext/nokogiri"], "ldflags"=>[]}, "ruby"=>{"version"=>"3.0.3", "platform"=>"x86_64-linux", "gem_platform"=>"x86_64-linux", "description"=>"ruby 3.0.3p157 (2021-11-24 revision 3fb7d2cadc) [x86_64-linux]", "engine"=>"ruby"}, "libxml"=>{"source"=>"system", "memory_management"=>"ruby", "iconv_enabled"=>true, "compiled"=>"2.9.13", "loaded"=>"2.9.13"}, "libxslt"=>{"source"=>"system", "datetime_enabled"=>true, "compiled"=>"1.1.35", "loaded"=>"1.1.35"}, "other_libraries"=>{"libgumbo"=>"1.0.0-nokogiri"}}
Run options: --seed 47387

# Running:

.....................FF..........................................................................................................................................................................................................................................................................................................................................................................................................................................S..............................................................................................................................................................................................................................................................................................................................................................................................................................................

Finished in 0.153206s, 5743.8974 runs/s, 6925.3127 assertions/s.

  1) Failure:
tests::entities#test_0005_handles multiple < characters [/build/ruby-loofah/src/loofah-2.15.0/test/integration/test_ad_hoc.rb:352]:
Expected: "<div> this &lt;&lt;</div>"
  Actual: "<div> this </div>"

  2) Failure:
tests::entities#test_0003_handles < character [/build/ruby-loofah/src/loofah-2.15.0/test/integration/test_ad_hoc.rb:338]:
Expected: "<div> this &lt; that </div>"
  Actual: "<div> this </div>"

880 runs, 1061 assertions, 2 failures, 0 errors, 1 skips

You have skipped tests. Run with --verbose for details.
rake aborted!
Command failed with status (1)

Tasks: TOP => test
(See full trace by running task with --trace)

used gem versions:

flavorjones commented 2 years ago

Hi, you're seeing these failures because you're using a version of Nokogiri that is built against your system's version of libxml2, which is not under Loofah's control.

Your version of libxml2 (2.9.13) has a bug in it which was reported upstream at https://gitlab.gnome.org/GNOME/libxml2/-/issues/339 and that has been fixed upstream on master but is not yet in a libxml2 release: https://gitlab.gnome.org/GNOME/libxml2/-/commit/4fd69f3e27e4ef2f8fafa091e723497017c40646

You can read more about why Nokogiri patches this behavior here: https://github.com/sparklemotion/nokogiri/issues/2461

You can work around this most easily by using Nokogiri's vendored libxml2 in Nokogiri v1.13.3 or later.