Diff of the two buildlogs: -- --- b1/build.log 2024-05-19 14:20:05.393562204 +0000 +++ b2/build.log 2024-05-19 14:21:26.678103863 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Sat Jun 21 08:42:28 -12 2025 -I: pbuilder-time-stamp: 1750538548 +I: Current time: Mon May 20 04:20:08 +14 2024 +I: pbuilder-time-stamp: 1716128408 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/trixie-reproducible-base.tgz] I: copying local configuration @@ -29,53 +29,85 @@ dpkg-source: info: applying no-relative-path.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/3278/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/D01_modify_environment starting +debug: Running on infom07-i386. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 May 19 14:20 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='i386' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=6 ' - DISTRIBUTION='trixie' - HOME='/root' - HOST_ARCH='i386' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="21" [3]="1" [4]="release" [5]="i686-pc-linux-gnu") + BASH_VERSION='5.2.21(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=i386 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=5 ' + DIRSTACK=() + DISTRIBUTION=trixie + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=i686 + HOST_ARCH=i386 IFS=' ' - INVOCATION_ID='b3996aebbdb743df83b46b1b4c6bf69d' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - LD_LIBRARY_PATH='/usr/lib/libeatmydata' - LD_PRELOAD='libeatmydata.so' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='3278' - PS1='# ' - PS2='> ' + INVOCATION_ID=a32104e074ae4fb49e68437d9938c17c + LANG=C + LANGUAGE=de_CH:de + LC_ALL=C + LD_LIBRARY_PATH=/usr/lib/libeatmydata + LD_PRELOAD=libeatmydata.so + MACHTYPE=i686-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=11120 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.iWoAOoXs/pbuilderrc_0qV6 --distribution trixie --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.iWoAOoXs/b1 --logfile b1/build.log ruby-sanitize_6.0.2-2.dsc' - SUDO_GID='111' - SUDO_UID='104' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.iWoAOoXs/pbuilderrc_C9qe --distribution trixie --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.iWoAOoXs/b2 --logfile b2/build.log ruby-sanitize_6.0.2-2.dsc' + SUDO_GID=111 + SUDO_UID=104 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' I: uname -a - Linux infom08-i386 6.6.13+bpo-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.13-1~bpo12+1 (2024-02-15) x86_64 GNU/Linux + Linux i-capture-the-hostname 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 Jun 21 17:48 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/3278/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 May 17 14:57 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -252,7 +284,7 @@ Get: 129 http://deb.debian.org/debian trixie/main i386 ruby-mini-portile2 all 2.8.5-1 [20.8 kB] Get: 130 http://deb.debian.org/debian trixie/main i386 ruby-pkg-config all 1.5.6-1 [8456 B] Get: 131 http://deb.debian.org/debian trixie/main i386 ruby-nokogiri i386 1.16.4+dfsg-1 [271 kB] -Fetched 48.0 MB in 1s (93.1 MB/s) +Fetched 48.0 MB in 2s (24.8 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libpython3.11-minimal:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19687 files and directories currently installed.) @@ -690,8 +722,8 @@ Setting up tzdata (2024a-4) ... Current default time zone: 'Etc/UTC' -Local time is now: Sat Jun 21 20:42:51 UTC 2025. -Universal Time is now: Sat Jun 21 20:42:51 UTC 2025. +Local time is now: Sun May 19 14:20:49 UTC 2024. +Universal Time is now: Sun May 19 14:20:49 UTC 2024. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... @@ -810,7 +842,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/ruby-sanitize-6.0.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-sanitize_6.0.2-2_source.changes +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for trixie +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/ruby-sanitize-6.0.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-sanitize_6.0.2-2_source.changes dpkg-buildpackage: info: source package ruby-sanitize dpkg-buildpackage: info: source version 6.0.2-2 dpkg-buildpackage: info: source distribution unstable @@ -838,7 +874,7 @@ dh_prep -O--buildsystem=ruby dh_auto_install --destdir=debian/ruby-sanitize/ -O--buildsystem=ruby dh_ruby --install /build/reproducible-path/ruby-sanitize-6.0.2/debian/ruby-sanitize -/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20250621-7940-4mh4zx/gemspec +/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20240520-18503-qr946j/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: open-ended dependency on nokogiri (>= 1.12.0) is not recommended if nokogiri is semantically versioned, use: @@ -848,7 +884,7 @@ Name: sanitize Version: 6.0.2 File: sanitize-6.0.2.gem -/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-sanitize/usr/share/rubygems-integration/all /tmp/d20250621-7940-4mh4zx/sanitize-6.0.2.gem +/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-sanitize/usr/share/rubygems-integration/all /tmp/d20240520-18503-qr946j/sanitize-6.0.2.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/reproducible-path/ruby-sanitize-6.0.2/debian/ruby-sanitize/usr/share/rubygems-integration/all/gems/sanitize-6.0.2/lib/sanitize.rb /build/reproducible-path/ruby-sanitize-6.0.2/debian/ruby-sanitize/usr/share/rubygems-integration/all/gems/sanitize-6.0.2/lib/sanitize/config.rb @@ -892,259 +928,259 @@ RUBYLIB=. GEM_PATH=/build/reproducible-path/ruby-sanitize-6.0.2/debian/ruby-sanitize/usr/share/rubygems-integration/all:/build/reproducible-path/ruby-sanitize-6.0.2/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.1.0:/var/lib/gems/3.1.0:/usr/local/lib/ruby/gems/3.1.0:/usr/lib/ruby/gems/3.1.0:/usr/lib/i386-linux-gnu/ruby/gems/3.1.0:/usr/share/rubygems-integration/3.1.0:/usr/share/rubygems-integration/all:/usr/lib/i386-linux-gnu/rubygems-integration/3.1.0 ruby3.1 -S rake --rakelibdir /gem2deb-nonexistent -f debian/ruby-tests.rake /usr/bin/ruby3.1 -w -I"test" /usr/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/rake_test_loader.rb "test/test_clean_comment.rb" "test/test_clean_css.rb" "test/test_clean_doctype.rb" "test/test_clean_element.rb" "test/test_config.rb" "test/test_malicious_css.rb" "test/test_malicious_html.rb" "test/test_parser.rb" "test/test_sanitize.rb" "test/test_sanitize_css.rb" "test/test_transformers.rb" -v -Run options: -v --seed 14954 +Run options: -v --seed 46246 # Running: -Sanitize::class methods::.document#test_0001_should sanitize an HTML document with the given config = 0.00 s = . -Sanitize::instance methods::#fragment#test_0001_should sanitize an HTML fragment = 0.01 s = . -Sanitize::instance methods::#fragment#test_0003_should not choke on fragments containing or = 0.00 s = . -Sanitize::instance methods::#fragment#test_0004_should not choke on frozen fragments = 0.00 s = . -Sanitize::instance methods::#fragment#test_0002_should not modify the input string = 0.00 s = . -Sanitize::instance methods::#fragment#test_0005_should normalize newlines = 0.00 s = . +Sanitize::instance methods::#document#test_0006_should strip non-characters = 0.00 s = . +Sanitize::instance methods::#document#test_0001_should sanitize an HTML document = 0.00 s = . +Sanitize::instance methods::#document#test_0002_should not modify the input string = 0.00 s = . +Sanitize::instance methods::#document#test_0005_should strip control characters (except ASCII whitespace) = 0.00 s = . +Sanitize::instance methods::#document#test_0003_should not choke on frozen documents = 0.00 s = . +Sanitize::instance methods::#document#test_0004_should normalize newlines = 0.00 s = . Sanitize::instance methods::#fragment#test_0006_should strip control characters (except ASCII whitespace) = 0.00 s = . Sanitize::instance methods::#fragment#test_0007_should strip non-characters = 0.00 s = . +Sanitize::instance methods::#fragment#test_0004_should not choke on frozen fragments = 0.00 s = . +Sanitize::instance methods::#fragment#test_0005_should normalize newlines = 0.00 s = . +Sanitize::instance methods::#fragment#test_0002_should not modify the input string = 0.00 s = . +Sanitize::instance methods::#fragment#test_0003_should not choke on fragments containing or = 0.02 s = . +Sanitize::instance methods::#fragment#test_0001_should sanitize an HTML fragment = 0.00 s = . Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.01 s = . -Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . +Sanitize::class methods::.node!#test_0001_should sanitize a Nokogiri::XML::Node with the given config = 0.00 s = . Sanitize::instance methods::#node!::when the given node is a document and isn't allowlisted#test_0001_should raise a Sanitize::Error = 0.00 s = . +Sanitize::instance methods::#node!#test_0001_should sanitize a Nokogiri::XML::Node = 0.00 s = . +Sanitize::class methods::.fragment#test_0001_should sanitize an HTML fragment with the given config = 0.00 s = . Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.01 s = . +Sanitize::class methods::.document#test_0001_should sanitize an HTML document with the given config = 0.00 s = . +Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . Sanitize::initializer#test_0001_should not modify a transformers array in the given config = 0.00 s = . -Sanitize::class methods::.fragment#test_0001_should sanitize an HTML fragment with the given config = 0.00 s = . -Sanitize::instance methods::#node!#test_0001_should sanitize a Nokogiri::XML::Node = 0.00 s = . Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . -Sanitize::instance methods::#document#test_0001_should sanitize an HTML document = 0.00 s = . -Sanitize::instance methods::#document#test_0002_should not modify the input string = 0.00 s = . -Sanitize::instance methods::#document#test_0005_should strip control characters (except ASCII whitespace) = 0.00 s = . -Sanitize::instance methods::#document#test_0003_should not choke on frozen documents = 0.00 s = . -Sanitize::instance methods::#document#test_0006_should strip non-characters = 0.00 s = . -Sanitize::instance methods::#document#test_0004_should normalize newlines = 0.00 s = . -Sanitize::class methods::.node!#test_0001_should sanitize a Nokogiri::XML::Node with the given config = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0010_forcibly escapes text content inside `` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0002_forcibly escapes text content inside `<noembed>` in an SVG namespace = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0012_removes text content inside `<iframe>` in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0016_removes `<style>` elements in an SVG namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0009_forcibly escapes text content inside `<xmp>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0005_forcibly escapes text content inside `<plaintext>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0011_removes text content inside `<iframe>` in a MathML namespace = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0015_removes `<style>` elements in a MathML namespace = 0.00 s = . +Sanitize::CSS::instance methods::#properties::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . +Sanitize::Transformers::CSS::CleanElement#test_0001_should sanitize CSS stylesheets in <style> elements = 0.00 s = . +Sanitize::Transformers::CSS::CleanElement#test_0002_should remove the <style> element if the sanitized CSS is empty = 0.00 s = . +Sanitize::CSS::instance methods::#properties::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0010_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0012_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0013_should escape unsafe characters in attributes = 0.01 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0002_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0016_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0008_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0009_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0015_should not escape characters unnecessarily = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0004_should round-trip to the same output = 0.01 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0005_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0003_should escape unsafe characters in attributes = 0.00 s = S +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0006_should round-trip to the same output = 0.00 s = . +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0014_should round-trip to the same output = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0018_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0006_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0010_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0017_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0002_should clean basic HTML = 0.01 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0008_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0014_should not allow protocol-based JS injection: hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0004_should clean unclosed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0011_should not allow protocol-based JS injection: UTF-8 encoding = Sanitize::Transformers::CleanElement::Relaxed config#test_0009_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0020_should not allow protocol whitespace = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0001_should encode special chars in attribute values = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0015_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0005_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0007_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0016_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0004_forcibly escapes text content inside `<noframes>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0007_forcibly escapes text content inside `<script>` in a MathML namespace = 0.00 s = . Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0006_forcibly escapes text content inside `<plaintext>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0008_forcibly escapes text content inside `<script>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0011_removes text content inside `<iframe>` in a MathML namespace = 0.01 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0002_forcibly escapes text content inside `<noembed>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0003_forcibly escapes text content inside `<noframes>` in a MathML namespace = 0.00 s = . Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0013_removes `<noscript>` elements in a MathML namespace = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0005_should not allow expressions = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0008_forcibly escapes text content inside `<script>` in an SVG namespace = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0006_should not allow behaviors = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0002_should allow allowlisted URL protocols = 0.00 s = . -Sanitize::CSS::instance methods::#properties#test_0003_should not allow non-allowlisted URL protocols = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0015_removes `<style>` elements in a MathML namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0005_forcibly escapes text content inside `<plaintext>` in a MathML namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0014_removes `<noscript>` elements in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0001_forcibly escapes text content inside `<noembed>` in a MathML namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0012_removes text content inside `<iframe>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0016_removes `<style>` elements in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0010_forcibly escapes text content inside `<xmp>` in an SVG namespace = 0.00 s = . +Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0009_forcibly escapes text content inside `<xmp>` in a MathML namespace = 0.00 s = . +Sanitize::CSS::functionality#test_0001_should parse the contents of @media rules properly = 0.00 s = . +Sanitize::CSS::functionality#test_0002_should parse @page rules properly = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . +Malicious HTML::foreign content bypass in relaxed config#test_0001_prevents a sanitization bypass via carefully crafted foreign content = 0.00 s = . +Malicious HTML::<iframe>#test_0001_should not be possible to inject an iframe using an improperly closed tag = 0.00 s = . +Sanitize::Transformers::CSS::CleanAttribute#test_0001_should sanitize CSS properties in style attributes = 0.01 s = . +Sanitize::Transformers::CSS::CleanAttribute#test_0002_should remove the style attribute if the sanitized CSS is empty = 0.00 s = . +Malicious HTML::<script>#test_0001_should not be possible to inject <script> using a malformed non-alphanumeric tag name = 0.00 s = . +Malicious HTML::<script>#test_0002_should not be possible to inject <script> via extraneous open brackets = 0.00 s = . +Sanitize::CSS::class methods::.tree!#test_0001_should sanitize a Crass CSS parse tree with the given config = 0.00 s = . +Sanitize::CSS::functionality:::at_rules#test_0001_should remove blockless at-rules that aren't allowlisted = 0.00 s = . +Transformers::Image allowlist transformer#test_0001_should allow images with relative URLs = 0.00 s = . +Transformers::Image allowlist transformer#test_0003_should not allow images at other domains = 0.00 s = . +Transformers::Image allowlist transformer#test_0002_should allow images at the example.com domain = 0.00 s = . +Sanitize::Transformers::CleanComment::when :allow_comments is true#test_0001_should allow comments = 0.00 s = . +Sanitize::Transformers::CleanComment::when :allow_comments is false#test_0001_should remove comments = 0.00 s = . Sanitize::CSS::instance methods::#properties#test_0001_should sanitize CSS properties = 0.00 s = . +Sanitize::CSS::instance methods::#properties#test_0002_should allow allowlisted URL protocols = 0.00 s = . Sanitize::CSS::instance methods::#properties#test_0004_should not allow -moz-binding = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0001_should allow doctype declarations in documents = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0001_forcibly escapes text content inside `<noembed>` in a MathML namespace = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0003_should not allow doctype definitions in fragments = 0.00 s = . +Sanitize::CSS::instance methods::#properties#test_0003_should not allow non-allowlisted URL protocols = 0.00 s = . +Sanitize::CSS::instance methods::#properties#test_0005_should not allow expressions = 0.00 s = . +Sanitize::CSS::instance methods::#properties#test_0006_should not allow behaviors = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet#test_0001_should sanitize a CSS stylesheet = 0.00 s = . +Malicious HTML::<body>#test_0001_should not be possible to inject JS via a malformed event attribute = 0.00 s = . Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0002_should not allow obviously invalid doctype declarations in documents = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0003_should not allow doctype definitions in fragments = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is true#test_0001_should allow doctype declarations in documents = 0.00 s = . +Sanitize::CSS::instance methods::#properties::when :allow_comments is false#test_0001_should strip comments = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0012_should handle protocols correctly regardless of case = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0014_should prevent `<meta>` tags from being used to set a non-UTF-8 charset = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0007_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as symbols = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0013_should sanitize protocols in data attributes even if data attributes are generically allowed = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0015_should not modify `<meta>` tags that already set a UTF-8 charset = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0005_should remove the contents of filtered nodes when :remove_contents is true = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0002_should not allow relative URLs when relative URLs aren't allowlisted = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0011_should replace whitespace_elements with configured :before and :after values = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0001_should allow attributes on all elements if allowlisted under :all = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0004_should allow relative URLs containing colons when the colon is part of an anchor = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0006_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as strings = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0008_should remove the contents of allowlisted iframes = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0016_always removes `<noscript>` elements even if `noscript` is in the allowlist = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0009_should not allow arbitrary HTML5 data attributes by default = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0003_should allow relative URLs containing colons when the colon is not in the first path segment = 0.00 s = . +Sanitize::Transformers::CleanElement::Custom configs#test_0010_should allow arbitrary HTML5 data attributes when the :attributes config includes :data = 0.00 s = . +Malicious HTML::<img>#test_0004_should not be possible to inject protocol-based JS = 0.00 s = . +Malicious HTML::<img>#test_0002_should not be possible to inject JS using grave accents as <img> src delimiters = 0.00 s = . +Malicious HTML::<img>#test_0003_should not be possible to inject <script> via a malformed <img> tag = 0.00 s = . +Malicious HTML::<img>#test_0006_should not be possible to inject JS using a half-open <img> tag = 0.00 s = . +Malicious HTML::<img>#test_0001_should not be possible to inject JS via an unquoted <img> src attribute = 0.00 s = . +Malicious HTML::<img>#test_0005_should not be possible to inject protocol-based JS via whitespace = 0.00 s = . +Parser#test_0004_should not have the Nokogiri 1.4.2+ unterminated script/style element bug = 0.00 s = . +Parser#test_0003_should not add newlines after tags when serializing a fragment = 0.00 s = . +Parser#test_0001_should translate valid entities into characters = 0.00 s = . +Parser#test_0002_should translate orphaned ampersands into entities = 0.00 s = . +Parser#test_0005_ambiguous non-tag brackets like "1 > 2 and 2 < 1" should be parsed correctly = 0.00 s = . +Config::.freeze_config#test_0001_should deeply freeze and return a configuration Hash = 0.00 s = . Malicious HTML::sanitization bypass by exploiting scripting-disabled <noscript> behavior#test_0001_is prevented by removing `<noscript>` elements regardless of the allowlist = 0.00 s = . -0.00 s = . -Malicious HTML::<script>#test_0001_should not be possible to inject <script> using a malformed non-alphanumeric tag name = 0.00 s = . -Malicious HTML::<script>#test_0002_should not be possible to inject <script> via extraneous open brackets = 0.00 s = . -Sanitize::CSS::instance methods::#tree!#test_0001_should sanitize a Crass CSS parse tree = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is false#test_0001_should strip comments = 0.00 s = . -Malicious HTML::foreign content bypass in relaxed config#test_0001_prevents a sanitization bypass via carefully crafted foreign content = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0001_should encode special chars in attribute values = 0.00 s = . -0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0016_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0004_should clean unclosed HTML = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0003_forcibly escapes text content inside `<noframes>` in a MathML namespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0020_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0002_should clean basic HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0011_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0003_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0017_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0005_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0014_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0018_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0008_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0010_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0019_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0015_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0006_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0007_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0009_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::CSS::class methods::.tree!#test_0001_should sanitize a Crass CSS parse tree with the given config = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when validating @import rules::with no validation proc specified#test_0001_should allow any URL value = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0001_should allow a google fonts url = 0.00 s = . Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0003_should not allow a blank url = 0.00 s = . -Malicious HTML::<iframe>#test_0001_should not be possible to inject an iframe using an improperly closed tag = 0.00 s = . Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0002_should not allow a nasty url = 0.00 s = . -Malicious HTML::comments#test_0001_should not allow script injection via conditional comments = Sanitize::Transformers::CleanElement::Relaxed config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Malicious HTML::<img>#test_0005_should not be possible to inject protocol-based JS via whitespace = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0014_removes `<noscript>` elements in an SVG namespace = 0.00 s = . -Malicious HTML::<img>#test_0006_should not be possible to inject JS using a half-open <img> tag = 0.00 s = . -Malicious HTML::<img>#test_0001_should not be possible to inject JS via an unquoted <img> src attribute = 0.00 s = . -Malicious HTML::<img>#test_0003_should not be possible to inject <script> via a malformed <img> tag = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0004_forcibly escapes text content inside `<noframes>` in an SVG namespace = 0.00 s = . -Malicious HTML::<img>#test_0004_should not be possible to inject protocol-based JS = 0.00 s = . -Malicious HTML::<img>#test_0002_should not be possible to inject JS using grave accents as <img> src delimiters = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_comments is false#test_0001_should strip comments = 0.00 s = . -Config::.merge#test_0001_should deeply merge a configuration Hash = 0.00 s = . -Config::.merge#test_0002_should raise an ArgumentError if either argument is not a Hash = 0.00 s = . -Malicious HTML::<body>#test_0001_should not be possible to inject JS via a malformed event attribute = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_hacks is false#test_0001_should not allow common CSS hacks = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet#test_0001_should sanitize a CSS stylesheet = 0.01 s = . +Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0001_should not remove them = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0002_should remove them if they have invalid blocks = 0.00 s = . Transformers::DOM modification transformer#test_0001_should allow the <b> tag to be changed to a <strong> tag = 0.00 s = . Sanitize::CSS::class methods::.properties#test_0001_should sanitize CSS properties with the given config = 0.00 s = . +Sanitize::CSS::functionality:::at_rules::when validating @import rules::with no validation proc specified#test_0001_should allow any URL value = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is false#test_0001_should strip comments = 0.00 s = . Sanitize::CSS::class methods::.stylesheet#test_0001_should sanitize a CSS stylesheet with the given config = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0001_should remove doctype declarations = 0.00 s = . -Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0002_should not allow doctype definitions in fragments = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0015_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0017_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0007_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0009_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0011_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0010_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0014_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0019_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0006_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0012_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0020_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0001_should not choke on valueless attributes = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding = Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0007_forcibly escapes text content inside `<script>` in a MathML namespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0018_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0003_should clean basic HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0004_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0016_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0021_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0005_should clean unclosed HTML = 0.00 s = . -0.00 s = . -Sanitize::Transformers::CleanElement::Basic config#test_0008_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Transformers::Image allowlist transformer#test_0001_should allow images with relative URLs = 0.00 s = . -Transformers::Image allowlist transformer#test_0002_should allow images at the example.com domain = 0.00 s = . -Transformers::Image allowlist transformer#test_0003_should not allow images at other domains = Sanitize::Transformers::CleanElement::Basic config#test_0002_should downcase attribute names = 0.00 s = . Parser::when siblings are added after a node during traversal#test_0001_the added siblings should be traversed = 0.00 s = . -Malicious CSS::sanitization bypass via CSS at-rule in HTML <style> element#test_0001_is not possible to prematurely end a <style> element = 0.00 s = . -0.00 s = . -Malicious HTML::interpolation (ERB, PHP, etc.)#test_0002_should remove PHP-style tags = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0014_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0004_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0013_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0002_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0012_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0009_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0010_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0015_should not escape characters unnecessarily = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0016_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0005_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0006_should round-trip to the same output = 0.00 s = . -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0003_should escape unsafe characters in attributes = 0.00 s = S -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0008_should round-trip to the same output = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . -Sanitize::Transformers::CSS::CleanElement#test_0001_should sanitize CSS stylesheets in <style> elements = 0.00 s = . -Sanitize::Transformers::CSS::CleanElement#test_0002_should remove the <style> element if the sanitized CSS is empty = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0002_should remove them if they have invalid blocks = 0.00 s = . -Sanitize::CSS::functionality:::at_rules::when blockless at-rules are allowlisted#test_0001_should not remove them = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0017_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0008_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0002_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0004_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0014_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Malicious HTML::interpolation (ERB, PHP, etc.)#test_0001_should escape ERB-style tags = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0019_should not allow protocol whitespace = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0003_should clean unclosed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0007_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0005_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0011_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0018_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0004_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0015_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0002_should clean malformed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0008_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0009_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0001_should clean basic HTML = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0013_should not allow protocol-based JS injection: hex encoding = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0016_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0001_should clean basic HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0015_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0014_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0010_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0017_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . Sanitize::Transformers::CleanElement::Restricted config#test_0006_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0005_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Restricted config#test_0011_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::CSS::functionality:::at_rules#test_0001_should remove blockless at-rules that aren't allowlisted = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . -Sanitize::CSS::functionality#test_0001_should parse the contents of @media rules properly = 0.00 s = . -Sanitize::CSS::functionality#test_0002_should parse @page rules properly = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0007_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Restricted config#test_0019_should not allow protocol whitespace = 0.00 s = . +Malicious HTML::interpolation (ERB, PHP, etc.)#test_0002_should remove PHP-style tags = 0.00 s = . +Malicious HTML::interpolation (ERB, PHP, etc.)#test_0001_should escape ERB-style tags = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0002_should not allow doctype definitions in fragments = 0.00 s = . +Sanitize::Transformers::CleanDoctype::when :allow_doctype is false#test_0001_should remove doctype declarations = 0.00 s = . Transformers#test_0002_should traverse all node types, including the fragment itself = 0.00 s = . -Transformers#test_0005_should clear the node allowlist after each fragment = 0.00 s = . -Transformers#test_0001_should receive a complete env Hash as input = 0.00 s = . Transformers#test_0003_should perform top-down traversal = 0.00 s = . -Transformers#test_0004_should allowlist nodes in the node allowlist = 0.00 s = . +Transformers#test_0001_should receive a complete env Hash as input = 0.00 s = . Transformers#test_0006_should accept a method transformer = 0.00 s = . +Transformers#test_0005_should clear the node allowlist after each fragment = 0.00 s = . +Transformers#test_0004_should allowlist nodes in the node allowlist = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0002_should surround the contents of :whitespace_elements with space characters when removing the element = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0027_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0026_should not allow protocol-based JS injection: hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0031_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0018_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0019_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0014_should clean basic HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0017_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0009_should not preserve the content of removed `plaintext` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0010_should not preserve the content of removed `script` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0016_should clean unclosed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0028_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0004_should not preserve the content of removed `iframe` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0023_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0029_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0001_should remove non-allowlisted elements, leaving safe contents behind = Sanitize::Transformers::CleanElement::Default config#test_0024_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0005_should not preserve the content of removed `math` elements = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0011_should not preserve the content of removed `style` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0020_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0015_should clean malformed HTML = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0008_should not preserve the content of removed `noscript` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0014_should clean basic HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0007_should not preserve the content of removed `noframes` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0019_should not allow protocol-based JS injection: simple, spaces before = Sanitize::Transformers::CleanElement::Restricted config#test_0018_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0013_should not preserve the content of removed `xmp` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0022_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0001_should remove non-allowlisted elements, leaving safe contents behind = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0006_should not preserve the content of removed `noembed` elements = 0.00 s = . -0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0018_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0021_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0032_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0002_should surround the contents of :whitespace_elements with space characters when removing the element = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0012_should not preserve the content of removed `svg` elements = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0003_should not choke on several instances of the same element in a row = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0016_should clean unclosed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0028_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0029_should not allow protocol-based JS injection: null char = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0030_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0031_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0010_should not preserve the content of removed `script` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0012_should not preserve the content of removed `svg` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0015_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0027_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0023_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0024_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0026_should not allow protocol-based JS injection: hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0004_should not preserve the content of removed `iframe` elements = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0009_should not preserve the content of removed `plaintext` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0032_should not allow protocol whitespace = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0013_should not preserve the content of removed `xmp` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0020_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0006_should not preserve the content of removed `noembed` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0007_should not preserve the content of removed `noframes` elements = 0.00 s = . +Sanitize::Transformers::CleanElement::Default config#test_0022_should not allow protocol-based JS injection: preceding colon = 0.00 s = . Sanitize::Transformers::CleanElement::Default config#test_0025_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Default config#test_0017_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0014_should prevent `<meta>` tags from being used to set a non-UTF-8 charset = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0016_always removes `<noscript>` elements even if `noscript` is in the allowlist = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0006_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as strings = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0005_should remove the contents of filtered nodes when :remove_contents is true = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0007_should remove the contents of specified nodes when :remove_contents is an Array or Set of element names as symbols = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0015_should not modify `<meta>` tags that already set a UTF-8 charset = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0008_should remove the contents of allowlisted iframes = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0012_should handle protocols correctly regardless of case = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0011_should replace whitespace_elements with configured :before and :after values = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0013_should sanitize protocols in data attributes even if data attributes are generically allowed = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0001_should allow attributes on all elements if allowlisted under :all = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0002_should not allow relative URLs when relative URLs aren't allowlisted = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0010_should allow arbitrary HTML5 data attributes when the :attributes config includes :data = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0004_should allow relative URLs containing colons when the colon is part of an anchor = 0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0009_should not allow arbitrary HTML5 data attributes by default = 0.00 s = . -Transformers::YouTube transformer#test_0003_should allow protocol-relative YouTube video embeds = 0.00 s = . -Transformers::YouTube transformer#test_0001_should allow HTTP YouTube video embeds = 0.00 s = . +Sanitize::CSS::instance methods::#properties::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . +Config::.merge#test_0001_should deeply merge a configuration Hash = 0.00 s = . +Config::.merge#test_0002_should raise an ArgumentError if either argument is not a Hash = 0.00 s = . +Malicious CSS::sanitization bypass via CSS at-rule in HTML <style> element#test_0001_is not possible to prematurely end a <style> element = 0.00 s = . +Malicious HTML::comments#test_0001_should not allow script injection via conditional comments = 0.00 s = . +Sanitize::CSS::instance methods::#stylesheet::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0019_should not allow protocol-based JS injection: invalid URL char = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0001_should not choke on valueless attributes = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0002_should downcase attribute names = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0010_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0012_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0016_should not allow protocol-based JS injection: long hex encoding = 0.01 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0017_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0006_should clean malicious HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0003_should clean basic HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0005_should clean unclosed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0018_should not allow protocol-based JS injection: null char = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0020_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0015_should not allow protocol-based JS injection: hex encoding = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0014_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0021_should not allow protocol whitespace = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0011_should not allow protocol-based JS injection: preceding colon = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0009_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0004_should clean malformed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0007_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . +Sanitize::Transformers::CleanElement::Basic config#test_0008_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . +Transformers::YouTube transformer#test_0005_should not allow non-YouTube video embeds = 0.00 s = . Transformers::YouTube transformer#test_0004_should allow privacy-enhanced YouTube video embeds = 0.00 s = . +Transformers::YouTube transformer#test_0001_should allow HTTP YouTube video embeds = 0.00 s = . +Transformers::YouTube transformer#test_0003_should allow protocol-relative YouTube video embeds = 0.00 s = . Transformers::YouTube transformer#test_0002_should allow HTTPS YouTube video embeds = 0.00 s = . -Transformers::YouTube transformer#test_0005_should not allow non-YouTube video embeds = 0.00 s = . -Config::.freeze_config#test_0001_should deeply freeze and return a configuration Hash = 0.00 s = . -Malicious CSS#test_0002_should not be possible to inject an expression by munging it with a newline = 0.00 s = . +Sanitize::CSS::instance methods::#tree!#test_0001_should sanitize a Crass CSS parse tree = 0.00 s = . Malicious CSS#test_0001_should not be possible to inject an expression by munging it with a comment = 0.00 s = . -Malicious CSS#test_0003_should not allow the javascript protocol = 0.00 s = . Malicious CSS#test_0004_should not allow behaviors = 0.00 s = . -Sanitize::CSS::instance methods::#stylesheet::when :allow_hacks is true#test_0001_should allow common CSS hacks = 0.00 s = . -Sanitize::Transformers::CSS::CleanAttribute#test_0001_should sanitize CSS properties in style attributes = 0.00 s = . -Sanitize::Transformers::CSS::CleanAttribute#test_0002_should remove the style attribute if the sanitized CSS is empty = 0.00 s = . -Parser#test_0003_should not add newlines after tags when serializing a fragment = 0.00 s = . -Parser#test_0004_should not have the Nokogiri 1.4.2+ unterminated script/style element bug = 0.00 s = . -Parser#test_0001_should translate valid entities into characters = 0.00 s = . -Parser#test_0002_should translate orphaned ampersands into entities = 0.00 s = . -Parser#test_0005_ambiguous non-tag brackets like "1 > 2 and 2 < 1" should be parsed correctly = 0.00 s = . -Sanitize::Transformers::CleanComment::when :allow_comments is false#test_0001_should remove comments = 0.00 s = . -Sanitize::CSS::instance methods::#properties::when :allow_comments is true#test_0001_should preserve comments = 0.00 s = . -Sanitize::Transformers::CleanComment::when :allow_comments is true#test_0001_should allow comments = 0.00 s = . -Config#test_0001_built-in configs should be deeply frozen = 0.00 s = . -0.00 s = . -Sanitize::Transformers::CleanElement::Custom configs#test_0003_should allow relative URLs containing colons when the colon is not in the first path segment = 0.00 s = . -0.00 s = . -0.00 s = . -0.00 s = . -0.00 s = . -Sanitize::CSS::functionality:::at_rules::when validating @import rules::with a validation proc specified#test_0001_should allow a google fonts url = 0.00 s = . +Malicious CSS#test_0002_should not be possible to inject an expression by munging it with a newline = 0.00 s = . +Malicious CSS#test_0003_should not allow the javascript protocol = 0.00 s = . +0.16 s = . +0.05 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0003_should clean malformed HTML = 0.00 s = . +Sanitize::Transformers::CleanElement::Relaxed config#test_0019_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . +Config#test_0001_built-in configs should be deeply frozen = 0.01 s = . -Finished in 0.334601s, 738.1931 runs/s, 4572.6132 assertions/s. +Finished in 0.291874s, 846.2543 runs/s, 5241.9803 assertions/s. 1) Skipped: Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0001_should escape unsafe characters in attributes [/build/reproducible-path/ruby-sanitize-6.0.2/test/test_malicious_html.rb:171]: @@ -1155,7 +1191,7 @@ behavior should only exist in nokogiri's patched libxml 3) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes [/build/reproducible-path/ruby-sanitize-6.0.2/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes [/build/reproducible-path/ruby-sanitize-6.0.2/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 4) Skipped: @@ -1171,7 +1207,7 @@ behavior should only exist in nokogiri's patched libxml 7) Skipped: -Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0011_should escape unsafe characters in attributes [/build/reproducible-path/ruby-sanitize-6.0.2/test/test_malicious_html.rb:171]: +Malicious HTML::unsafe libxml2 server-side includes in attributes#test_0007_should escape unsafe characters in attributes [/build/reproducible-path/ruby-sanitize-6.0.2/test/test_malicious_html.rb:171]: behavior should only exist in nokogiri's patched libxml 8) Skipped: @@ -1211,12 +1247,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: not including original source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/11120/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/3278 and its subdirectories -I: Current time: Sat Jun 21 08:43:02 -12 2025 -I: pbuilder-time-stamp: 1750538582 +I: removing directory /srv/workspace/pbuilder/11120 and its subdirectories +I: Current time: Mon May 20 04:21:25 +14 2024 +I: pbuilder-time-stamp: 1716128485