jruby test failures #88
Comments
|
Which basically blocks the use of Rails 4.2 with JRuby, at least if you are concerned about working html sanitization. Most if not all of the problems seem to be Nokogiri-Java problems where it behaves different from C-Nokogiri. I started working on some Nokogiri test cases that reproduce what loofah does, see sparklemotion/nokogiri#1318, sparklemotion/nokogiri#1319 and sparklemotion/nokogiri#1320. At least the last one looks more like a Xalan-J bug... |
|
I have confirmed sparklemotion/nokogiri#1318 reduces jruby errors. |
|
Ping! Trying to get JRuby deps cleaned up again now that we support Rails 5. |
|
@headius We (nokogiri core) need help on the JRuby implementation. I've pinged you and other members of the JRuby community a few times since November 2014 on the subject, so hopefully that's not surprising news. Taking a look at the most recent failing pipeline:
most of these failures are what I'd refer to as "soft" failures, meaning that the markup is sanitized properly, but there are minor formatting differences that can be attributed to small differences in the parsing engines. There are a few, however, that are NPEs, and for those I'd welcome PRs to Nokogiri to fix them. Additionally, there are about 30 open issues for Nokogiri that are labeled |
|
I see there are still quite some Jruby test failures. @headius @flavorjones: is Loofah currently safe to use on JRuby? (Context: we are looking into replacing Sanitize with Loofah in gollum due to lack of JRuby support in newer versions of Sanitize.) |
|
Ping @flavorjones |
|
@dometto If you're intent on using Loofah on JRuby, can I ask for your help investigating some of the errors being raised by Nokogiri's JRuby implementation? |
|
Specifically, some errors are due to the differences in behavior between libxml2 and xerces/nekohtml. But others are indicative of issues with the JRuby implementation of Nokogiri. Differences in parser behavior are likely "safe" for some definition of safe. Errors, though, are potential Denial-of-Service vectors, and so I'm hesitant to describe Loofah as "safe" when run on JRuby. For what it's worth, we have far fewer errors now than in 2017 thanks to the efforts of @kares, @jvshahid, and others on the Nokogiri JRuby implementation. Here are the nine errors I can clearly identify as part of this category: |
@kares: that links to this issue, not to a Nokogiri PR. Has the relevant PR been merged yet? Sorry for the slow reply, but I would be happy to look into the remaining failures ( |
|
yy - merged but not released yet. |
|
Can we get a Nokogiri release soon? |
|
The 1.11.0 milestone is accurate and there's a lot of work to be done
still. Getting there as quickly as I can. Let me know if you'd like to
help, I can point you at relevant issues.
…On Mon, Jan 13, 2020, 6:27 PM Charles Oliver Nutter < ***@***.***> wrote:
Can we get a Nokogiri release soon?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#88?email_source=notifications&email_token=AAACAD24PDUADHHJ55O3CLLQ5T2HRA5CNFSM4BCB45UKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEI2V7DY#issuecomment-573923215>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAACAD4C6BAWRY5QVDDDKMTQ5T2HRANCNFSM4BCB45UA>
.
|
|
@flavorjones Oh I see. I will have a look at the milestone and see if I can help. |
|
@flavorjones I made some progress on using jar-dependencies (sparklemotion/nokogiri#1253, prerequisite for sparklemotion/nokogiri#1395) but need some assistance from @mkristian. I provided two possible patches for sparklemotion/nokogiri#1836. I can certainly try to help with other things not marked as JRuby issues, but my capabilities will be more limited. 😀 |
This was noticed while debugging some Loofah behavior that relied on overriding `#initialize` to decorate nodes. Related to flavorjones/loofah#88
This was noticed while debugging some Loofah behavior that relied on overriding `#initialize` to decorate nodes. Related to flavorjones/loofah#88
…rators fix: Document#initialize should be called exactly once --- **What problem is this PR intended to solve?** Originally this PR was started to address errors in Loofah's test suite on JRuby (see flavorjones/loofah#88) related to Nokogiri object decorators not being applied correctly. The root cause of these errors was that `{XML,HTML}Document#initialize` was not being called in the JRuby implementation. Surprising! And breaks the subclassing behavior that Loofah relies on. As I erected tests in Nokogiri's suite to make this failure obvious, I uncovered the fact that in CRuby, `Document#initialize` was actually being called twice from the `.parse` method. Even more surprising! But doesn't obviously break anything. This PR addresses both of these issues, with the result that `Document#initialize` is called exactly once on all platforms. **Have you included adequate test coverage?** Yes! Thorough testing is introduced around subclassing `XML::Document`, `HTML::Document`, `XML::DocumentFragment`, and `HTML::DocumentFragment` constructor calls `.new` and `.parse`. **Does this change affect the behavior of either the C or the Java implementations?** Yes, but as noted above the changed behavior is now correct and consistent across the platforms.
|
Quite a few more tests will pass once the next Nokogiri release drops with sparklemotion/nokogiri#2174. Failures at that point should mostly be actual differences in parser behavior. |
|
Note that the branch at #239 allows us to extend the test suite to add the JRuby output as valid test data; all that would need to be done is to go through the failing tests and determine if the output is sanitized and if so, add it to the test suite. |
So many test failures. What is going on?
The text was updated successfully, but these errors were encountered: