Do not add tbody when it's not present

The HTML spec says tbodys are optional

Author: erino

lib/govspeak/html_sanitizer.rb

@@ -36,16 +36,33 @@ def invalid_style_attribute?(style)
     end
   end
 
+  class TableBodyWhitelister
+    def call(sanitize_context)
+      return unless %w[tbody].include?(sanitize_context[:node_name])
+
+      tbody = sanitize_context[:node]
+      table = tbody.parent
+      tbody.children.each do |node|
+        table.add_child(node)
+      end
+      tbody.unlink
+    end
+  end
+
   def initialize(dirty_html, options = {})
     @dirty_html = dirty_html
     @allowed_image_hosts = options[:allowed_image_hosts]
+    @strip_tbody = options[:strip_tbody]
   end
 
   def sanitize
     transformers = [TableCellTextAlignWhitelister.new]
     if @allowed_image_hosts && @allowed_image_hosts.any?
       transformers << ImageSourceWhitelister.new(@allowed_image_hosts)
     end
+    if @strip_tbody
+      transformers << TableBodyWhitelister.new
+    end
     Sanitize.clean(@dirty_html, Sanitize::Config.merge(sanitize_config, transformers: transformers))
   end
 

lib/govspeak/html_validator.rb

@@ -13,6 +13,7 @@ def invalid?
   def valid?
     dirty_html = govspeak_to_html
     dirty_html.gsub!(Sanitize::REGEX_UNSUITABLE_CHARS, '')
+    @sanitization_options[:strip_tbody] = true if !dirty_html.include?('tbody')
     clean_html = Govspeak::HtmlSanitizer.new(dirty_html, @sanitization_options).sanitize
     normalise_html(dirty_html) == normalise_html(clean_html)
   end