./textproc/ruby-sanitize, Allowlist-based HTML and CSS sanitizer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 6.1.3, Package name: ruby32-sanitize-6.1.3, Maintainer: pkgsrc-users

Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all HTML
and/or CSS from a string except the elements, attributes, and properties you
choose to allow.


Required to run:
[textproc/ruby-nokogiri] [www/ruby-crass] [lang/ruby31-base]

Master sites:

Filesize: 47 KB

Version history: (Expand)


CVS history: (Expand)


   2023-09-18 19:37:33 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
textproc/ruby-sanitize: update to 6.1.0

6.1.0 (2023-09-14)

Features

* Added the text-decoration-skip-ink and text-decoration-thickness CSS
  properties to the relaxed config.  @martineriksson - #228
   2023-07-09 04:56:28 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
textproc/ruby-sanitize: update to 6.0.2

6.0.2 (2023-07-06)

Bug Fixes

* CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS
  (cross-site scripting). This issue affects Sanitize versions 3.0.0 through
  6.0.1.

  When using Sanitize's relaxed config or a custom config that allows
  <style> elements and one or more CSS at-rules, carefully crafted input
  could be used to sneak arbitrary HTML through Sanitize.

  See the following security advisory for additional details:
  GHSA-f5ww-cq3m-q3g7

  Thanks to @cure53 for finding this issue.
   2022-08-30 17:37:23 by Takahiro Kambe | Files touched by this commit (4)
Log message:
textproc/ruby-sanitize: add package version 6.0.0

It is required for forthcoming redmine50 package.

Sanitize is an allowlist-based HTML and CSS sanitizer.  It removes all HTML
and/or CSS from a string except the elements, attributes, and properties you
choose to allow.