Path to this page:
./
textproc/ruby-sanitize,
Allowlist-based HTML and CSS sanitizer
Branch: CURRENT,
Version: 6.1.3,
Package name: ruby32-sanitize-6.1.3,
Maintainer: pkgsrc-usersSanitize is an allowlist-based HTML and CSS sanitizer. It removes all HTML
and/or CSS from a string except the elements, attributes, and properties you
choose to allow.
Required to run:[
textproc/ruby-nokogiri] [
www/ruby-crass] [
lang/ruby31-base]
Master sites:
Filesize: 47 KB
Version history: (Expand)
- (2024-09-22) Updated to version: ruby32-sanitize-6.1.3
- (2024-07-28) Updated to version: ruby32-sanitize-6.1.2
- (2024-06-15) Updated to version: ruby32-sanitize-6.1.1
- (2023-09-18) Updated to version: ruby31-sanitize-6.1.0
- (2023-07-09) Updated to version: ruby31-sanitize-6.0.2
- (2023-02-04) Updated to version: ruby31-sanitize-6.0.1
CVS history: (Expand)
2023-09-18 19:37:33 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
textproc/ruby-sanitize: update to 6.1.0
6.1.0 (2023-09-14)
Features
* Added the text-decoration-skip-ink and text-decoration-thickness CSS
properties to the relaxed config. @martineriksson - #228
|
2023-07-09 04:56:28 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
textproc/ruby-sanitize: update to 6.0.2
6.0.2 (2023-07-06)
Bug Fixes
* CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS
(cross-site scripting). This issue affects Sanitize versions 3.0.0 through
6.0.1.
When using Sanitize's relaxed config or a custom config that allows
<style> elements and one or more CSS at-rules, carefully crafted input
could be used to sneak arbitrary HTML through Sanitize.
See the following security advisory for additional details:
GHSA-f5ww-cq3m-q3g7
Thanks to @cure53 for finding this issue.
|
2022-08-30 17:37:23 by Takahiro Kambe | Files touched by this commit (4) |
Log message:
textproc/ruby-sanitize: add package version 6.0.0
It is required for forthcoming redmine50 package.
Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all HTML
and/or CSS from a string except the elements, attributes, and properties you
choose to allow.
|