documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API. Loofah excels at HTML sanitization (XSS
prevention). It includes some nice HTML sanitizers, which are based on
2024-11-06 16:06:16 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.23.1
2.23.0 (2024-10-24)
Added
* Allow CSS property min-width. [#287] @lazyatom
New Contributors
* @m-nakamura145 made their first contribution in #280
* @lazyatom made their first contribution in #287
2.23.1 (2024-10-25)
Added
* Allow CSS properties min-height and max-height. [#288] @lazyatom
|
2023-12-17 17:25:10 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.22.0
2.21.4 (2023-10-10)
Fixed
* Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace
(and lack of whitespace) in CSS property values. In particular,
.scrub_css no longer inserts whitespace between tokens that did not
already have whitespace between them. [#273, fixes #271]
2.22.0 (2023-11-13)
Added
* A :targetblank HTML scrubber which ensures all hyperlinks have
target="_blank". [#275] @stefannibrasil and @thdaraujo
* A :noreferrer HTML scrubber which ensures all hyperlinks have
rel=noreferrer, similar to the :nofollow and :noopener scrubbers. [#277]
@wynksaiddestroy
|
2023-05-21 05:29:12 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.21.3
2.21.3 / 2023-05-15
* Quash "instance variable not initialized" warning in Ruby < 3.0. \
[#268]
(Thanks, @dharamgollapudi!)
|
2023-05-14 16:24:49 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
www/ruby-loofah: update to 2.21.2
2.21.0 (2023-05-10)
HTML5 Support
Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are
introduced, along with helper methods:
* Loofah.html5_document
* Loofah.html5_fragment
* Loofah.scrub_html5_document
* Loofah.scrub_html5_fragment
These classes and methods use Nokogiri's HTML5 parser to ensure modern web
standards are used.
⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.
⚠ HTML5 functionality is not available for JRuby. Please see this upstream
Nokogiri issue if you're interested in helping implement and support HTML5
support.
Loofah::HTML4 module and namespace
Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased
to preserve backwards-compatibility. Nokogiri::HTML and Nokogiri::HTML4
parse methods still use libxml2's (or NekoHTML's) HTML4 parser.
Take special note that if you rely on the class name of an object in your
code, objects will now report a class of Loofah::HTML4::Foo where they
previously reported Loofah::HTML::Foo. Instead of relying on the string
returned by Object#class, prefer Class#=== or Object#is_a? or
Object#instance_of?.
Future releases of Nokogiri may deprecate HTML classes and methods or
otherwise change this behavior, so please start using HTML4 in place of
HTML.
Official support for JRuby
This version introduces official support for JRuby. Previously, the test
suite had never been green due to differences in behavior in the underlying
HTML parser used by Nokogiri. We've updated the test suite to accommodate
those differences, and have added JRuby to the CI suite.
2.21.1 (2023-05-10)
Fixed
* Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is
< 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was
defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing
properly.
2.21.2 (2023-05-11)
Dependencies
* Update the dependency on Nokogiri to be >= 1.12.0. The dependency in
2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would
result in a NameError exception. [#266]
|
2023-04-30 16:22:55 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.20.0
2.20.0 (2023-04-01)
Features
* Allow SVG attributes color-profile, cursor, filter, marker, and mask.
[#246]
* Allow SVG elements altGlyph, cursor, feImage, pattern, and tref. [#246]
* Allow protocols fax and modem. [#255] (Thanks, @cjba7!)
|
2022-12-18 15:49:24 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.19.0
2.19.0 (2022-12-13)
* Address CVE-2022-23514, inefficient regular expression complexity. See
GHSA-486f-hjj9-9vhh for more information.
* Address CVE-2022-23515, improper neutralization of data URIs. See
GHSA-228g-948r-83gx for more information.
* Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm
for more information.
|
2022-09-16 08:23:10 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.19.0
2.19.0 (2022-09-14)
Features
* Allow SVG 1.0 color keyword names in CSS attributes. These colors are
part of the CSS Color Module Level 3 recommendation released 2022-01-18.
[#243]
|
2022-09-04 17:47:06 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
www/ruby-loofah: update to 2.18.0
2.14.0 (2022-02-11)
Features
* The #to_text method on Loofah::HTML::{Document,DocumentFragment} replaces
<br> line break elements with a newline. [#225]
2.15.0 (2022-03-14)
Features
* Expand set of allowed protocols to include sms:. [#228] (Thanks,
@brendon!)
2.16.0 (2022-04-01)
Features
* Allow MathML elements menclose and ms, and MathML attributes dir, href,
lquote, mathsize, notation, and rquote. [#231] (Thanks, @nick-desteffen!)
2.17.0 (2022-04-28)
Features
* Allow ARIA attributes. [#232, #233] (Thanks, @nick-desteffen!)
2.18.0 (2022-05-11)
Features
* Allow CSS property aspect-ratio. [#236] (Thanks, @louim!)
|