./www/ruby-loofah, HTML sanitizer for Rails applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.9.0, Package name: ruby26-loofah-2.9.0, Maintainer: minskim

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API. Loofah excels at HTML sanitization (XSS
prevention). It includes some nice HTML sanitizers, which are based on
HTML5lib's whitelist, so it most likely won't make your codes less
secure.


Required to run:
[textproc/ruby-nokogiri] [www/ruby-crass] [lang/ruby26-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 1a02f78b1e7e419b485d804d7ffb6db9a30738b7
RMD160: 6ed496e3058d1286cddc0e19d73d25c8d3d192da
Filesize: 29 KB

Version history: (Expand)


CVS history: (Expand)


   2021-01-18 17:02:38 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/ruby-loofah: update to 2.9.0

2.9.0 / 2021-01-14

* Handle CSS functions in a CSS shorthand property (like
  background). [#199, #200]

2.8.0 / 2020-11-25

* Allow CSS properties order, flex-direction, flex-grow, flex-wrap,
  flex-shrink, flex-flow, flex-basis, flex, justify-content, align-self,
  align-items, and align-content. [#197] (Thanks, @miguelperez!)
   2020-09-14 17:35:34 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.7.0

Update ruby-loofah package to 2.7.0.

2.7.0 / 2020-08-26

Features

* Allow CSS properties page-break-before, page-break-inside, and
  page-break-after. [#190] (Thanks, @ahorek!)

Fixes

* Don't drop the !important rule from some CSS properties. [#191] (Thanks,
  @b7kich!)
   2020-06-18 18:23:53 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.6.0

Update ruby-loofah to 2.6.0.

2.6.0 / 2020-06-16

Features

* Allow CSS border-style keywords. [#188] (Thanks, @tarcisiozf!)
   2020-05-17 17:59:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/ruby-loofah: update to 2.5.0

Update ruby-loofah to 2.5.0.

## 2.5.0 / 2020-04-05

### Features

* Allow more CSS length units: "ch", "vw", "vh", \ 
"Q", "lh", "vmin", "vmax". [#178] \ 
(Thanks, @JuanitoFatas!)

### Fixes

* Remove comments from `Loofah::HTML::Document`s that exist outside the `html` \ 
element. [#80]

### Other changes

* Gem metadata being set [#181] (Thanks, @JuanitoFatas!)
* Test files removed from gem file [#180,#166,#159] (Thanks, @JuanitoFatas and \ 
@greysteil!)
   2020-03-21 18:01:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.4.0

Update ruby-loofah to 2.4.0.

## 2.4.0 / 2019-11-25

### Features

* Allow CSS property `max-width` [#175] (Thanks, @bchaney!)
* Allow CSS sizes expressed in `rem` [#176, #177]
* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118]
   2019-10-22 18:24:20 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/ruby-loofah: update to 2.3.1

## 2.3.1 / 2019-10-22

### Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output \ 
when a crafted SVG element is republished.

This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

## 2.3.0 / unreleased

### Features

* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

### Bug fixes

* CSS hex values are no longer limited to lowercase hex. Previously uppercase \ 
hex were scrubbed. [#165] (Thanks, @asok!)

### Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely \ 
removed in a future release:

* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use \ 
`Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use \ 
`Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

Thanks to @JuanitoFatas for submitting these changes in #164 and for making the \ 
language used in Loofah more inclusive.
   2018-11-01 17:11:45 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/ruby-loofah: update to 2.2.3

## 2.2.3 / 2018-10-30

### Security

Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output \ 
when a crafted SVG element is republished.

This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154

## Meta / 2018-10-27

The mailing list is now on Google Groups \ 
[#146](https://github.com/flavorjones/loofah/issues/146):

* Mail: loofah-talk@googlegroups.com
* Archive: https://groups.google.com/forum/#!forum/loofah-talk

This change was made because librelist no longer appears to be maintained.
   2018-03-23 15:33:21 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.2.2

## 2.2.2 / 2018-03-22

Make public `Loofah::HTML5::Scrub.force_correct_attribute_escaping!`,
which was previously a private method. This is so that downstream gems
(like rails-html-sanitizer) can use this logic directly for their own
attribute scrubbers should they need to address CVE-2018-8048.