./www/ruby-loofah, HTML sanitizer for Rails applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.23.1, Package name: ruby32-loofah-2.23.1, Maintainer: minskim

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API. Loofah excels at HTML sanitization (XSS
prevention). It includes some nice HTML sanitizers, which are based on
HTML5lib's whitelist, so it most likely won't make your codes less
secure.


Required to run:
[textproc/ruby-nokogiri] [www/ruby-crass] [lang/ruby26-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 33 KB

Version history: (Expand)


CVS history: (Expand)


   2023-12-17 17:25:10 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.22.0

2.21.4 (2023-10-10)

Fixed

* Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace
  (and lack of whitespace) in CSS property values.  In particular,
  .scrub_css no longer inserts whitespace between tokens that did not
  already have whitespace between them.  [#273, fixes #271]

2.22.0 (2023-11-13)

Added

* A :targetblank HTML scrubber which ensures all hyperlinks have
  target="_blank".  [#275] @stefannibrasil and @thdaraujo
* A :noreferrer HTML scrubber which ensures all hyperlinks have
  rel=noreferrer, similar to the :nofollow and :noopener scrubbers.  [#277]
  @wynksaiddestroy
   2023-05-21 05:29:12 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.21.3

2.21.3 / 2023-05-15

* Quash "instance variable not initialized" warning in Ruby < 3.0. \ 
[#268]
  (Thanks, @dharamgollapudi!)
   2023-05-14 16:24:49 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/ruby-loofah: update to 2.21.2

2.21.0 (2023-05-10)

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are
introduced, along with helper methods:

* Loofah.html5_document
* Loofah.html5_fragment
* Loofah.scrub_html5_document
* Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web
standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

⚠ HTML5 functionality is not available for JRuby.  Please see this upstream
Nokogiri issue if you're interested in helping implement and support HTML5
support.

Loofah::HTML4 module and namespace

Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased
to preserve backwards-compatibility.  Nokogiri::HTML and Nokogiri::HTML4
parse methods still use libxml2's (or NekoHTML's) HTML4 parser.

Take special note that if you rely on the class name of an object in your
code, objects will now report a class of Loofah::HTML4::Foo where they
previously reported Loofah::HTML::Foo.  Instead of relying on the string
returned by Object#class, prefer Class#=== or Object#is_a? or
Object#instance_of?.

Future releases of Nokogiri may deprecate HTML classes and methods or
otherwise change this behavior, so please start using HTML4 in place of
HTML.

Official support for JRuby

This version introduces official support for JRuby.  Previously, the test
suite had never been green due to differences in behavior in the underlying
HTML parser used by Nokogiri.  We've updated the test suite to accommodate
those differences, and have added JRuby to the CI suite.

2.21.1 (2023-05-10)

Fixed

* Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is
  < 1.14.  In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was
  defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing
  properly.

2.21.2 (2023-05-11)

Dependencies

* Update the dependency on Nokogiri to be >= 1.12.0.  The dependency in
  2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would
  result in a NameError exception.  [#266]
   2023-04-30 16:22:55 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.20.0

2.20.0 (2023-04-01)

Features

* Allow SVG attributes color-profile, cursor, filter, marker, and mask.
  [#246]
* Allow SVG elements altGlyph, cursor, feImage, pattern, and tref.  [#246]
* Allow protocols fax and modem.  [#255] (Thanks, @cjba7!)
   2022-12-18 15:49:24 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.19.0

2.19.0 (2022-12-13)

* Address CVE-2022-23514, inefficient regular expression complexity. See
  GHSA-486f-hjj9-9vhh for more information.
* Address CVE-2022-23515, improper neutralization of data URIs. See
  GHSA-228g-948r-83gx for more information.
* Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm
  for more information.
   2022-09-16 08:23:10 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.19.0

2.19.0 (2022-09-14)

Features

* Allow SVG 1.0 color keyword names in CSS attributes.  These colors are
  part of the CSS Color Module Level 3 recommendation released 2022-01-18.
  [#243]
   2022-09-04 17:47:06 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.18.0

2.14.0 (2022-02-11)

Features

* The #to_text method on Loofah::HTML::{Document,DocumentFragment} replaces
  <br> line break elements with a newline. [#225]

2.15.0 (2022-03-14)

Features

* Expand set of allowed protocols to include sms:. [#228] (Thanks,
  @brendon!)

2.16.0 (2022-04-01)

Features

* Allow MathML elements menclose and ms, and MathML attributes dir, href,
  lquote, mathsize, notation, and rquote. [#231] (Thanks, @nick-desteffen!)

2.17.0 (2022-04-28)

Features

* Allow ARIA attributes. [#232, #233] (Thanks, @nick-desteffen!)

2.18.0 (2022-05-11)

Features

* Allow CSS property aspect-ratio. [#236] (Thanks, @louim!)
   2021-12-14 15:17:47 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-loofah: update to 2.13.0

2.13.0 (2021-12-10)

Bug fixes

* Loofah::HTML::DocumentFragment#text no longer serializes top-level comment
  children. [#221]