Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: ruby2.5-rubygem-loofah | Distribution: SUSE Linux Enterprise 15 |
Version: 2.2.2 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 4.3.1 | Build date: Thu Nov 8 12:06:57 2018 |
Group: Development/Languages/Ruby | Build host: s390lp8 |
Size: 245536 | Source RPM: rubygem-loofah-2.2.2-4.3.1.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://github.com/flavorjones/loofah | |
Summary: HTML/XML manipulation and sanitization based on Nokogiri |
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure.
MIT
* Tue Nov 06 2018 mschnitzer@suse.com - Security Vulnerability Fix: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. * Added CVE-2018-16468.patch to address this security issue (bsc#1113969, CVE-2018-16468) - Added series file for a better patch handling with quilt * Fri Mar 23 2018 dkang@suse.com - update to version 2.2.2 * Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method. This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048. fix bsc#1086598 * Tue Mar 20 2018 dkang@suse.com - Update to version 2.2.1 Fix XSS Vulnerability [CVE-2018-8048] fix bsc#1085967 * Thu Feb 15 2018 mrueckert@suse.de - also set a description again * Mon Feb 12 2018 bgeuken@suse.com - Update to version 2.2.0 Features: * Support HTML5 <main> tag. #133 (Thanks, @MothOnMars!) * Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!) * Support SVG <symbol> tag. #131 (Thanks, @baopham!) * Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, @NikoRoberts!) * Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!) Bugfixes: * Properly handle nested script tags. #127. * Fri Oct 13 2017 mschnitzer@suse.com - updated to version 2.1.1 2.1.1 / 2017-09-24 Bugfixes: * Removed warning for unused variable. #124 (Thanks, @y-yagi!) * Tue Aug 18 2015 coolo@suse.com - updated to version 2.0.3 see installed CHANGELOG.rdoc == 2.0.3 / 2015-08-17 Bug fixes: * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.) * Wed May 06 2015 coolo@suse.com - updated to version 2.0.2 see installed CHANGELOG.rdoc == 2.0.2 / 2015-05-05 Bug fixes: * Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75 * Allow multi-word data attributes. #84 (Thanks, @jstorimer!) * Allow negative values in CSS properties. #85 (Thanks, @siddhartham!) * Wed Nov 12 2014 coolo@suse.com - updated to version 2.0.1 Bug fixes: * Load RR correctly when running test files directly. (Thanks, @ktdreyer!) Notes: * Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!) * Mon Oct 13 2014 coolo@suse.com - adapt to new rubygem packaging * Sun May 18 2014 coolo@suse.com - updated to version 2.0.0 Compatibility notes: * ActionView helpers now must be required explicitly: `require "loofah/helpers"` * Support for Ruby 1.8.7 and prior has been dropped Enhancements: * HTML5 whitelist allows the following ... * tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time` * attributes: `data-*` (Thanks, Rafael Franca!) * URI attributes: `poster` and `preload` * Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!) * `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!) * HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!) Bug fixes: * HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!) * HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!) * Mon Jul 30 2012 coolo@suse.com - update to 1.2.1 * Declaring encoding in html5/scrub.rb. Without this, use of the ruby -KU option would cause havoc. (#32) * Thu Aug 25 2011 fcastelli@novell.com - add 'Provides rubygem-loofah-1_2' * Wed Aug 24 2011 fcastelli@novell.com - upgrade to 1.2.0 * Thu Jul 21 2011 fcastelli@novell.com - Upgrade to version 1.0.0 - Add provides loofah_1_0 required to build latest version of rubygem-feedzirra. * Fri Jun 11 2010 mrueckert@suse.de - additional changes from version 0.4.7 * New methods Loofah::HTML::Document#to_text and Loofah::HTML::DocumentFragment#to_text do the right thing with whitespace. Note that these methods are significantly slower than #text. GH #12 * Loofah::Elements::BLOCK_LEVEL contains a canonical list of HTML4 block-level4 elements. * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text will return unescaped HTML entities by passing :encode_special_chars => false. - additional changes from version 0.4.4, 0.4.5, 0.4.6 * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text now escape HTML entities. * Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17 - additional changes from version 0.4.3 * All built-in scrubbers are accepted by ActiveRecord::Base.xss_foliate * Loofah::XssFoliate.xss_foliate_all_models replaces use of the constant LOOFAH_XSS_FOLIATE_ALL_MODELS * Modified documentation for bootstrapping XssFoliate in a Rails app, since the use of Bundler breaks the previously-documented method. To be safe, always use an initializer file. - additional changes from version 0.4.2 * Implemented Node#scrub! for scrubbing subtrees. * Implemented NodeSet#scrub! for scrubbing a set of subtrees. * Document.text now only serializes <body> contents (ignores <head>) * <head>, <html> and <body> added to the HTML5lib whitelist. * Supporting Rails apps that aren't loading ActiveRecord. GH #10 * Fri Jun 11 2010 mrueckert@suse.de - use rubygems_requires macro * Thu Jan 07 2010 prusnak@suse.cz - created package
/usr/lib64/ruby/gems/2.5.0/build_info /usr/lib64/ruby/gems/2.5.0/cache/loofah-2.2.2.gem /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2 /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/.gemtest /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/CHANGELOG.md /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/Gemfile /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/MIT-LICENSE.txt /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/Manifest.txt /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/README.md /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/Rakefile /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/SECURITY.md /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/benchmark /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/benchmark/benchmark.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/benchmark/fragment.html /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/benchmark/helper.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/benchmark/www.slashdot.com.html /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/elements.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/helpers.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html/document.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html/document_fragment.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html5 /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html5/libxml2_workarounds.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html5/scrub.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/html5/whitelist.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/instance_methods.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/metahelpers.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/scrubber.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/scrubbers.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/xml /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/xml/document.rb /usr/lib64/ruby/gems/2.5.0/gems/loofah-2.2.2/lib/loofah/xml/document_fragment.rb /usr/lib64/ruby/gems/2.5.0/specifications/loofah-2.2.2.gemspec /usr/share/doc/packages/ruby2.5-rubygem-loofah /usr/share/doc/packages/ruby2.5-rubygem-loofah/CHANGELOG.md /usr/share/doc/packages/ruby2.5-rubygem-loofah/MIT-LICENSE.txt /usr/share/doc/packages/ruby2.5-rubygem-loofah/README.md
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 15:08:25 2024