Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
rubygem-loofah.9347
rubygem-loofah.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-loofah.changes of Package rubygem-loofah.9347
------------------------------------------------------------------- Tue Nov 6 08:09:40 UTC 2018 - mschnitzer@suse.com - Security Vulnerability Fix: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. * Added CVE-2018-16468.patch to address this security issue (bsc#1113969, CVE-2018-16468) - Added series file for a better patch handling with quilt ------------------------------------------------------------------- Fri Mar 23 10:15:28 UTC 2018 - dkang@suse.com - update to version 2.2.2 * Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method. This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048. fix bsc#1086598 ------------------------------------------------------------------- Tue Mar 20 09:19:17 UTC 2018 - dkang@suse.com - Update to version 2.2.1 Fix XSS Vulnerability [CVE-2018-8048] fix bsc#1085967 ------------------------------------------------------------------- Thu Feb 15 14:13:37 UTC 2018 - mrueckert@suse.de - also set a description again ------------------------------------------------------------------- Mon Feb 12 10:11:44 UTC 2018 - bgeuken@suse.com - Update to version 2.2.0 Features: * Support HTML5 <main> tag. #133 (Thanks, @MothOnMars!) * Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!) * Support SVG <symbol> tag. #131 (Thanks, @baopham!) * Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, @NikoRoberts!) * Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!) Bugfixes: * Properly handle nested script tags. #127. ------------------------------------------------------------------- Fri Oct 13 11:25:11 UTC 2017 - mschnitzer@suse.com - updated to version 2.1.1 2.1.1 / 2017-09-24 Bugfixes: * Removed warning for unused variable. #124 (Thanks, @y-yagi!) ------------------------------------------------------------------- Tue Aug 18 04:32:46 UTC 2015 - coolo@suse.com - updated to version 2.0.3 see installed CHANGELOG.rdoc == 2.0.3 / 2015-08-17 Bug fixes: * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.) ------------------------------------------------------------------- Wed May 6 04:30:11 UTC 2015 - coolo@suse.com - updated to version 2.0.2 see installed CHANGELOG.rdoc == 2.0.2 / 2015-05-05 Bug fixes: * Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75 * Allow multi-word data attributes. #84 (Thanks, @jstorimer!) * Allow negative values in CSS properties. #85 (Thanks, @siddhartham!) ------------------------------------------------------------------- Wed Nov 12 05:55:25 UTC 2014 - coolo@suse.com - updated to version 2.0.1 Bug fixes: * Load RR correctly when running test files directly. (Thanks, @ktdreyer!) Notes: * Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!) ------------------------------------------------------------------- Mon Oct 13 14:21:06 UTC 2014 - coolo@suse.com - adapt to new rubygem packaging ------------------------------------------------------------------- Sun May 18 09:04:34 UTC 2014 - coolo@suse.com - updated to version 2.0.0 Compatibility notes: * ActionView helpers now must be required explicitly: `require "loofah/helpers"` * Support for Ruby 1.8.7 and prior has been dropped Enhancements: * HTML5 whitelist allows the following ... * tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time` * attributes: `data-*` (Thanks, Rafael Franca!) * URI attributes: `poster` and `preload` * Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!) * `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!) * HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!) Bug fixes: * HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!) * HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!) ------------------------------------------------------------------- Mon Jul 30 18:14:41 UTC 2012 - coolo@suse.com - update to 1.2.1 * Declaring encoding in html5/scrub.rb. Without this, use of the ruby -KU option would cause havoc. (#32) ------------------------------------------------------------------- Thu Aug 25 07:42:30 UTC 2011 - fcastelli@novell.com - add 'Provides rubygem-loofah-1_2' ------------------------------------------------------------------- Wed Aug 24 21:45:16 UTC 2011 - fcastelli@novell.com - upgrade to 1.2.0 ------------------------------------------------------------------- Thu Jul 21 16:00:10 UTC 2011 - fcastelli@novell.com - Upgrade to version 1.0.0 - Add provides loofah_1_0 required to build latest version of rubygem-feedzirra. ------------------------------------------------------------------- Fri Jun 11 18:42:16 UTC 2010 - mrueckert@suse.de - additional changes from version 0.4.7 * New methods Loofah::HTML::Document#to_text and Loofah::HTML::DocumentFragment#to_text do the right thing with whitespace. Note that these methods are significantly slower than #text. GH #12 * Loofah::Elements::BLOCK_LEVEL contains a canonical list of HTML4 block-level4 elements. * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text will return unescaped HTML entities by passing :encode_special_chars => false. - additional changes from version 0.4.4, 0.4.5, 0.4.6 * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text now escape HTML entities. * Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17 - additional changes from version 0.4.3 * All built-in scrubbers are accepted by ActiveRecord::Base.xss_foliate * Loofah::XssFoliate.xss_foliate_all_models replaces use of the constant LOOFAH_XSS_FOLIATE_ALL_MODELS * Modified documentation for bootstrapping XssFoliate in a Rails app, since the use of Bundler breaks the previously-documented method. To be safe, always use an initializer file. - additional changes from version 0.4.2 * Implemented Node#scrub! for scrubbing subtrees. * Implemented NodeSet#scrub! for scrubbing a set of subtrees. * Document.text now only serializes <body> contents (ignores <head>) * <head>, <html> and <body> added to the HTML5lib whitelist. * Supporting Rails apps that aren't loading ActiveRecord. GH #10 ------------------------------------------------------------------- Fri Jun 11 10:00:01 UTC 2010 - mrueckert@suse.de - use rubygems_requires macro ------------------------------------------------------------------- Thu Jan 7 18:17:12 CET 2010 - prusnak@suse.cz - created package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor