SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.3-rubygem-sanitize-5.0.0-1.1.x86_64.rpm :

* Thu Nov 22 2018 Stephan Kulow - updated to version 5.0.0 see installed HISTORY.md [#]# 5.0.0 (2018-10-14) For most users, upgrading from 4.x shouldn\'t require any changes. However, the minimum required Ruby version has changed, and Sanitize 5.x\'s HTML output may differ in some small ways from 4.x\'s output. If this matters to you, please review the changes below carefully. [#]## Potentially Breaking Changes
* Ruby 2.3.0 is now the oldest officially supported Ruby version. Sanitize may work in older 2.x Rubies, but they aren\'t actively tested. Sanitize definitely no longer works in Ruby 1.9.x.
* Upgraded to Nokogumbo 2.x, which fixes various bugs and adds standard-compliant HTML serialization. [AATTstevecheckoway - #189][189]
* Children of the following elements are now removed by default when these elements are removed, rather than being preserved and escaped: - `iframe` - `noembed` - `noframes` - `noscript` - `script` - `style`
* Children of whitelisted `iframe` elements are now always removed. In modern HTML, `iframe` elements should never have children. In HTML 4 and earlier `iframe` elements were allowed to contain fallback content for legacy browsers, but it\'s been almost two decades since that was useful.
* Fixed a bug that caused `:remove_contents` to behave as if it were set to `true` when it was actually an Array. [189]:https://github.com/rgrove/sanitize/pull/189
* Wed Sep 05 2018 cooloAATTsuse.com- updated to version 4.6.6 see installed HISTORY.md [#]# 4.6.6 (2018-07-23)
* Improved performance and memory usage by optimizing `Sanitize#transform_node!` [AATTstanhu - #183][183] [183]:https://github.com/rgrove/sanitize/pull/183
* Thu May 17 2018 factory-autoAATTkulow.org- updated to version 4.6.5 see installed HISTORY.md [#]# 4.6.5 (2018-05-16)
* Improved performance slightly by tweaking the order of built-in transformers. [AATTrafbm - #180][180] [180]:https://github.com/rgrove/sanitize/pull/180
* Wed Mar 21 2018 factory-autoAATTkulow.org- updated to version 4.6.4 see installed HISTORY.md [#]# 4.6.4 (2018-03-20)
* Fixed: A change introduced in 4.6.2 broke certain transformers that relied on being able to mutate the name of an HTML node. That change has been reverted and a test has been added to cover this case. [AATTzetter - #177][177] [177]:https://github.com/rgrove/sanitize/issues/177
* Tue Mar 20 2018 factory-autoAATTkulow.org- updated to version 4.6.3 see installed HISTORY.md [#]# 4.6.3 (2018-03-19)
* Fixed an HTML injection vulnerability that could allow XSS. When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. Sanitize now performs additional escaping on affected attributes to prevent this. Many thanks to the Shopify Application Security Team for responsibly reporting this issue. [#]# 4.6.2 (2018-03-19)
* Reduced string allocations to optimize memory usage. [AATTjanklimo - #175][175] [175]:https://github.com/rgrove/sanitize/pull/175 [#]# 4.6.1 (2018-03-15)
* Added support for frozen string literals in Ruby 2.4+. [AATTflavorjones - #174][174] [174]:https://github.com/rgrove/sanitize/pull/174
* Tue Jan 30 2018 cbruckmayerAATTsuse.com- updated to version 4.6.0 [#]# 4.6.0 (2018-01-29)
* Loosened the Nokogumbo dependency to allow installing semver-compatible versions greater than or equal to v1.4. AATTrafbm - #171
* Tue Jun 06 2017 cooloAATTsuse.com- updated to version 4.5.0 see installed HISTORY.md [#]# 4.5.0 (2017-06-04)
* Added SVG-related CSS properties to the relaxed config. See [the diff][161] for the full list of added properties. [AATTlouim - #161][161]
* Fixed: Sanitize now strips null bytes (` Nokogumbo, since they can cause recent versions to crash with a failed assertion in the Gumbo parser. [161]:https://github.com/rgrove/sanitize/pull/161
* Sat Oct 08 2016 cooloAATTsuse.com- updated to version 4.4.0 see installed HISTORY.md [#]# 4.4.0 (2016-09-29)
* Added `srcset` to the attribute whitelist for `img` elements in the relaxed config. [AATTejtttje - #156][156] [156]:https://github.com/rgrove/sanitize/pull/156
* Wed Sep 21 2016 cooloAATTsuse.com- updated to version 4.3.0 see installed HISTORY.md [#]# 4.3.0 (2016-09-20)
* Methods can now be used as transformers. [AATTSkipants - #155][155] [155]:https://github.com/rgrove/sanitize/pull/155
* Tue Aug 23 2016 cooloAATTsuse.com- updated to version 4.2.0 see installed HISTORY.md [#]# 4.2.0 (2016-08-22)
* Added `-webkit-font-smoothing` to the relaxed CSS config. [AATTlouim - #154][154]
* Fixed: Nokogumbo >=1.4.9 changed its behavior in a way that allowed invalid doctypes (like ``) when the `:allow_doctype` config setting was `true`. Invalid doctypes are now coerced to valid ones as they were prior to this Nokogumbo change. [154]:https://github.com/rgrove/sanitize/pull/154
* Mon Jul 18 2016 cooloAATTsuse.com- updated to version 4.1.0 see installed HISTORY.md
* Thu Dec 10 2015 cooloAATTsuse.com- updated to version 4.0.1 see installed HISTORY.md Version 4.0.1 (2015-12-09) - -------------------------
* Unpinned the Nokogumbo dependency. [AATTrubys - #141][141] [141]:https://github.com/rgrove/sanitize/pull/141
* Tue Apr 21 2015 cooloAATTsuse.com- updated to version 4.0.0
* Mon Feb 23 2015 cooloAATTsuse.com- updated to version 3.1.2
* Mon Feb 09 2015 cooloAATTsuse.com- updated to version 3.1.1, see HISTORY.md
* Mon Oct 13 2014 cooloAATTsuse.com- adapt to new rubygem packaging
* Thu Feb 06 2014 cooloAATTsuse.com- updated to version 2.1.0
* Added support for whitelisting arbitrary HTML5 `data-
*` attributes. Use the symbol `:data` instead of an attribute name in the `:attributes` config to indicate that arbitrary data attributes should be allowed on an element.
* Added the following elements to the relaxed config: `address`, `bdi`, `hr`, and `summary`.
* Fixed: A colon (`:`) character in a URL fragment identifier such as `#foo:1` was incorrectly treated as a protocol delimiter. [AATTheathd - #87][87] [87]:https://github.com/rgrove/sanitize/pull/87
* Sun Jul 21 2013 cooloAATTsuse.com- updated to version 2.0.6
* Fixed: Version 2.0.5 inadvertently included some work-in-progress changes that shouldn\'t have made their way into the master branch. This is what happens when I release before coffee instead of after.
* Loosened the Nokogiri dependency back to >= 1.4.4 to allow Sanitize to coexist in newer Rubies with other libraries that restrict Nokogiri to 1.5.x for 1.8.7 compatibility. Sanitize still no longer supports 1.8.7, but this should make life easier for people who need those other libs.
* Thu Jun 13 2013 cooloAATTsuse.com- updated to version 2.0.4
* Added `Sanitize.clean_document`, which sanitizes a full HTML document rather than just a fragment. [Ben Anderson]
* Nokogiri dependency bumped to 1.6.x.
* Dropped support for Ruby versions older than 1.9.2.
* Fri Dec 28 2012 cooloAATTsuse.com- initial package (version 2.0.3)
  
ICM