SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.3-rubygem-loofah-2.2.2-23.1.x86_64.rpm :
Fri Mar 23 13:00:00 2018 dkangAATTsuse.com
- update to version 2.2.2

* Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method.
This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048.
fix bsc#1086598

Tue Mar 20 13:00:00 2018 dkangAATTsuse.com
- Update to version 2.2.1
Fix XSS Vulnerability [CVE-2018-8048]
fix bsc#1085967

Thu Feb 15 13:00:00 2018 mrueckertAATTsuse.de
- also set a description again

Mon Feb 12 13:00:00 2018 bgeukenAATTsuse.com
- Update to version 2.2.0
Features:

* Support HTML5
tag. #133 (Thanks, AATTMothOnMars!)

* Recognize HTML5 block elements. #136 (Thanks, AATTMothOnMars!)

* Support SVG tag. #131 (Thanks, AATTbaopham!)

* Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, AATTNikoRoberts!)

* Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, AATTandela-ysanni and AATTNikoRoberts!)
Bugfixes:

* Properly handle nested script tags. #127.

Fri Oct 13 14:00:00 2017 mschnitzerAATTsuse.com
- updated to version 2.1.1
2.1.1 / 2017-09-24
Bugfixes:

* Removed warning for unused variable. #124 (Thanks, AATTy-yagi!)

Tue Aug 18 14:00:00 2015 cooloAATTsuse.com
- updated to version 2.0.3
see installed CHANGELOG.rdoc
== 2.0.3 / 2015-08-17
Bug fixes:

* Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)

Wed May 6 14:00:00 2015 cooloAATTsuse.com
- updated to version 2.0.2
see installed CHANGELOG.rdoc
== 2.0.2 / 2015-05-05
Bug fixes:

* Fix error with `#to_text` when Loofah::Helpers hadn\'t been required. #75

* Allow multi-word data attributes. #84 (Thanks, AATTjstorimer!)

* Allow negative values in CSS properties. #85 (Thanks, AATTsiddhartham!)

Wed Nov 12 13:00:00 2014 cooloAATTsuse.com
- updated to version 2.0.1
Bug fixes:

* Load RR correctly when running test files directly. (Thanks, AATTktdreyer!)
Notes:

* Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, AATTkaspth!)

Mon Oct 13 14:00:00 2014 cooloAATTsuse.com
- adapt to new rubygem packaging

Sun May 18 14:00:00 2014 cooloAATTsuse.com
- updated to version 2.0.0
Compatibility notes:

* ActionView helpers now must be required explicitly: `require \"loofah/helpers\"`

* Support for Ruby 1.8.7 and prior has been dropped
Enhancements:

* HTML5 whitelist allows the following ...

* tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time`

* attributes: `data-
*` (Thanks, Rafael Franca!)

* URI attributes: `poster` and `preload`

* Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!)

* `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!)

* HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!)
Bug fixes:

* HTML5 sanitizers\' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!)

* HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!)

Mon Jul 30 14:00:00 2012 cooloAATTsuse.com
- update to 1.2.1

* Declaring encoding in html5/scrub.rb. Without this, use of the
ruby -KU option would cause havoc. (#32)

Thu Aug 25 14:00:00 2011 fcastelliAATTnovell.com
- add \'Provides rubygem-loofah-1_2\'

Wed Aug 24 14:00:00 2011 fcastelliAATTnovell.com
- upgrade to 1.2.0

Thu Jul 21 14:00:00 2011 fcastelliAATTnovell.com
- Upgrade to version 1.0.0
- Add provides loofah_1_0 required to build latest version of
rubygem-feedzirra.

Fri Jun 11 14:00:00 2010 mrueckertAATTsuse.de
- additional changes from version 0.4.7

* New methods Loofah::HTML::Document#to_text and
Loofah::HTML::DocumentFragment#to_text do the right thing with
whitespace. Note that these methods are significantly slower
than #text. GH #12

* Loofah::Elements::BLOCK_LEVEL contains a canonical list of
HTML4 block-level4 elements.

* Loofah::HTML::Document#text and
Loofah::HTML::DocumentFragment#text will return unescaped HTML
entities by passing :encode_special_chars => false.
- additional changes from version 0.4.4, 0.4.5, 0.4.6

* Loofah::HTML::Document#text and
Loofah::HTML::DocumentFragment#text now escape HTML entities.

* Loofah::XssFoliate was not properly escaping HTML entities when
implicitly scrubbing a string attribute. GH #17
- additional changes from version 0.4.3

* All built-in scrubbers are accepted by
ActiveRecord::Base.xss_foliate

* Loofah::XssFoliate.xss_foliate_all_models replaces use of the
constant LOOFAH_XSS_FOLIATE_ALL_MODELS

* Modified documentation for bootstrapping XssFoliate in a Rails
app, since the use of Bundler breaks the previously-documented
method. To be safe, always use an initializer file.
- additional changes from version 0.4.2

* Implemented Node#scrub! for scrubbing subtrees.

* Implemented NodeSet#scrub! for scrubbing a set of subtrees.

* Document.text now only serializes contents
(ignores )

* , and added to the HTML5lib whitelist.

* Supporting Rails apps that aren\'t loading ActiveRecord. GH #10

Fri Jun 11 14:00:00 2010 mrueckertAATTsuse.de
- use rubygems_requires macro

Thu Jan 7 13:00:00 2010 prusnakAATTsuse.cz
- created package


  
ICM