loofah 1.0.0 → 2.19.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +489 -0
- data/MIT-LICENSE.txt +3 -1
- data/README.md +364 -0
- data/SECURITY.md +18 -0
- data/lib/loofah/elements.rb +88 -11
- data/lib/loofah/helpers.rb +76 -2
- data/lib/loofah/html/document.rb +1 -0
- data/lib/loofah/html/document_fragment.rb +9 -2
- data/lib/loofah/html5/libxml2_workarounds.rb +27 -0
- data/lib/loofah/html5/safelist.rb +1042 -0
- data/lib/loofah/html5/scrub.rb +198 -40
- data/lib/loofah/instance_methods.rb +16 -10
- data/lib/loofah/metahelpers.rb +9 -10
- data/lib/loofah/scrubber.rb +22 -6
- data/lib/loofah/scrubbers.rb +96 -16
- data/lib/loofah/version.rb +5 -0
- data/lib/loofah/xml/document.rb +1 -0
- data/lib/loofah/xml/document_fragment.rb +5 -2
- data/lib/loofah.rb +38 -25
- metadata +159 -172
- data/CHANGELOG.rdoc +0 -134
- data/Gemfile +0 -1
- data/Manifest.txt +0 -34
- data/README.rdoc +0 -312
- data/Rakefile +0 -53
- data/benchmark/benchmark.rb +0 -149
- data/benchmark/fragment.html +0 -96
- data/benchmark/helper.rb +0 -73
- data/benchmark/www.slashdot.com.html +0 -2560
- data/lib/loofah/html5/whitelist.rb +0 -168
- data/test/helper.rb +0 -7
- data/test/html5/test_sanitizer.rb +0 -248
- data/test/integration/test_ad_hoc.rb +0 -176
- data/test/integration/test_helpers.rb +0 -33
- data/test/integration/test_html.rb +0 -51
- data/test/integration/test_scrubbers.rb +0 -331
- data/test/integration/test_xml.rb +0 -55
- data/test/unit/test_api.rb +0 -138
- data/test/unit/test_helpers.rb +0 -27
- data/test/unit/test_scrubber.rb +0 -229
- data/test/unit/test_scrubbers.rb +0 -14
data/lib/loofah.rb
CHANGED
@@ -1,23 +1,24 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__))) unless $LOAD_PATH.include?(File.expand_path(File.dirname(__FILE__)))
|
2
3
|
|
3
|
-
require
|
4
|
+
require "nokogiri"
|
4
5
|
|
5
|
-
|
6
|
-
|
6
|
+
require_relative "loofah/version"
|
7
|
+
require_relative "loofah/metahelpers"
|
8
|
+
require_relative "loofah/elements"
|
7
9
|
|
8
|
-
|
9
|
-
|
10
|
+
require_relative "loofah/html5/safelist"
|
11
|
+
require_relative "loofah/html5/libxml2_workarounds"
|
12
|
+
require_relative "loofah/html5/scrub"
|
10
13
|
|
11
|
-
|
12
|
-
|
14
|
+
require_relative "loofah/scrubber"
|
15
|
+
require_relative "loofah/scrubbers"
|
13
16
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
require 'loofah/helpers'
|
17
|
+
require_relative "loofah/instance_methods"
|
18
|
+
require_relative "loofah/xml/document"
|
19
|
+
require_relative "loofah/xml/document_fragment"
|
20
|
+
require_relative "loofah/html/document"
|
21
|
+
require_relative "loofah/html/document_fragment"
|
21
22
|
|
22
23
|
# == Strings and IO Objects as Input
|
23
24
|
#
|
@@ -28,17 +29,11 @@ require 'loofah/helpers'
|
|
28
29
|
# quantities of docs.
|
29
30
|
#
|
30
31
|
module Loofah
|
31
|
-
# The version of Loofah you are using
|
32
|
-
VERSION = '1.0.0'
|
33
|
-
|
34
|
-
# The minimum required version of Nokogiri
|
35
|
-
REQUIRED_NOKOGIRI_VERSION = '1.3.3'
|
36
|
-
|
37
32
|
class << self
|
38
33
|
# Shortcut for Loofah::HTML::Document.parse
|
39
34
|
# This method accepts the same parameters as Nokogiri::HTML::Document.parse
|
40
35
|
def document(*args, &block)
|
41
|
-
Loofah::HTML::Document.parse(*args, &block)
|
36
|
+
remove_comments_before_html_element Loofah::HTML::Document.parse(*args, &block)
|
42
37
|
end
|
43
38
|
|
44
39
|
# Shortcut for Loofah::HTML::DocumentFragment.parse
|
@@ -79,9 +74,27 @@ module Loofah
|
|
79
74
|
Loofah.xml_document(string_or_io).scrub!(method)
|
80
75
|
end
|
81
76
|
|
82
|
-
|
83
|
-
|
77
|
+
# A helper to remove extraneous whitespace from text-ified HTML
|
78
|
+
def remove_extraneous_whitespace(string)
|
79
|
+
string.gsub(/\n\s*\n\s*\n/, "\n\n")
|
80
|
+
end
|
84
81
|
|
85
|
-
|
86
|
-
|
82
|
+
private
|
83
|
+
|
84
|
+
# remove comments that exist outside of the HTML element.
|
85
|
+
#
|
86
|
+
# these comments are allowed by the HTML spec:
|
87
|
+
#
|
88
|
+
# https://www.w3.org/TR/html401/struct/global.html#h-7.1
|
89
|
+
#
|
90
|
+
# but are not scrubbed by Loofah because these nodes don't meet
|
91
|
+
# the contract that scrubbers expect of a node (e.g., it can be
|
92
|
+
# replaced, sibling and children nodes can be created).
|
93
|
+
def remove_comments_before_html_element(doc)
|
94
|
+
doc.children.each do |child|
|
95
|
+
child.unlink if child.comment?
|
96
|
+
end
|
97
|
+
doc
|
98
|
+
end
|
99
|
+
end
|
87
100
|
end
|
metadata
CHANGED
@@ -1,220 +1,207 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: loofah
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease: false
|
6
|
-
segments:
|
7
|
-
- 1
|
8
|
-
- 0
|
9
|
-
- 0
|
10
|
-
version: 1.0.0
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 2.19.1
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- Mike Dalessio
|
14
8
|
- Bryan Helmkamp
|
15
9
|
autorequire:
|
16
10
|
bindir: bin
|
17
11
|
cert_chain: []
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
12
|
+
date: 2022-12-12 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: crass
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - "~>"
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: 1.0.2
|
21
|
+
type: :runtime
|
24
22
|
prerelease: false
|
25
|
-
|
26
|
-
|
27
|
-
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - "~>"
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: 1.0.2
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: nokogiri
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
28
32
|
- - ">="
|
29
|
-
- !ruby/object:Gem::Version
|
30
|
-
|
31
|
-
segments:
|
32
|
-
- 1
|
33
|
-
- 3
|
34
|
-
- 3
|
35
|
-
version: 1.3.3
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: 1.5.9
|
36
35
|
type: :runtime
|
37
|
-
version_requirements: *id001
|
38
|
-
- !ruby/object:Gem::Dependency
|
39
|
-
name: rubyforge
|
40
36
|
prerelease: false
|
41
|
-
|
42
|
-
|
43
|
-
requirements:
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
44
39
|
- - ">="
|
45
|
-
- !ruby/object:Gem::Version
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 1.5.9
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: hoe-markdown
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - "~>"
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: '1.3'
|
52
49
|
type: :development
|
53
|
-
version_requirements: *id002
|
54
|
-
- !ruby/object:Gem::Dependency
|
55
|
-
name: mocha
|
56
50
|
prerelease: false
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - "~>"
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '1.3'
|
56
|
+
- !ruby/object:Gem::Dependency
|
57
|
+
name: json
|
58
|
+
requirement: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - "~>"
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '2.2'
|
67
63
|
type: :development
|
68
|
-
version_requirements: *id003
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: shoulda
|
71
64
|
prerelease: false
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - "~>"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '2.2'
|
70
|
+
- !ruby/object:Gem::Dependency
|
71
|
+
name: minitest
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - "~>"
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '5.14'
|
82
77
|
type: :development
|
83
|
-
|
84
|
-
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - "~>"
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '5.14'
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
85
|
name: rake
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - "~>"
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '13.0'
|
91
|
+
type: :development
|
86
92
|
prerelease: false
|
87
|
-
|
88
|
-
|
89
|
-
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - "~>"
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '13.0'
|
98
|
+
- !ruby/object:Gem::Dependency
|
99
|
+
name: rdoc
|
100
|
+
requirement: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
90
102
|
- - ">="
|
91
|
-
- !ruby/object:Gem::Version
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
version: "0.8"
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '4.0'
|
105
|
+
- - "<"
|
106
|
+
- !ruby/object:Gem::Version
|
107
|
+
version: '7'
|
97
108
|
type: :development
|
98
|
-
version_requirements: *id005
|
99
|
-
- !ruby/object:Gem::Dependency
|
100
|
-
name: hoe
|
101
109
|
prerelease: false
|
102
|
-
|
103
|
-
|
104
|
-
requirements:
|
110
|
+
version_requirements: !ruby/object:Gem::Requirement
|
111
|
+
requirements:
|
105
112
|
- - ">="
|
106
|
-
- !ruby/object:Gem::Version
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
+
- !ruby/object:Gem::Version
|
114
|
+
version: '4.0'
|
115
|
+
- - "<"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '7'
|
118
|
+
- !ruby/object:Gem::Dependency
|
119
|
+
name: rr
|
120
|
+
requirement: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: 1.2.0
|
113
125
|
type: :development
|
114
|
-
|
126
|
+
prerelease: false
|
127
|
+
version_requirements: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: 1.2.0
|
132
|
+
- !ruby/object:Gem::Dependency
|
133
|
+
name: rubocop
|
134
|
+
requirement: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '1.1'
|
139
|
+
type: :development
|
140
|
+
prerelease: false
|
141
|
+
version_requirements: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '1.1'
|
115
146
|
description: |-
|
116
|
-
Loofah is a general library for manipulating and transforming HTML/XML
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
most likely won't make your codes less secure. (These statements have
|
123
|
-
not been evaluated by Netexperts.)
|
124
|
-
|
125
|
-
ActiveRecord extensions for sanitization are available in the
|
126
|
-
`loofah-activerecord` gem (see
|
127
|
-
http://github.com/flavorjones/loofah-activerecord).
|
128
|
-
email:
|
147
|
+
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
|
148
|
+
|
149
|
+
Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)
|
150
|
+
|
151
|
+
ActiveRecord extensions for sanitization are available in the [`loofah-activerecord` gem](https://github.com/flavorjones/loofah-activerecord).
|
152
|
+
email:
|
129
153
|
- mike.dalessio@gmail.com
|
130
154
|
- bryan@brynary.com
|
131
155
|
executables: []
|
132
|
-
|
133
156
|
extensions: []
|
134
|
-
|
135
|
-
|
136
|
-
-
|
137
|
-
- Manifest.txt
|
138
|
-
- CHANGELOG.rdoc
|
139
|
-
- README.rdoc
|
140
|
-
files:
|
141
|
-
- CHANGELOG.rdoc
|
142
|
-
- Gemfile
|
157
|
+
extra_rdoc_files: []
|
158
|
+
files:
|
159
|
+
- CHANGELOG.md
|
143
160
|
- MIT-LICENSE.txt
|
144
|
-
-
|
145
|
-
-
|
146
|
-
- Rakefile
|
147
|
-
- benchmark/benchmark.rb
|
148
|
-
- benchmark/fragment.html
|
149
|
-
- benchmark/helper.rb
|
150
|
-
- benchmark/www.slashdot.com.html
|
161
|
+
- README.md
|
162
|
+
- SECURITY.md
|
151
163
|
- lib/loofah.rb
|
152
164
|
- lib/loofah/elements.rb
|
153
165
|
- lib/loofah/helpers.rb
|
154
166
|
- lib/loofah/html/document.rb
|
155
167
|
- lib/loofah/html/document_fragment.rb
|
168
|
+
- lib/loofah/html5/libxml2_workarounds.rb
|
169
|
+
- lib/loofah/html5/safelist.rb
|
156
170
|
- lib/loofah/html5/scrub.rb
|
157
|
-
- lib/loofah/html5/whitelist.rb
|
158
171
|
- lib/loofah/instance_methods.rb
|
159
172
|
- lib/loofah/metahelpers.rb
|
160
173
|
- lib/loofah/scrubber.rb
|
161
174
|
- lib/loofah/scrubbers.rb
|
175
|
+
- lib/loofah/version.rb
|
162
176
|
- lib/loofah/xml/document.rb
|
163
177
|
- lib/loofah/xml/document_fragment.rb
|
164
|
-
|
165
|
-
|
166
|
-
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
- test/unit/test_scrubber.rb
|
174
|
-
- test/unit/test_scrubbers.rb
|
175
|
-
has_rdoc: true
|
176
|
-
homepage: http://github.com/flavorjones/loofah
|
177
|
-
licenses: []
|
178
|
-
|
178
|
+
homepage: https://github.com/flavorjones/loofah
|
179
|
+
licenses:
|
180
|
+
- MIT
|
181
|
+
metadata:
|
182
|
+
homepage_uri: https://github.com/flavorjones/loofah
|
183
|
+
source_code_uri: https://github.com/flavorjones/loofah
|
184
|
+
bug_tracker_uri: https://github.com/flavorjones/loofah/issues
|
185
|
+
changelog_uri: https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md
|
186
|
+
documentation_uri: https://www.rubydoc.info/gems/loofah/
|
179
187
|
post_install_message:
|
180
|
-
rdoc_options:
|
181
|
-
|
182
|
-
- README.rdoc
|
183
|
-
require_paths:
|
188
|
+
rdoc_options: []
|
189
|
+
require_paths:
|
184
190
|
- lib
|
185
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
186
|
-
|
187
|
-
requirements:
|
191
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
192
|
+
requirements:
|
188
193
|
- - ">="
|
189
|
-
- !ruby/object:Gem::Version
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
version: "0"
|
194
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
195
|
-
none: false
|
196
|
-
requirements:
|
194
|
+
- !ruby/object:Gem::Version
|
195
|
+
version: '0'
|
196
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
197
|
+
requirements:
|
197
198
|
- - ">="
|
198
|
-
- !ruby/object:Gem::Version
|
199
|
-
|
200
|
-
segments:
|
201
|
-
- 0
|
202
|
-
version: "0"
|
199
|
+
- !ruby/object:Gem::Version
|
200
|
+
version: '0'
|
203
201
|
requirements: []
|
204
|
-
|
205
|
-
rubyforge_project: loofah
|
206
|
-
rubygems_version: 1.3.7
|
202
|
+
rubygems_version: 3.3.7
|
207
203
|
signing_key:
|
208
|
-
specification_version:
|
209
|
-
summary: Loofah is a general library for manipulating and transforming HTML/XML documents
|
210
|
-
|
211
|
-
|
212
|
-
- test/integration/test_ad_hoc.rb
|
213
|
-
- test/integration/test_helpers.rb
|
214
|
-
- test/integration/test_scrubbers.rb
|
215
|
-
- test/integration/test_xml.rb
|
216
|
-
- test/html5/test_sanitizer.rb
|
217
|
-
- test/unit/test_scrubber.rb
|
218
|
-
- test/unit/test_helpers.rb
|
219
|
-
- test/unit/test_scrubbers.rb
|
220
|
-
- test/unit/test_api.rb
|
204
|
+
specification_version: 4
|
205
|
+
summary: Loofah is a general library for manipulating and transforming HTML/XML documents
|
206
|
+
and fragments, built on top of Nokogiri
|
207
|
+
test_files: []
|
data/CHANGELOG.rdoc
DELETED
@@ -1,134 +0,0 @@
|
|
1
|
-
= Changelog
|
2
|
-
|
3
|
-
== 1.0.0 (2010-10-26)
|
4
|
-
|
5
|
-
Notes:
|
6
|
-
|
7
|
-
* Moved ActiveRecord functionality into `loofah-activerecord` gem.
|
8
|
-
* Removed DEPRECATIONS.rdoc documenting 0.3.0 API changes.
|
9
|
-
|
10
|
-
== 0.4.7 (2010-03-09)
|
11
|
-
|
12
|
-
Enhancements:
|
13
|
-
|
14
|
-
* New methods Loofah::HTML::Document#to_text and
|
15
|
-
Loofah::HTML::DocumentFragment#to_text do the right thing with
|
16
|
-
whitespace. Note that these methods are significantly slower than
|
17
|
-
#text. GH #12
|
18
|
-
* Loofah::Elements::BLOCK_LEVEL contains a canonical list of HTML4 block-level4 elements.
|
19
|
-
* Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text
|
20
|
-
will return unescaped HTML entities by passing :encode_special_chars => false.
|
21
|
-
|
22
|
-
== 0.4.4, 0.4.5, 0.4.6 (2010-02-01)
|
23
|
-
|
24
|
-
Enhancements:
|
25
|
-
|
26
|
-
* Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text now escape HTML entities.
|
27
|
-
|
28
|
-
Bug fixes:
|
29
|
-
|
30
|
-
* Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17
|
31
|
-
|
32
|
-
== 0.4.3 (2010-01-29)
|
33
|
-
|
34
|
-
Enhancements:
|
35
|
-
|
36
|
-
* All built-in scrubbers are accepted by ActiveRecord::Base.xss_foliate
|
37
|
-
* Loofah::XssFoliate.xss_foliate_all_models replaces use of the constant LOOFAH_XSS_FOLIATE_ALL_MODELS
|
38
|
-
|
39
|
-
Miscellaneous:
|
40
|
-
|
41
|
-
* Modified documentation for bootstrapping XssFoliate in a Rails app,
|
42
|
-
since the use of Bundler breaks the previously-documented method. To
|
43
|
-
be safe, always use an initializer file.
|
44
|
-
|
45
|
-
== 0.4.2 (2010-01-22)
|
46
|
-
|
47
|
-
Enhancements:
|
48
|
-
|
49
|
-
* Implemented Node#scrub! for scrubbing subtrees.
|
50
|
-
* Implemented NodeSet#scrub! for scrubbing a set of subtrees.
|
51
|
-
* Document.text now only serializes <body> contents (ignores <head>)
|
52
|
-
* <head>, <html> and <body> added to the HTML5lib whitelist.
|
53
|
-
|
54
|
-
Bug fixes:
|
55
|
-
|
56
|
-
* Supporting Rails apps that aren't loading ActiveRecord. GH #10
|
57
|
-
|
58
|
-
Miscellaneous:
|
59
|
-
|
60
|
-
* Mailing list is now loofah@librelist.com / http://librelist.com
|
61
|
-
* IRC channel is now \#loofah on freenode.
|
62
|
-
|
63
|
-
== 0.4.1 (2009-11-23)
|
64
|
-
|
65
|
-
Bugfix:
|
66
|
-
|
67
|
-
* Manifest fixed. Whoops.
|
68
|
-
|
69
|
-
== 0.4.0 (2009-11-21)
|
70
|
-
|
71
|
-
Enhancements:
|
72
|
-
|
73
|
-
* Scrubber class introduced, allowing development of custom scrubbers.
|
74
|
-
* Added support for XML documents and fragments.
|
75
|
-
* Added :nofollow HTML scrubber (thanks Luke Melia!)
|
76
|
-
* Built-in scrubbing methods refactored to use Scrubber.
|
77
|
-
|
78
|
-
== 0.3.1 (2009-10-12)
|
79
|
-
|
80
|
-
Bug fixes:
|
81
|
-
|
82
|
-
* Scrubbed Documents properly render html, head and body tags when serialized.
|
83
|
-
|
84
|
-
== 0.3.0 (2009-10-06)
|
85
|
-
|
86
|
-
Enhancements:
|
87
|
-
|
88
|
-
* New ActiveRecord extension `xss_foliate`, a drop-in replacement for xss_terminate[http://github.com/look/xss_terminate/tree/master].
|
89
|
-
* Replacement methods for Rails's helpers, Loofah::Rails.sanitize and Loofah::Rails.strip_tags.
|
90
|
-
* Official support (and test coverage) for Rails versions 2.3, 2.2, 2.1, 2.0 and 1.2.
|
91
|
-
|
92
|
-
Deprecations:
|
93
|
-
|
94
|
-
* The methods strip_tags, whitewash, whitewash_document, sanitize, and
|
95
|
-
sanitize_document have been deprecated. See DEPRECATED.rdoc for
|
96
|
-
details on the equivalent calls with the post-0.2 API.
|
97
|
-
|
98
|
-
== 0.2.2 (2009-09-30)
|
99
|
-
|
100
|
-
Enhancements:
|
101
|
-
|
102
|
-
* ActiveRecord extension scrubs fields in a before_validation callback
|
103
|
-
(was previously in a before_save)
|
104
|
-
|
105
|
-
== 0.2.1 (2009-09-19)
|
106
|
-
|
107
|
-
Enhancements:
|
108
|
-
|
109
|
-
* when loaded in a Rails app, automatically extend ActiveRecord::Base
|
110
|
-
with html_fragment and html_document. GH #6 (Thanks Josh Nichols!)
|
111
|
-
|
112
|
-
Bugfixes:
|
113
|
-
|
114
|
-
* ActiveRecord scrubbing should generate strings instead of Document or
|
115
|
-
DocumentFragment objects. GH #5
|
116
|
-
* init.rb fixed to support installation as a Rails plugin. GH #6
|
117
|
-
(Thanks Josh Nichols!)
|
118
|
-
|
119
|
-
== 0.2.0 (2009-09-11)
|
120
|
-
|
121
|
-
* Swank new API.
|
122
|
-
* ActiveRecord extension.
|
123
|
-
* Uses Nokogiri's Document and DocumentFragment for parsing.
|
124
|
-
* Updated html5lib codes and tests to revision 1384:b9d3153d7be7.
|
125
|
-
* Deprecated the Dryopteris sanitization methods. Will be removed in 0.3.0.
|
126
|
-
* Documentation! Hey!
|
127
|
-
|
128
|
-
== 0.1.2 (2009-04-30)
|
129
|
-
|
130
|
-
* Added whitewashing -- removal of all attributes and namespaced nodes. You know, for microsofty HTML.
|
131
|
-
|
132
|
-
== 0.1.0 (2009-02-10)
|
133
|
-
|
134
|
-
* Birthday!
|
data/Gemfile
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
gemspec
|
data/Manifest.txt
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
CHANGELOG.rdoc
|
2
|
-
Gemfile
|
3
|
-
MIT-LICENSE.txt
|
4
|
-
Manifest.txt
|
5
|
-
README.rdoc
|
6
|
-
Rakefile
|
7
|
-
benchmark/benchmark.rb
|
8
|
-
benchmark/fragment.html
|
9
|
-
benchmark/helper.rb
|
10
|
-
benchmark/www.slashdot.com.html
|
11
|
-
lib/loofah.rb
|
12
|
-
lib/loofah/elements.rb
|
13
|
-
lib/loofah/helpers.rb
|
14
|
-
lib/loofah/html/document.rb
|
15
|
-
lib/loofah/html/document_fragment.rb
|
16
|
-
lib/loofah/html5/scrub.rb
|
17
|
-
lib/loofah/html5/whitelist.rb
|
18
|
-
lib/loofah/instance_methods.rb
|
19
|
-
lib/loofah/metahelpers.rb
|
20
|
-
lib/loofah/scrubber.rb
|
21
|
-
lib/loofah/scrubbers.rb
|
22
|
-
lib/loofah/xml/document.rb
|
23
|
-
lib/loofah/xml/document_fragment.rb
|
24
|
-
test/helper.rb
|
25
|
-
test/html5/test_sanitizer.rb
|
26
|
-
test/integration/test_ad_hoc.rb
|
27
|
-
test/integration/test_helpers.rb
|
28
|
-
test/integration/test_html.rb
|
29
|
-
test/integration/test_scrubbers.rb
|
30
|
-
test/integration/test_xml.rb
|
31
|
-
test/unit/test_api.rb
|
32
|
-
test/unit/test_helpers.rb
|
33
|
-
test/unit/test_scrubber.rb
|
34
|
-
test/unit/test_scrubbers.rb
|