loofah 2.2.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 6656f9e5edc815b2c5ee676d1c4fb818b2dc03f4
-  data.tar.gz: 7bea1d04f8af479fd825c7adf687f0ca0c624830
+SHA256:
+  metadata.gz: 521948af26b151c0584b5eabd8e60c8c31ff451d2b134da4bc632256feeb87f4
+  data.tar.gz: 9b699d079c84a6c498fcb5be0e56f7c68ad7049bb0aa498e3413343803fcf585
 SHA512:
-  metadata.gz: 42f030b7228867ebf322c9d8e286349e1288ef3d60f90fe404b0d9250cc626ea6fad84ff1325cd2754ea4a7fdf80802a4bdae5a9b7121ac312e56d96c280d1a3
-  data.tar.gz: 8a67c56281a65b6e89d8623f40423ae41ed2628eeb0a90193196cfb87aeb4efccbe23c961b05ab26a247bac0117a55b68dea97ab6b67076e272ebad8471e33cb
+  metadata.gz: 7781d0db35620637fd69051e3729db36f4d10712bab60038df78f523d72b991b8e8f86009655495b56ef69d5b97aa5a621cc22698bc4eaec06577bece6841ec6
+  data.tar.gz: e42ab470cc2f3fbb5d0c3965b6a60fe698d0d076b3d87d58f6c4fa209531eac82188bef01c8005a94f3caa3f342ae7df4a850a4107fa043b618bdbd9f98c8d86

data/CHANGELOG.md

@@ -1,8 +1,72 @@
 # Changelog
 
+## 2.3.0 / unreleased
+
+### Features
+
+* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
+* Expand set of allowed CSS functions. [related to #122]
+* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
+* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
+* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
+* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)
+
+
+### Bug fixes
+
+* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)
+
+
+### Deprecations / Name Changes
+
+The following method and constants are hereby deprecated, and will be completely removed in a future release:
+
+* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
+* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
+* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.
+
+Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
+
+
+## 2.2.3 / 2018-10-30
+
+### Security
+
+Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
+
+This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154
+
+
+## Meta / 2018-10-27
+
+The mailing list is now on Google Groups [#146](https://github.com/flavorjones/loofah/issues/146):
+
+* Mail: loofah-talk@googlegroups.com
+* Archive: https://groups.google.com/forum/#!forum/loofah-talk
+
+This change was made because librelist no longer appears to be maintained.
+
+
+## 2.2.2 / 2018-03-22
+
+Make public `Loofah::HTML5::Scrub.force_correct_attribute_escaping!`,
+which was previously a private method. This is so that downstream gems
+(like rails-html-sanitizer) can use this logic directly for their own
+attribute scrubbers should they need to address CVE-2018-8048.
+
+
+## 2.2.1 / 2018-03-19
+
+### Security
+
+Addresses CVE-2018-8048. Loofah allowed non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments.
+
+This CVE's public notice is at https://github.com/flavorjones/loofah/issues/144
+
+
 ## 2.2.0 / 2018-02-11
 
-Features:
+### Features:
 
 * Support HTML5 `<main>` tag. #133 (Thanks, @MothOnMars!)
 * Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!)
@@ -10,32 +74,32 @@ Features:
 * Support for whitelisting CSS functions, initially just `calc` and `rgb`. #122/#123/#129 (Thanks, @NikoRoberts!)
 * Whitelist CSS property `list-style-type`. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!)
 
-Bugfixes:
+### Bugfixes:
 
 * Properly handle nested `script` tags. #127.
 
 
 ## 2.1.1 / 2017-09-24
 
-Bugfixes:
+### Bugfixes:
 
 * Removed warning for unused variable. #124 (Thanks, @y-yagi!)
 
 
 ## 2.1.0 / 2017-09-24
 
-Notes:
+### Notes:
 
 * Re-implemented CSS parsing and sanitization using the [crass](https://github.com/rgrove/crass) library. #91
 
 
-Features:
+### Features:
 
 * Added :noopener HTML scrubber (Thanks, @tastycode!)
 * Support `data` URIs with the following media types: text/plain, text/css, image/png, image/gif, image/jpeg, image/svg+xml. #101, #120. (Thanks, @mrpasquini!)
 
 
-Bugfixes:
+### Bugfixes:
 
 * The :unprintable scrubber now scrubs unprintable characters in CDATA nodes (like `<script>`). #124
 * Allow negative values in CSS properties. Restores functionality that was reverted in v2.0.3. #91
@@ -43,14 +107,14 @@ Bugfixes:
 
 ## 2.0.3 / 2015-08-17
 
-Bug fixes:
+### Bug fixes:
 
 * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)
 
 
 ## 2.0.2 / 2015-05-05
 
-Bug fixes:
+### Bug fixes:
 
 * Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75
 * Allow multi-word data attributes. #84 (Thanks, @jstorimer!)
@@ -59,24 +123,24 @@ Bug fixes:
 
 ## 2.0.1 / 2014-08-21
 
-Bug fixes:
+### Bug fixes:
 
 * Load RR correctly when running test files directly. (Thanks, @ktdreyer!)
 
 
-Notes:
+### Notes:
 
 * Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!)
 
 
 ## 2.0.0 / 2014-05-09
 
-Compatibility notes:
+### Compatibility notes:
 
 * ActionView helpers now must be required explicitly: `require "loofah/helpers"`
 * Support for Ruby 1.8.7 and prior has been dropped
 
-Enhancements:
+### Enhancements:
 
 * HTML5 whitelist allows the following ...
   * tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time`
@@ -86,7 +150,7 @@ Enhancements:
 * `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!)
 * HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!)
 
-Bug fixes:
+### Bug fixes:
 
 * HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!)
 * HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!)
@@ -99,7 +163,7 @@ Bug fixes:
 
 ## 1.2.0 (2011-08-08)
 
-Enhancements:
+### Enhancements:
 
 * Loofah::Helpers.sanitize_css is a replacement for Rails's built-in sanitize_css helper.
 * Improving ActionView integration.
@@ -107,7 +171,7 @@ Enhancements:
 
 ## 1.1.0 (2011-08-08)
 
-Enhancements:
+### Enhancements:
 
 * Additional HTML5lib whitelist elements (from html5lib 1524:80b5efe26230).
   Up to date with HTML5lib ruby code as of 1723:7ee6a0331856.
@@ -117,7 +181,7 @@ Enhancements:
 
 ## 1.0.0 (2010-10-26)
 
-Notes:
+### Notes:
 
 * Moved ActiveRecord functionality into `loofah-activerecord` gem.
 * Removed DEPRECATIONS.rdoc documenting 0.3.0 API changes.
@@ -125,7 +189,7 @@ Notes:
 
 ## 0.4.7 (2010-03-09)
 
-Enhancements:
+### Enhancements:
 
 * New methods Loofah::HTML::Document#to_text and
   Loofah::HTML::DocumentFragment#to_text do the right thing with
@@ -138,23 +202,23 @@ Enhancements:
 
 ## 0.4.4, 0.4.5, 0.4.6 (2010-02-01)
 
-Enhancements:
+### Enhancements:
 
 * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text now escape HTML entities.
 
-Bug fixes:
+### Bug fixes:
 
 * Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17
 
 
 ## 0.4.3 (2010-01-29)
 
-Enhancements:
+### Enhancements:
 
 * All built-in scrubbers are accepted by ActiveRecord::Base.xss_foliate
 * Loofah::XssFoliate.xss_foliate_all_models replaces use of the constant LOOFAH_XSS_FOLIATE_ALL_MODELS
 
-Miscellaneous:
+### Miscellaneous:
 
 * Modified documentation for bootstrapping XssFoliate in a Rails app,
   since the use of Bundler breaks the previously-documented method. To
@@ -163,18 +227,18 @@ Miscellaneous:
 
 ## 0.4.2 (2010-01-22)
 
-Enhancements:
+### Enhancements:
 
 * Implemented Node#scrub! for scrubbing subtrees.
 * Implemented NodeSet#scrub! for scrubbing a set of subtrees.
 * Document.text now only serializes <body> contents (ignores <head>)
 * <head>, <html> and <body> added to the HTML5lib whitelist.
 
-Bug fixes:
+### Bug fixes:
 
 * Supporting Rails apps that aren't loading ActiveRecord. GH #10
 
-Miscellaneous:
+### Miscellaneous:
 
 * Mailing list is now loofah@librelist.com / http://librelist.com
 * IRC channel is now \#loofah on freenode.
@@ -182,14 +246,14 @@ Miscellaneous:
 
 ## 0.4.1 (2009-11-23)
 
-Bugfix:
+### Bugfix:
 
 * Manifest fixed. Whoops.
 
 
 ## 0.4.0 (2009-11-21)
 
-Enhancements:
+### Enhancements:
 
 * Scrubber class introduced, allowing development of custom scrubbers.
 * Added support for XML documents and fragments.
@@ -200,20 +264,20 @@ Enhancements:
 
 ## 0.3.1 (2009-10-12)
 
-Bug fixes:
+### Bug fixes:
 
 * Scrubbed Documents properly render html, head and body tags when serialized.
 
 
 ## 0.3.0 (2009-10-06)
 
-Enhancements:
+### Enhancements:
 
 * New ActiveRecord extension `xss_foliate`, a drop-in replacement for xss_terminate[http://github.com/look/xss_terminate/tree/master].
 * Replacement methods for Rails's helpers, Loofah::Rails.sanitize and Loofah::Rails.strip_tags.
 * Official support (and test coverage) for Rails versions 2.3, 2.2, 2.1, 2.0 and 1.2.
 
-Deprecations:
+### Deprecations:
 
 * The methods strip_tags, whitewash, whitewash_document, sanitize, and
   sanitize_document have been deprecated. See DEPRECATED.rdoc for
@@ -222,7 +286,7 @@ Deprecations:
 
 ## 0.2.2 (2009-09-30)
 
-Enhancements:
+### Enhancements:
 
 * ActiveRecord extension scrubs fields in a before_validation callback
   (was previously in a before_save)
@@ -230,12 +294,12 @@ Enhancements:
 
 ## 0.2.1 (2009-09-19)
 
-Enhancements:
+### Enhancements:
 
 * when loaded in a Rails app, automatically extend ActiveRecord::Base
   with html_fragment and html_document. GH #6 (Thanks Josh Nichols!)
 
-Bugfixes:
+### Bugfixes:
 
 * ActiveRecord scrubbing should generate strings instead of Document or
   DocumentFragment objects. GH #5

data/Gemfile

@@ -15,8 +15,8 @@ gem "hoe-gemspec", ">=0", :group => [:development, :test]
 gem "hoe-debugging", ">=0", :group => [:development, :test]
 gem "hoe-bundler", ">=0", :group => [:development, :test]
 gem "hoe-git", ">=0", :group => [:development, :test]
-gem "concourse", ">=0.15.0", :group => [:development, :test]
-gem "rdoc", "~>4.0", :group => [:development, :test]
-gem "hoe", "~>3.16", :group => [:development, :test]
+gem "concourse", ">=0.26.0", :group => [:development, :test]
+gem "rdoc", ">=4.0", "<7", :group => [:development, :test]
+gem "hoe", "~>3.17", :group => [:development, :test]
 
 # vim: syntax=ruby

data/Manifest.txt

@@ -5,6 +5,7 @@ MIT-LICENSE.txt
 Manifest.txt
 README.md
 Rakefile
+SECURITY.md
 benchmark/benchmark.rb
 benchmark/fragment.html
 benchmark/helper.rb
@@ -14,17 +15,20 @@ lib/loofah/elements.rb
 lib/loofah/helpers.rb
 lib/loofah/html/document.rb
 lib/loofah/html/document_fragment.rb
+lib/loofah/html5/libxml2_workarounds.rb
+lib/loofah/html5/safelist.rb
 lib/loofah/html5/scrub.rb
-lib/loofah/html5/whitelist.rb
 lib/loofah/instance_methods.rb
 lib/loofah/metahelpers.rb
 lib/loofah/scrubber.rb
 lib/loofah/scrubbers.rb
 lib/loofah/xml/document.rb
 lib/loofah/xml/document_fragment.rb
+test/assets/msword.html
 test/assets/testdata_sanitizer_tests1.dat
 test/helper.rb
 test/html5/test_sanitizer.rb
+test/html5/test_scrub.rb
 test/integration/test_ad_hoc.rb
 test/integration/test_helpers.rb
 test/integration/test_html.rb

data/README.md

@@ -1,16 +1,15 @@
 # Loofah
 
 * https://github.com/flavorjones/loofah
-* http://rubydoc.info/github/flavorjones/loofah/master/frames
-* http://librelist.com/browser/loofah
+* Docs: http://rubydoc.info/github/flavorjones/loofah/master/frames
+* Mailing list: [loofah-talk@googlegroups.com](https://groups.google.com/forum/#!forum/loofah-talk)
 
 ## Status
 
 |System|Status|
 |--|--|
-| Concourse | [![Concourse CI](https://ci.nokogiri.org/api/v1/teams/nokogiri-core/pipelines/loofah/jobs/ruby-2.5/badge)](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/loofah?groups=master) |
+| Concourse CI | [![Concourse CI](https://ci.nokogiri.org/api/v1/teams/nokogiri-core/pipelines/loofah/jobs/ruby-2.5/badge)](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/loofah?groups=master) |
 | Code Climate | [![Code Climate](https://codeclimate.com/github/flavorjones/loofah.svg)](https://codeclimate.com/github/flavorjones/loofah) |
-| Version Eye | [![Version Eye](https://www.versioneye.com/ruby/loofah/badge.png)](https://www.versioneye.com/ruby/loofah) |
 
 
 ## Description
@@ -20,7 +19,7 @@ documents and fragments. It's built on top of Nokogiri and libxml2, so
 it's fast and has a nice API.
 
 Loofah excels at HTML sanitization (XSS prevention). It includes some
-nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
+nice HTML sanitizers, which are based on HTML5lib's safelist, so it
 most likely won't make your codes less secure. (These statements have
 not been evaluated by Netexperts.)
 
@@ -30,7 +29,7 @@ ActiveRecord extensions for sanitization are available in the
 
 ## Features
 
-* Easily write custom scrubbers for HTML/XML leveraging the sweetness of Nokogiri (and HTML5lib's whitelists).
+* Easily write custom scrubbers for HTML/XML leveraging the sweetness of Nokogiri (and HTML5lib's safelists).
 * Common HTML sanitizing tasks are built-in:
   * _Strip_ unsafe tags, leaving behind only the inner text.
   * _Prune_ unsafe tags and their subtrees, removing all traces that they ever existed.
@@ -222,7 +221,7 @@ Loofah.xml_document(File.read('plague.xml')).scrub!(bring_out_your_dead)
 === Built-In HTML Scrubbers
 
 Loofah comes with a set of sanitizing scrubbers that use HTML5lib's
-whitelist algorithm:
+safelist algorithm:
 
 ``` ruby
 doc.scrub!(:strip)       # replaces unknown/unsafe tags with their inner text
@@ -301,23 +300,32 @@ The bug tracker is available here:
 
 * https://github.com/flavorjones/loofah/issues
 
-And the mailing list is on librelist:
+And the mailing list is on Google Groups:
 
-* loofah@librelist.com / http://librelist.com
+* Mail: loofah-talk@googlegroups.com
+* Archive: https://groups.google.com/forum/#!forum/loofah-talk
 
 And the IRC channel is \#loofah on freenode.
 
 
 ## Security
 
-Some tools may incorrectly report loofah is a potential security
-vulnerability. Loofah depends on Nokogiri, and it's possible to use
-Nokogiri in a dangerous way (by enabling its DTDLOAD option and
-disabling its NONET option).  This dangerous Nokogiri configuration,
-which is sometimes used by other components, can create an XML
-External Entity (XXE) vulnerability if the XML data is not trusted.
-However, loofah never enables this dangerous Nokogiri configuration;
-loofah never enables DTDLOAD, and it never disables NONET.
+See [`SECURITY.md`](SECURITY.md) for vulnerability reporting details.
+
+
+### "Secure by Default"
+
+Some tools may incorrectly report Loofah as a potential security
+vulnerability.
+
+Loofah depends on Nokogiri, and it's _possible_ to use Nokogiri in a
+dangerous way (by enabling its DTDLOAD option and disabling its NONET
+option). This specifically allows the opportunity for an XML External
+Entity (XXE) vulnerability if the XML data is untrusted.
+
+However, Loofah __never enables this Nokogiri configuration__; Loofah
+never enables DTDLOAD, and it never disables NONET, thereby protecting
+you by default from this XXE vulnerability.
 
 
 ## Related Links
@@ -345,7 +353,7 @@ And a big shout-out to Corey Innis for the name, and feedback on the API.
 
 ## Thank You
 
-The following people have generously donated via the Pledgie[http://pledgie.com] badge on the {Loofah github page}[https://github.com/flavorjones/loofah]:
+The following people have generously donated via the [Pledgie](http://pledgie.com) badge on the [Loofah github page](https://github.com/flavorjones/loofah):
 
 * Bill Harding
 

data/Rakefile

@@ -1,7 +1,6 @@
-require 'rubygems'
-gem 'hoe', '>= 2.3.0'
-require 'hoe'
-require 'concourse'
+require "rubygems"
+require "hoe"
+require "concourse"
 
 Hoe.plugin :git
 Hoe.plugin :gemspec
@@ -12,23 +11,23 @@ Hoe.spec "loofah" do
   developer "Mike Dalessio", "mike.dalessio@gmail.com"
   developer "Bryan Helmkamp", "bryan@brynary.com"
 
-  self.extra_rdoc_files = FileList["*.rdoc"]
-  self.history_file     = "CHANGELOG.md"
-  self.readme_file      = "README.rdoc"
-  self.license          "MIT"
+  self.extra_rdoc_files = FileList["*.md"]
+  self.history_file = "CHANGELOG.md"
+  self.readme_file = "README.md"
+  self.license "MIT"
 
-  extra_deps     << ["nokogiri", ">=1.5.9"]
-  extra_deps     << ["crass", "~> 1.0.2"]
+  extra_deps << ["nokogiri", ">=1.5.9"]
+  extra_deps << ["crass", "~> 1.0.2"]
 
-  extra_dev_deps << ["rake", ">=0.8"]
+  extra_dev_deps << ["rake", "~> 12.3"]
   extra_dev_deps << ["minitest", "~>2.2"]
   extra_dev_deps << ["rr", "~>1.2.0"]
-  extra_dev_deps << ["json", ">=0"]
-  extra_dev_deps << ["hoe-gemspec", ">=0"]
-  extra_dev_deps << ["hoe-debugging", ">=0"]
-  extra_dev_deps << ["hoe-bundler", ">=0"]
-  extra_dev_deps << ["hoe-git", ">=0"]
-  extra_dev_deps << ["concourse", ">=0.15.0"]
+  extra_dev_deps << ["json", "~> 2.2.0"]
+  extra_dev_deps << ["hoe-gemspec", "~> 1.0"]
+  extra_dev_deps << ["hoe-debugging", "~> 2.0"]
+  extra_dev_deps << ["hoe-bundler", "~> 1.5"]
+  extra_dev_deps << ["hoe-git", "~> 1.6"]
+  extra_dev_deps << ["concourse", ">=0.26.0"]
 end
 
 task :gemspec do
@@ -71,9 +70,12 @@ task :doc_upload_to_rubyforge => :docs do
   end
 end
 
-desc "generate whitelists from W3C specifications"
-task :generate_whitelists do
-  load "tasks/generate-whitelists"
+desc "generate safelists from W3C specifications"
+task :generate_safelists do
+  load "tasks/generate-safelists"
 end
 
-Concourse.new("loofah").create_tasks!
+Concourse.new("loofah", fly_target: "ci") do |c|
+  c.add_pipeline "loofah", "loofah.yml"
+  c.add_pipeline "loofah-pr", "loofah-pr.yml"
+end

data/SECURITY.md

@@ -0,0 +1,18 @@
+# Security and Vulnerability Reporting
+
+The Loofah core contributors take security very seriously and investigate all reported vulnerabilities.
+
+If you would like to report a vulnerablity or have a security concern regarding Loofah, please [report it via HackerOne](https://hackerone.com/loofah/reports/new).
+
+Your report will be acknowledged within 24 hours, and you'll receive a more detailed response within 72 hours indicating next steps in handling your report.
+
+If you have not received a reply to your submission within 48 hours, there are a few steps you can take:
+
+* Contact the current security coordinator (Mike Dalessio <mike.dalessio@gmail.com>)
+* Email the Loofah user group at loofah-talk@googlegroups.com (archive at https://groups.google.com/forum/#!forum/loofah-talk)
+
+Please note, the user group list is a public area. When escalating in that venue, please do not discuss your issue. Simply say that you're trying to get a hold of someone from the core team.
+
+The information you share with the Loofah core contributors as part of this process will be kept confidential within the team, unless or until we need to share information upstream with our dependent libraries' core teams, at which point we will notify you.
+
+If a vulnerability is first reported by you, we will credit you with the discovery in the public disclosure.

data/lib/loofah/helpers.rb

@@ -46,8 +46,13 @@ module Loofah
           @full_sanitizer ||= ::Loofah::Helpers::ActionView::FullSanitizer.new
         end
 
+        def safe_list_sanitizer
+          @safe_list_sanitizer ||= ::Loofah::Helpers::ActionView::SafeListSanitizer.new
+        end
+
         def white_list_sanitizer
-          @white_list_sanitizer ||= ::Loofah::Helpers::ActionView::WhiteListSanitizer.new
+          warn "warning: white_list_sanitizer is deprecated, please use safe_list_sanitizer instead."
+          safe_list_sanitizer
         end
       end
 
@@ -73,13 +78,13 @@ module Loofah
       #
       #  To use by default, call this in an application initializer:
       #
-      #    ActionView::Helpers::SanitizeHelper.white_list_sanitizer = ::Loofah::Helpers::ActionView::WhiteListSanitizer.new
+      #    ActionView::Helpers::SanitizeHelper.safe_list_sanitizer = ::Loofah::Helpers::ActionView::SafeListSanitizer.new
       #
       #  Or, to generally opt-in to Loofah's view sanitizers:
       #
       #    Loofah::Helpers::ActionView.set_as_default_sanitizer
       #
-      class WhiteListSanitizer
+      class SafeListSanitizer
         def sanitize html, *args
           Loofah::Helpers.sanitize html
         end
@@ -88,6 +93,11 @@ module Loofah
           Loofah::Helpers.sanitize_css style_string
         end
       end
+
+      WhiteListSanitizer = SafeListSanitizer
+      if Object.respond_to?(:deprecate_constant)
+        deprecate_constant :WhiteListSanitizer
+      end
     end
   end
 end

data/lib/loofah/html5/libxml2_workarounds.rb

@@ -0,0 +1,26 @@
+# coding: utf-8
+require 'set'
+
+module Loofah
+  #
+  #  constants related to working around unhelpful libxml2 behavior
+  #
+  #  ಠ_ಠ
+  #
+  module LibxmlWorkarounds
+    #
+    #  these attributes and qualifying parent tags are determined by the code at:
+    #
+    #    https://git.gnome.org/browse/libxml2/tree/HTMLtree.c?h=v2.9.2#n714
+    #
+    #  see comments about CVE-2018-8048 within the tests for more information
+    #
+    BROKEN_ESCAPING_ATTRIBUTES = Set.new %w[
+        href
+        action
+        src
+        name
+      ]
+    BROKEN_ESCAPING_ATTRIBUTES_QUALIFYING_TAG = {"name" => "a"}
+  end
+end