Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ruby2.5-rubygem-loofah-2.2.2-4.3.1 RPM for ppc64le

From OpenSuSE Leap 15.3 for ppc64le

Name: ruby2.5-rubygem-loofah Distribution: SUSE Linux Enterprise 15
Version: 2.2.2 Vendor: SUSE LLC <>
Release: 4.3.1 Build date: Thu Nov 8 12:08:54 2018
Group: Development/Languages/Ruby Build host: cabernet
Size: 245536 Source RPM: rubygem-loofah-2.2.2-4.3.1.src.rpm
Summary: HTML/XML manipulation and sanitization based on Nokogiri
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments.
It's built on top of Nokogiri and libxml2, so it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers,
which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure.






* Tue Nov 06 2018
  - Security Vulnerability Fix: Unsanitized JavaScript may occur in
    sanitized output when a crafted SVG element is republished.
    * Added CVE-2018-16468.patch to address this security issue
    (bsc#1113969, CVE-2018-16468)
  - Added series file for a better patch handling with quilt
* Fri Mar 23 2018
  - update to version 2.2.2
    * Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method.
      This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048.
    fix bsc#1086598
* Tue Mar 20 2018
  - Update to version 2.2.1
    Fix XSS Vulnerability [CVE-2018-8048]
    fix bsc#1085967
* Thu Feb 15 2018
  - also set a description again
* Mon Feb 12 2018
  - Update to version 2.2.0
    * Support HTML5 <main> tag. #133 (Thanks, @MothOnMars!)
    * Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!)
    * Support SVG <symbol> tag. #131 (Thanks, @baopham!)
    * Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, @NikoRoberts!)
    * Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!)
    * Properly handle nested script tags. #127.
* Fri Oct 13 2017
  - updated to version 2.1.1
    2.1.1 / 2017-09-24
    * Removed warning for unused variable. #124 (Thanks, @y-yagi!)
* Tue Aug 18 2015
  - updated to version 2.0.3
    see installed CHANGELOG.rdoc
    == 2.0.3 / 2015-08-17
    Bug fixes:
    * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)
* Wed May 06 2015
  - updated to version 2.0.2
    see installed CHANGELOG.rdoc
    == 2.0.2 / 2015-05-05
    Bug fixes:
    * Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75
    * Allow multi-word data attributes. #84 (Thanks, @jstorimer!)
    * Allow negative values in CSS properties. #85 (Thanks, @siddhartham!)
* Wed Nov 12 2014
  - updated to version 2.0.1
    Bug fixes:
    * Load RR correctly when running test files directly. (Thanks, @ktdreyer!)
    * Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!)
* Mon Oct 13 2014
  - adapt to new rubygem packaging
* Sun May 18 2014
  - updated to version 2.0.0
    Compatibility notes:
    * ActionView helpers now must be required explicitly: `require "loofah/helpers"`
    * Support for Ruby 1.8.7 and prior has been dropped
    * HTML5 whitelist allows the following ...
    * tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time`
    * attributes: `data-*` (Thanks, Rafael Franca!)
    * URI attributes: `poster` and `preload`
    * Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!)
    * `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!)
    * HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!)
    Bug fixes:
    * HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!)
    * HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!)
* Mon Jul 30 2012
  - update to 1.2.1
    * Declaring encoding in html5/scrub.rb. Without this, use of the
      ruby -KU option would cause havoc. (#32)
* Thu Aug 25 2011
  - add 'Provides rubygem-loofah-1_2'
* Wed Aug 24 2011
  - upgrade to 1.2.0
* Thu Jul 21 2011
  - Upgrade to version 1.0.0
  - Add provides loofah_1_0 required to build latest version of
* Fri Jun 11 2010
  - additional changes from version 0.4.7
    * New methods Loofah::HTML::Document#to_text and
      Loofah::HTML::DocumentFragment#to_text do the right thing with
      whitespace. Note that these methods are significantly slower
      than #text. GH #12
    * Loofah::Elements::BLOCK_LEVEL contains a canonical list of
      HTML4 block-level4 elements.
    * Loofah::HTML::Document#text and
      Loofah::HTML::DocumentFragment#text will return unescaped HTML
      entities by passing :encode_special_chars => false.
  - additional changes from version 0.4.4, 0.4.5, 0.4.6
    * Loofah::HTML::Document#text and
      Loofah::HTML::DocumentFragment#text now escape HTML entities.
    * Loofah::XssFoliate was not properly escaping HTML entities when
      implicitly scrubbing a string attribute. GH #17
  - additional changes from version 0.4.3
    * All built-in scrubbers are accepted by
    * Loofah::XssFoliate.xss_foliate_all_models replaces use of the
    * Modified documentation for bootstrapping XssFoliate in a Rails
      app, since the use of Bundler breaks the previously-documented
      method. To be safe, always use an initializer file.
  - additional changes from version 0.4.2
    * Implemented Node#scrub! for scrubbing subtrees.
    * Implemented NodeSet#scrub! for scrubbing a set of subtrees.
    * Document.text now only serializes <body> contents
      (ignores <head>)
    * <head>, <html> and <body> added to the HTML5lib whitelist.
    * Supporting Rails apps that aren't loading ActiveRecord. GH #10
* Fri Jun 11 2010
  - use rubygems_requires macro
* Thu Jan 07 2010
  - created package



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Aug 9 15:55:55 2022