flavorjones loofah issues

flavorjones / loofah

Ruby library for HTML/XML transformation and sanitization

MIT License

934 stars 138 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[draft] default to html5 parsing

#239 flavorjones closed 1 year ago
8
chore: Set permissions for GitHub actions

#238 naveensrinivasan closed 2 years ago
3
ci: don't fail fast

#237 flavorjones closed 2 years ago
1
Add aspect-ratio to the list of css properties

#236 louim closed 2 years ago
3
test: ensure we pass with libxml 2.9.14

#235 flavorjones closed 2 years ago
1
ci: add truffleruby

#234 flavorjones closed 2 years ago
0
aria attributes

#233 flavorjones closed 2 years ago
0
Adds ARIA attributes

#232 nick-desteffen closed 2 years ago
8
Adds menclose and ms MathML elements and supported attributes

#231 nick-desteffen closed 2 years ago
3
tests fail with latest versions of dependencies

#230 Segaja closed 2 years ago
1
Allow sms: as a valid protocol

#229 brendon closed 2 years ago
3
Adding sms to ACCEPTABLE_PROTOCOLS

#228 brendon closed 2 years ago
3
test: add coverage for entities

#227 flavorjones closed 2 years ago
2
feat: Node#to_text replaces <br> with a newline

#226 flavorjones closed 2 years ago
0
`#to_text` doesn't handle `<br>` elements well.

#225 der-flo closed 2 years ago
4
explore testing with the portswigger xss cheat sheet exploits

#224 flavorjones opened 2 years ago
0
ci: update to cover Ruby 3.1

#223 flavorjones closed 2 years ago
0
fix: comments should not be emitted by DocumentFragment#text

#222 flavorjones closed 2 years ago
0
`#text` should only render HTML elements

#221 weiqingtoh closed 2 years ago
1
test: use CSS hex-encoded strings to test sanitization

#220 flavorjones closed 3 years ago
0
A whitespace handling change in v2.9.0 is breaking a test in our code

#219 mileslane closed 3 years ago
1
How to bypass characters like less than character when sanitising the data

#218 piyush-ally closed 3 years ago
2
Add Truffleruby head to CI

#217 gogainda closed 3 years ago
1
feat: support empty HTML5 data attributes

#216 flavorjones closed 3 years ago
0
Empty data attributes are stripped

#215 ryanb closed 3 years ago
5
feat: allow all `border-collapse` CSS property values

#214 flavorjones closed 3 years ago
1
allow HTML5 element `wbr`

#213 flavorjones closed 3 years ago
1
add 'wbr' tag to safelist

#212 shota-higaki closed 3 years ago
4
Security Warning - Cross-Site Scripting

#211 pandu-cls closed 3 years ago
3
False positive with loofah CVE

#210 mroach closed 3 years ago
3
Brakeman reporting false positive on CVE-2018-8048

#209 jarkko closed 3 years ago
7
ci: create github actions pipeline

#208 flavorjones closed 3 years ago
0
test: libxml 2.9.11 handles namespaces in HTML docs differently

#207 flavorjones closed 3 years ago
0
Update safelist.rb to include overflow-x and y

#206 sampokuokkanen closed 3 years ago
4
test: actually test against a working unicode-encoded exploit

#205 flavorjones closed 3 years ago
2
Regressions in Loofah 2.9.0 and 2.9.1

#204 jacobherrington closed 3 years ago
2
fix: allow CSS properties to have quoted string values

#203 flavorjones closed 3 years ago
1
Regression in 2.9.0: string css attributes scrubbing

#202 aert closed 3 years ago
5
border-collapse other than "collapse" is stripped, even when safelisted

#201 bbugh closed 3 years ago
3
fix: handle CSS functions in a CSS shorthand property

#200 flavorjones closed 3 years ago
0
scrub_css drops allowed css functions from shorthand css properties

#199 Iwaide closed 3 years ago
3
Add flex properties to safelist

#198 miguelperez closed 4 years ago
3
Some new css attributes are not referenced in the list and end up being removed from the sanitized string. like align-items.

#197 miguelperez closed 4 years ago
2
Update rubocop requirement from ~> 0.89 to ~> 1.1

#196 dependabot-preview[bot] closed 4 years ago
0
Update rubocop requirement from ~> 0.89 to ~> 1.0

#195 dependabot-preview[bot] closed 4 years ago
1
dev: rename default git branch

#194 flavorjones closed 3 years ago
1
Block MathML mutation XSS

#193 DanielHeath closed 4 years ago
1
fixed #191: scrub_css drops !important rule from shorthand css properties

#192 b7kich closed 4 years ago
2
scrub_css drops !important rule from shorthand css properties

#191 b7kich closed 4 years ago
5
add page-break to safelist

#190 ahorek closed 4 years ago
3

Previous Next