issues
search
flavorjones
/
loofah
Ruby library for HTML/XML transformation and sanitization
MIT License
934
stars
138
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[draft] default to html5 parsing
#239
flavorjones
closed
1 year ago
8
chore: Set permissions for GitHub actions
#238
naveensrinivasan
closed
2 years ago
3
ci: don't fail fast
#237
flavorjones
closed
2 years ago
1
Add aspect-ratio to the list of css properties
#236
louim
closed
2 years ago
3
test: ensure we pass with libxml 2.9.14
#235
flavorjones
closed
2 years ago
1
ci: add truffleruby
#234
flavorjones
closed
2 years ago
0
aria attributes
#233
flavorjones
closed
2 years ago
0
Adds ARIA attributes
#232
nick-desteffen
closed
2 years ago
8
Adds menclose and ms MathML elements and supported attributes
#231
nick-desteffen
closed
2 years ago
3
tests fail with latest versions of dependencies
#230
Segaja
closed
2 years ago
1
Allow sms: as a valid protocol
#229
brendon
closed
2 years ago
3
Adding sms to ACCEPTABLE_PROTOCOLS
#228
brendon
closed
2 years ago
3
test: add coverage for entities
#227
flavorjones
closed
2 years ago
2
feat: Node#to_text replaces <br> with a newline
#226
flavorjones
closed
2 years ago
0
`#to_text` doesn't handle `<br>` elements well.
#225
der-flo
closed
2 years ago
4
explore testing with the portswigger xss cheat sheet exploits
#224
flavorjones
opened
2 years ago
0
ci: update to cover Ruby 3.1
#223
flavorjones
closed
2 years ago
0
fix: comments should not be emitted by DocumentFragment#text
#222
flavorjones
closed
2 years ago
0
`#text` should only render HTML elements
#221
weiqingtoh
closed
2 years ago
1
test: use CSS hex-encoded strings to test sanitization
#220
flavorjones
closed
3 years ago
0
A whitespace handling change in v2.9.0 is breaking a test in our code
#219
mileslane
closed
3 years ago
1
How to bypass characters like less than character when sanitising the data
#218
piyush-ally
closed
3 years ago
2
Add Truffleruby head to CI
#217
gogainda
closed
3 years ago
1
feat: support empty HTML5 data attributes
#216
flavorjones
closed
3 years ago
0
Empty data attributes are stripped
#215
ryanb
closed
3 years ago
5
feat: allow all `border-collapse` CSS property values
#214
flavorjones
closed
3 years ago
1
allow HTML5 element `wbr`
#213
flavorjones
closed
3 years ago
1
add 'wbr' tag to safelist
#212
shota-higaki
closed
3 years ago
4
Security Warning - Cross-Site Scripting
#211
pandu-cls
closed
3 years ago
3
False positive with loofah CVE
#210
mroach
closed
3 years ago
3
Brakeman reporting false positive on CVE-2018-8048
#209
jarkko
closed
3 years ago
7
ci: create github actions pipeline
#208
flavorjones
closed
3 years ago
0
test: libxml 2.9.11 handles namespaces in HTML docs differently
#207
flavorjones
closed
3 years ago
0
Update safelist.rb to include overflow-x and y
#206
sampokuokkanen
closed
3 years ago
4
test: actually test against a working unicode-encoded exploit
#205
flavorjones
closed
3 years ago
2
Regressions in Loofah 2.9.0 and 2.9.1
#204
jacobherrington
closed
3 years ago
2
fix: allow CSS properties to have quoted string values
#203
flavorjones
closed
3 years ago
1
Regression in 2.9.0: string css attributes scrubbing
#202
aert
closed
3 years ago
5
border-collapse other than "collapse" is stripped, even when safelisted
#201
bbugh
closed
3 years ago
3
fix: handle CSS functions in a CSS shorthand property
#200
flavorjones
closed
3 years ago
0
scrub_css drops allowed css functions from shorthand css properties
#199
Iwaide
closed
3 years ago
3
Add flex properties to safelist
#198
miguelperez
closed
4 years ago
3
Some new css attributes are not referenced in the list and end up being removed from the sanitized string. like align-items.
#197
miguelperez
closed
4 years ago
2
Update rubocop requirement from ~> 0.89 to ~> 1.1
#196
dependabot-preview[bot]
closed
4 years ago
0
Update rubocop requirement from ~> 0.89 to ~> 1.0
#195
dependabot-preview[bot]
closed
4 years ago
1
dev: rename default git branch
#194
flavorjones
closed
3 years ago
1
Block MathML mutation XSS
#193
DanielHeath
closed
4 years ago
1
fixed #191: scrub_css drops !important rule from shorthand css properties
#192
b7kich
closed
4 years ago
2
scrub_css drops !important rule from shorthand css properties
#191
b7kich
closed
4 years ago
5
add page-break to safelist
#190
ahorek
closed
4 years ago
3
Previous
Next