A :noreferrer HTML scrubber which ensures all hyperlinks have rel=noreferrer, similar to the :nofollow and :noopener scrubbers. #277@wynksaiddestroy
2.21.4 / 2023-10-10
Fixed
Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]
2.21.3 / 2023-05-15
Quash "instance variable not initialized" warning in Ruby < 3.0. [#268] (Thanks, @dharamgollapudi!)
2.21.2 / 2023-05-11
Dependencies
Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]
2.21.1 / 2023-05-10
Fixed
Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.
2.21.0 / 2023-05-10
HTML5 Support
Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:
Loofah.html5_document
Loofah.html5_fragment
Loofah.scrub_html5_document
Loofah.scrub_html5_fragment
These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.
⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.
A :noreferrer HTML scrubber which ensures all hyperlinks have rel=noreferrer, similar to the :nofollow and :noopener scrubbers. #277@wynksaiddestroy
2.21.4 / 2023-10-10
Fixed
Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]
2.21.3 / 2023-05-15
Fixed
Quash "instance variable not initialized" warning in Ruby < 3.0. [#268] (Thanks, @dharamgollapudi!)
2.21.2 / 2023-05-11
Dependencies
Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]
2.21.1 / 2023-05-10
Fixed
Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.
2.21.0 / 2023-05-10
HTML5 Support
Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:
Loofah.html5_document
Loofah.html5_fragment
Loofah.scrub_html5_document
Loofah.scrub_html5_fragment
These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.
⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps loofah from 2.9.1 to 2.22.0.
Release notes
Sourced from loofah's releases.
... (truncated)
Changelog
Sourced from loofah's changelog.
... (truncated)
Commits
cb14ea7version bump to v2.22.064e0a26update CHANGELOGc5cfb80Merge pull request #277 from wynksaiddestroy/feature/noreferrer_scrubber4ad2e13Add noreferrer scrubber5345bb7Merge pull request #275 from hexdevs/add-target-blank-scrub09e11adfeat: adds :targetblank scrubber992b054version bump to v2.21.45d9a22fMerge pull request #273 from flavorjones/flavorjones-css-whitespace-handling876116efix: scrub_css is more consistent with whitespaceedde5f2Merge pull request #274 from flavorjones/flavorjones-bump-hoe-markdownDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show