librelist archives

« back to archive

[ANN] loofah and loofah-activerecord 1.0.0

[ANN] loofah and loofah-activerecord 1.0.0

From:
Mike Dalessio
Date:
2010-10-26 @ 05:09
Previous versions of loofah included both basic string sanitization
and ActiveRecord extensions. This release divides these two functions
into separate gems.

If you are using either of the loofah 0.4 ActiveRecord extensions, you
should update the dependency to 'loofah-activerecord >= 1.0.0'.

----------------------------------------

loofah 1.0.0 has been released!

* <http://github.com/flavorjones/loofah>

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
`loofah-activerecord` gem (see
http://github.com/flavorjones/loofah-activerecord).

Changes:

## 1.0.0 (2010-10-26)

Notes:

* Moved ActiveRecord functionality into `loofah-activerecord` gem.

----------------------------------------

loofah-activerecord version 1.0.0 has been released!

* <http://github.com/flavorjones/loofah-activerecord>

loofah-activerecord extends loofah's HTML sanitization into Rails
ActiveRecord models with two AR extensions:

* Loofah::XssFoliate, an XssTerminate drop-in replacement, is an
  *opt-out* sanitizer. By default all models and attributes are
  sanitized.
* Loofah::ActiveRecordExtension is an *opt-in* sanitizer. You must
  explicitly declare attributes to be sanitized.

Changes:

## 1.0.0 (2010-10-26)

Notes

* ActiveRecord-related code from Loofah 0.4.7 has been moved here. See
http://github.com/flavorjones/loofah for a historical changelog.
* Using bundler to provide proper gem sandboxing in testing multiple rails
versions.
* Birthday!