librelist archives

« back to archive

[ANN] loofah 2.0.3 released

[ANN] loofah 2.0.3 released

Mike Dalessio
2015-08-17 @ 23:44
loofah version 2.0.3 has been released!

TL;DR: This reverts a change that introduced slow performance for some CSS
properties. See for details.


* <>
* <>
* <>

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
`loofah-activerecord` gem (see


## 2.0.3 / 2015-08-17

Bug fixes:

* Revert support for negative values in CSS properties due to slow
performance. #90 (Related to #85.)