librelist archives

« back to archive

[ANN] loofah 2.0.3 released

[ANN] loofah 2.0.3 released

From:
Mike Dalessio
Date:
2015-08-17 @ 23:44
loofah version 2.0.3 has been released!

TL;DR: This reverts a change that introduced slow performance for some CSS
properties. See https://github.com/flavorjones/loofah/issues/90 for details.

----

* <https://github.com/flavorjones/loofah>
* <http://rubydoc.info/github/flavorjones/loofah/master/frames>
* <http://librelist.com/browser/loofah>

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
`loofah-activerecord` gem (see
https://github.com/flavorjones/loofah-activerecord).

Changes:

## 2.0.3 / 2015-08-17

Bug fixes:

* Revert support for negative values in CSS properties due to slow
performance. #90 (Related to #85.)