File rubygem-loofah.changes of Package rubygem-loofah
-------------------------------------------------------------------
Mon Oct 10 13:09:46 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 2.19.0
see installed CHANGELOG.md
## 2.19.0 / 2022-09-14
### Features
* Allow SVG 1.0 color keyword names in CSS attributes. These colors are part of the [CSS Color Module Level 3](https://www.w3.org/TR/css-color-3/#svg-color) recommendation released 2022-01-18. [[#243](https://github.com/flavorjones/loofah/issues/243)]
-------------------------------------------------------------------
Sun May 15 15:40:12 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.18.0
### Features
* Allow CSS property `aspect-ratio`. [[#236](https://github.com/flavorjones/loofah/issues/236)] (Thanks, [@louim](https://github.com/louim)!)
## 2.17.0 / 2022-04-28
### Features
* Allow ARIA attributes. [[#232](https://github.com/flavorjones/loofah/issues/232), [#233](https://github.com/flavorjones/loofah/issues/233)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
-------------------------------------------------------------------
Thu Apr 28 05:35:21 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 2.16.0
see installed CHANGELOG.md
## 2.16.0 / 2022-04-01
### Features
* Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [@nick-desteffen](https://github.com/nick-desteffen)!)
## 2.15.0 / 2022-03-14
### Features
* Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [@brendon](https://github.com/brendon)!)
-------------------------------------------------------------------
Thu Mar 3 08:22:28 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 2.14.0
see installed CHANGELOG.md
## 2.14.0 / 2022-02-11
### Features
* The `#to_text` method on `Loofah::HTML::{Document,DocumentFragment}` replaces `<br>` line break elements with a newline. [[#225](https://github.com/flavorjones/loofah/issues/225)]
-------------------------------------------------------------------
Fri Dec 24 23:54:55 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.13.0
### Bug fixes
* Loofah::HTML::DocumentFragment#text no longer serializes top-level comment children. [[#221](https://github.com/flavorjones/loofah/issues/221)]
-------------------------------------------------------------------
Wed Aug 25 05:14:19 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.12.0
## 2.12.0 / 2021-08-11
### Features
* Support empty HTML5 data attributes. [[#215](https://github.com/flavorjones/loofah/issues/215)]
## 2.11.0 / 2021-07-31
### Features
* Allow HTML5 element `wbr`.
* Allow all CSS property values for `border-collapse`. [[#201](https://github.com/flavorjones/loofah/issues/201)]
### Changes
* Deprecating `Loofah::HTML5::SafeList::VOID_ELEMENTS` which is not a canonical list of void HTML4 or HTML5 elements.
* Removed some elements from `Loofah::HTML5::SafeList::VOID_ELEMENTS` that either are not acceptable elements or aren't considered "void" by libxml2.
-------------------------------------------------------------------
Thu Jun 24 17:35:09 UTC 2021 - Stephan Kulow <coolo@suse.com>
updated to version 2.10.0
see installed CHANGELOG.md
## 2.10.0 / 2021-06-06
### Features
* Allow CSS properties `overflow-x` and `overflow-y`. [[#206](https://github.com/flavorjones/loofah/issues/206)] (Thanks, [@sampokuokkanen](https://github.com/sampokuokkanen)!)
-------------------------------------------------------------------
Tue Apr 20 13:38:21 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.9.1
### Bug fixes
* Fix a regression in v2.9.0 which inappropriately removed CSS properties
with quoted string values. [[#202](https://github.com/flavorjones/loofah/issues/202)]
-------------------------------------------------------------------
Wed Jan 20 07:36:46 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.9.0
* Handle CSS functions in a CSS shorthand property (like `background`). [[#199](https://github.com/flavorjones/loofah/issues/199),
[#200](https://github.com/flavorjones/loofah/issues/200)]
-------------------------------------------------------------------
Fri Dec 11 03:13:59 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.8.0
* Allow CSS properties `order`, `flex-direction`, `flex-grow`, `flex-wrap`, `flex-shrink`, `flex-flow`,
`flex-basis`, `flex`, `justify-content`, `align-self`, `align-items`, and `align-content`.
[[#197](https://github.com/flavorjones/loofah/issues/197)] (Thanks, [@miguelperez](https://github.com/miguelperez)!)
-------------------------------------------------------------------
Sat Sep 12 12:25:01 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.7.0
### Features
* Allow CSS properties `page-break-before`, `page-break-inside`, and
`page-break-after`. [[#190](https://github.com/flavorjones/loofah/issues/190)]
(Thanks, [@ahorek](https://github.com/ahorek)!)
### Fixes
* Don't drop the `!important` rule from some CSS properties.
[[#191](https://github.com/flavorjones/loofah/issues/191)]
(Thanks, [@b7kich](https://github.com/b7kich)!)
-------------------------------------------------------------------
Thu Jun 25 10:01:00 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.6.0
* Allow CSS border-style keywords. [#188] (Thanks, @tarcisiozf!)
-------------------------------------------------------------------
Mon Apr 27 12:54:33 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.5.0
### Features
* Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [#178] (Thanks, @JuanitoFatas!)
### Fixes
* Remove comments from `Loofah::HTML::Document`s that exist outside the `html` element. [#80]
### Other changes
* Gem metadata being set [#181] (Thanks, @JuanitoFatas!)
* Test files removed from gem file [#180,#166,#159] (Thanks, @JuanitoFatas and @greysteil!)
-------------------------------------------------------------------
Thu Nov 28 07:22:05 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.4.0
### Features
* Allow CSS property `max-width` [#175] (Thanks, @bchaney!)
* Allow CSS sizes expressed in `rem` [#176, #177]
* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118]
-------------------------------------------------------------------
Tue Nov 12 15:24:24 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.3.1
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at #171
-------------------------------------------------------------------
Tue Nov 6 07:47:42 UTC 2018 - mschnitzer@suse.com
- updated to version 2.2.3
### Security (bsc#1113969, CVE-2018-16468)
Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154
## Meta / 2018-10-27
The mailing list is now on Google Groups [#146](https://github.com/flavorjones/loofah/issues/146):
* Mail: loofah-talk@googlegroups.com
* Archive: https://groups.google.com/forum/#!forum/loofah-talk
This change was made because librelist no longer appears to be maintained.
-------------------------------------------------------------------
Fri Mar 23 10:15:28 UTC 2018 - dkang@suse.com
- update to version 2.2.2
* Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method.
This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048.
fix bsc#1086598
-------------------------------------------------------------------
Tue Mar 20 09:19:17 UTC 2018 - dkang@suse.com
- Update to version 2.2.1
Fix XSS Vulnerability [CVE-2018-8048]
fix bsc#1085967
-------------------------------------------------------------------
Thu Feb 15 14:13:37 UTC 2018 - mrueckert@suse.de
- also set a description again
-------------------------------------------------------------------
Mon Feb 12 10:11:44 UTC 2018 - bgeuken@suse.com
- Update to version 2.2.0
Features:
* Support HTML5 <main> tag. #133 (Thanks, @MothOnMars!)
* Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!)
* Support SVG <symbol> tag. #131 (Thanks, @baopham!)
* Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, @NikoRoberts!)
* Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!)
Bugfixes:
* Properly handle nested script tags. #127.
-------------------------------------------------------------------
Fri Oct 13 11:25:11 UTC 2017 - mschnitzer@suse.com
- updated to version 2.1.1
2.1.1 / 2017-09-24
Bugfixes:
* Removed warning for unused variable. #124 (Thanks, @y-yagi!)
-------------------------------------------------------------------
Tue Aug 18 04:32:46 UTC 2015 - coolo@suse.com
- updated to version 2.0.3
see installed CHANGELOG.rdoc
== 2.0.3 / 2015-08-17
Bug fixes:
* Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)
-------------------------------------------------------------------
Wed May 6 04:30:11 UTC 2015 - coolo@suse.com
- updated to version 2.0.2
see installed CHANGELOG.rdoc
== 2.0.2 / 2015-05-05
Bug fixes:
* Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75
* Allow multi-word data attributes. #84 (Thanks, @jstorimer!)
* Allow negative values in CSS properties. #85 (Thanks, @siddhartham!)
-------------------------------------------------------------------
Wed Nov 12 05:55:25 UTC 2014 - coolo@suse.com
- updated to version 2.0.1
Bug fixes:
* Load RR correctly when running test files directly. (Thanks, @ktdreyer!)
Notes:
* Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!)
-------------------------------------------------------------------
Mon Oct 13 14:21:06 UTC 2014 - coolo@suse.com
- adapt to new rubygem packaging
-------------------------------------------------------------------
Sun May 18 09:04:34 UTC 2014 - coolo@suse.com
- updated to version 2.0.0
Compatibility notes:
* ActionView helpers now must be required explicitly: `require "loofah/helpers"`
* Support for Ruby 1.8.7 and prior has been dropped
Enhancements:
* HTML5 whitelist allows the following ...
* tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time`
* attributes: `data-*` (Thanks, Rafael Franca!)
* URI attributes: `poster` and `preload`
* Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!)
* `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!)
* HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!)
Bug fixes:
* HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!)
* HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!)
-------------------------------------------------------------------
Mon Jul 30 18:14:41 UTC 2012 - coolo@suse.com
- update to 1.2.1
* Declaring encoding in html5/scrub.rb. Without this, use of the
ruby -KU option would cause havoc. (#32)
-------------------------------------------------------------------
Thu Aug 25 07:42:30 UTC 2011 - fcastelli@novell.com
- add 'Provides rubygem-loofah-1_2'
-------------------------------------------------------------------
Wed Aug 24 21:45:16 UTC 2011 - fcastelli@novell.com
- upgrade to 1.2.0
-------------------------------------------------------------------
Thu Jul 21 16:00:10 UTC 2011 - fcastelli@novell.com
- Upgrade to version 1.0.0
- Add provides loofah_1_0 required to build latest version of
rubygem-feedzirra.
-------------------------------------------------------------------
Fri Jun 11 18:42:16 UTC 2010 - mrueckert@suse.de
- additional changes from version 0.4.7
* New methods Loofah::HTML::Document#to_text and
Loofah::HTML::DocumentFragment#to_text do the right thing with
whitespace. Note that these methods are significantly slower
than #text. GH #12
* Loofah::Elements::BLOCK_LEVEL contains a canonical list of
HTML4 block-level4 elements.
* Loofah::HTML::Document#text and
Loofah::HTML::DocumentFragment#text will return unescaped HTML
entities by passing :encode_special_chars => false.
- additional changes from version 0.4.4, 0.4.5, 0.4.6
* Loofah::HTML::Document#text and
Loofah::HTML::DocumentFragment#text now escape HTML entities.
* Loofah::XssFoliate was not properly escaping HTML entities when
implicitly scrubbing a string attribute. GH #17
- additional changes from version 0.4.3
* All built-in scrubbers are accepted by
ActiveRecord::Base.xss_foliate
* Loofah::XssFoliate.xss_foliate_all_models replaces use of the
constant LOOFAH_XSS_FOLIATE_ALL_MODELS
* Modified documentation for bootstrapping XssFoliate in a Rails
app, since the use of Bundler breaks the previously-documented
method. To be safe, always use an initializer file.
- additional changes from version 0.4.2
* Implemented Node#scrub! for scrubbing subtrees.
* Implemented NodeSet#scrub! for scrubbing a set of subtrees.
* Document.text now only serializes <body> contents
(ignores <head>)
* <head>, <html> and <body> added to the HTML5lib whitelist.
* Supporting Rails apps that aren't loading ActiveRecord. GH #10
-------------------------------------------------------------------
Fri Jun 11 10:00:01 UTC 2010 - mrueckert@suse.de
- use rubygems_requires macro
-------------------------------------------------------------------
Thu Jan 7 18:17:12 CET 2010 - prusnak@suse.cz
- created package
