loofah version 2.2.0 has been released! * <https://github.com/flavorjones/loofah> * <http://rubydoc.info/github/flavorjones/loofah/master/frames> * <http://librelist.com/browser/loofah>
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.) ActiveRecord extensions for sanitization are available in the [`loofah-activerecord` gem]( https://github.com/flavorjones/loofah-activerecord). Changes: ## 2.2.0 / 2018-02-11 Features: * Support HTML5 `<main>` tag. #133 (Thanks, @MothOnMars!) * Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!) * Support SVG `<symbol>` tag. #131 (Thanks, @baopham!) * Support for whitelisting CSS functions, initially just `calc` and `rgb`. #122/#123/#129 (Thanks, @NikoRoberts!) * Whitelist CSS property `list-style-type`. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!) Bugfixes: * Properly handle nested `script` tags. #127. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAGJbjKYMVEGEP4vkS-q2ekZzafUsMw%3D0ud%3DEEL-txqOsCPDmDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
