-
Notifications
You must be signed in to change notification settings - Fork 82
Comparing changes
Open a pull request
base repository: rails/rails-html-sanitizer
base: v1.4.2
head repository: rails/rails-html-sanitizer
compare: v1.4.4
- 19 commits
- 6 files changed
- 1 contributor
Commits on Jun 9, 2022
-
test: finally use the CSS hex encoding originally intended
This was mis-fixed in c190b32 which encoded the Ruby strings as unicode to fix the previous bad encoding which dated back to the original Instiki that should have single-quoted the CSS unicode strings.
Configuration menu - View commit details
-
Copy full SHA for 18f2f2c - Browse repository at this point
Copy the full SHA 18f2f2cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 984b82e - Browse repository at this point
Copy the full SHA 984b82eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9c421f0 - Browse repository at this point
Copy the full SHA 9c421f0View commit details -
test: ensure tests pass when nokogiri uses system libxml2
Specifically the patch that affects this behavior is nokogiri/patches/libxml2/0002-Update-entities-to-remove-handling-of-ssi.patch which was introduced to avoid server-side-include vulnerabilities, see sparklemotion/nokogiri@4852e43
Configuration menu - View commit details
-
Copy full SHA for 9778c47 - Browse repository at this point
Copy the full SHA 9778c47View commit details -
test: ensure we pass with libxml 2.9.14
see release notes for Nokogiri v1.13.5
Configuration menu - View commit details
-
Copy full SHA for fe109c9 - Browse repository at this point
Copy the full SHA fe109c9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 045774a - Browse repository at this point
Copy the full SHA 045774aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 45a5c10 - Browse repository at this point
Copy the full SHA 45a5c10View commit details -
Merge pull request #137 from rails/flavorjones-prevent-select-style-c…
…ombination_v1.4.x prevent combination of `select` and `style` tags with the HTML4 parser
Configuration menu - View commit details
-
Copy full SHA for 9b79253 - Browse repository at this point
Copy the full SHA 9b79253View commit details -
Configuration menu - View commit details
-
Copy full SHA for 924e3ab - Browse repository at this point
Copy the full SHA 924e3abView commit details -
Configuration menu - View commit details
-
Copy full SHA for f83f08c - Browse repository at this point
Copy the full SHA f83f08cView commit details
Commits on Nov 16, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 11752a6 - Browse repository at this point
Copy the full SHA 11752a6View commit details -
Merge pull request #145 from rails/flavorjones-get-14x-green
backport CI fixes to stay green with latest libxml2
Configuration menu - View commit details
-
Copy full SHA for 3e2a0f3 - Browse repository at this point
Copy the full SHA 3e2a0f3View commit details
Commits on Dec 11, 2022
-
ci: pin system lib test to 20.04
because the 22.04 has a version with 4fd69f3 but not e986d09 from 2.9.14 and that's causing leading `<` to be parsed differently. i'd fix it better than this, but I think only 2.9.13 has this behavior.
Configuration menu - View commit details
-
Copy full SHA for df03f2f - Browse repository at this point
Copy the full SHA df03f2fView commit details -
fix: replace slow regex attribute check with Loofah method
which uses the Crass parser
Configuration menu - View commit details
-
Copy full SHA for f0e3347 - Browse repository at this point
Copy the full SHA f0e3347View commit details -
fix: use Loofah's scrub_uri_attribute method
which correctly sanitizes data URL mediatypes
Configuration menu - View commit details
-
Copy full SHA for d1223a2 - Browse repository at this point
Copy the full SHA d1223a2View commit details -
Configuration menu - View commit details
-
Copy full SHA for e6d52d3 - Browse repository at this point
Copy the full SHA e6d52d3View commit details -
fix: escape CDATA nodes using Loofah's escaping methods
Also, notably, document the decisions behind this approach in a decision record.
Configuration menu - View commit details
-
Copy full SHA for 0713caf - Browse repository at this point
Copy the full SHA 0713cafView commit details
Commits on Dec 12, 2022
-
dep: bump dependency on loofah
v2.19.1 has the new methods we're using: - Loofah::HTML5::Scrub.cdata_needs_escaping? - Loofah::HTML5::Scrub.cdata_escape - Loofah::HTML5::Scrub.scrub_uri_attribute - Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref avoiding code duplication in this gem.
Configuration menu - View commit details
-
Copy full SHA for 48ae90a - Browse repository at this point
Copy the full SHA 48ae90aView commit details -
Configuration menu - View commit details
-
Copy full SHA for fd63dea - Browse repository at this point
Copy the full SHA fd63deaView commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v1.4.2...v1.4.4