20
0
dimstar_suse ccffda0ade Accepting request 1347656 from devel:languages:ruby:extensions
lofah issue should be okay now

- Update to version 1.7.0
  * Add Rails::HTML::Sanitizer.allowed_uri? which delegates to
    Loofah::HTML5::Scrub.allowed_uri?, allowing the Rails framework to check
    URI safety without a direct dependency on Loofah.
  * The minimum Loofah dependency is now ~> 2.25.

- Update to version 1.6.2
    * PermitScrubber fully supports frozen "allowed tags". 
        - v1.6.1 introduced safety checks that may remove unsafe tags from the
          allowed list, which introduced a regression for applications passing
          a frozen array of allowed tags. Tags and attributes are now properly
          copied when they are passed to the scrubber. 
- Version 1.6.1 
    * The dependency on Nokogiri is updated to v1.15.7 or >=1.16.8. This change
      addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).
    * Disallowed tags will be pruned when they appear in foreign content (i.e.
      SVG or MathML content), regardless of the prune: option value. Previously,
      disallowed tags were "stripped" unless the gem was configured with the
      prune: true option.
      The CVEs addressed by this change are:
        * CVE-2024-53986 (GHSA-638j-pmjw-jq48)
        * CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)
    * The tags "noscript", "mglyph", and "malignmark" will not be allowed, even
      if explicitly added to the allowlist. If applications try to allow any of
      these tags, a warning is emitted and the tags are removed from the
      allow-list.
      The CVEs addressed by this change are:
        * CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
        * CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)
      Please note that we may restore support for allowing "noscript" in a future

OBS-URL: https://build.opensuse.org/request/show/1347656
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rubygem-rails-html-sanitizer?expand=0&rev=13
2026-04-17 19:04:20 +00:00
S
Description
No description provided
157 KiB
Languages
RPM Spec 100%