Loofah 0.3.0 Released

loofah version 0.3.0 has been released!

Loofah is an HTML sanitizer. It will always fix broken markup, but
can also sanitize unsafe tags in a few different ways, and transform
the markup for storage or display.

It’s built on top of Nokogiri and libxml2, so it’s fast. And it uses
html5lib’s whitelist, so it most likely won’t make your codes less
secure. *

  • These statements have not been evaluated by Netexperts.

Changes:

0.3.0 (2009-10-06)

Enhancements:

  • New ActiveRecord extension xss_foliate, a drop-in replacement for
    xss_terminate.
  • Replacement methods for ActionView’s helper methods sanitize() and
    strip_tags().
  • Official support (and test coverage) for Rails versions 2.3, 2.2, 2.1,
    2.0
    and 1.2.

Deprecations:

  • The methods strip_tags, whitewash, whitewash_document, sanitize, and
    sanitize_document have been deprecated. See DEPRECATED.rdoc for
    details on the equivalent calls with the post-0.2 API.

== FEATURES

  • Strip unsafe tags, leaving behind only the inner text.
  • Prune unsafe tags and their subtrees, removing all traces that they
    ever
    existed.
  • Escape unsafe tags and their subtrees, leaving behind lots of <
    and
    > entities.
  • Whitewash the markup, removing all attributes and namespaced nodes.
  • Format the markup as plain text.
  • Two ActiveRecord extensions:
    • An opt-out sanitizer that sanitizes all models and attributes by
      default
      (it’s also an XssTerminate drop-in replacement).
    • An opt-in sanitizer which sanitized the attributes you
      explicitly declare to be sanitized.
  • 99 44/100 % pure
  • Performance compares favorably with similar libraries:
    http://gist.github.com/170193

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs