Previous versions of loofah included both basic string sanitization
and ActiveRecord extensions. This release divides these two functions
into separate gems.
If you are using either of the loofah 0.4 ActiveRecord extensions, you
should update the dependency to ‘loofah-activerecord >= 1.0.0’.
loofah 1.0.0 has been released!
Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It’s built on top of Nokogiri and libxml2, so
it’s fast and has a nice API.
Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib’s whitelist, so it
most likely won’t make your codes less secure. (These statements have
not been evaluated by Netexperts.)
ActiveRecord extensions for sanitization are available in the
loofah-activerecord gem (see
- Moved ActiveRecord functionality into
loofah-activerecord version 1.0.0 has been released!
loofah-activerecord extends loofah’s HTML sanitization into Rails
ActiveRecord models with two AR extensions:
- Loofah::XssFoliate, an XssTerminate drop-in replacement, is an
opt-out sanitizer. By default all models and attributes are
- Loofah::ActiveRecordExtension is an opt-in sanitizer. You must
explicitly declare attributes to be sanitized.
- ActiveRecord-related code from Loofah 0.4.7 has been moved here. See
http://github.com/flavorjones/loofah for a historical changelog.
- Using bundler to provide proper gem sandboxing in testing multiple