Benjamin Fleischer
Benjamin Fleischer
I have some almost complete work I've been doing on a whitelist for elements and attributes, just fyi (the usecase of valid with nested invalid with nested valid is broken...
I still need to write a pull request, but the WhitelistTagScrubber really does work https://github.com/bf4/Notes/blob/loofah-testing/code/ruby/html_processing.rb ``` # usage # all_attributes = ['id','class'] # tags_we_want = # { # 'br' =>...
Also how maintainers should notify users? Recommend all to sign up to a rubysec list on librelist? Subscribe an rss? Follow [ANN SEC] on ruby-talk? irc channel rubysec on freenode?...
I can update the rubygems security guide once this is up to date
I kind of like how switch_point does it https://github.com/eagletmt/switch_point/blob/master/lib/switch_point/proxy.rb#L22-L33 by making an active record subclass just for getting access to a connection_pool, similar to https://github.com/customink/secondbase/blob/master/lib/second_base/base.rb or https://github.com/instructure/shackles/blob/master/lib/shackles/connection_handler.rb kind of extends...
@ManjunathanRajan you probably want to provide more details so the maintainers can reproduce your problem and diagnose it. Unfortunately, 'I tried the steps', isn't specific enough no is 'unable to...
@sj26 any thoughts on this?
metrical has been merged into metric_fu and isn't needed anymore
Also MetricFu is at 4.x now. If you're at 2.x you're using a pretty old version
@dwradcliffe I started looking up relevant places in the codebase to consider, but didn't act on it places to look at found via https://github.com/rubygems/rubygems.org/search?p=6&q=error&type=&utf8=%E2%9C%93 https://github.com/rubygems/rubygems.org/blob/cb09831cd8e827a821b8cdc203fecd8bbab6b722/config/initializers/honeybadger.rb https://github.com/rubygems/rubygems.org/blob/f9f6c659d22948af77f1e43eca81b5ca3dec4eeb/test/functional/subscriptions_controller_test.rb https://github.com/rubygems/rubygems.org/blob/5e430f65900d633de45bc44757214b9ef8f2da33/app/models/concerns/rubygem_searchable.rb https://github.com/rubygems/rubygems.org/blob/5e430f65900d633de45bc44757214b9ef8f2da33/app/controllers/api/v1/dependencies_controller.rb https://github.com/rubygems/rubygems.org/blob/5e430f65900d633de45bc44757214b9ef8f2da33/app/controllers/application_controller.rb https://github.com/rubygems/rubygems.org/blob/5e430f65900d633de45bc44757214b9ef8f2da33/test/unit/web_hook_test.rb...