rails-html-sanitizer
rails-html-sanitizer copied to clipboard
rails
Rails has the `strip_tags` method, which is great. Howerever for input like `ab` the output is `ab` which doesn't follow what is displayed in the browser. Loofah has the function...
Closes #154 There are still a few things missing. @flavorjones perhaps you want to give some feedback in advance? How thorough should I be for these tests? Ideally Loofah already...
@rafaelfranca After seeing #135 I got a little concerned about the drift between Loofah and the RHS attribute scrubber. I posted a branch of Loofah that accepts an optional set...
This works: ```ruby gem "actionview", "6.0.3.2" gem "rails-html-sanitizer", "1.4.3" require "action_view" require "rails-html-sanitizer" include ActionView::Helpers::SanitizeHelper puts sanitize "hello" ``` This doesn't: ```ruby gem "actionview", "6.0.3.2" gem "rails-html-sanitizer", "1.4.3" require "rails-html-sanitizer"...
A step forward to address #154 (and https://github.com/rails/rails/issues/8331) Will be accompanied by a PR to Rails to use this new scrubber
(Rails Conf 2024 hack day project) I emailed @rgrove back in early 2023 and said: > Frankly, my long-term idea is to update rails-html-sanitizer to use `sanitize` instead of >...
See https://github.com/rails/rails-html-sanitizer/blob/cf782449651bf84156404f365d019780546d8245/lib/rails-html-sanitizer.rb#L38-L57 These methods were deprecated back in 2014 in 2dbae3e4 when the old sanitizer was dropped from Rails. I think it's time.
This pull request addresses a Regular Expression Denial of Service (ReDoS) vulnerability in the `PermitScrubber` class of the `rails-html-sanitizer` library. The vulnerability, caused by a regex pattern with potential for...
This pull request will close the issue: [issues/190](https://github.com/rails/rails-html-sanitizer/issues/190) and will remove the depreciated methods from `lib/rails-html-sanitizer.rb`
