rgrove/sanitize issues and pull requests

#244 - Add -webkit-text-fill-color to list of relaxed rules

Pull Request - State: open - Opened by radar 2 months ago

#242 - Add protocol allowlisting for -webkit-image-set CSS function

Pull Request - State: closed - Opened by ltk 3 months ago

#240 - Enforce protocol allowlisting for `image` and `image-set` CSS functions

Pull Request - State: closed - Opened by ltk 4 months ago - 1 comment

#238 - fix: set the DOCTYPE by removing the DTD and creating a new one

Pull Request - State: closed - Opened by flavorjones 5 months ago - 1 comment

#237 - Newlines in styles result in invalid html

Issue - State: closed - Opened by allard 6 months ago - 3 comments

#236 - build error on CRuby 3.3.0

Issue - State: closed - Opened by bf4 7 months ago - 2 comments

#235 - doc: fix document formatting in README

Pull Request - State: closed - Opened by flavorjones 7 months ago - 1 comment

#234 - Formatting of html document is not well preserved

Issue - State: closed - Opened by max-las 8 months ago - 2 comments

#233 - Bump actions/checkout

Pull Request - State: closed - Opened by m-nakamura145 9 months ago - 1 comment

#232 - Add metadata for rubygems.org

Pull Request - State: closed - Opened by m-nakamura145 10 months ago - 1 comment

#231 - Use 3.3 instead of ruby for ruby versions

Pull Request - State: closed - Opened by m-nakamura145 10 months ago - 1 comment

#230 - CSS gap and row-gap get sanitized, column-gap doesn't

Issue - State: closed - Opened by rmoehn about 1 year ago - 2 comments
Labels: question

#228 - Add a couple of CSS properties to relaxed config

Pull Request - State: closed - Opened by martineriksson about 1 year ago - 1 comment

#226 - MathML Options?

Issue - State: closed - Opened by benubois about 1 year ago - 1 comment

#225 - Add 3.2 to the list of Ruby CI versions

Pull Request - State: closed - Opened by igor-drozdov over 1 year ago - 1 comment

#222 - Wildcard attributes

Issue - State: closed - Opened by allard about 3 years ago

#220 - Link tags need cleaned up after sanitizing

Issue - State: closed - Opened by AustinWood about 3 years ago - 2 comments
Labels: not a bug

#215 - Update tests to remove deprecated minitest 'must_be'

Pull Request - State: closed - Opened by randsina about 3 years ago

#214 - Why doesn't gem have a support ruby 2.6 in CI?

Issue - State: closed - Opened by randsina about 3 years ago - 1 comment

#213 - Add ruby 2.6 to CI

Pull Request - State: closed - Opened by randsina about 3 years ago

#212 - Minitest "global use of must_equal" deprecation warnings are annoying

Issue - State: closed - Opened by rgrove over 3 years ago
Labels: up for grabs

#211 - Update to Nokogiri v1.12

Pull Request - State: closed - Opened by lis2 over 3 years ago - 2 comments

#210 - Cannot install on Mac OS X

Issue - State: closed - Opened by jlacivita over 3 years ago - 8 comments
Labels: question, gumbo / nokogumbo

#209 - Delegated allowlists?

Issue - State: closed - Opened by martincizek over 3 years ago - 1 comment
Labels: question

#208 - Add Truffleruby head to CI

Pull Request - State: closed - Opened by gogainda almost 4 years ago - 2 comments

#207 - ensure protocol processing happens on data attributes

Pull Request - State: closed - Opened by ccutrer almost 4 years ago

#206 - Fix warning in Ruby 2.7+

Pull Request - State: closed - Opened by mscrivo almost 4 years ago

#205 - sup is already part of BASIC

Pull Request - State: closed - Opened by ajmalmsali about 4 years ago - 1 comment

#204 - Question: why Sanitize.fragment does not output with html_safe?

Issue - State: closed - Opened by ziemekwolski about 4 years ago - 1 comment
Labels: question

#203 - Update README to reflect the current default value for remove_contents

Pull Request - State: closed - Opened by bschmeck over 4 years ago

#202 - Way to disallow negative margin/padding values

Issue - State: closed - Opened by JasonBarnabe over 4 years ago
Labels: enhancement

#201 - Quick way to allow entire families of CSS properties (e.g. border-*)

Issue - State: closed - Opened by JasonBarnabe over 4 years ago - 1 comment
Labels: enhancement

#200 - `xml` tag being parsed even I didn't include it in my config

Issue - State: closed - Opened by gencer over 4 years ago - 3 comments
Labels: question

#199 - avoid testing nokogiri's server-side attribute patch when using system libxml2

Pull Request - State: closed - Opened by flavorjones over 4 years ago - 1 comment

#198 - Tests failing in Fedora

Issue - State: closed - Opened by pvalena over 4 years ago - 4 comments

#197 - Encoding issue with Sanitize.fragment

Issue - State: closed - Opened by sameeroath almost 5 years ago - 1 comment
Labels: question

#196 - Invalid closing tags added to track and source tags

Issue - State: closed - Opened by sarken about 5 years ago - 2 comments

#195 - parser_options requires different formatting than other options

Issue - State: closed - Opened by jakemmarsh about 5 years ago - 1 comment
Labels: question

#194 - Add :parser_options config option

Pull Request - State: closed - Opened by austin-wang about 5 years ago

#193 - 5.0.0: Sanitize.fragment does not remove HTML entities

Issue - State: closed - Opened by agross almost 6 years ago - 12 comments
Labels: question

#192 - Allow for Nokogumbo configuration from sanitize_* methods

Issue - State: closed - Opened by maxshortzp almost 6 years ago - 2 comments

#191 - feat(#190): add video tag to relaxed config -> add

Pull Request - State: closed - Opened by srghma about 6 years ago - 1 comment

#190 - add video tag to relaxed config

Issue - State: closed - Opened by srghma about 6 years ago

#189 - Update to Nokogumbo 2.0

Pull Request - State: closed - Opened by stevecheckoway about 6 years ago - 5 comments

#188 - Backport tests and fix for CVE-2018-3740 to 2.x branch. Resolves #187

Pull Request - State: closed - Opened by dometto about 6 years ago - 5 comments

#187 - Backport security fix to 2.1 line

Issue - State: closed - Opened by dometto about 6 years ago - 1 comment

#186 - XHTML Output Option

Issue - State: closed - Opened by siegfault about 6 years ago - 3 comments

#185 - Bring back memory optimization of caching lowercased node name

Pull Request - State: closed - Opened by stanhu over 6 years ago

#184 - Add option to cache node names across transformers

Issue - State: closed - Opened by stanhu over 6 years ago - 1 comment
Labels: enhancement

#183 - Optimize Sanitize#transform_node!

Pull Request - State: closed - Opened by stanhu over 6 years ago - 2 comments

#182 - With version 4.6.5 img tags src property is getting removed even if whitelisted

Issue - State: closed - Opened by Balaji29 over 6 years ago - 1 comment
Labels: question

#181 - Clarifies whitespace_elements documentation to specify default elements with whitespace

Pull Request - State: closed - Opened by asadakbar over 6 years ago - 1 comment

#180 - Clean elements before cleaning styles

Pull Request - State: closed - Opened by rafbm over 6 years ago - 1 comment

#179 - Should strip non-space controls and noncharacters from input prior to parsing

Issue - State: closed - Opened by cloudy9101 over 6 years ago - 6 comments
Labels: bug

#178 - Serialize to HTML without any formatting to prevent Nokogiri from adding newlines after certain tags

Issue - State: closed - Opened by muthue over 6 years ago - 1 comment
Labels: question, need info

#177 - Recent change breaks transformers that modify DOM

Issue - State: closed - Opened by zetter over 6 years ago - 2 comments
Labels: bug

#176 - [CVE-2018-3740] Sanitize HTML injection vulnerability

Issue - State: closed - Opened by rgrove over 6 years ago - 9 comments
Labels: security

#175 - Optimized memory usage

Pull Request - State: closed - Opened by janklimo over 6 years ago - 3 comments

#174 - support ruby 2.4+ frozen string literals

Pull Request - State: closed - Opened by flavorjones over 6 years ago

#173 - frozen_string_literal roadmap

Issue - State: closed - Opened by janklimo over 6 years ago - 4 comments
Labels: enhancement, up for grabs

#172 - Instead of whitelisting inline css can we remove only the ones that we don't want

Issue - State: closed - Opened by arun-jerry-E0243 almost 7 years ago - 1 comment
Labels: question

#171 - Loosen Nokogumbo version to allow 1.5.0

Pull Request - State: closed - Opened by rafbm almost 7 years ago - 1 comment

#170 - whitelist  

Issue - State: closed - Opened by washingon almost 7 years ago - 3 comments
Labels: question

#169 - Remove leading/trailing whitespace

Pull Request - State: closed - Opened by ValenciaMgmt almost 7 years ago - 1 comment

#168 - Why

Issue - State: closed - Opened by larryzhao almost 7 years ago

#167 - Validating HTML

Issue - State: closed - Opened by faucct almost 7 years ago - 1 comment

#166 - JRuby support?

Issue - State: closed - Opened by headius about 7 years ago - 2 comments
Labels: enhancement

#165 - Support for non-standard elements

Issue - State: closed - Opened by steobrien about 7 years ago - 2 comments
Labels: enhancement

#164 - Non-lowercase attributes do not work

Issue - State: closed - Opened by glebm about 7 years ago - 1 comment
Labels: not a bug

#163 - some cases hang & crash Sanitize

Issue - State: closed - Opened by djkz over 7 years ago - 3 comments
Labels: gumbo / nokogumbo

#162 - SVG support in relaxed config

Issue - State: closed - Opened by gfx over 7 years ago - 1 comment

#161 - Add SVG attributes to the relaxed config

Pull Request - State: closed - Opened by louim over 7 years ago - 2 comments

#160 - Fails to strip out tags

Issue - State: closed - Opened by bfad almost 8 years ago - 4 comments
Labels: not a bug

#159 - Segmentation faults

Issue - State: closed - Opened by brchristian almost 8 years ago - 3 comments
Labels: need info

#158 - Sanitize.clean(nil) returns empty string ""

Issue - State: closed - Opened by adomokos almost 8 years ago - 1 comment
Labels: not a bug

#157 - Adding 'data' to whitelist allowing other URL schemes to pass through

Issue - State: closed - Opened by faizahmedshaik almost 8 years ago - 2 comments
Labels: question

#156 - Add srcset to whitelist of img tags

Pull Request - State: closed - Opened by ejtttje about 8 years ago - 1 comment

#155 - Allow passing methods as transformers to Sanitize constructor

Pull Request - State: closed - Opened by Skipants about 8 years ago - 2 comments

#154 - Add webkit-font-smoothing property

Pull Request - State: closed - Opened by louim about 8 years ago - 1 comment

#153 - Adds the ability to specify a Proc which is used to validate @import URLs

Pull Request - State: closed - Opened by nikz over 8 years ago - 6 comments

#152 - Sanitizer.clean transfer "|" into "%7C" automatically.

Issue - State: closed - Opened by tammy-txt over 8 years ago - 1 comment
Labels: question

#151 - More detailed @import parsing

Issue - State: closed - Opened by nikz over 8 years ago - 2 comments
Labels: enhancement

#150 - Weakness in CSS standalone sanitizer

Issue - State: closed - Opened by tim-friedrich over 8 years ago - 3 comments
Labels: question, not a bug

#149 - How to allow inline data for images

Issue - State: closed - Opened by veelenga over 8 years ago - 1 comment
Labels: question

#148 - Wrong checking for tags close?

Issue - State: closed - Opened by shir over 8 years ago - 5 comments
Labels: question, not a bug

#147 - Sanitizer doesn't work for SVGs due to case-sensitive attributes

Issue - State: closed - Opened by stanhu over 8 years ago - 5 comments

#146 - Consider adding rel=noopener to <a> sanitization

Issue - State: closed - Opened by typeoneerror over 8 years ago - 4 comments

#145 - Switch to oga backend

Issue - State: closed - Opened by gogainda almost 9 years ago - 1 comment

#144 - The default configurations should remove content for <style>

Issue - State: closed - Opened by lluchs almost 9 years ago - 4 comments
Labels: wontfix

#143 - Adding support for file urls?

Issue - State: closed - Opened by jhubert almost 9 years ago - 4 comments
Labels: question

#142 - Sanitize.clean has issues with malformed/missing </script> closing tags

Issue - State: closed - Opened by jrjamespdx almost 9 years ago - 1 comment
Labels: question

#141 - Unpin Nokogumbo version

Pull Request - State: closed - Opened by rubys almost 9 years ago - 3 comments

#140 - extra spaces with mutliple html elements

Issue - State: closed - Opened by herberzt about 9 years ago - 2 comments
Labels: question

#139 - escape instead of stripping tags?

Issue - State: closed - Opened by Fedcomp about 9 years ago - 1 comment
Labels: enhancement, wontfix

#138 - Sanitize#fragment attribute whitelist not working

Issue - State: closed - Opened by nicooga about 9 years ago - 2 comments
Labels: question

#137 - nokogumbo sometimes do it’s own escaping leading contents being escaped twice with escapeutils.

Issue - State: closed - Opened by ytrezq about 9 years ago - 1 comment
Labels: not a bug

#136 - Not an issue, just a question about the project.

Issue - State: closed - Opened by ytrezq about 9 years ago - 2 comments
Labels: question

#135 - Any way to whitelist url()?

Issue - State: closed - Opened by robophilosopher about 9 years ago - 2 comments
Labels: question

#134 - Add data-uri image support in the relaxed config

Pull Request - State: closed - Opened by jhubert over 9 years ago - 4 comments

#133 - How to use Sanitize::Config::RELAXED together with transformers

Issue - State: closed - Opened by tfl over 9 years ago - 4 comments
Labels: question

GitHub / rgrove/sanitize issues and pull requests