Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > [ANN] loofah and loofah-activerecord 1.0.0

Reply
Thread Tools

[ANN] loofah and loofah-activerecord 1.0.0

 
 
Mike Dalessio
Guest
Posts: n/a
 
      10-26-2010
[Note: parts of this message were removed to make it a legal post.]

Previous versions of loofah included both basic string sanitization
and ActiveRecord extensions. This release divides these two functions
into separate gems.

If you are using either of the loofah 0.4 ActiveRecord extensions, you
should update the dependency to 'loofah-activerecord >= 1.0.0'.

----------------------------------------

loofah 1.0.0 has been released!

* <http://github.com/flavorjones/loofah>

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
`loofah-activerecord` gem (see
http://github.com/flavorjones/loofah-activerecord).

Changes:

## 1.0.0 (2010-10-26)

Notes:

* Moved ActiveRecord functionality into `loofah-activerecord` gem.

----------------------------------------

loofah-activerecord version 1.0.0 has been released!

* <http://github.com/flavorjones/loofah-activerecord>

loofah-activerecord extends loofah's HTML sanitization into Rails
ActiveRecord models with two AR extensions:

* Loofah::XssFoliate, an XssTerminate drop-in replacement, is an
*opt-out* sanitizer. By default all models and attributes are
sanitized.
* Loofah::ActiveRecordExtension is an *opt-in* sanitizer. You must
explicitly declare attributes to be sanitized.

Changes:

## 1.0.0 (2010-10-26)

Notes

* ActiveRecord-related code from Loofah 0.4.7 has been moved here. See
http://github.com/flavorjones/loofah for a historical changelog.
* Using bundler to provide proper gem sandboxing in testing multiple rails
versions.
* Birthday!

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
loofah multibyte regex (Was: [ANN] loofah 0.4.7 Released) Mike Dalessio Ruby 1 10-26-2010 02:19 PM
[ANN] loofah 0.3.1 Released Mike Dalessio Ruby 1 10-13-2009 03:47 AM
[ANN] loofah 0.3.0 Released Mike Dalessio Ruby 0 10-07-2009 04:11 AM
[ANN] loofah 0.2.2 Released Mike Dalessio Ruby 0 08-31-2009 04:00 AM
[ANN] loofah 0.2.0 Released Mike Dalessio Ruby 0 08-11-2009 06:45 AM



Advertisments