Displaying 4 results from an estimated 4 matches for "loofahs".
Did you mean:
loofah
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
Synopsis
----------
Loofah::HTML::Document#text emits unencoded HTML entities prior to
0.4.6. This was originally by design, since the output of #text is
intended to be used in a non-HTML context (such as generation of
human-readable text documents).
However, Loofah::XssFoliate''s default behavior and
Loofah::Helpers#strip_tags
both use #text to strip tags out of the output, meaning that
2009 Oct 13
1
loofah 0.3.1 Released
loofah version 0.3.1 has been released!
* <http://loofah.rubyforge.org>
* <http://rubyforge.org/projects/loofah>
* <http://github.com/flavorjones/loofah>
Loofah is an HTML sanitizer. It will always fix broken markup, but
can also sanitize unsafe tags in a few different ways, and transform
the markup for storage or display.
It''s built on top of Nokogiri and libxml2, so
2013 Jun 06
0
Using Loofah to gain control of what HTML tags get sanitized
...eans I will replace the
venerable html-scanner with Loofah, picking up where this issue left off:
https://github.com/rails/rails/issues/2550. Rafael França was assigned to
that issue and he is my mentor during the summer.
I want to hear your thoughts about a new API that will take advantage of
Loofahs custom scrubbers. Here''s the example I gave in my project proposal<https://github.com/kaspth/gsoc-application>
:
class Comment < ActiveRecord::Base
# block based
# block takes a node
scrubs :body do |node|
node.remove if node.name == "script"
end
# method...
2013 Mar 27
1
remove all html tag before validation
hi,
is there a clean way to remove all html tag of all attributes before
validation
I found acts_as_sanitized that seemed to be perfect, but for rails 2 :-s
thanks
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to