Displaying 20 results from an estimated 1000 matches similar to: "Using Loofah to gain control of what HTML tags get sanitized"
2009 Oct 13
1
loofah 0.3.1 Released
loofah version 0.3.1 has been released!
* <http://loofah.rubyforge.org>
* <http://rubyforge.org/projects/loofah>
* <http://github.com/flavorjones/loofah>
Loofah is an HTML sanitizer. It will always fix broken markup, but
can also sanitize unsafe tags in a few different ways, and transform
the markup for storage or display.
It''s built on top of Nokogiri and libxml2, so
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
Synopsis
----------
Loofah::HTML::Document#text emits unencoded HTML entities prior to
0.4.6. This was originally by design, since the output of #text is
intended to be used in a non-HTML context (such as generation of
human-readable text documents).
However, Loofah::XssFoliate''s default behavior and
Loofah::Helpers#strip_tags
both use #text to strip tags out of the output, meaning that
2012 Dec 14
1
Re: Digest for rubyonrails-core@googlegroups.com - 4 Messages in 3 Topics
This is a delivery failure notification message indicating that
an email you sent could not be delivered. The problem appears to be :
-- Recipient email server rejected the message
This condition occurred after 1 attempt(s) to deliver over
a period of 0 hour(s).
If you sent the email to multiple recipients, you will receive one
of these messages for each one which failed delivery, otherwise
2023 Jan 19
1
really large number of skipped files after a scrub
Hi,
Just to follow up my first observation from this email from december:
automatic scheduled scrubs that not happen. We have now upgraded glusterfs
from 7.4 to 10.1, and now see that the automated scrubs ARE running now.
Not sure why they didn't in 7.4, but issue solved. :-)
MJ
On Mon, 12 Dec 2022 at 13:38, cYuSeDfZfb cYuSeDfZfb <cyusedfzfb at gmail.com>
wrote:
> Hi,
>
> I
2014 Mar 11
0
Rails 4.0.4.rc1 has been released!
Hi everyone,
I am happy to announce that Rails 4.0.4.rc1 has been released. This is a
bug fix release and
includes more than 290 commits.
If no regressions are found we will release 4.0.4 final this Friday, on
March 14, 2014.
If you find one, please open an Issue on GitHub and mention me
(@rafaelfranca) on it,
so that we can fix it before the final release.
## CHANGES since 4.0.3
To view the
2013 Oct 30
0
Rails 4.0.1.rc4 has been released!
We found two regressions. One on Active Record and one on Action Pack.
Took some time to fix those issues so the release was delayed until today.
Here are the changes from 4.0.1.rc3 to 4.0.1.rc4:
https://github.com/rails/rails/compare/v4.0.1.rc3...v4.0.1.rc4
And the changes from 4.0.0 to 4.0.1:
https://github.com/rails/rails/compare/v4.0.0...v4.0.1.rc4
If we don''t hit any more
2007 Sep 11
1
[PATCH] Page scrubbing
Hi!
Make scrub_heap_pages() print from where to where
it scrubs pages.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
This patch uncovers a strange behaviour on 32bit.
On 64bit I get this:
(XEN) Scrubbing Free RAM 0xffff830000100000 -> 0xffff83003fff0000: ....done.
On 32bit I get this:
(XEN) Scrubbing Free RAM 0xffc00000 ->
0xdefb0000:
2013 Oct 17
0
Rails 4.0.1.rc1 has been released!
Hi everyone,
I am happy to announce that Rails 4.0.1.rc1 has been released. This is
a bug fix release and
includes more than 450 commits.
This release comes up with an important change on how Active Record
handles subsequent `order` calls.
In Rails 4.0.0 when you do something like this:
```ruby
User.order("name asc").order("created_at desc")
```
The later called `order`
2006 Jan 06
2
Problems passing un-sanitized XML to client
I''m trying to store an xsl stylesheet in the database and return it
to the client, but at some point in the process all the angle
brackets, etc are parsed out of the xml, so I get <defaults>
instead of <defaults>. Anyone have any pointers how I would go about
turning off that behavior?
-Derek
2006 Jan 04
3
ActiveRecord delete_all With Sanitized Parameters?
Hi there
I''m trying to delete a set of active record objects based on certain
conditions. I''d like to do something like the following:
Context.delete_all("uri IN (?)", uris)
But delete_all doesn''t allow multiple arguments. Since I don''t have
the IDs for the objects I want to delete, I can''t use delete(id), and
have resorted to this,
2009 Aug 26
0
Way to keep ampersand from getting sanitized?
I have an error message with an html character entity in it ( µ/
µ ). My trouble is, rails swaps my & with & - leaving me with
µ getting shown literally in the message rather than a nice,
neat Greek mu: μ.
I should probably add that the error message is set in a validate
routine on a model - via errors.add() - not in view code.
Is there a trick to this? I
2017 Aug 04
2
LLVM build failures of Sanitized builds
Hi.
Failure 1:
Current clang-6.0 from http://apt.llvm.org/, current sources.
$ CC=clang-6.0 CXX=clang++-6.0 cmake
-DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi;compiler-rt;lld;polly;openmp"
-DLLVM_USE_SANITIZER="Address;Undefined" -DCMAKE_BUILD_TYPE=Release
-GNinja ../llvm
$ ninja
[200/3921] Building Attributes.gen...
FAILED: include/llvm/IR/Attributes.gen.tmp
cd
2008 Jan 23
4
Synchronous scrub?
Say I''m firing off an at(1) or cron(1) job to do scrubs, and say I want to scrub two pools sequentially
because they share one device. The first pool, BTW, is a mirror comprising of a smaller disk and a subset of a larger disk. The other pool is the remainder of the larger disk.
I see no documentation mentioning how to scrub, then wait-until-completed. I''m happy to be pointed
2012 Apr 22
12
Xen doesn't boot on grub2 or xend doesn't start
hi guys,
It''s my first time here and in a mailing lists, I only participated in
forums before. Please, If I make a mistake you should advise me. Let''s go!
I was reading "xencommons not start" in a Remus Forum in order to install
Remus.
Well… I followed the tutorial <
http://remusha.wikidot.com/configuring-and-installing-remus>, I reboot in
xen_unstable and I had
2012 Apr 22
12
Xen doesn't boot on grub2 or xend doesn't start
hi guys,
It''s my first time here and in a mailing lists, I only participated in
forums before. Please, If I make a mistake you should advise me. Let''s go!
I was reading "xencommons not start" in a Remus Forum in order to install
Remus.
Well… I followed the tutorial <
http://remusha.wikidot.com/configuring-and-installing-remus>, I reboot in
xen_unstable and I had
2023 Jan 30
1
linux-6.2-rc4+ hangs on poweroff/reboot: Bisected
On Tue, 31 Jan 2023 at 09:09, Chris Clayton <chris2553 at googlemail.com> wrote:
>
> Hi again.
>
> On 30/01/2023 20:19, Chris Clayton wrote:
> > Thanks, Ben.
>
> <snip>
>
> >> Hey,
> >>
> >> This is a complete shot-in-the-dark, as I don't see this behaviour on
> >> *any* of my boards. Could you try the attached patch
2012 Oct 01
5
How to get the checkpoint size in remus code?
Hi,
I''m doing my master research and I need to adapt remus code. Now... I wanna
get the checkpoint size (memory + disk) on each period. Does someone know
what function does this? I think some *fd *object''s function in remus code
could just get the memory size.
Does someone help me?
Thanks
_______________________________________________
Xen-devel mailing list
2012 Nov 10
6
Suggestion: `before_save on: :create` should either work or raise an exception
There''s a small inconsistency in ActiveRecord''s callback syntax that has
tripped me up before. It wouldn''t be a big deal, but it can lead to a
silent failure. I''d like to suggest that it either be made consistent or be
made to fail loudly.
The issue is that to do something before validating, but only when
creating, you use `before_validation on: :create`,
2012 Oct 18
3
#asset_url helper method
Just putting this out there before I make a pull request.
Is there any interest in an asset_url method as a view helper?
It would work by using the config.action_controller.asset_host if it exists
and prepending this to the results of asset_path.
I have found this necessary when writing html emails and needing a full url
path for assets. Since my CDN in the asset_host mirrors my assets in my
2004 Aug 27
0
auto-gain, or different gain between incoming and outgoing calls (EURO ISDN PRI) ?
Hi,
I am using Asterisk with various brands and models of SIP phones. Especially
the Welltech phones LP201 are particularly nasty with volume and echo. Even
with the input gain (microphone) of the Welltech set to the max, the PSTN
end can hardly hear the SIP user on incoming calls. Ztmonitor also only
gives a level of around 3 === from the SIP phone.
I have to increase the rxgain and txgain