diff options
| author | taca <taca@pkgsrc.org> | 2019-10-22 16:24:20 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2019-10-22 16:24:20 +0000 |
| commit | 905372c349fd42761347ac7a41ae0acc1576fb00 (patch) | |
| tree | 4fac649a54c462e7ccaa6aca1240f838c4fce2ad /graphics/tex-mptopdf | |
| parent | 820d5a9a641e36fe04305a75c9f96057ea0eb3fd (diff) | |
| download | pkgsrc-905372c349fd42761347ac7a41ae0acc1576fb00.tar.gz | |
www/ruby-loofah: update to 2.3.1
## 2.3.1 / 2019-10-22
### Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171
## 2.3.0 / unreleased
### Features
* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)
### Bug fixes
* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)
### Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.
Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
Diffstat (limited to 'graphics/tex-mptopdf')
0 files changed, 0 insertions, 0 deletions