Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/flavorjones/loofah

Ruby library for HTML/XML transformation and sanitization
https://github.com/flavorjones/loofah

Add funding_uri to gemspec

andrew opened this pull request about 1 month ago
Allow CSS properties: min-height, max-height

lazyatom opened this pull request about 2 months ago
Allow CSS property: min-width

lazyatom opened this pull request 2 months ago
style(rubocop): bump and fix new warnings

flavorjones opened this pull request 5 months ago
use Nokogiri's `parse_noscript_content_as_text` option by default if it's available

flavorjones opened this issue 6 months ago
[RubyConf] Create scrubber for replacing double breakpoints into paragraph nodes

josecolella opened this pull request 8 months ago
Add additional acceptable css properties

factcondenser opened this pull request 8 months ago
Pass block to document fragment instantiation

troym9731 opened this pull request 9 months ago
Bump actions/checkout

m-nakamura145 opened this pull request 11 months ago
Add Ruby 3.3 to CI matrix

m-nakamura145 opened this pull request 11 months ago
feat: encapsulate some whitespace-handling into a scrubber (or scrubbers)

flavorjones opened this issue about 1 year ago
Allow boolean and empty attributes for certain node types

dedene opened this pull request about 1 year ago
Add noreferrer scrubber

wynksaiddestroy opened this pull request about 1 year ago
Built-in scrubbers don't escape unsafe HTML with Nokogiri > 1.15

stefannibrasil opened this issue about 1 year ago
feat: adds `:targetblank` scrubber

stefannibrasil opened this pull request about 1 year ago
dep: bump hoe-markdown for ruby 3.3 ci

flavorjones opened this pull request about 1 year ago
fix: scrub_css is more consistent with whitespace

flavorjones opened this pull request about 1 year ago
Add scrub to append `target=_blank` to all links

stefannibrasil opened this issue about 1 year ago
Whitespace Added around "/" in CSS

davidjstein opened this issue about 1 year ago
pass encode_special_chars to to_s

gamesover opened this issue over 1 year ago
fix: quash uninitialized instance variable warning

flavorjones opened this pull request over 1 year ago
avoid uninitialized instance variable warning

dharamgollapudi opened this pull request over 1 year ago
dep: require nokogiri >= 1.12.0

flavorjones opened this pull request over 1 year ago
Getting errors using Nokogiri < 1.12

srussking opened this issue over 1 year ago
don't define HTML5::Document and HTML5::DocumentFragment if HTML5 isn't supported

flavorjones opened this pull request over 1 year ago
test: support libxml 2.10.4 behavior around namespaces

flavorjones opened this pull request over 1 year ago
dep(style): rubocop-packaging

flavorjones opened this pull request over 1 year ago
additional rubocop coverage and packages

flavorjones opened this pull request over 1 year ago
add html5 support, get jruby green

flavorjones opened this pull request over 1 year ago
test: make the generated tests more flexible

flavorjones opened this pull request over 1 year ago
CI: add Ruby 3.2 to the test matrix

orien opened this pull request almost 2 years ago
Add more css properties, shorthands

lucyxiang opened this pull request almost 2 years ago
Bump actions/checkout from 2 to 3

kyoshidajp opened this pull request almost 2 years ago
ci: try to get ruby 2.5 to bundle install

flavorjones opened this pull request almost 2 years ago
Added "fax" and "modem" to acceptable protocols based on rfc2806.

cjba7 opened this pull request almost 2 years ago
unclosed html tags are also being pruned off, ideal expectation is to have only closed tags pruned

anil-adepu opened this issue almost 2 years ago
dep: remove dependency on RR for mocking

flavorjones opened this pull request almost 2 years ago
loofah issue with recent CVE release

epinault opened this issue about 2 years ago
port: 2.19.1 changes

flavorjones opened this pull request about 2 years ago
Preserving emails that look like tags

hahuang65 opened this issue about 2 years ago
ci: pin psych to v4 until v5 builds properly on CI

flavorjones opened this pull request about 2 years ago
RFC: should Loofah sanitize `<style>` tag contents

flavorjones opened this issue about 2 years ago
ci: test downstream rails-html-sanitizer

flavorjones opened this pull request about 2 years ago
feat: allow a few more SVG elements and attributes

flavorjones opened this pull request about 2 years ago
ci: ensure a min rubygems version

flavorjones opened this pull request over 2 years ago
feat: support SVG 1.0 extended color keywords

flavorjones opened this pull request over 2 years ago
CSS Scrubber is removing the builtin extended CSS color properties in `>= v2.9.0`

rocketedaway opened this issue over 2 years ago
HTML5 empty attributes are being scrubbed

dometto opened this issue over 2 years ago
fix: limit the recursion during :strip scrubbing

flavorjones opened this pull request over 2 years ago
Loofah removes &nbsp;

wizardofosmium opened this issue over 2 years ago
[draft] default to html5 parsing

flavorjones opened this pull request over 2 years ago
chore: Set permissions for GitHub actions

naveensrinivasan opened this pull request over 2 years ago
ci: don't fail fast

flavorjones opened this pull request over 2 years ago
Add aspect-ratio to the list of css properties

louim opened this pull request over 2 years ago
test: ensure we pass with libxml 2.9.14

flavorjones opened this pull request over 2 years ago
ci: add truffleruby

flavorjones opened this pull request over 2 years ago
aria attributes

flavorjones opened this pull request over 2 years ago
Adds ARIA attributes

nick-desteffen opened this pull request over 2 years ago
Adds menclose and ms MathML elements and supported attributes

nick-desteffen opened this pull request over 2 years ago
tests fail with latest versions of dependencies

Segaja opened this issue over 2 years ago
Allow sms: as a valid protocol

brendon opened this pull request almost 3 years ago
Adding sms to ACCEPTABLE_PROTOCOLS

brendon opened this issue almost 3 years ago
test: add coverage for entities

flavorjones opened this pull request almost 3 years ago
feat: Node#to_text replaces <br> with a newline

flavorjones opened this pull request almost 3 years ago
`#to_text` doesn't handle `<br>` elements well.

der-flo opened this issue almost 3 years ago
explore testing with the portswigger xss cheat sheet exploits

flavorjones opened this issue almost 3 years ago
ci: update to cover Ruby 3.1

flavorjones opened this pull request almost 3 years ago
fix: comments should not be emitted by DocumentFragment#text

flavorjones opened this pull request about 3 years ago
`#text` should only render HTML elements

weiqingtoh opened this issue about 3 years ago
test: use CSS hex-encoded strings to test sanitization

flavorjones opened this pull request about 3 years ago
A whitespace handling change in v2.9.0 is breaking a test in our code

mileslane opened this issue about 3 years ago
How to bypass characters like less than character when sanitising the data

piyush-ally opened this issue about 3 years ago
Add Truffleruby head to CI

gogainda opened this pull request over 3 years ago
feat: support empty HTML5 data attributes

flavorjones opened this pull request over 3 years ago
Empty data attributes are stripped

ryanb opened this issue over 3 years ago
feat: allow all `border-collapse` CSS property values

flavorjones opened this pull request over 3 years ago
allow HTML5 element `wbr`

flavorjones opened this pull request over 3 years ago
add 'wbr' tag to safelist

shota-yamashita opened this pull request over 3 years ago
Security Warning - Cross-Site Scripting

pandu-cls opened this issue over 3 years ago
False positive with loofah CVE

mroach opened this issue over 3 years ago
Brakeman reporting false positive on CVE-2018-8048

jarkko opened this issue over 3 years ago
ci: create github actions pipeline

flavorjones opened this pull request over 3 years ago
test: libxml 2.9.11 handles namespaces in HTML docs differently

flavorjones opened this pull request over 3 years ago
Update safelist.rb to include overflow-x and y

sampokuokkanen opened this pull request over 3 years ago
test: actually test against a working unicode-encoded exploit

flavorjones opened this pull request over 3 years ago
Regressions in Loofah 2.9.0 and 2.9.1

jacobherrington opened this issue over 3 years ago
fix: allow CSS properties to have quoted string values

flavorjones opened this pull request over 3 years ago
Regression in 2.9.0: string css attributes scrubbing

aert opened this issue over 3 years ago
border-collapse other than "collapse" is stripped, even when safelisted

bbugh opened this issue almost 4 years ago
fix: handle CSS functions in a CSS shorthand property

flavorjones opened this pull request almost 4 years ago
scrub_css drops allowed css functions from shorthand css properties

Iwaide opened this issue almost 4 years ago
Add flex properties to safelist

miguelperez opened this pull request about 4 years ago
Some new css attributes are not referenced in the list and end up being removed from the sanitized string. like align-items.

miguelperez opened this issue about 4 years ago
Update rubocop requirement from ~> 0.89 to ~> 1.1

dependabot-preview[bot] opened this pull request about 4 years ago
Update rubocop requirement from ~> 0.89 to ~> 1.0

dependabot-preview[bot] opened this pull request about 4 years ago
dev: rename default git branch

flavorjones opened this issue about 4 years ago
Block MathML mutation XSS

DanielHeath opened this issue about 4 years ago
fixed #191: scrub_css drops !important rule from shorthand css properties

b7kich opened this pull request over 4 years ago
scrub_css drops !important rule from shorthand css properties

b7kich opened this issue over 4 years ago
add page-break to safelist

ahorek opened this pull request over 4 years ago