ruby-sanitize 4.6.6-2.1~0.20.04.2 source package in Ubuntu

Changelog

ruby-sanitize (4.6.6-2.1~0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: XSS via style element when using "relaxed" or custom
    config
    - debian/patches/CVE-2023-36823.patch: prevent style element from
      premature close by escaping "</" in
      lib/sanitize/transformers/clean_css.rb.
    - CVE-2023-36823

 -- Evan Caville <email address hidden>  Fri, 19 Apr 2024 12:42:19 +1000

Upload details

Uploaded by:
Evan Caville
Uploaded to:
Focal
Original maintainer:
Debian Ruby Extras Maintainers
Architectures:
all
Section:
ruby
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe misc
Focal security universe misc

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
ruby-sanitize_4.6.6.orig.tar.gz 39.2 KiB 5d5b72076d13b731638e6189a83988237a47ab4d8ce6bfa5aded31ec0f333238
ruby-sanitize_4.6.6-2.1~0.20.04.2.debian.tar.xz 7.9 KiB 0c55307b20102753e196c13a6b55dbc1e3d5f35163633c5bac437f6ff19109b4
ruby-sanitize_4.6.6-2.1~0.20.04.2.dsc 2.1 KiB a7f36a207d55d3fd6cfe2d24d610e4e95afc5fb7198fd9f76197eb16c0a3b868

View changes file

Binary packages built by this source

ruby-sanitize: whitelist-based HTML sanitizer

 Sanitize is a whitelist-based HTML sanitizer. Given a list of acceptable
 elements and attributes, Sanitize will remove all unacceptable HTML from a
 string.
 .
 Using a simple configuration syntax, you can tell Sanitize to allow certain
 elements, certain attributes within those elements, and even certain URL
 protocols within attributes that contain URLs. Any HTML elements or attributes
 that you don't explicitly allow will be removed.
 .
 Because it's based on Nokogiri, a full-fledged HTML parser, rather than a bunch
 of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML and returning safe output.