ruby-sanitize 6.0.0-1ubuntu0.1 source package in Ubuntu

Changelog

ruby-sanitize (6.0.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: XSS via noscript elements when using custom allowlist
    - debian/patches/CVE-2023-23627.patch: always remove noscript elements,
      even if they're included in the allowlist in
      lib/sanitize/transformers/clean_element.rb.
    - CVE-2023-23627
  * SECURITY UPDATE: XSS via style element when using "relaxed" or custom
    config
    - debian/patches/CVE-2023-36823.patch: prevent style element from
      premature close by escaping "</" in
      lib/sanitize/transformers/clean_css.rb.
    - CVE-2023-36823

 -- Evan Caville <email address hidden>  Fri, 19 Apr 2024 12:46:55 +1000

Upload details

Uploaded by:
Evan Caville
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
ruby
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy updates universe misc
Jammy security universe misc

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
ruby-sanitize_6.0.0.orig.tar.gz 41.8 KiB 1c66c7bc589b48911d97495f0ee4a96698b07242950a9d1f21ba61a3612d8cf4
ruby-sanitize_6.0.0-1ubuntu0.1.debian.tar.xz 5.3 KiB 10bb705af2da64df82a6fe4b96d3e9aed09d243622a9e3c8938c53921ef4ff43
ruby-sanitize_6.0.0-1ubuntu0.1.dsc 2.2 KiB 73fa4258a35f055903a7215e41572c65fa57820c6e251c3628710ae037aa8a47

View changes file

Binary packages built by this source

ruby-sanitize: whitelist-based HTML sanitizer

 Sanitize is a whitelist-based HTML sanitizer. Given a list of acceptable
 elements and attributes, Sanitize will remove all unacceptable HTML from a
 string.
 .
 Using a simple configuration syntax, you can tell Sanitize to allow certain
 elements, certain attributes within those elements, and even certain URL
 protocols within attributes that contain URLs. Any HTML elements or attributes
 that you don't explicitly allow will be removed.
 .
 Because it's based on Nokogiri, a full-fledged HTML parser, rather than a bunch
 of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML and returning safe output.