ruby-sanitize 6.0.0-1ubuntu0.1 source package in Ubuntu
Changelog
ruby-sanitize (6.0.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: XSS via noscript elements when using custom allowlist
- debian/patches/CVE-2023-23627.patch: always remove noscript elements,
even if they're included in the allowlist in
lib/sanitize/transformers/clean_element.rb.
- CVE-2023-23627
* SECURITY UPDATE: XSS via style element when using "relaxed" or custom
config
- debian/patches/CVE-2023-36823.patch: prevent style element from
premature close by escaping "</" in
lib/sanitize/transformers/clean_css.rb.
- CVE-2023-36823
-- Evan Caville <email address hidden> Fri, 19 Apr 2024 12:46:55 +1000
Upload details
- Uploaded by:
- Evan Caville
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- ruby
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | universe | misc | |
| Jammy | security | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ruby-sanitize_6.0.0.orig.tar.gz | 41.8 KiB | 1c66c7bc589b48911d97495f0ee4a96698b07242950a9d1f21ba61a3612d8cf4 |
| ruby-sanitize_6.0.0-1ubuntu0.1.debian.tar.xz | 5.3 KiB | 10bb705af2da64df82a6fe4b96d3e9aed09d243622a9e3c8938c53921ef4ff43 |
| ruby-sanitize_6.0.0-1ubuntu0.1.dsc | 2.2 KiB | 73fa4258a35f055903a7215e41572c65fa57820c6e251c3628710ae037aa8a47 |
Available diffs
Binary packages built by this source
- ruby-sanitize: whitelist-based HTML sanitizer
Sanitize is a whitelist-based HTML sanitizer. Given a list of acceptable
elements and attributes, Sanitize will remove all unacceptable HTML from a
string.
.
Using a simple configuration syntax, you can tell Sanitize to allow certain
elements, certain attributes within those elements, and even certain URL
protocols within attributes that contain URLs. Any HTML elements or attributes
that you don't explicitly allow will be removed.
.
Because it's based on Nokogiri, a full-fledged HTML parser, rather than a bunch
of fragile regular expressions, Sanitize has no trouble dealing with malformed
or maliciously-formed HTML and returning safe output.
