rails/rails-html-sanitizer

Issues

• Nuanced rules when santising? (to enable other attributes like target + rel)

  #107 opened 2 years ago by Zeouterlimits
  8

• Rails Sanitize Gem: Frozen Allowed Tags List is Mutated Internally

  #195 opened a year ago by ayzahamid
  5

• tidy: remove deprecation warnings from ActionView::Helpers::SanitizeHelper

  #190 opened a year ago by flavorjones
  1

• Loading order is causing issues

  #144 opened 3 years ago by sobrinho
  9

• explore: using rgrove/sanitize as the underlying sanitizer

  #181 opened 2 years ago by flavorjones
  0

• Add an option to use `to_text` instead of `to_html` to `FullSanitizer`

  #154 opened 3 years ago by Earlopain
  13

• HTML5 SafeListSanitizer removes 'viewbox' even when allowed_attribute

  #169 opened 2 years ago by jorg-vr
  2

• Should 'class' be removed from the default safe list for attributes?

  #168 opened 2 years ago by moritzhoeppner
  1

• The sanitization method changes the tag structure if there is a `<table>` tag inside an `<a>` tag.

  #155 opened 2 years ago by naitoh
  3

• Please add required_ruby_version to gemspec

  #153 opened 3 years ago by jeremyevans
  3

• In the sanitize method, the value of the `multiple` attribute of the html tag is missing.

  #152 opened 3 years ago by naitoh
  2

• Full sanitizer does not escape quotes

  #56 opened 3 years ago by srecnig
  5

• removing HTML comments

  #62 opened 9 years ago by stefanosc
  6

• Calling "Rails::Html::SafeListSanitizer.new(prune: true)" results in "ArgumentError (unknown keyword: :prune)"

  #142 opened 3 years ago by mayesgr
  8

• Private reporting of a potential security vulnerability

  #148 opened 3 years ago by Sim4n6
  6

• xss vulnerability in data URI

  #135 opened 3 years ago by goromlagche
  2

• `strip_tags(input).html_safe? # => false to true` ?

  #124 opened 3 years ago by dorianmariecom
  8

• WhiteListSanitizer is sanitizing some contents of allowed attribute

  #141 opened 3 years ago by archonic
  2

• allow script tag

  #140 opened 3 years ago by mm580486
  3

• Change in behavior caused by Nokogiri 1.13.5

  #130 opened 3 years ago by CarlosCD
  2

• Explore test failures with nokogiri v1.13.2

  #127 opened 4 years ago by flavorjones
  1

• test failures when using loofah 2.13.0 and nokogiri 1.12.5

  #125 opened 4 years ago by Segaja
  7

• Debian packaging 1.2.0: test issues

  #99 opened 6 years ago by geor-g
  7

• PermitScrubber treats ProcessingInstructions as Elements

  #115 opened 4 years ago by dmpotter44
  2

• WhitelistSanitizer manipulating URLs

  #98 opened 5 years ago by archonic
  2

• Style attributed not included in SafeListSanitizer.allowed_attributes

  #104 opened 5 years ago by puneet-sutar
  2

• Problem trying to whitelist rgb color within style attribute

  #68 opened 5 years ago by tquill
  2

• test failures against current loofah/nokogiri

  #111 opened 5 years ago by terceiro
  6

• version 1.3.0 XSS Vulnerability

  #106 opened 6 years ago by kaspatel-mdsol
  4

• iframe are scrubbed by default?

  #109 opened 5 years ago by paul-mesnilgrente
  3

• Unable to whitelist css variables

  #108 opened 5 years ago by petebytes
  1

• XSS vulnerability v1.2.0

  #97 opened 6 years ago by likeuwill
  2

• Deprication warnings with loofah 2.3.0

  #103 opened 6 years ago by lephyrius
  1

• Loofah::HTML5::WhiteList is deprecated

  #101 opened 6 years ago by vividtone
  2

• How to migrate to new sanitizer

  #94 opened 6 years ago by igorkasyanchuk
  5

• loofah - CVE-2018-16468

  #82 opened 7 years ago by rodolfobandeira
  1

• Upgrade loofah dependency to 2.2.3

  #76 opened 7 years ago by motiko
  0

• test failures with new loofah (2.2.1)

  #70 opened 8 years ago by boutil
  2

• Environment-based sanitizer difference with open lt tags

  #72 opened 8 years ago by jackphelps
  6

• rails-html-sanitizer 1.0.3 crashes with both ruby 2.3.0p0 & ruby 2.2.2p95

  #54 opened 8 years ago by phearle
  4

• FullSantitizer de-escapes escaped HTML entities besides &, <, >

  #67 opened 8 years ago by miloprice
  3

• `sanitize` inserts unintended whitespace

  #64 opened 8 years ago by yskkin
  1

• Stripping of comments

  #65 opened 9 years ago by fschwahn
  3

• Help with a text

  #63 opened 9 years ago by rderoldan1
  1

• Sanitize method adds line breaks where they do not exist

  #59 opened 9 years ago by gkaemmer
  1

• Unfinished open tag being escaped

  #58 opened 9 years ago by mariovisic
  2

• Unexpected change in sanitize

  #57 opened 9 years ago by CamJN
  1

• Custom Scrubber allowed_node? not being invoked!!!

  #53 opened 10 years ago by NeoElit
  7

• Data URI's get sanitized

  #51 opened 10 years ago by Qqwy
  3

• Allow "tel:" links

  #52 opened 10 years ago by DannyBen
  1