Comments (2)
jlthai
commented on July 29, 2024
Tested this spec in test_encoding.rb with 1.9.3
it "def test_scrub_foreign_chars_encodes_correctly"
escaped = Loofah.scrub_fragment("あ<b>い</b>う<script>え</script>お", :strip).to_s
assert_equal "あ<b>い</b>うえお", escaped
endand it passes!
from loofah.
flavorjones
commented on July 29, 2024
Agree, I'm running Loofah 2.0.1, using libxml2 2.8.0 and Nokogiri 1.6.3.1 and I can't reproduce this issue; so I'm going to close it for now. It's likely related to a bug in the particular version of libxml2 you were using at the time.
If you can provide more information on how to reproduce this, please add it to the issue and we'll reopen it.
Thanks for using Loofah!
from loofah.
Related Issues (20)
- A whitespace handling change in v2.9.0 is breaking a test in our code HOT 1
- `#text` should only render HTML elements HOT 1
- explore testing with the portswigger xss cheat sheet exploits
- `#to_text` doesn't handle `<br>` elements well. HOT 4
- Adding sms to ACCEPTABLE_PROTOCOLS HOT 3
- tests fail with latest versions of dependencies HOT 1
- Loofah removes HOT 3
- HTML5 empty attributes are being scrubbed HOT 5
- CSS Scrubber is removing the builtin extended CSS color properties in `>= v2.9.0` HOT 5
- RFC: should Loofah sanitize `<style>` tag contents HOT 2
- Preserving emails that look like tags HOT 2
- loofah issue with recent CVE release HOT 2
- unclosed html tags are also being pruned off, ideal expectation is to have only closed tags pruned HOT 12
- Getting errors using Nokogiri < 1.12 HOT 11
- pass encode_special_chars to to_s HOT 1
- Whitespace Added around "/" in CSS HOT 3
- Add scrub to append `target=_blank` to all links HOT 3
- Built-in scrubbers don't escape unsafe HTML with Nokogiri > 1.15 HOT 2
- feat: encapsulate some whitespace-handling into a scrubber (or scrubbers) HOT 3
- placeholder: when Nokogiri 1.17 is released, use the `parse_noscript_content_as_text` option by default
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loofah.