---
- branch: MAIN
  date: Mon Aug 30 15:38:03 UTC 2021
  files:
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/www/ruby-rails-html-sanitizer/Makefile
    pathrev: pkgsrc/www/ruby-rails-html-sanitizer/Makefile@1.4
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/www/ruby-rails-html-sanitizer/distinfo
    pathrev: pkgsrc/www/ruby-rails-html-sanitizer/distinfo@1.4
    type: modified
  id: 20210830T153803Z.387ef40ffd294c339661afc01e7a5582fb268100
  log: |
    www/ruby-rails-html-sanitizer: udpate to 1.4.2

    1.4.0 (2021-08-18)

    * Processing Instructions are no longer allowed by Rails::Html::PermitScrubber

      Previously, a PI with a name (or "target") matching an allowed tag name
      was not scrubbed. There are no known security issues associated with these
      PIs, but similar to comments it's preferred to omit these nodes when
      possible from sanitized output.

      Fixes #115.

      Mike Dalessio

    1.4.1 (2021-08-18)

    * Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.

      Some scrubbers will want to override the default behavior and allow
      comments, but v1.4.0 only passed through elements to the scrubber's
      keep_node? method.

      This change once again allows the scrubber to make the decision on comment
      nodes, but still skips other non-elements like processing instructions
      (see #115).

      Mike Dalessio

    1.4.2 (2021-08-23)

    * Slightly improve performance.

      Assuming elements are more common than comments, make one less method call
      per node.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/ruby-rails-html-sanitizer'
  unixtime: '1630337883'
  user: taca