Wed Feb 1 12:36:07 2023 UTC ()
lua-web-sanitize: update to 1.4.0

Stricter attribute value escaping

This is a critical update if you are using a custom white list with iframe
elements allowed. Due to their non-standard parsing within browsers it
maybe be possible to craft HTML to bypass sanitization by using an element
with an attribute value of a closing iframe tag. Those using the default
whitelist are not affected.


(nia)
diff -r1.3 -r1.4 pkgsrc/www/lua-web-sanitize/Makefile
diff -r1.5 -r1.6 pkgsrc/www/lua-web-sanitize/distinfo
cvs diff -r1.3 -r1.4 pkgsrc/www/lua-web-sanitize/Makefile (expand / switch to unified diff)

--- pkgsrc/www/lua-web-sanitize/Makefile 2022/07/13 08:44:24 1.3
+++ pkgsrc/www/lua-web-sanitize/Makefile 2023/02/01 12:36:06 1.4
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.3 2022/07/13 08:44:24 nia Exp $ 1# $NetBSD: Makefile,v 1.4 2023/02/01 12:36:06 nia Exp $
2 2
3DISTNAME= web_sanitize-1.3.0 3DISTNAME= web_sanitize-1.4.0
4PKGNAME= ${LUA_PKGPREFIX}-${DISTNAME:S/_/-/g} 4PKGNAME= ${LUA_PKGPREFIX}-${DISTNAME:S/_/-/g}
5CATEGORIES= www lua 5CATEGORIES= www lua
6MASTER_SITES= ${MASTER_SITE_GITHUB:=leafo/} 6MASTER_SITES= ${MASTER_SITE_GITHUB:=leafo/}
7GITHUB_PROJECT= web_sanitize 7GITHUB_PROJECT= web_sanitize
8GITHUB_TAG= v${PKGVERSION_NOREV} 8GITHUB_TAG= v${PKGVERSION_NOREV}
9 9
10MAINTAINER= nia@NetBSD.org 10MAINTAINER= nia@NetBSD.org
11HOMEPAGE= https://github.com/leafo/web_sanitize 11HOMEPAGE= https://github.com/leafo/web_sanitize
12COMMENT= Lua library for sanitizing untrusted HTML 12COMMENT= Lua library for sanitizing untrusted HTML
13LICENSE= mit 13LICENSE= mit
14 14
15USE_LANGUAGES= # none 15USE_LANGUAGES= # none
16NO_BUILD= yes 16NO_BUILD= yes
cvs diff -r1.5 -r1.6 pkgsrc/www/lua-web-sanitize/distinfo (expand / switch to unified diff)

--- pkgsrc/www/lua-web-sanitize/distinfo 2022/07/13 08:44:24 1.5
+++ pkgsrc/www/lua-web-sanitize/distinfo 2023/02/01 12:36:06 1.6
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.5 2022/07/13 08:44:24 nia Exp $ 1$NetBSD: distinfo,v 1.6 2023/02/01 12:36:06 nia Exp $
2 2
3BLAKE2s (web_sanitize-1.3.0.tar.gz) = 13a976c5121c181fbd00e41c75550d329e15e50b25a35168b6a3f472bcc426a1 3BLAKE2s (web_sanitize-1.4.0.tar.gz) = ac1b0c4b22d52035f2b061231ed273174bee752707c9c16f1fd4cc7e5f1cbdc6
4SHA512 (web_sanitize-1.3.0.tar.gz) = b842d4f2cc07bd3a4cda1c57ff8c8684c1318feb22673cfeaa5a0960e5801ec21f5b9a8c16832eeb8dad0954f9e87d241694789ccf431d69c0bb9fba01c81a64 4SHA512 (web_sanitize-1.4.0.tar.gz) = 18a748df89eac379a10514947635688f9f34471174e182e25526e7959c1e83400c5aaa3b48f0ebd6348ea4cb07aad50809fecef803c226addc5a3d1d620ca86e
5Size (web_sanitize-1.3.0.tar.gz) = 55057 bytes 5Size (web_sanitize-1.4.0.tar.gz) = 55489 bytes