lua-web-sanitize: update to 1.4.0 Stricter attribute value escaping This is a critical update if you are using a custom white list with iframe elements allowed. Due to their non-standard parsing within browsers it maybe be possible to craft HTML to bypass sanitization by using an element with an attribute value of a closing iframe tag. Those using the default whitelist are not affected.diff -r1.3 -r1.4 pkgsrc/www/lua-web-sanitize/Makefile
(nia)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.3 2022/07/13 08:44:24 nia Exp $ | 1 | # $NetBSD: Makefile,v 1.4 2023/02/01 12:36:06 nia Exp $ | |
2 | 2 | |||
3 | DISTNAME= web_sanitize-1.3.0 | 3 | DISTNAME= web_sanitize-1.4.0 | |
4 | PKGNAME= ${LUA_PKGPREFIX}-${DISTNAME:S/_/-/g} | 4 | PKGNAME= ${LUA_PKGPREFIX}-${DISTNAME:S/_/-/g} | |
5 | CATEGORIES= www lua | 5 | CATEGORIES= www lua | |
6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=leafo/} | 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=leafo/} | |
7 | GITHUB_PROJECT= web_sanitize | 7 | GITHUB_PROJECT= web_sanitize | |
8 | GITHUB_TAG= v${PKGVERSION_NOREV} | 8 | GITHUB_TAG= v${PKGVERSION_NOREV} | |
9 | 9 | |||
10 | MAINTAINER= nia@NetBSD.org | 10 | MAINTAINER= nia@NetBSD.org | |
11 | HOMEPAGE= https://github.com/leafo/web_sanitize | 11 | HOMEPAGE= https://github.com/leafo/web_sanitize | |
12 | COMMENT= Lua library for sanitizing untrusted HTML | 12 | COMMENT= Lua library for sanitizing untrusted HTML | |
13 | LICENSE= mit | 13 | LICENSE= mit | |
14 | 14 | |||
15 | USE_LANGUAGES= # none | 15 | USE_LANGUAGES= # none | |
16 | NO_BUILD= yes | 16 | NO_BUILD= yes |
@@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
1 | $NetBSD: distinfo,v 1.5 2022/07/13 08:44:24 nia Exp $ | 1 | $NetBSD: distinfo,v 1.6 2023/02/01 12:36:06 nia Exp $ | |
2 | 2 | |||
3 | BLAKE2s (web_sanitize-1.3.0.tar.gz) = 13a976c5121c181fbd00e41c75550d329e15e50b25a35168b6a3f472bcc426a1 | 3 | BLAKE2s (web_sanitize-1.4.0.tar.gz) = ac1b0c4b22d52035f2b061231ed273174bee752707c9c16f1fd4cc7e5f1cbdc6 | |
4 | SHA512 (web_sanitize-1.3.0.tar.gz) = b842d4f2cc07bd3a4cda1c57ff8c8684c1318feb22673cfeaa5a0960e5801ec21f5b9a8c16832eeb8dad0954f9e87d241694789ccf431d69c0bb9fba01c81a64 | 4 | SHA512 (web_sanitize-1.4.0.tar.gz) = 18a748df89eac379a10514947635688f9f34471174e182e25526e7959c1e83400c5aaa3b48f0ebd6348ea4cb07aad50809fecef803c226addc5a3d1d620ca86e | |
5 | Size (web_sanitize-1.3.0.tar.gz) = 55057 bytes | 5 | Size (web_sanitize-1.4.0.tar.gz) = 55489 bytes |