Wed Feb 1 12:36:07 2023 UTC ()
lua-web-sanitize: update to 1.4.0

Stricter attribute value escaping

This is a critical update if you are using a custom white list with iframe
elements allowed. Due to their non-standard parsing within browsers it
maybe be possible to craft HTML to bypass sanitization by using an element
with an attribute value of a closing iframe tag. Those using the default
whitelist are not affected.


(nia)
diff -r1.3 -r1.4 pkgsrc/www/lua-web-sanitize/Makefile
diff -r1.5 -r1.6 pkgsrc/www/lua-web-sanitize/distinfo
cvs diff -r1.3 -r1.4 pkgsrc/www/lua-web-sanitize/Makefile (switch to unified diff)

--- pkgsrc/www/lua-web-sanitize/Makefile 2022/07/13 08:44:24 1.3
+++ pkgsrc/www/lua-web-sanitize/Makefile 2023/02/01 12:36:06 1.4
@@ -1,39 +1,39 @@ @@ -1,39 +1,39 @@
1# $NetBSD: Makefile,v 1.3 2022/07/13 08:44:24 nia Exp $ 1# $NetBSD: Makefile,v 1.4 2023/02/01 12:36:06 nia Exp $
2 2
3DISTNAME= web_sanitize-1.3.0 3DISTNAME= web_sanitize-1.4.0
4PKGNAME= ${LUA_PKGPREFIX}-${DISTNAME:S/_/-/g} 4PKGNAME= ${LUA_PKGPREFIX}-${DISTNAME:S/_/-/g}
5CATEGORIES= www lua 5CATEGORIES= www lua
6MASTER_SITES= ${MASTER_SITE_GITHUB:=leafo/} 6MASTER_SITES= ${MASTER_SITE_GITHUB:=leafo/}
7GITHUB_PROJECT= web_sanitize 7GITHUB_PROJECT= web_sanitize
8GITHUB_TAG= v${PKGVERSION_NOREV} 8GITHUB_TAG= v${PKGVERSION_NOREV}
9 9
10MAINTAINER= nia@NetBSD.org 10MAINTAINER= nia@NetBSD.org
11HOMEPAGE= https://github.com/leafo/web_sanitize 11HOMEPAGE= https://github.com/leafo/web_sanitize
12COMMENT= Lua library for sanitizing untrusted HTML 12COMMENT= Lua library for sanitizing untrusted HTML
13LICENSE= mit 13LICENSE= mit
14 14
15USE_LANGUAGES= # none 15USE_LANGUAGES= # none
16NO_BUILD= yes 16NO_BUILD= yes
17 17
18LUA_USE_BUSTED= yes 18LUA_USE_BUSTED= yes
19 19
20TEST_DEPENDS+= ${LUA_PKGPREFIX}-moonscript-[0-9]*:../../lang/lua-moonscript 20TEST_DEPENDS+= ${LUA_PKGPREFIX}-moonscript-[0-9]*:../../lang/lua-moonscript
21TEST_DEPENDS+= ${LUA_PKGPREFIX}-cjson-[0-9]*:../../textproc/lua-cjson 21TEST_DEPENDS+= ${LUA_PKGPREFIX}-cjson-[0-9]*:../../textproc/lua-cjson
22 22
23INSTALLATION_DIRS+= ${LUA_LDIR} 23INSTALLATION_DIRS+= ${LUA_LDIR}
24INSTALLATION_DIRS+= ${LUA_LDIR}/web_sanitize 24INSTALLATION_DIRS+= ${LUA_LDIR}/web_sanitize
25INSTALLATION_DIRS+= ${LUA_LDIR}/web_sanitize/query 25INSTALLATION_DIRS+= ${LUA_LDIR}/web_sanitize/query
26 26
27do-install: 27do-install:
28 ${INSTALL_DATA} ${WRKSRC}/*.lua \ 28 ${INSTALL_DATA} ${WRKSRC}/*.lua \
29 ${DESTDIR}${PREFIX}/${LUA_LDIR} 29 ${DESTDIR}${PREFIX}/${LUA_LDIR}
30 ${INSTALL_DATA} ${WRKSRC}/web_sanitize/*.lua \ 30 ${INSTALL_DATA} ${WRKSRC}/web_sanitize/*.lua \
31 ${DESTDIR}${PREFIX}/${LUA_LDIR}/web_sanitize 31 ${DESTDIR}${PREFIX}/${LUA_LDIR}/web_sanitize
32 ${INSTALL_DATA} ${WRKSRC}/web_sanitize/query/*.lua \ 32 ${INSTALL_DATA} ${WRKSRC}/web_sanitize/query/*.lua \
33 ${DESTDIR}${PREFIX}/${LUA_LDIR}/web_sanitize/query 33 ${DESTDIR}${PREFIX}/${LUA_LDIR}/web_sanitize/query
34 34
35pre-test: 35pre-test:
36 ${PREFIX}/bin/moonc${_LUA_DOT_VERSION} ${WRKSRC}/spec/*.moon 36 ${PREFIX}/bin/moonc${_LUA_DOT_VERSION} ${WRKSRC}/spec/*.moon
37 37
38.include "../../lang/lua/module.mk" 38.include "../../lang/lua/module.mk"
39.include "../../mk/bsd.pkg.mk" 39.include "../../mk/bsd.pkg.mk"
cvs diff -r1.5 -r1.6 pkgsrc/www/lua-web-sanitize/distinfo (switch to unified diff)

--- pkgsrc/www/lua-web-sanitize/distinfo 2022/07/13 08:44:24 1.5
+++ pkgsrc/www/lua-web-sanitize/distinfo 2023/02/01 12:36:06 1.6
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.5 2022/07/13 08:44:24 nia Exp $ 1$NetBSD: distinfo,v 1.6 2023/02/01 12:36:06 nia Exp $
2 2
3BLAKE2s (web_sanitize-1.3.0.tar.gz) = 13a976c5121c181fbd00e41c75550d329e15e50b25a35168b6a3f472bcc426a1 3BLAKE2s (web_sanitize-1.4.0.tar.gz) = ac1b0c4b22d52035f2b061231ed273174bee752707c9c16f1fd4cc7e5f1cbdc6
4SHA512 (web_sanitize-1.3.0.tar.gz) = b842d4f2cc07bd3a4cda1c57ff8c8684c1318feb22673cfeaa5a0960e5801ec21f5b9a8c16832eeb8dad0954f9e87d241694789ccf431d69c0bb9fba01c81a64 4SHA512 (web_sanitize-1.4.0.tar.gz) = 18a748df89eac379a10514947635688f9f34471174e182e25526e7959c1e83400c5aaa3b48f0ebd6348ea4cb07aad50809fecef803c226addc5a3d1d620ca86e
5Size (web_sanitize-1.3.0.tar.gz) = 55057 bytes 5Size (web_sanitize-1.4.0.tar.gz) = 55489 bytes