-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-9953 2010-06-15 15:36:29 --------------------------------------------------------------------------------
Name : perl-HTML-Defang Product : Fedora 12 Version : 1.03 Release : 1.fc12 URL : http://search.cpan.org/dist/HTML-Defang/ Summary : Cleans HTML and CSS of executable contents Description : This module accepts an input HTML and/or CSS string and removes any executable code including scripting, embedded objects, applets, etc., and neutralises any XSS attacks. A whitelist based approach is used which means only HTML known to be safe is allowed through. -------------------------------------------------------------------------------- Update Information: Various fixes: * fix incorrect tag closing when "/" appears as attribute key * handle deep span nests with the same attrs, not just no attrs * we might not find the tag if we hit one that stops further breaking out, that's not an error to report * track noscript mismatched tags * more nested table tags fixes * unicode fixes on attribute/style entity expansions * more deep nested span/div hacks * avoid undef error * optimisation for nested inline tags within block tags * massive speedup on deeply nested tags * defang tweaks on large sets of style rules * use /\G..../gc matching on style rather than s/// * close/re- open inline tags across block tags * only convert \u sequences in stripped values * track mismatched <p> tags, and defang -- in a tag as well * need to strip -- in defanged tags because --'s in comments are bad -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 15 2010 Iain Arnell <[email protected]> 1.03-1 - update to latest upstream -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update perl-HTML-Defang' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
