New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update nokogiri main
to handle libxml2 master
#2468
Comments
main
to handle libxml2 `mastermain
to handle libxml2 master
Please note I have a work-in-progress branch for this, it needs a bit more work before I push it to a draft PR. |
Note that this is now high priority since libxml2 v2.9.14 was published this morning. |
After looking at the current behavior introduced by that commit upstream, I think the behavior change is worth the improvement in handling of DoS attacks (see https://gitlab.gnome.org/GNOME/libxml2/-/issues/339 for an explanation). The necessary changes downstream in the test suites of Loofah and rails-html-sanitizer are minimal and I'll take care of those. So, the changes introduced in the test suite in #2526 to match the libxml2 v2.9.14 behavior are all that we should need to do, and we should pass upstream once again. Will close this once that's on |
A few fixes, including ones by your truly, have made it upstream (but not yet in a release) and the tests' conditional logic is being updated. Closes #2468
A few fixes, including ones by your truly, have made it upstream (but not yet in a release) and the tests' conditional logic is being updated. Closes #2468
…-main dep: update libxml2 to v2.9.14 (main branch) --- **What problem is this PR intended to solve?** Update libxml2 to v2.9.14 rom v2.9.13, see #2525 > https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14 Also ensure that tests pass against upstream libxml2 (#2468). **Have you included adequate test coverage?** This PR updates tests to reflect the difference in how incorrectly-opened comments are handled in this release. **Does this change affect the behavior of either the C or the Java implementations?** The C native implementation handling of incorrectly-opened comments is different from previous and different from the JRuby implementation's handling. These differences are fully captured and explained in the test suite.
Recently upstream committed a fix for the issue that caused us to ship v1.13.3 (see https://gitlab.gnome.org/GNOME/libxml2/-/commit/4fd69f3e27e4ef2f8fafa091e723497017c40646)
As a result I would like to do two things:
<
characters take the new behavior into accountThe text was updated successfully, but these errors were encountered: