Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update nokogiri main to handle libxml2 master #2468

Closed
2 tasks done
Tracked by #2525
flavorjones opened this issue Feb 24, 2022 · 3 comments
Closed
2 tasks done
Tracked by #2525

update nokogiri main to handle libxml2 master #2468

flavorjones opened this issue Feb 24, 2022 · 3 comments
Labels
upstream/libxml2

Comments

@flavorjones
Copy link
Member

flavorjones commented Feb 24, 2022
edited

Recently upstream committed a fix for the issue that caused us to ship v1.13.3 (see https://gitlab.gnome.org/GNOME/libxml2/-/commit/4fd69f3e27e4ef2f8fafa091e723497017c40646)

As a result I would like to do two things:
@flavorjones flavorjones changed the title update nokogiri main to handle libxml2 `master update nokogiri main to handle libxml2 master Feb 25, 2022
@flavorjones flavorjones mentioned this issue Mar 18, 2022
Closed
@flavorjones
Copy link
Member Author

Please note I have a work-in-progress branch for this, it needs a bit more work before I push it to a draft PR.

@flavorjones flavorjones mentioned this issue May 2, 2022
Closed
8 tasks
@flavorjones
Copy link
Member Author

Note that this is now high priority since libxml2 v2.9.14 was published this morning.

@flavorjones
Copy link
Member Author

After looking at the current behavior introduced by that commit upstream, I think the behavior change is worth the improvement in handling of DoS attacks (see https://gitlab.gnome.org/GNOME/libxml2/-/issues/339 for an explanation). The necessary changes downstream in the test suites of Loofah and rails-html-sanitizer are minimal and I'll take care of those.

So, the changes introduced in the test suite in #2526 to match the libxml2 v2.9.14 behavior are all that we should need to do, and we should pass upstream once again. Will close this once that's on main.

flavorjones added a commit that referenced this issue May 4, 2022
@flavorjones
test: ensure upstream libxml2 is passing
baa6453 
A few fixes, including ones by your truly, have made it upstream (but
not yet in a release) and the tests' conditional logic is being
updated.

Closes #2468
@flavorjones flavorjones mentioned this issue May 4, 2022
Merged
flavorjones added a commit that referenced this issue May 4, 2022
@flavorjones
test: ensure upstream libxml2 is passing
d122437 
A few fixes, including ones by your truly, have made it upstream (but
not yet in a release) and the tests' conditional logic is being
updated.

Closes #2468
flavorjones added a commit that referenced this issue May 4, 2022
@flavorjones
Merge pull request #2526 from sparklemotion/2525-update-libxml-2_9_14…
c9b9201 
…-main

dep: update libxml2 to v2.9.14 (main branch)

---

**What problem is this PR intended to solve?**

Update libxml2 to v2.9.14 rom v2.9.13, see #2525 

> https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14

Also ensure that tests pass against upstream libxml2 (#2468).

**Have you included adequate test coverage?**

This PR updates tests to reflect the difference in how incorrectly-opened comments are handled in this release.


**Does this change affect the behavior of either the C or the Java implementations?**

The C native implementation handling of incorrectly-opened comments is different from previous and different from the JRuby implementation's handling. These differences are fully captured and explained in the test suite.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
upstream/libxml2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flavorjones