Fedora 12 Update: perl-HTML-Defang-1.03-1.fc12

updates at fedoraproject.org updates at fedoraproject.org
Thu Jul 1 18:46:50 UTC 2010

Fedora Update Notification
2010-06-15 15:36:29

Name        : perl-HTML-Defang
Product     : Fedora 12
Version     : 1.03
Release     : 1.fc12
URL         : http://search.cpan.org/dist/HTML-Defang/
Summary     : Cleans HTML and CSS of executable contents
Description :
This module accepts an input HTML and/or CSS string and removes any
executable code including scripting, embedded objects, applets, etc., and
neutralises any XSS attacks. A whitelist based approach is used which means
only HTML known to be safe is allowed through.

Update Information:

Various fixes:  * fix incorrect tag closing when "/" appears as attribute key  *
handle deep span nests with the same attrs, not just no attrs  * we might not
find the tag if we hit one that stops further breaking out, that's not an error
to report  * track noscript mismatched tags  * more nested table tags fixes  *
unicode fixes on attribute/style entity expansions  * more deep nested span/div
hacks  * avoid undef error  * optimisation for nested inline tags within block
tags  * massive speedup on deeply nested tags  * defang tweaks on large sets of
style rules  * use /\G..../gc matching on style rather than s///  * close/re-
open inline tags across block tags  * only convert \u sequences in stripped
values  * track mismatched <p> tags, and defang -- in a tag as well  * need to
strip -- in defanged tags because --'s in comments are bad

* Tue Jun 15 2010 Iain Arnell <iarnell at gmail.com> 1.03-1
- update to latest upstream

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-HTML-Defang' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list