Description

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.) ActiveRecord extensions for sanitization are available in the `loofah-activerecord` gem (see https://github.com/flavorjones/loofah-activerecord).

Vulnerabilities

4 severe

Did you Know?

Chelsea is a free open source tool that makes it easy to find vulnerabilities in RubyGems components. You can use it to scan anytime, or include it as part of your CI/CD pipeline so you never miss a vulnerability.

Scan a Ruby project

The Nexus Vulnerability Scanner audits projects for OSS risk and gives you a full software bill of materials (SBOM) using premium data from the Nexus Platform, our enterprise suite of products.

Scan your application today

Sign up and see:

Detailed component information including:
  • Version history
  • Declared licenses
  • Vulnerability details
Sign Up