loofah version 2.1.0.rc1 has been released!
TL;DR: CSS property parsing and sanitization has been re-implemented on top of Crass:
replacing the regexes that were lifted from html5lib back in 2009. I’m relatively sure this is a good thing.
I would very much like feedback on this implementation before cutting an actual release, as Loofah is the underlying implementation for Rails sanitization, and thus has a large surface area. See this article for history on Loofah’s adoption in Rails:
Please provide feedback on this implementation here:
If I don’t know of any blockers by 28 August 2015, I’ll release 2.1.0 final based on this implementation.