loofah v2.2.0 released

loofah version 2.2.0 has been released!

Loofah is a general library for manipulating and transforming HTML/XML

documents and fragments. It’s built on top of Nokogiri and libxml2, so

it’s fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some

nice HTML sanitizers, which are based on HTML5lib’s whitelist, so it

most likely won’t make your codes less secure. (These statements have

not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the

loofah-activerecord gem.


2.2.0 / 2018-02-11


  • Support HTML5 <main> tag. #133 (Thanks, @MothOnMars!)

  • Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!)

  • Support SVG <symbol> tag. #131 (Thanks, @baopham!)

  • Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, @NikoRoberts!)

  • Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!)


  • Properly handle nested script tags. #127.