Comments (25)
The CsQuery NuGet package which HtmlSanitizer references is not signed, so unfortunately signing HtmlSanitizer doesn't seem to be possible currently.
from htmlsanitizer.
There's also: http://strongnamingconsideredharmful.com/
from htmlsanitizer.
Nice link 👍
from htmlsanitizer.
Is this possible in v3?
from htmlsanitizer.
I think so, AngleSharp seems to be strong named, see AngleSharp/AngleSharp#115.
from htmlsanitizer.
OK. I recommend to strong name it, and only use the main version in the strong name. So the assembly version is for releases 3.0 - 3.x: 3.0.0
. (iif we practice semver in the library)
from htmlsanitizer.
Edit: I don't think semver is used? Can that be arranged in version 3?
from htmlsanitizer.
I very much like the automatic ".*" assembly versioning provided by AssemblyVersionAttribute. Not using this would mean we'd have to have some build script that does all kinds of versioning things (patch the assembly file version, set the NuGet version etc.).
from htmlsanitizer.
Well with *
you get issues with strong naming, as described at http://strongnamingconsideredharmful.com/, and the version number is also not semver.
proposal:
- set fixed
AssemblyVersionAttribute
to3.0.0.0
- from code or appveyor.yml - before publish: change the
assembly_file_version
andassembly_informational_version
(can be partly created by appveyor) - you can use variables. See https://github.com/NLog/NLog.Web/blob/master/appveyor.yml - publish from appveyor after successful build
from htmlsanitizer.
Done.
from htmlsanitizer.
@mganss I still do not see that NuGet package is signed, did you update it?
from htmlsanitizer.
Only the beta is strong named (currently 3.1.67).
from htmlsanitizer.
FYI strong looks good
from htmlsanitizer.
@mganss why is the version updated to 3.1.x ? It that a test?
from htmlsanitizer.
I had already published a NuGet package 3.0.5781.31354-beta before the move to SemVer.
from htmlsanitizer.
Mmmm
I think 3.1.67 is also not semver? I think it should be 3.1.0.67 or just 3.1.0. It's required to start with patch 0. Source: http://semver.org
from htmlsanitizer.
Where does it say that?
from htmlsanitizer.
Patch version MUST be reset to 0 when minor version is incremented.
7 on semver.org
from htmlsanitizer.
from htmlsanitizer.
I can't see how that helps with the goals of SemVer. As long as the version number is strictly increasing there shouldn't be a problem with specifiying dependencies.
from htmlsanitizer.
I can't see how that helps with the goals of SemVer. As long as the version number is strictly increasing there shouldn't be a problem with specifiying dependencies.
I don't really understand what you mean. The choose is relative easy, HtmlSanitizer uses SemVer, or it doesn't.
If HtmlSanitizer is using SemVer (from 3.0?), then 3.1.0.67 is not allowed as a version number after 3.0.x.
from htmlsanitizer.
OK, then it's "almost SemVer" 😉
from htmlsanitizer.
That doesn't exist IMO. It the same like saying that IE6 sticks to the HTML standards.
Why not unlisting the old packages and just create a 3.0 (-betaX) ?
from htmlsanitizer.
I think the problem is not so much starting with SemVer at a specific version but rather resetting the third component to 0 (in the future). I don't see a way to achieve this and still use the automatic versioning provided by AppVeyor. It seems SemVer wasn't designed with CI in mind.
Also, there isn't a single browser w/o bugs 😄
from htmlsanitizer.
3.1.76 is strong named.
from htmlsanitizer.
Related Issues (20)
- AngleSharp missing dependency HOT 2
- Url extra escaping HOT 3
- Error on sanitizing simple post without any invalid char. HOT 3
- about slash in background property HOT 1
- Allow outlook conditional comments HOT 1
- Sanitizer removes "px" from the source style attributes when it's "0px" HOT 1
- Properties in @font-face declaration are removed (font-display, mso-generic-font-family, mso-font-alt) HOT 1
- FilterUrl event not raised for relative URLs if baseUrl is used HOT 1
- href's allow inline javascript? HOT 2
- AngleSharp dependency issue in .NET Framework (IIS-hosted WCF service) HOT 9
- RemovingTag and/or RemovingAttribute does not fire for "<BODY ONLOAD=alert('XSS')>" HOT 1
- css attribute white-space is being removed by default HOT 1
- Characters such as < and > are removed, even if they're not a tag
- Unable to load assembly AngleSharp Version 0.17.0 when HtmlSanitizer Initialized HOT 1
- What's the correct way to allow ld+json? HOT 3
- HtmlSanitization removes Allowed Attributes from HTML content within a JSON string HOT 1
- Error in HtmlSanitizer.Sanitize HOT 13
- Advice about sanitizing markdown HOT 3
- Sanitizer Removes HTML styling Inside JSON string
- Conflict Between HtmlSanitizer and Bunit Due to AngleSharp Version HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from htmlsanitizer.