deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

More XSS fixes.

Browse source 
Started fixing file uploads.
This commit is contained in:
Jacques Distler 2007-02-21 12:10:47 -06:00
parent 59adca44cc
commit 0aafedb2df
2 changed files with 21 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/chunks/engines.rb
View file

@ -23,8 +23,13 @@ module Engines
end
MY_VERBOTEN_TAGS = %w(form script plaintext object embed applet iframe frameset frame link meta body style html)
MY_VERBOTEN_ATTRS = /^on/i
class Textile < AbstractEngine
require_dependency 'action_view/helpers/text_helper'
ActionView::Helpers::TextHelper::VERBOTEN_TAGS = MY_VERBOTEN_TAGS
ActionView::Helpers::TextHelper::VERBOTEN_ATTRS = MY_VERBOTEN_ATTRS
include ActionView::Helpers::TextHelper
def mask
require_dependency 'redcloth'
@ -38,6 +43,8 @@ module Engines
class Markdown < AbstractEngine
require_dependency 'action_view/helpers/text_helper'
ActionView::Helpers::TextHelper::VERBOTEN_TAGS = MY_VERBOTEN_TAGS
ActionView::Helpers::TextHelper::VERBOTEN_ATTRS = MY_VERBOTEN_ATTRS
include ActionView::Helpers::TextHelper
def mask
require_dependency 'maruku'
@ -49,6 +56,8 @@ module Engines
class MarkdownMML < AbstractEngine
require_dependency 'action_view/helpers/text_helper'
ActionView::Helpers::TextHelper::VERBOTEN_TAGS = MY_VERBOTEN_TAGS
ActionView::Helpers::TextHelper::VERBOTEN_ATTRS = MY_VERBOTEN_ATTRS
include ActionView::Helpers::TextHelper
def mask
require_dependency 'maruku'
@ -61,6 +70,8 @@ module Engines
class Mixed < AbstractEngine
require_dependency 'action_view/helpers/text_helper'
ActionView::Helpers::TextHelper::VERBOTEN_TAGS = MY_VERBOTEN_TAGS
ActionView::Helpers::TextHelper::VERBOTEN_ATTRS = MY_VERBOTEN_ATTRS
include ActionView::Helpers::TextHelper
def mask
require_dependency 'redcloth'
@ -74,6 +85,8 @@ module Engines
class RDoc < AbstractEngine
require_dependency 'action_view/helpers/text_helper'
ActionView::Helpers::TextHelper::VERBOTEN_TAGS = MY_VERBOTEN_TAGS
ActionView::Helpers::TextHelper::VERBOTEN_ATTRS = MY_VERBOTEN_ATTRS
include ActionView::Helpers::TextHelper
def mask
require_dependency 'rdocsupport'