Security: Sanitize <nowiki>

Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.

lib/chunks/nowiki.rb

@@ -13,6 +13,10 @@ require 'chunks/chunk'
 #
 # Author: Mark Reid <mark at threewordslong dot com>
 # Created: 8th June 2004
+
+require 'sanitize'
+include Sanitize
+
 class NoWiki < Chunk::Abstract
 
   NOWIKI_PATTERN = Regexp.new('<nowiki>(.*?)</nowiki>', Regexp::MULTILINE)
@@ -22,7 +26,7 @@ class NoWiki < Chunk::Abstract
 
   def initialize(match_data, content)
     super
-    @plain_text = @unmask_text = match_data[1]
+    @plain_text = @unmask_text = sanitize_xhtml(match_data[1])
   end
 
 end