deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

XSS Security fixes

Browse source
This commit is contained in:
Jacques Distler 2007-02-25 15:13:50 +00:00
parent c9a9b7d315
commit 552cf4cff0
4 changed files with 938 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

20
lib/chunks/engines.rb
View file

@ -24,36 +24,48 @@ module Engines
end
class Textile < AbstractEngine
require_dependency 'sanitize'
include Sanitize
def mask
require_dependency 'redcloth'
redcloth = RedCloth.new(@content, [:hard_breaks] + @content.options[:engine_opts])
redcloth.filter_html = false
redcloth.no_span_caps = false
redcloth.to_html(:textile)
html = redcloth.to_html(:textile)
sanitize_html(html)
end
end
class Markdown < AbstractEngine
require_dependency 'sanitize'
include Sanitize
def mask
require_dependency 'bluecloth_tweaked'
BlueCloth.new(@content, @content.options[:engine_opts]).to_html
html = BlueCloth.new(@content, @content.options[:engine_opts]).to_html
sanitize_html(html)
end
end
class Mixed < AbstractEngine
require_dependency 'sanitize'
include Sanitize
def mask
require_dependency 'redcloth'
redcloth = RedCloth.new(@content, @content.options[:engine_opts])
redcloth.filter_html = false
redcloth.no_span_caps = false
redcloth.to_html
html = redcloth.to_html
sanitize_html(html)
end
end
class RDoc < AbstractEngine
require_dependency 'sanitize'
include Sanitize
def mask
require_dependency 'rdocsupport'
RDocSupport::RDocFormatter.new(@content).to_html
html = RDocSupport::RDocFormatter.new(@content).to_html
sanitize_html(html)
end
end