Ruby 1.9 Compatibility

Completely removed the html5lib sanitizer.
Fixed the string-handling to work in both
Ruby 1.8.x and 1.9.2. There are still,
inexplicably, two functional tests that
fail. But the rest seems to work quite well.

vendor/rails/activesupport/lib/active_support/message_verifier.rb

@@ -24,8 +24,10 @@ module ActiveSupport
     end
     
     def verify(signed_message)
+      raise InvalidSignature if signed_message.blank?
+
       data, digest = signed_message.split("--")
-      if secure_compare(digest, generate_digest(data))
+      if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
         Marshal.load(ActiveSupport::Base64.decode64(data))
       else
         raise InvalidSignature
@@ -38,16 +40,34 @@ module ActiveSupport
     end
     
     private
-      # constant-time comparison algorithm to prevent timing attacks
-      def secure_compare(a, b)
-        if a.length == b.length
-          result = 0
-          for i in 0..(a.length - 1)
-            result |= a[i] ^ b[i]
+      if "foo".respond_to?(:force_encoding)
+        # constant-time comparison algorithm to prevent timing attacks
+        def secure_compare(a, b)
+          a = a.dup.force_encoding(Encoding::BINARY)
+          b = b.dup.force_encoding(Encoding::BINARY)
+
+          if a.length == b.length
+            result = 0
+            for i in 0..(a.length - 1)
+              result |= a[i].ord ^ b[i].ord
+            end
+            result == 0
+          else
+            false
+          end
+        end
+      else
+        # For <= 1.8.6
+        def secure_compare(a, b)
+          if a.length == b.length
+            result = 0
+            for i in 0..(a.length - 1)
+              result |= a[i] ^ b[i]
+            end
+            result == 0
+          else
+            false
           end
-          result == 0
-        else
-          false
         end
       end