Commit graph

149 commits

Author SHA1 Message Date
Jacques Distler
39c2138f88 Update Vendored Erubis to 2.6.6 2010-07-04 08:51:53 -05:00
Jacques Distler
ce8578d2d0 Some Maruku Regexp Refactoring 2010-06-19 03:02:15 -05:00
Jacques Distler
0d8f680d4f Updates
SVG-Edit -> 2.5final
Vendored Rack -> 1.2.1
2010-06-17 19:27:39 -05:00
Jacques Distler
6491d70326 Update Vendored Rack to 1.2.0
Also update tests for itextomml 1.3.25.
2010-06-13 23:09:24 -05:00
Jacques Distler
4f8759cdf3 Update vendored Sqlite3-ruby to 1.3.0
Also, some tweaks to Maruku.
2010-06-10 22:42:33 -05:00
Jacques Distler
90ad482ed2 Rename stringsupport.rb => instiki_stringsupport.rb 2010-06-09 11:47:39 -05:00
Jacques Distler
06ae79322a Maruku Cleanup Branch
Use Nathan Weizenbaum's "cleanup" branch of
Maruku. There were a few evident problems
with his branch, so please report any
anomalies you see.
2010-06-04 21:36:31 -05:00
Jacques Distler
c25b608f3d Maruku's string_utils.rb
Wow! Totally un-Ruby-like.
This is more Ruby-like and
(hopefully) faster.
2010-06-02 00:15:58 -05:00
Jacques Distler
b7a3b8aa94 Minor Update From Current Maruku 2010-06-01 10:39:55 -05:00
Jacques Distler
17e9cfab87 IAL's for <li> elements
Add a Markdown syntax for attaching
attribute lists to list items (for both
ordered and unordered lists).

The syntax is trivial:

1. This is the first item
2. {: value="3"} We skip straight to #3

* This is an item
* {: style="color:red"} This is a red item
2010-06-01 01:50:19 -05:00
Jacques Distler
a57152d743 Fix Category Listing Bugs
The links to the category listings
were bogus, and the category listing
page needed some XSS-unprotection.
2010-05-27 00:27:49 -05:00
Jacques Distler
1da034e2be Fix some to-be-deprecated stuff 2010-05-26 14:16:34 -05:00
Jacques Distler
a5e08f7bcc Rails_xss Plugin
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
2010-05-26 00:27:49 -05:00
Jacques Distler
f0635301aa Update to Rails 2.3.8 2010-05-25 12:45:45 -05:00
Jacques Distler
8149c29324 More HTML5 Attribute support in Maruku 2010-05-22 15:21:06 -05:00
Jacques Distler
2781890832 Updated Sanitizer for HTML5
Sanitizer should recognize HTML elements
and attributes.

New Allowed Elements:

  article aside audio canvas command details
  dialog figcaption figure footer header
  hgroup mark meter nav progress rp rt ruby
  section source summary time video war 
       
(OK, audio and video were already there)

New Allowed Attributes:

  autocomplete contenteditable contextmenu
  draggable formaction icon low max min
  open optimum pattern placeholder preload
  pubdate required reversed  spellcheck step
  wrap

Attributes removed:

  abbr charset loopcount loopend loopstart
  noshade nowrap rev rules 


Maruku supports @start and @reversed on
ordered lists. It doesn't seem to support
IALs on li elements, so you still can't
attach @value to an li.
2010-05-22 14:34:08 -05:00
Jacques Distler
7b22daa784 Fix Revision 601
With tests, this time.
2010-02-28 23:51:33 -06:00
Jacques Distler
70aa50ad4b Make dnsbl_check respond more intelligently
Thanks to Toby Bartels for pointing out
the deficiencies of the previous version.
2010-02-28 19:23:37 -06:00
Jacques Distler
7b7d2e80dc More Array -> Set
Make the syntax colouring run faster.
2010-01-02 11:22:12 -06:00
Jacques Distler
c212a53ad8 Updated License from Jason
Jason's fenced codeblock code is now
BSD Licensed.
2010-01-01 21:51:01 -06:00
Jacques Distler
9fe467ee36 Tweak SQLite Syntax Colouring 2010-01-01 20:18:10 -06:00
Jacques Distler
f66fc4de4d Fenced Code Blocks, Fortran Syntax Colouring
Support Marhdown Extra's fenced code blocks. [From Jason Blevins]
Fortran syntax colouring. [From Jason Blevins]
Turn on Syntax colouring, by default.
Point to Michel Fortin's Markdown Extra page.
2009-12-31 15:54:01 -06:00
Jacques Distler
a705709f9a Vendor Rack 1.1
Also clean up some View stuff.
2009-12-26 14:00:18 -06:00
Jacques Distler
77014652a3 Add Some Obsolete HTML Elements
Recognize some obsolete, but commonly-used,
HTML elements in the CSS syntax colourer.
2009-12-25 12:00:48 -06:00
Jacques Distler
c1420153d8 Update CSS Syntax Colouring for HTML5
Update the list of elements to what you
would encounter in an HTML5 document.
2009-12-25 04:16:03 -06:00
Jacques Distler
f06e6c004b Ruby 1.9 Compatibility of Vendored Syntax Library
The CSS language support of the syntax
colourer was broken under Ruby 1.9
2009-12-25 03:17:06 -06:00
Jacques Distler
3ab7327cea Whoops! Also Update Maruku
Support syntax-colouring for
lang=css
2009-12-24 12:25:44 -06:00
Jacques Distler
af0f607e75 Syntax Colouring
New syntax colouring modes.
In addition to the existing
  html, xml, ruby
we now support
  yaml, ansic, javascript, sqlite, css
2009-12-24 00:45:45 -06:00
Jacques Distler
1d32d45944 Upgrade Vendored rubyzip to Version 0.9.3 2009-12-23 02:19:16 -06:00
Jacques Distler
a71e64a172 Update Vendored sqlite3-ruby 2009-12-22 20:48:32 -06:00
Jacques Distler
76f388f3e2 Vendor Rack 1.0.1
Incorporate patch from Revision 496.
2009-12-18 20:16:58 -06:00
Jacques Distler
f7044ecbb4 Ruby 1.9.1 Fixes
Some more fixes to deal with Ruby 1.9.1.
2009-12-02 12:46:15 -06:00
Jacques Distler
063a8ca5a7 Fix Maruku Ruby 1.9 Bug
In Rbuy 1.8, ?c returns an integer.
In Ruby 1.9, it returns a 1-character
string. This was causing one of our
LaTeX conversion functional tests to
fail.
Fixed.
2009-12-01 21:29:07 -06:00
Jacques Distler
a6429f8c22 Ruby 1.9 Compatibility
Completely removed the html5lib sanitizer.
Fixed the string-handling to work in both
Ruby 1.8.x and 1.9.2. There are still,
inexplicably, two functional tests that
fail. But the rest seems to work quite well.
2009-11-30 16:28:18 -06:00
Jacques Distler
2f3ff9f651 Efficiency
There's a moderate efficiency gain to be had by
using Set#include?, rather than Array#include?
in the sanitizer.
2009-10-08 16:22:50 -05:00
Jacques Distler
698daecf0e Maruku "Email" Header Detection
The Regexp, used in Maruku to detect "email"
headers (used, e.g., for S5 slideshow metadata)
could, for some inputs, interact badly with
Instiki's Chunk Handler.
Fixed.
2009-07-13 23:59:09 -05:00
Jacques Distler
ef5878cf11 Put class name on <pre>, rather than <code>
Better CSS styling options ensue, if we put
the class='lang' on the <pre> element.

(Suggested by Casper Gripenberg)
2009-07-06 15:30:35 -05:00
Jacques Distler
a84648cff1 Fix Maruku Escaping Bug
Sync with latest Maruku (now on github).
lib/maruku/ext/math/mathml_engines/none.rb should
HTML-escape the TeX source code. No it does.
2009-05-13 01:27:39 -05:00
Jacques Distler
ec7141942b Instiki 0.16.6
Fix an incompatiblity between form_spam_protect and IE7.
(Thanks to Jason Blevins)
Roll a new version.
2009-05-08 16:13:25 -05:00
Jacques Distler
681065631c Add Support for SVG Clipping Paths
Add support in the sanitizer for <clipPath>, @clip-path and @clip-rule.
Suggested by Andrew Stacey.
2009-05-07 16:53:56 -05:00
Jacques Distler
e33ccad293 Remove list.dsbl.org
The dnsbl list at list.dsbl.org is defunct.
Also: a Ruby 1.9 compatiblity tweak for Maruku.
2009-05-03 00:57:07 -05:00
Jacques Distler
d425a70fad Yikes!
Yet more dangerously greedy Regexps in Maruku,
and one of my own.
2009-03-27 09:25:08 -05:00
Jacques Distler
7403ea6a6b Don't be greedy!
Maruku uses greedy Regexps in a number of places, which,
in unfavourable circumstances, can lead to exponential
slowdowns (an apparent hang).

We worked around one such bug in Revision 355. Recently,
Toby Bartels found another (in Table Header parsing).
The "real" solution seems to be to make sure the Regexps
are not greedy. (Thanks to Sam Ruby for spotting the problem!)

Reverted the workaround in Revision 355, fixed Toby's
bug, and several other similar Regexps.
2009-03-27 02:44:49 -05:00
Jacques Distler
c7418af48d Support for HTML5 <audio>
As with <video>,

   [[foo.wav:audio]]

works now, producing an HTML5 <audio> element.
2009-03-03 12:17:14 -06:00
Jacques Distler
8ea8b6a8f7 <video> and x-sendfile
Using <object> and <embed> were forbidden for obvious
security reasons. Instiki now permits embedding video
via the HTML5 <video> element (Ogg/Theora encoded videos
only, with .ogg or .ogv extensions). You can even upload
videos with

    [[foo.ogg:video]]

Instiki now support x-sendfile. See the Proxying page for
configuring Apache (with the x-sendfile module). Lighttpd
should work similarly.

Update Rails to latest Edge (hopefully converging on RC2!).
2009-03-02 02:32:25 -06:00
Jacques Distler
133c21b801 Bugfixes and Rails Edge
Update to Rails 2.3.1.
  (Actually, not quite. Doesn't look like 2.3.1 will be released
   today, but I REALLY want to push these bugfixes out.)
Removed bundled Rack (Rails 2.3.1 comes bundled with Rack 1.0).
Add
     config.action_view.cache_template_loading = true
  to production environment.
Fix FastCGI bug (http://rubyforge.org/tracker/index.php?func=detail&aid=24191&group_id=186&atid=783).
Fix WikiWords bug (http://rubyforge.org/pipermail/instiki-users/2009-February/001181.html).
2009-02-27 19:23:00 -06:00
Jacques Distler
53751a61f0 Fix Maruku Hanging Bug
A Maruku-syntax <div> with an unclosed IAL (and, it seems, at least one equation)
would cause Instiki to hang. Badly. Requiring a 'kill -9' to terminate it.
Reverting the OpenDiv and CloseDiv Regexps to my, more simple-minded, versions
fixes the problem.
2009-02-09 22:20:34 -06:00
Jacques Distler
4e14ccc74d Instiki 0.16.3: Rails 2.3.0
Instiki now runs on the Rails 2.3.0 Candidate Release.
Among other improvements, this means that it now 
automagically selects between WEBrick and Mongrel.

Just run

    ./instiki --daemon
2009-02-04 14:26:08 -06:00
Jacques Distler
b80995dbdc Equation Numbering in Maruku+itex2MML
This was spooged by Revision #263 (to accommodate) BlahTeX/PNG support.
Hopefully this way will work in both modes.
2009-01-24 11:40:53 -06:00
Jacques Distler
52c1f74ecc Add a couple of XSS tests.
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00