Commit graph

160 commits

Author SHA1 Message Date
Jacques Distler 1259e16a4a A Couple of Unit Tests 2007-09-23 00:03:58 -05:00
Jacques Distler e8769c0b83 Add the manage_fixtures plugin for easy database migration 2007-09-20 00:36:07 -05:00
Jacques Distler c54a78c026 Links in Published Webs
Links in published Webs (in particular, the author-link) should be to the published version of the page.
2007-09-15 14:39:28 -05:00
Jacques Distler 4144aa2c98 Can't. Stop. Tweaking. Themes. 2007-09-15 11:40:48 -05:00
Jacques Distler 2c4473a0e9 S5 Slide notes
Slide notes are now served correctly (as application/xhtml+xml) to compatible
browsers. So you can put math in your notes, and the MathML will render.

We don't do real content-negotioation. IE gets text/html; everyone else gets application/xhtml+xml.
2007-09-15 00:29:20 -05:00
Jacques Distler 08857ebe8e Fix Markdown (non-math) Engine, Tweak Themes
More tweaks to the supplied S5 themes.
Fixed a minor regression in the non-Math Markdown engine.
2007-09-14 18:09:24 -05:00
Jacques Distler 54aada824c Use Standard PageRenderer for S5 Content
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
2007-09-14 10:43:03 -05:00
Jacques Distler 3f5d804c22 Testcases for Recent XSS flaws
Testcases for unsanitized chunk-handling.
2007-09-11 20:49:56 -05:00
Jacques Distler d0e834978a Fix Broken Tests
In preparation for adding new tests, let's fix the existing ones.
3 Unit tests and one Functional test still fail.

* Two unit tests are bugs in xhtmldiff
* One is a bug in Maruku
* A file upload functional test fails, for reasons that escape me.
2007-09-11 12:04:26 -05:00
Jacques Distler 119ab342dc Security: Sanitize <nowiki>
Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.
2007-09-10 22:35:50 -05:00
Jacques Distler 9035c98dc5 Bugfix: Category listings
Fixed bug where clicking on a category link would stomp on the "All Pages" listing.
2007-09-09 23:20:06 -05:00
Jacques Distler ed68d975df Update to latest HTML5lib
Fix that Tokenizer bug for real this time.
2007-09-09 22:26:19 -05:00
Jacques Distler f3a89556c4 A couple more Theme Tweaks.
A couple more CSS troubles fixed.
2007-09-07 00:21:17 -05:00
Jacques Distler 9db5f83f13 Tweaks to the S5 "blue" Theme
Corrected some small problems in the CSS.
2007-09-06 23:52:22 -05:00
Jacques Distler 5b182bd228 HTML5lib Bug
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler f482036683 S5 Themes Support
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
2007-09-05 08:38:54 -05:00
Jacques Distler 5ff1b7f6da XSS Security Fix
There  was a XSS vulnerability in the handling of categories. Now they are escaped.
2007-09-02 00:33:28 -05:00
Jacques Distler 6fd6be8fea Sanitizer Fix
Whoops! Looks like Ryan changed the API for the HTML5 sanitizer. Bad, bad, bad.
Fixed now.
2007-08-30 16:06:20 -05:00
Jacques Distler 81d3cdc8e4 Minor S5 tweaks and Sync with Latest HTML5lib 2007-08-30 12:19:10 -05:00
Jacques Distler dbed460843 Fixed S5 output for Safari
Safari can now receive S5 slideshows as real XHTML.
2007-07-27 13:47:19 -05:00
Jacques Distler b42a4c5fec More TeX macros. 2007-07-10 21:32:00 -05:00
Jacques Distler 1bc5da0053 Use XHTMLSerializer, where appropriate. 2007-07-04 18:53:03 -05:00
Jacques Distler 8ccaad85a5 Sync with latest HTML5lib and latest Maruku 2007-07-04 17:36:59 -05:00
Jacques Distler 8e92e4a3ab Sync with latest HTML5lib 2007-06-22 03:12:08 -05:00
Jacques Distler bf572e295f A few TeX macros
Tiny steps towards usable LaTeX output.
2007-06-16 03:14:51 -05:00
Jacques Distler df2898d940 Fix Caching bug (bis)
Nope! It's not a Rails bug. It's an action_cache plugin bug, after all. Fixed now.
2007-06-15 09:59:32 -05:00
Jacques Distler 31f691329a Fix Caching Bug
Files with "+"s in their names (e.g. from Wiki pages with spaces in their names) were not being expired properly. This is actually a Rails bug, but I fixed it by patching the action_cache plugin.
2007-06-15 09:18:06 -05:00
Jacques Distler 3de374d6c1 More fixes, sync with HTML5lib
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler 3ca33e52b5 Cleanup
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler 2da672ec5b Many Minor Fixes
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler 0ddd422059 Sync with latest HTML5lib 2007-06-11 23:33:06 -05:00
Jacques Distler c2bfdefa57 Another XSS fix
Yet another interesting XSS attack from 
  http://ha.ckers.org/xss.html
2007-06-11 00:03:51 -05:00
Jacques Distler aac197430c More XSS vectors defanged 2007-06-10 15:07:26 -05:00
Jacques Distler a6cbf38304 Table elements, too
Last fixup for the sanitizer tests.
2007-06-09 22:53:35 -05:00
Jacques Distler 6b2ec7354b Rationalize Sanitizer Tests 2007-06-09 22:21:50 -05:00
Jacques Distler a68d1aa8f3 Sanitizer API documentation now online
See:
   http://golem.ph.utexas.edu/~distler/code/rdoc/sanitize/
2007-06-08 23:51:30 -05:00
Jacques Distler f818238dd3 Consolidation
Shuffled around a couple of files.
2007-06-08 22:39:37 -05:00
Jacques Distler 3bf560c3b3 Updated to Latest HTML5lib
Synced with latest HTML5lib.
Added some RDoc-compatible documentation to the sanitizer.
2007-06-08 17:26:00 -05:00
Jacques Distler 8badd0766a Enhancements to sanitize.rb
Options, options, ... options.
2007-06-08 01:23:09 -05:00
Jacques Distler 0298868573 Fix S5 Unicode
Make sure sanitize_xhtml and sanitize_html are set to utf-8 encoding.
Also, a stylesheet tweak.
2007-06-07 17:30:42 -05:00
Jacques Distler 86a7577975 Renamed one function. 2007-06-06 14:36:54 -05:00
Jacques Distler 0012efcfb4 Fixed Porting Error in HTML5lib Serializer 2007-06-06 08:44:57 -05:00
Jacques Distler 8846b2cda5 Sync with Latest HTML5lib
Some more tweaks
2007-06-06 08:12:03 -05:00
Jacques Distler fd183eac04 More Tests
Put the Serializer version of the Sanitizer through its paces.
2007-06-06 00:56:43 -05:00
Jacques Distler e1acebe6e4 Bugfix
Me stoopid.
2007-06-05 18:06:26 -05:00
Jacques Distler f0cf0ec625 Sanitize REML trees
OK. Enabled sanitization of rexml trees instead of strings.
My timing tests seem to be erratic. Can't tell whether this is really faster.
2007-06-05 17:13:44 -05:00
Jacques Distler bd8ba1f4b1 REXML Trees
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
2007-06-05 16:34:49 -05:00
Jacques Distler 4dd70af5ae HTML5lib is Back.
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
2007-05-30 10:45:52 -05:00
Jacques Distler e1a6827f1f Rollback Switch to HTML5lib
Apparently, HTML5lib does not handle astral plane unicode characters correctly.
Which makes it useless.
Return to the previous sanitizer.
2007-05-29 23:57:39 -05:00
Jacques Distler bc0153c23f A few more MIME Types
Add a few more likely suspects.
2007-05-29 23:02:19 -05:00