Jacques Distler
a57152d743
Fix Category Listing Bugs
...
The links to the category listings
were bogus, and the category listing
page needed some XSS-unprotection.
2010-05-27 00:27:49 -05:00
Jacques Distler
ad3fe74cfd
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-26 14:38:32 -05:00
Jacques Distler
b5a4e2fd9c
Sync with latest SVG-Edit
2010-05-26 14:37:55 -05:00
Jacques Distler
d61ae49e66
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-26 14:17:52 -05:00
Jacques Distler
1da034e2be
Fix some to-be-deprecated stuff
2010-05-26 14:16:34 -05:00
Jacques Distler
4774d7c8a1
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-26 01:28:03 -05:00
Jacques Distler
4b73f1a1ae
More rails_xss Plugin fun
...
:-(
2010-05-26 01:27:09 -05:00
Jacques Distler
e3cbef7dcd
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-26 00:33:21 -05:00
Jacques Distler
a5e08f7bcc
Rails_xss Plugin
...
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.
As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
2010-05-26 00:27:49 -05:00
Jacques Distler
5196df7575
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-25 13:01:31 -05:00
Jacques Distler
d6be09e0f0
Fix some Helper Methods
...
It seems that (advertising to the contrary)
Rails's XSS Protection is enabled, by default
in 2.3.8. So needed to fix some helper methods.
2010-05-25 12:59:35 -05:00
Jacques Distler
52f0dbb91c
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-25 12:46:37 -05:00
Jacques Distler
f0635301aa
Update to Rails 2.3.8
2010-05-25 12:45:45 -05:00
Jacques Distler
3745e4d669
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-23 23:23:50 -05:00
Jacques Distler
6677b46cb4
A few more additions for the Sanitizer
2010-05-23 23:22:45 -05:00
Jacques Distler
f7b2a40cf6
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-22 16:12:35 -05:00
Jacques Distler
d2c4623bf7
HTML5 Doctype
2010-05-22 16:11:27 -05:00
Jacques Distler
3bfbb7736d
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-22 15:21:52 -05:00
Jacques Distler
8149c29324
More HTML5 Attribute support in Maruku
2010-05-22 15:21:06 -05:00
Jacques Distler
ecf54415eb
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-22 14:37:18 -05:00
Jacques Distler
2781890832
Updated Sanitizer for HTML5
...
Sanitizer should recognize HTML elements
and attributes.
New Allowed Elements:
article aside audio canvas command details
dialog figcaption figure footer header
hgroup mark meter nav progress rp rt ruby
section source summary time video war
(OK, audio and video were already there)
New Allowed Attributes:
autocomplete contenteditable contextmenu
draggable formaction icon low max min
open optimum pattern placeholder preload
pubdate required reversed spellcheck step
wrap
Attributes removed:
abbr charset loopcount loopend loopstart
noshade nowrap rev rules
Maruku supports @start and @reversed on
ordered lists. It doesn't seem to support
IALs on li elements, so you still can't
attach @value to an li.
2010-05-22 14:34:08 -05:00
Jacques Distler
5a448c3d50
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-13 00:59:14 -05:00
Jacques Distler
d9d353a350
Some HTML5 audio/video attributes for the Sanitizer
2010-05-13 00:47:09 -05:00
Jacques Distler
5c7346c12e
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-11 01:11:37 -05:00
Jacques Distler
80845297a3
This is even better
2010-05-11 01:10:59 -05:00
Jacques Distler
5cc477712f
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-11 00:43:18 -05:00
Jacques Distler
04a1727082
Select Saved SVG
...
When closing SVG-Edit, make the saved
svg selected.
Also, some SVG-Edit updates.
2010-05-11 00:38:21 -05:00
Jacques Distler
a2c3e2a76c
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-05-08 23:46:33 -05:00
Jacques Distler
fd9fc1455e
Prefer Monkey-patching Rack Gem to Vendored Rack
...
This gets around a dreaded
in `load_missing_constant': Rack
is not missing constant Handler! (ArgumentError)
error in latest Ruby 1.9.2-dev. (Ruby
1.8.x doesn't seem to care.)
2010-05-08 23:42:40 -05:00
Jacques Distler
cfd972755a
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-28 16:45:16 -05:00
Jacques Distler
10cf102544
More bogus namespace fixes
2010-04-28 16:44:07 -05:00
Jacques Distler
ac7105591e
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-28 11:57:05 -05:00
Jacques Distler
86a53d1dfa
Task of Sisyphus: Filter bogus attributes generated by Gecko (again)
2010-04-28 11:54:56 -05:00
Jacques Distler
bffc0a6f97
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-28 00:24:23 -05:00
Jacques Distler
d1678ceb49
Sync with SVG-Edit 2.5beta
2010-04-28 00:22:49 -05:00
Jacques Distler
e6854767b5
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-18 12:59:25 -05:00
Jacques Distler
79a2299363
Content-Type of Cached Files with Period in Name
...
Monkey patch to prevent ActionCache from overriding
the correct content-type header, when serving cached
pages with a "." in the name. (Thanks to Jason Blevins)
Also sync with latest SVG-Edit.
2010-04-18 12:55:02 -05:00
Jacques Distler
226fa3033f
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-12 00:37:25 -05:00
Jacques Distler
324cc12320
Gaussian Blur (and other fun stuff)
...
Sync with latest SVG-edit.
2010-04-12 00:33:24 -05:00
Jacques Distler
72b16ce9cc
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-06 13:45:14 -05:00
Jacques Distler
6d5db0739a
Buglet in latest SVG-Edit
...
Sync with latest SVG-Edit.
Among other things, fixes Issue 512.
2010-04-06 13:39:21 -05:00
Jacques Distler
3b87094327
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-04-02 00:02:58 -05:00
Jacques Distler
da0c6a2ea1
Fix an SVG nonce bug
...
Dunno when this problem with randomized IDs arose.
But it's fixed now.
Also, sync with latest SVG-Edit.
2010-04-01 23:56:21 -05:00
Jacques Distler
3f87912191
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-03-29 09:28:51 -05:00
Jacques Distler
18b5ea9aa6
Use Instiki's escapeHTML Method in Templates
...
Fixes bug reported by Toby Bartels.
2010-03-29 09:27:14 -05:00
Jacques Distler
e15d76d781
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-03-25 02:25:48 -05:00
Jacques Distler
5f66f8387e
Latest SVG-Edit
...
Jquery-1.8, and config for extensions.
2010-03-25 02:22:55 -05:00
Jacques Distler
5f04be0eae
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-03-22 19:23:26 -05:00
Jacques Distler
77cfc0d2e3
Connector extension should use configured defaults
2010-03-22 19:21:00 -05:00
Jacques Distler
a8428ada2f
Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki
2010-03-18 10:36:24 -05:00