Jacques Distler
6ca6525ff7
Add another SVG attribute to Sanitize.
...
Add 'stroke-opacity' to list of allowed SVG attributes.
2007-04-20 16:09:55 -05:00
Jacques Distler
0db06a9fa3
To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.)
2007-03-29 03:30:10 -05:00
Jacques Distler
7adac51d6d
Sync with latest Instiki trunk. Changes:
...
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
2007-03-18 11:56:12 -05:00
Jacques Distler
d74116dc67
Ensure that input is bona fide utf-8.
2007-03-07 21:06:39 -06:00
Jacques Distler
f208d50032
Bah!
2007-02-24 23:07:25 -06:00
Jacques Distler
507a17aade
More lenient URI scheme matching in sanitize.
2007-02-24 22:47:31 -06:00
Jacques Distler
f9dcfa5af0
Make list of attributes whose values are scanned for acceptable URI schemes customizable.
2007-02-24 11:55:40 -06:00
Jacques Distler
d8e06f6db9
Sanitize URI schemes.
2007-02-23 13:34:58 -06:00
Jacques Distler
e179508377
Sanitization now preserves case-sensitive element and attribute names (necessary to support SVG).
...
Unit tests, galore.
2007-02-23 11:32:06 -06:00
Jacques Distler
2fa1e08c96
Tweak dependencies of sanitize.rb
2007-02-22 01:16:18 -06:00
Jacques Distler
bacae2c468
Finally! XSS-protection, done right.
...
If you want something done right, ...
2007-02-22 01:06:53 -06:00
Jacques Distler
0aafedb2df
More XSS fixes.
...
Started fixing file uploads.
2007-02-21 12:10:47 -06:00
Jacques Distler
88c6f27e14
Bah! *Someone* will care about those other Text-filters.
2007-02-20 08:18:48 -06:00
Jacques Distler
e727507ac8
Zap gremlins.
...
Close cross-site scripting hole.
2007-02-19 23:15:39 -06:00
Jacques Distler
fc15848517
Configure equation-numbering as we like it.
2007-02-14 22:19:37 -06:00
Jacques Distler
ff63e894b2
Sync with latest Maruku.
...
Finally able to ditch BlueCloth completely.
2007-02-14 20:32:24 -06:00
Jacques Distler
d4b947462b
Whoops! Missed one.
2007-02-10 23:17:16 -06:00
Jacques Distler
63e217bcfd
Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ .
...
Synced with Instiki SVN.
2007-02-10 23:03:15 -06:00
Jacques Distler
0ac586ee25
Sync with latest Maruku.
2007-02-04 19:36:33 -06:00
Jacques Distler
8c52f28864
Replaced diff.rb with xhtmldiff.rb, which (unlike its predecessor) produces well-formed redline documents.
2007-02-03 22:52:48 -06:00
Jacques Distler
86e9c70a26
Fix regression in Maruku.
2007-02-02 01:00:02 -06:00
Jacques Distler
f406318168
Sync with Maruku.
2007-01-24 17:14:50 -06:00
Jacques Distler
488dd334f7
Support for IE+MathPlayer.
...
Sync with latest Maruku.
2007-01-24 10:53:10 -06:00
Jacques Distler
1c05a94d1b
Updated to latest Maruku.
2007-01-23 09:26:45 -06:00
Jacques Distler
ceb0931bb3
Sync to lastest Maruku. Tweak to CSS stylesheet.
2007-01-22 11:34:51 -06:00
Jacques Distler
b19e1e4f47
Bring up to current.
2007-01-22 08:36:51 -06:00
Jacques Distler
69b62b6f33
Checkout of Instiki Trunk 1/21/2007.
2007-01-22 07:43:50 -06:00