Commit graph

20 commits

Author SHA1 Message Date
Jacques Distler 2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
Jacques Distler be8bb3d06d InterWeb Links
From Jason Blevins:  [[Web Name:Page Name]] or [[Web Name:Page Name|alternate label]] produce inter-Web links on the same Instiki installation.
2007-10-06 16:04:11 -05:00
Jacques Distler 1259e16a4a A Couple of Unit Tests 2007-09-23 00:03:58 -05:00
Jacques Distler 3f5d804c22 Testcases for Recent XSS flaws
Testcases for unsanitized chunk-handling.
2007-09-11 20:49:56 -05:00
Jacques Distler d0e834978a Fix Broken Tests
In preparation for adding new tests, let's fix the existing ones.
3 Unit tests and one Functional test still fail.

* Two unit tests are bugs in xhtmldiff
* One is a bug in Maruku
* A file upload functional test fails, for reasons that escape me.
2007-09-11 12:04:26 -05:00
Jacques Distler 3de374d6c1 More fixes, sync with HTML5lib
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler 3ca33e52b5 Cleanup
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler 2da672ec5b Many Minor Fixes
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler c67cfbc52d Sanitize tests moved
Sanitize tests are now in the vendor/plugins/HTML5lib/tests/ directory.
2007-05-25 22:58:12 -05:00
Jacques Distler 3b6cd309ff Sync with Instiki Trunk
Sync with Revision 519 of Instiki trunk (2007/5/7).
2007-05-11 11:47:38 -05:00
Jacques Distler 507a17aade More lenient URI scheme matching in sanitize. 2007-02-24 22:47:31 -06:00
Jacques Distler 59c64439d8 More unit tests. 2007-02-24 00:41:35 -06:00
Jacques Distler fff30ec27f Whoops! Forgot a test. 2007-02-23 15:09:12 -06:00
Jacques Distler d8e06f6db9 Sanitize URI schemes. 2007-02-23 13:34:58 -06:00
Jacques Distler 4c903d6a77 Renamed sanitize unit test file. 2007-02-23 11:57:39 -06:00
Jacques Distler e179508377 Sanitization now preserves case-sensitive element and attribute names (necessary to support SVG).
Unit tests, galore.
2007-02-23 11:32:06 -06:00
Jacques Distler 5f31d12a6f Updated tests to reflect new cookie scheme (from rev 17). 2007-02-09 17:29:17 -06:00
Jacques Distler 5246bada80 Added some more xhtmldiff unit tests. 2007-02-04 16:30:29 -06:00
Jacques Distler 8c52f28864 Replaced diff.rb with xhtmldiff.rb, which (unlike its predecessor) produces well-formed redline documents. 2007-02-03 22:52:48 -06:00
Jacques Distler 69b62b6f33 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00