instiki

Author	SHA1	Message	Date
Jacques Distler	0eb723e125	Accessibility: Use Uploaded File Descriptions The file upload dialog asks for a description of the image or file to be uploaded. Use this as the default alt-text for the image and as a title attribute for a file link.	2007-10-09 02:51:38 -05:00
Jacques Distler	be8bb3d06d	InterWeb Links From Jason Blevins: [[Web Name:Page Name]] or [[Web Name:Page Name\|alternate label]] produce inter-Web links on the same Instiki installation.	2007-10-06 16:04:11 -05:00
Jacques Distler	3a3cfeaa9b	Drop URI Chunk-handling The URIChunk and LocalURICunk handlers were 1) Slow 2) Buggy (prone to produce ill-formed pages in edge cases) 3) Of dubious utility So I ditched them. No auto-linked URLs, but who cares?	2007-10-05 16:25:41 -05:00
Jacques Distler	08857ebe8e	Fix Markdown (non-math) Engine, Tweak Themes More tweaks to the supplied S5 themes. Fixed a minor regression in the non-Math Markdown engine.	2007-09-14 18:09:24 -05:00
Jacques Distler	54aada824c	Use Standard PageRenderer for S5 Content From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.	2007-09-14 10:43:03 -05:00
Jacques Distler	119ab342dc	Security: Sanitize <nowiki> Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.	2007-09-10 22:35:50 -05:00
Jacques Distler	9035c98dc5	Bugfix: Category listings Fixed bug where clicking on a category link would stomp on the "All Pages" listing.	2007-09-09 23:20:06 -05:00
Jacques Distler	5b182bd228	HTML5lib Bug Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows). Some miscellaneous code cleanup. In particular, don't bother with zapping control characters; instead, rely on is_utf8? method to raise an exception (which we do anyway).	2007-09-06 10:40:48 -05:00
Jacques Distler	5ff1b7f6da	XSS Security Fix There was a XSS vulnerability in the handling of categories. Now they are escaped.	2007-09-02 00:33:28 -05:00
Jacques Distler	6fd6be8fea	Sanitizer Fix Whoops! Looks like Ryan changed the API for the HTML5 sanitizer. Bad, bad, bad. Fixed now.	2007-08-30 16:06:20 -05:00
Jacques Distler	1bc5da0053	Use XHTMLSerializer, where appropriate.	2007-07-04 18:53:03 -05:00
Jacques Distler	8ccaad85a5	Sync with latest HTML5lib and latest Maruku	2007-07-04 17:36:59 -05:00
Jacques Distler	3de374d6c1	More fixes, sync with HTML5lib Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method. More tests fixed.	2007-06-13 23:05:15 -05:00
Jacques Distler	3ca33e52b5	Cleanup Got rid of redcloth_for_tex. Fixed almost all the busted tests.	2007-06-13 01:56:44 -05:00
Jacques Distler	2da672ec5b	Many Minor Fixes Fixed a whole bunch of minor stuff. Had a go at getting some of the plethora of broken tests to pass.	2007-06-12 17:37:55 -05:00
Jacques Distler	a68d1aa8f3	Sanitizer API documentation now online See: http://golem.ph.utexas.edu/~distler/code/rdoc/sanitize/	2007-06-08 23:51:30 -05:00
Jacques Distler	f818238dd3	Consolidation Shuffled around a couple of files.	2007-06-08 22:39:37 -05:00
Jacques Distler	3bf560c3b3	Updated to Latest HTML5lib Synced with latest HTML5lib. Added some RDoc-compatible documentation to the sanitizer.	2007-06-08 17:26:00 -05:00
Jacques Distler	8badd0766a	Enhancements to sanitize.rb Options, options, ... options.	2007-06-08 01:23:09 -05:00
Jacques Distler	0298868573	Fix S5 Unicode Make sure sanitize_xhtml and sanitize_html are set to utf-8 encoding. Also, a stylesheet tweak.	2007-06-07 17:30:42 -05:00
Jacques Distler	e1acebe6e4	Bugfix Me stoopid.	2007-06-05 18:06:26 -05:00
Jacques Distler	f0cf0ec625	Sanitize REML trees OK. Enabled sanitization of rexml trees instead of strings. My timing tests seem to be erratic. Can't tell whether this is really faster.	2007-06-05 17:13:44 -05:00
Jacques Distler	bd8ba1f4b1	REXML Trees Synced with latest HTML5lib. Added preliminary support (currently disabled) for sanitizing REXML trees.	2007-06-05 16:34:49 -05:00
Jacques Distler	4dd70af5ae	HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.	2007-05-30 10:45:52 -05:00
Jacques Distler	e1a6827f1f	Rollback Switch to HTML5lib Apparently, HTML5lib does not handle astral plane unicode characters correctly. Which makes it useless. Return to the previous sanitizer.	2007-05-29 23:57:39 -05:00
Jacques Distler	6b21ac484f	HTML5lib Sanitizer Replaced native Sanitizer with HTML5lib version. Synced with latest Maruku.	2007-05-25 20:52:27 -05:00
Jacques Distler	b0e063451f	Sanitize Tweak Add 'cite' to the list of attributes whose values are URI's.	2007-04-28 02:09:21 -05:00
Jacques Distler	9b55a75570	More SVG Elements and Attributes Added <tspan> and <marker>, as well as a slew of related SVG attributes. Also an SVG-related stylesheet tweak	2007-04-27 21:52:29 -05:00
Jacques Distler	6ca6525ff7	Add another SVG attribute to Sanitize. Add 'stroke-opacity' to list of allowed SVG attributes.	2007-04-20 16:09:55 -05:00
Jacques Distler	0db06a9fa3	To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.)	2007-03-29 03:30:10 -05:00
Jacques Distler	7adac51d6d	Sync with latest Instiki trunk. Changes: 1) Upgrade Rails to 1.2.3 2) Revert RedCloth to previous version (who %#$@ cares?) 3) Preserve the Rails Security fix to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.	2007-03-18 11:56:12 -05:00
Jacques Distler	d74116dc67	Ensure that input is bona fide utf-8.	2007-03-07 21:06:39 -06:00
Jacques Distler	f208d50032	Bah!	2007-02-24 23:07:25 -06:00
Jacques Distler	507a17aade	More lenient URI scheme matching in sanitize.	2007-02-24 22:47:31 -06:00
Jacques Distler	f9dcfa5af0	Make list of attributes whose values are scanned for acceptable URI schemes customizable.	2007-02-24 11:55:40 -06:00
Jacques Distler	d8e06f6db9	Sanitize URI schemes.	2007-02-23 13:34:58 -06:00
Jacques Distler	e179508377	Sanitization now preserves case-sensitive element and attribute names (necessary to support SVG). Unit tests, galore.	2007-02-23 11:32:06 -06:00
Jacques Distler	2fa1e08c96	Tweak dependencies of sanitize.rb	2007-02-22 01:16:18 -06:00
Jacques Distler	bacae2c468	Finally! XSS-protection, done right. If you want something done right, ...	2007-02-22 01:06:53 -06:00
Jacques Distler	0aafedb2df	More XSS fixes. Started fixing file uploads.	2007-02-21 12:10:47 -06:00
Jacques Distler	88c6f27e14	Bah! Someone will care about those other Text-filters.	2007-02-20 08:18:48 -06:00
Jacques Distler	e727507ac8	Zap gremlins. Close cross-site scripting hole.	2007-02-19 23:15:39 -06:00
Jacques Distler	fc15848517	Configure equation-numbering as we like it.	2007-02-14 22:19:37 -06:00
Jacques Distler	ff63e894b2	Sync with latest Maruku. Finally able to ditch BlueCloth completely.	2007-02-14 20:32:24 -06:00
Jacques Distler	d4b947462b	Whoops! Missed one.	2007-02-10 23:17:16 -06:00
Jacques Distler	63e217bcfd	Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ . Synced with Instiki SVN.	2007-02-10 23:03:15 -06:00
Jacques Distler	0ac586ee25	Sync with latest Maruku.	2007-02-04 19:36:33 -06:00
Jacques Distler	8c52f28864	Replaced diff.rb with xhtmldiff.rb, which (unlike its predecessor) produces well-formed redline documents.	2007-02-03 22:52:48 -06:00
Jacques Distler	86e9c70a26	Fix regression in Maruku.	2007-02-02 01:00:02 -06:00
Jacques Distler	f406318168	Sync with Maruku.	2007-01-24 17:14:50 -06:00
Jacques Distler	488dd334f7	Support for IE+MathPlayer. Sync with latest Maruku.	2007-01-24 10:53:10 -06:00
Jacques Distler	1c05a94d1b	Updated to latest Maruku.	2007-01-23 09:26:45 -06:00
Jacques Distler	ceb0931bb3	Sync to lastest Maruku. Tweak to CSS stylesheet.	2007-01-22 11:34:51 -06:00
Jacques Distler	b19e1e4f47	Bring up to current.	2007-01-22 08:36:51 -06:00
Jacques Distler	69b62b6f33	Checkout of Instiki Trunk 1/21/2007.	2007-01-22 07:43:50 -06:00

1 2 3 4

155 commits