Jacques Distler
8badd0766a
Enhancements to sanitize.rb
...
Options, options, ... options.
2007-06-08 01:23:09 -05:00
Jacques Distler
0298868573
Fix S5 Unicode
...
Make sure sanitize_xhtml and sanitize_html are set to utf-8 encoding.
Also, a stylesheet tweak.
2007-06-07 17:30:42 -05:00
Jacques Distler
e1acebe6e4
Bugfix
...
Me stoopid.
2007-06-05 18:06:26 -05:00
Jacques Distler
f0cf0ec625
Sanitize REML trees
...
OK. Enabled sanitization of rexml trees instead of strings.
My timing tests seem to be erratic. Can't tell whether this is really faster.
2007-06-05 17:13:44 -05:00
Jacques Distler
bd8ba1f4b1
REXML Trees
...
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
2007-06-05 16:34:49 -05:00
Jacques Distler
4dd70af5ae
HTML5lib is Back.
...
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
2007-05-30 10:45:52 -05:00
Jacques Distler
e1a6827f1f
Rollback Switch to HTML5lib
...
Apparently, HTML5lib does not handle astral plane unicode characters correctly.
Which makes it useless.
Return to the previous sanitizer.
2007-05-29 23:57:39 -05:00
Jacques Distler
6b21ac484f
HTML5lib Sanitizer
...
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
2007-05-25 20:52:27 -05:00
Jacques Distler
b0e063451f
Sanitize Tweak
...
Add 'cite' to the list of attributes whose values are URI's.
2007-04-28 02:09:21 -05:00
Jacques Distler
9b55a75570
More SVG Elements and Attributes
...
Added <tspan> and <marker>, as well as a slew of related SVG attributes.
Also an SVG-related stylesheet tweak
2007-04-27 21:52:29 -05:00
Jacques Distler
6ca6525ff7
Add another SVG attribute to Sanitize.
...
Add 'stroke-opacity' to list of allowed SVG attributes.
2007-04-20 16:09:55 -05:00
Jacques Distler
0db06a9fa3
To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.)
2007-03-29 03:30:10 -05:00
Jacques Distler
7adac51d6d
Sync with latest Instiki trunk. Changes:
...
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
2007-03-18 11:56:12 -05:00
Jacques Distler
d74116dc67
Ensure that input is bona fide utf-8.
2007-03-07 21:06:39 -06:00
Jacques Distler
f208d50032
Bah!
2007-02-24 23:07:25 -06:00
Jacques Distler
507a17aade
More lenient URI scheme matching in sanitize.
2007-02-24 22:47:31 -06:00
Jacques Distler
f9dcfa5af0
Make list of attributes whose values are scanned for acceptable URI schemes customizable.
2007-02-24 11:55:40 -06:00
Jacques Distler
d8e06f6db9
Sanitize URI schemes.
2007-02-23 13:34:58 -06:00
Jacques Distler
e179508377
Sanitization now preserves case-sensitive element and attribute names (necessary to support SVG).
...
Unit tests, galore.
2007-02-23 11:32:06 -06:00
Jacques Distler
2fa1e08c96
Tweak dependencies of sanitize.rb
2007-02-22 01:16:18 -06:00
Jacques Distler
bacae2c468
Finally! XSS-protection, done right.
...
If you want something done right, ...
2007-02-22 01:06:53 -06:00
Jacques Distler
0aafedb2df
More XSS fixes.
...
Started fixing file uploads.
2007-02-21 12:10:47 -06:00
Jacques Distler
88c6f27e14
Bah! *Someone* will care about those other Text-filters.
2007-02-20 08:18:48 -06:00
Jacques Distler
e727507ac8
Zap gremlins.
...
Close cross-site scripting hole.
2007-02-19 23:15:39 -06:00
Jacques Distler
fc15848517
Configure equation-numbering as we like it.
2007-02-14 22:19:37 -06:00
Jacques Distler
ff63e894b2
Sync with latest Maruku.
...
Finally able to ditch BlueCloth completely.
2007-02-14 20:32:24 -06:00
Jacques Distler
d4b947462b
Whoops! Missed one.
2007-02-10 23:17:16 -06:00
Jacques Distler
63e217bcfd
Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ .
...
Synced with Instiki SVN.
2007-02-10 23:03:15 -06:00
Jacques Distler
0ac586ee25
Sync with latest Maruku.
2007-02-04 19:36:33 -06:00
Jacques Distler
8c52f28864
Replaced diff.rb with xhtmldiff.rb, which (unlike its predecessor) produces well-formed redline documents.
2007-02-03 22:52:48 -06:00
Jacques Distler
86e9c70a26
Fix regression in Maruku.
2007-02-02 01:00:02 -06:00
Jacques Distler
f406318168
Sync with Maruku.
2007-01-24 17:14:50 -06:00
Jacques Distler
488dd334f7
Support for IE+MathPlayer.
...
Sync with latest Maruku.
2007-01-24 10:53:10 -06:00
Jacques Distler
1c05a94d1b
Updated to latest Maruku.
2007-01-23 09:26:45 -06:00
Jacques Distler
ceb0931bb3
Sync to lastest Maruku. Tweak to CSS stylesheet.
2007-01-22 11:34:51 -06:00
Jacques Distler
b19e1e4f47
Bring up to current.
2007-01-22 08:36:51 -06:00
Jacques Distler
69b62b6f33
Checkout of Instiki Trunk 1/21/2007.
2007-01-22 07:43:50 -06:00