Jacques Distler
5ca0760f7c
Efficiency: Sanitize Once
...
Envoke the HTML5lib Sanitizer just once (when the content is finally rendered),
rather than each time it passes through the chunk-handler.
2008-05-15 01:22:13 -05:00
Jacques Distler
6359d06ed1
Bug in Include Chunk-handler
...
Fix the chunk-handler for [[!include ...]] so that it behaves as expected.
2008-01-16 11:28:43 -06:00
Jacques Distler
4586614914
Misc Cleanup
...
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
2008-01-14 14:46:38 -06:00
Jacques Distler
6873fc8026
Upgrade to Rails 2.0.2
...
Upgraded to Rails 2.0.2, except that we maintain
vendor/rails/actionpack/lib/action_controller/routing.rb
from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.
Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jacques Distler
0f6889e09f
Fix Unicode bug
...
Fix Diego Restrepo's bug (see Rev 184).
Update to latest HTML5lib.
2007-12-17 03:17:43 -06:00
Jacques Distler
1911d18f65
Performance
...
OK. This is a better way: define a custom TreeWalker which converts named entities to utf-8 as it goes. This avoids having to do an extra tree traversal in sanitize_rexml, AND avoids the trainwreck that is html5/inputstream.rb.
2007-10-14 21:07:46 -05:00
Jacques Distler
198d7847bd
Performance
...
My REXML::Element.to_ncr (and REXML::Element.to_utf8) is horribly slow. For long documents, it proves more efficient to serialize to a string, apply String.to_ncr (or String.to_utf8) and then Sanitize the string.
2007-10-13 16:32:04 -05:00
Jacques Distler
be8bb3d06d
InterWeb Links
...
From Jason Blevins: [[Web Name:Page Name]] or [[Web Name:Page Name|alternate label]] produce inter-Web links on the same Instiki installation.
2007-10-06 16:04:11 -05:00
Jacques Distler
08857ebe8e
Fix Markdown (non-math) Engine, Tweak Themes
...
More tweaks to the supplied S5 themes.
Fixed a minor regression in the non-Math Markdown engine.
2007-09-14 18:09:24 -05:00
Jacques Distler
54aada824c
Use Standard PageRenderer for S5 Content
...
From Jason Blevins: use the standard PageRenderer class to render S5 content. This way, WikiWords (etc) are processed in S5 slideshows.
2007-09-14 10:43:03 -05:00
Jacques Distler
119ab342dc
Security: Sanitize <nowiki>
...
Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.
2007-09-10 22:35:50 -05:00
Jacques Distler
9035c98dc5
Bugfix: Category listings
...
Fixed bug where clicking on a category link would stomp on the "All Pages" listing.
2007-09-09 23:20:06 -05:00
Jacques Distler
5b182bd228
HTML5lib Bug
...
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler
5ff1b7f6da
XSS Security Fix
...
There was a XSS vulnerability in the handling of categories. Now they are escaped.
2007-09-02 00:33:28 -05:00
Jacques Distler
3de374d6c1
More fixes, sync with HTML5lib
...
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler
3ca33e52b5
Cleanup
...
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler
f0cf0ec625
Sanitize REML trees
...
OK. Enabled sanitization of rexml trees instead of strings.
My timing tests seem to be erratic. Can't tell whether this is really faster.
2007-06-05 17:13:44 -05:00
Jacques Distler
bd8ba1f4b1
REXML Trees
...
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
2007-06-05 16:34:49 -05:00
Jacques Distler
6b21ac484f
HTML5lib Sanitizer
...
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
2007-05-25 20:52:27 -05:00
Jacques Distler
0db06a9fa3
To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.)
2007-03-29 03:30:10 -05:00
Jacques Distler
bacae2c468
Finally! XSS-protection, done right.
...
If you want something done right, ...
2007-02-22 01:06:53 -06:00
Jacques Distler
0aafedb2df
More XSS fixes.
...
Started fixing file uploads.
2007-02-21 12:10:47 -06:00
Jacques Distler
88c6f27e14
Bah! *Someone* will care about those other Text-filters.
2007-02-20 08:18:48 -06:00
Jacques Distler
e727507ac8
Zap gremlins.
...
Close cross-site scripting hole.
2007-02-19 23:15:39 -06:00
Jacques Distler
fc15848517
Configure equation-numbering as we like it.
2007-02-14 22:19:37 -06:00
Jacques Distler
ff63e894b2
Sync with latest Maruku.
...
Finally able to ditch BlueCloth completely.
2007-02-14 20:32:24 -06:00
Jacques Distler
b19e1e4f47
Bring up to current.
2007-01-22 08:36:51 -06:00
Jacques Distler
69b62b6f33
Checkout of Instiki Trunk 1/21/2007.
2007-01-22 07:43:50 -06:00