Jacques Distler
5ff1b7f6da
XSS Security Fix
...
There was a XSS vulnerability in the handling of categories. Now they are escaped.
2007-09-02 00:33:28 -05:00
Jacques Distler
6fd6be8fea
Sanitizer Fix
...
Whoops! Looks like Ryan changed the API for the HTML5 sanitizer. Bad, bad, bad.
Fixed now.
2007-08-30 16:06:20 -05:00
Jacques Distler
81d3cdc8e4
Minor S5 tweaks and Sync with Latest HTML5lib
2007-08-30 12:19:10 -05:00
Jacques Distler
dbed460843
Fixed S5 output for Safari
...
Safari can now receive S5 slideshows as real XHTML.
2007-07-27 13:47:19 -05:00
Jacques Distler
b42a4c5fec
More TeX macros.
2007-07-10 21:32:00 -05:00
Jacques Distler
1bc5da0053
Use XHTMLSerializer, where appropriate.
2007-07-04 18:53:03 -05:00
Jacques Distler
8ccaad85a5
Sync with latest HTML5lib and latest Maruku
2007-07-04 17:36:59 -05:00
Jacques Distler
8e92e4a3ab
Sync with latest HTML5lib
2007-06-22 03:12:08 -05:00
Jacques Distler
bf572e295f
A few TeX macros
...
Tiny steps towards usable LaTeX output.
2007-06-16 03:14:51 -05:00
Jacques Distler
df2898d940
Fix Caching bug (bis)
...
Nope! It's not a Rails bug. It's an action_cache plugin bug, after all. Fixed now.
2007-06-15 09:59:32 -05:00
Jacques Distler
31f691329a
Fix Caching Bug
...
Files with "+"s in their names (e.g. from Wiki pages with spaces in their names) were not being expired properly. This is actually a Rails bug, but I fixed it by patching the action_cache plugin.
2007-06-15 09:18:06 -05:00
Jacques Distler
3de374d6c1
More fixes, sync with HTML5lib
...
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler
3ca33e52b5
Cleanup
...
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler
2da672ec5b
Many Minor Fixes
...
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler
0ddd422059
Sync with latest HTML5lib
2007-06-11 23:33:06 -05:00
Jacques Distler
c2bfdefa57
Another XSS fix
...
Yet another interesting XSS attack from
http://ha.ckers.org/xss.html
2007-06-11 00:03:51 -05:00
Jacques Distler
aac197430c
More XSS vectors defanged
2007-06-10 15:07:26 -05:00
Jacques Distler
a6cbf38304
Table elements, too
...
Last fixup for the sanitizer tests.
2007-06-09 22:53:35 -05:00
Jacques Distler
6b2ec7354b
Rationalize Sanitizer Tests
2007-06-09 22:21:50 -05:00
Jacques Distler
a68d1aa8f3
Sanitizer API documentation now online
...
See:
http://golem.ph.utexas.edu/~distler/code/rdoc/sanitize/
2007-06-08 23:51:30 -05:00
Jacques Distler
f818238dd3
Consolidation
...
Shuffled around a couple of files.
2007-06-08 22:39:37 -05:00
Jacques Distler
3bf560c3b3
Updated to Latest HTML5lib
...
Synced with latest HTML5lib.
Added some RDoc-compatible documentation to the sanitizer.
2007-06-08 17:26:00 -05:00
Jacques Distler
8badd0766a
Enhancements to sanitize.rb
...
Options, options, ... options.
2007-06-08 01:23:09 -05:00
Jacques Distler
0298868573
Fix S5 Unicode
...
Make sure sanitize_xhtml and sanitize_html are set to utf-8 encoding.
Also, a stylesheet tweak.
2007-06-07 17:30:42 -05:00
Jacques Distler
86a7577975
Renamed one function.
2007-06-06 14:36:54 -05:00
Jacques Distler
0012efcfb4
Fixed Porting Error in HTML5lib Serializer
2007-06-06 08:44:57 -05:00
Jacques Distler
8846b2cda5
Sync with Latest HTML5lib
...
Some more tweaks
2007-06-06 08:12:03 -05:00
Jacques Distler
fd183eac04
More Tests
...
Put the Serializer version of the Sanitizer through its paces.
2007-06-06 00:56:43 -05:00
Jacques Distler
e1acebe6e4
Bugfix
...
Me stoopid.
2007-06-05 18:06:26 -05:00
Jacques Distler
f0cf0ec625
Sanitize REML trees
...
OK. Enabled sanitization of rexml trees instead of strings.
My timing tests seem to be erratic. Can't tell whether this is really faster.
2007-06-05 17:13:44 -05:00
Jacques Distler
bd8ba1f4b1
REXML Trees
...
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
2007-06-05 16:34:49 -05:00
Jacques Distler
4dd70af5ae
HTML5lib is Back.
...
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
2007-05-30 10:45:52 -05:00
Jacques Distler
e1a6827f1f
Rollback Switch to HTML5lib
...
Apparently, HTML5lib does not handle astral plane unicode characters correctly.
Which makes it useless.
Return to the previous sanitizer.
2007-05-29 23:57:39 -05:00
Jacques Distler
bc0153c23f
A few more MIME Types
...
Add a few more likely suspects.
2007-05-29 23:02:19 -05:00
Jacques Distler
162a00bed4
WEBrick MIME Types
...
Add some MIME Types to WEBrick's woefully short list of recognized MIME Types.
(A bas 'application/octet-stream'!)
2007-05-29 22:39:35 -05:00
Jacques Distler
3df61e352d
Fix for IE7+MathPlayer.
...
Based on
http://lists.w3.org/Archives/Public/www-math/2007May/0044.html
I've altered the Content-Type header sent to IE+MathPlayer. Rationale is
explained in
http://lists.w3.org/Archives/Public/www-math/2007May/0045.html
2007-05-29 17:10:20 -05:00
Jacques Distler
dc629f5c07
Do Content-negotiation for Cached Content
...
The action_cache plugin broke our content-negotiation.
Fixed.
2007-05-28 12:48:42 -05:00
Jacques Distler
5db9b7d3ea
Fixed action_cache Plugin
...
The action_cache plugin had Conditional GET (If-Modified-Since) support. I added ETag (If-None-Match) support.
2007-05-26 14:11:53 -05:00
Jacques Distler
c67cfbc52d
Sanitize tests moved
...
Sanitize tests are now in the vendor/plugins/HTML5lib/tests/ directory.
2007-05-25 22:58:12 -05:00
Jacques Distler
d62b880e3f
ETags and Action Caching
...
Added the action_cache plugin
http://agilewebdevelopment.com/plugins/action_cache
which does action-caching with ETags support. The built-in Rails ETags "solution" sucks, because it forces a page-rerender, even when the content is unchanged.
2007-05-25 22:52:42 -05:00
Jacques Distler
6b21ac484f
HTML5lib Sanitizer
...
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
2007-05-25 20:52:27 -05:00
Jacques Distler
457ec8627c
ETag Support from Edge-Rails
...
Added ETag support from
http://dev.rubyonrails.org/changeset/6158
2007-05-18 16:53:58 -05:00
Jacques Distler
e4e26400ef
One more file...
...
This one was missed by Revision 519 in Instiki Trunk. Fixed in my branch.
2007-05-11 12:42:18 -05:00
Jacques Distler
342f10acf6
Corrected Typo
...
Fixed typo in one file from previous update.
2007-05-11 12:34:21 -05:00
Jacques Distler
3b6cd309ff
Sync with Instiki Trunk
...
Sync with Revision 519 of Instiki trunk (2007/5/7).
2007-05-11 11:47:38 -05:00
Jacques Distler
b0e063451f
Sanitize Tweak
...
Add 'cite' to the list of attributes whose values are URI's.
2007-04-28 02:09:21 -05:00
Jacques Distler
9b55a75570
More SVG Elements and Attributes
...
Added <tspan> and <marker>, as well as a slew of related SVG attributes.
Also an SVG-related stylesheet tweak
2007-04-27 21:52:29 -05:00
Jacques Distler
6ca6525ff7
Add another SVG attribute to Sanitize.
...
Add 'stroke-opacity' to list of allowed SVG attributes.
2007-04-20 16:09:55 -05:00
Jacques Distler
493803cfd1
Atom Feeds (bis)
...
Remove some vestiges of RSS 2.0.
2007-04-13 17:20:14 -05:00
Jacques Distler
3a57d3aade
Atom Feeds
...
Replaced Instiki's RSS 2.0 feeds with Atom 1.0 feeds.
2007-04-13 17:04:03 -05:00