Jacques Distler
800880f382
Rough In New Sanitizer
...
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.
(One solution would be to use the HTML5lib parser on <nowiki> blocks.)
In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
2008-05-20 17:02:10 -05:00
Jacques Distler
5292899c9a
Rails 2.1 RC1
...
Updated Instiki to Rails 2.1 RC1 (aka 2.0.991).
2008-05-17 23:22:34 -05:00
Jacques Distler
1d5faf4a84
Upgrade to latest REXML
...
Sync with REXML svn.
2008-04-12 18:56:02 -05:00
Jacques Distler
9b7b6fb805
Latest Maruku and Tweak for itex2MML 1.3.4
...
Instiki's LaTeX output also supports \Perp.
2008-02-29 01:30:46 -06:00
Jacques Distler
5dd0507acc
Support svg:foreignObject
...
Fixes to the html5lib sanitizer and maruku to support the SVG <foreignObject> element.
Also update to the latest REXML.
2008-02-03 23:56:17 -06:00
Jacques Distler
15640ca7a3
Latest REXML and Latest Maruku
2008-02-01 01:25:38 -06:00
Jacques Distler
550c2e6c40
Remove the action_cache plugin
...
The action_cache plugin is now rather superfluous (Rails has native support for ETags, for instance).
And it wasn't working right with Rails 2.0.x (pages were being cached, and 304s were being returned
as appropriate, but cached pages were not being served).
2008-01-22 23:35:35 -06:00
Jacques Distler
5db9ddaf47
Fix Busted Functional Tests
...
Fix the functional tests busted by Revision 212.
Sync with latest HTML5lib.
2008-01-21 11:59:55 -06:00
Jacques Distler
51474e06c8
Styling Hook
...
Add a distinct class-name for the footer in the page view.
2008-01-19 15:06:17 -06:00
Jacques Distler
bb3ccfed4e
Make life a little more difficult for spammers
...
Sessions are now stored in a cookie (signed and Base-64 encoded).
Form_spam_protection stores form_keys in the session.
Make sure spambots implement both cookies and javascript, by storing hashed (with salt) keys in the session.
2008-01-18 14:49:28 -06:00
Jacques Distler
e7d080db25
Slightly More Efficient
...
A slightly more efficient implementation of the above change to form_spam_protection.
2008-01-17 03:47:08 -06:00
Jacques Distler
72b4f97382
Garbage Collection of :form_keys
...
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.
Also, burnt-orange rulz!
2008-01-17 03:20:19 -06:00
Jacques Distler
4586614914
Misc Cleanup
...
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
2008-01-14 14:46:38 -06:00
Jacques Distler
f101ee9a21
Manage_Fixtures
...
Make sure manage_fixtures plugin doesn't mess with fixtures in test/fixtures.
Also, a slightly more elegant version of the REXML version test.
2008-01-13 00:26:25 -06:00
Jacques Distler
38ae064b8a
Bundle Latest REXML
...
Sam Ruby has been doing a bang-up job fixing the bugs in REXML.
Who knows when these improvements will trickle down to vendor distributions of Ruby.
In the meantime, let's bundle the latest version of REXML with Instiki.
We check the version number of the bundled REXML against that of the System REXML, and use whichever is later.
2008-01-11 23:53:29 -06:00
Jacques Distler
1085168bbf
Update to latest HTML5lib, Add Maruku testdir
...
Sync with the latest html5lib.
Having the Maruku unit tests on-hand may be useful for debugging; so let's include them.
2008-01-08 00:01:35 -06:00
Jacques Distler
5d52cf303f
Conditional Use of New REXML Output Logic.
...
Thanks to Sam Ruby for pointing out the problem.
2007-12-28 19:58:22 -06:00
Jason Blevins
f1106428dc
Included a test for page names with spaces.
...
Upgraded to Rails 2.0.2 routing code. Kept the "old" CGI-style escaping rather than using URI.escape.
2007-12-24 16:02:14 -05:00
Jacques Distler
6873fc8026
Upgrade to Rails 2.0.2
...
Upgraded to Rails 2.0.2, except that we maintain
vendor/rails/actionpack/lib/action_controller/routing.rb
from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.
Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jacques Distler
0f6889e09f
Fix Unicode bug
...
Fix Diego Restrepo's bug (see Rev 184).
Update to latest HTML5lib.
2007-12-17 03:17:43 -06:00
Jacques Distler
70025a4ba3
More SVG Sanitization
2007-10-31 01:00:45 -05:00
Jacques Distler
eca126f589
Sanitize <svg:image>
...
This element is unsafe.
2007-10-29 13:51:41 -05:00
Jacques Distler
f24c60c3fb
Better handling of SVG attributes which admit uri refs
...
Just strip out the URI ref, leaving alternates.
2007-10-27 23:08:13 -05:00
Jacques Distler
5208bbf0af
Sanitize url refs in SVG attributes
...
Add some tests.
Sync with latest HTML5lib (includes above sanitization improvements).
2007-10-27 17:34:29 -05:00
Jacques Distler
8ce5016b41
UTF-8 Bug
...
Create a test case for utf-8 bug reported by Diego Restrepo. Seems to be related to WikiWord chunk handling.
Add some other tests, and fix a minor bug in vendor/plugins/maruku/lib/maruku/ext/math/latex_fix.rb.
2007-10-26 00:48:43 -05:00
Jacques Distler
a92b593949
SVG in Equations
...
Support the new "svg" environment from itex2MML 1.3.
2007-10-22 22:24:25 -05:00
Jacques Distler
36f55fc9aa
Add support for the MathML <semantics> Element
2007-10-21 02:19:10 -05:00
Jacques Distler
207fb1f7f2
New Version
...
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jacques Distler
148afb77e0
Sync with latest Maruku
...
Apparently, Maruku had trouble with the latest release of Ruby (1.8.6, patchlevel 110). This should fix it.
2007-10-10 22:06:44 -05:00
Jacques Distler
55fdc9fff4
Sync with latest HTML5lib
2007-10-06 11:55:58 -05:00
Jacques Distler
c67382d340
Start on LaTeX
...
Pave the way for Jason's LaTeX macro support.
Also, uniformize the capitalization of "ETag".
2007-10-04 02:50:08 -05:00
Jacques Distler
b0e316e37c
Minor Fixes
...
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Jacques Distler
06d96349e4
Don't stomp on test/fixtures, when dumping the database to YAML
...
Tweak the manage_fixtures plugin to use the dump/fixtures instead of test/fixtures directory.
2007-09-23 01:50:40 -05:00
Jacques Distler
e8769c0b83
Add the manage_fixtures plugin for easy database migration
2007-09-20 00:36:07 -05:00
Jacques Distler
ed68d975df
Update to latest HTML5lib
...
Fix that Tokenizer bug for real this time.
2007-09-09 22:26:19 -05:00
Jacques Distler
5b182bd228
HTML5lib Bug
...
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler
f482036683
S5 Themes Support
...
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
2007-09-05 08:38:54 -05:00
Jacques Distler
81d3cdc8e4
Minor S5 tweaks and Sync with Latest HTML5lib
2007-08-30 12:19:10 -05:00
Jacques Distler
1bc5da0053
Use XHTMLSerializer, where appropriate.
2007-07-04 18:53:03 -05:00
Jacques Distler
8ccaad85a5
Sync with latest HTML5lib and latest Maruku
2007-07-04 17:36:59 -05:00
Jacques Distler
8e92e4a3ab
Sync with latest HTML5lib
2007-06-22 03:12:08 -05:00
Jacques Distler
df2898d940
Fix Caching bug (bis)
...
Nope! It's not a Rails bug. It's an action_cache plugin bug, after all. Fixed now.
2007-06-15 09:59:32 -05:00
Jacques Distler
31f691329a
Fix Caching Bug
...
Files with "+"s in their names (e.g. from Wiki pages with spaces in their names) were not being expired properly. This is actually a Rails bug, but I fixed it by patching the action_cache plugin.
2007-06-15 09:18:06 -05:00
Jacques Distler
3de374d6c1
More fixes, sync with HTML5lib
...
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler
3ca33e52b5
Cleanup
...
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler
2da672ec5b
Many Minor Fixes
...
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler
0ddd422059
Sync with latest HTML5lib
2007-06-11 23:33:06 -05:00
Jacques Distler
c2bfdefa57
Another XSS fix
...
Yet another interesting XSS attack from
http://ha.ckers.org/xss.html
2007-06-11 00:03:51 -05:00
Jacques Distler
aac197430c
More XSS vectors defanged
2007-06-10 15:07:26 -05:00
Jacques Distler
a6cbf38304
Table elements, too
...
Last fixup for the sanitizer tests.
2007-06-09 22:53:35 -05:00
Jacques Distler
6b2ec7354b
Rationalize Sanitizer Tests
2007-06-09 22:21:50 -05:00
Jacques Distler
3bf560c3b3
Updated to Latest HTML5lib
...
Synced with latest HTML5lib.
Added some RDoc-compatible documentation to the sanitizer.
2007-06-08 17:26:00 -05:00
Jacques Distler
86a7577975
Renamed one function.
2007-06-06 14:36:54 -05:00
Jacques Distler
0012efcfb4
Fixed Porting Error in HTML5lib Serializer
2007-06-06 08:44:57 -05:00
Jacques Distler
8846b2cda5
Sync with Latest HTML5lib
...
Some more tweaks
2007-06-06 08:12:03 -05:00
Jacques Distler
fd183eac04
More Tests
...
Put the Serializer version of the Sanitizer through its paces.
2007-06-06 00:56:43 -05:00
Jacques Distler
e1acebe6e4
Bugfix
...
Me stoopid.
2007-06-05 18:06:26 -05:00
Jacques Distler
bd8ba1f4b1
REXML Trees
...
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
2007-06-05 16:34:49 -05:00
Jacques Distler
4dd70af5ae
HTML5lib is Back.
...
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
2007-05-30 10:45:52 -05:00
Jacques Distler
dc629f5c07
Do Content-negotiation for Cached Content
...
The action_cache plugin broke our content-negotiation.
Fixed.
2007-05-28 12:48:42 -05:00
Jacques Distler
5db9b7d3ea
Fixed action_cache Plugin
...
The action_cache plugin had Conditional GET (If-Modified-Since) support. I added ETag (If-None-Match) support.
2007-05-26 14:11:53 -05:00
Jacques Distler
d62b880e3f
ETags and Action Caching
...
Added the action_cache plugin
http://agilewebdevelopment.com/plugins/action_cache
which does action-caching with ETags support. The built-in Rails ETags "solution" sucks, because it forces a page-rerender, even when the content is unchanged.
2007-05-25 22:52:42 -05:00
Jacques Distler
6b21ac484f
HTML5lib Sanitizer
...
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
2007-05-25 20:52:27 -05:00
Jacques Distler
457ec8627c
ETag Support from Edge-Rails
...
Added ETag support from
http://dev.rubyonrails.org/changeset/6158
2007-05-18 16:53:58 -05:00
Jacques Distler
19889c98d4
Safari's DOM support in XHTML is horribly broken. Send it S5 slideshows as text/html. (Sorry: no inline SVG for you!)
...
Turn on Maruku's Math support in S5 slideshows, only if corresponding Web is Math-enabled.
2007-03-30 12:25:59 -05:00
Jacques Distler
9b9d134ad9
Fix upgrade to Rails 1.2.3.
...
Fix log-rotation (the previous attempt didn't quite work as advertised).
2007-03-21 15:37:29 -05:00
Jacques Distler
7adac51d6d
Sync with latest Instiki trunk. Changes:
...
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
2007-03-18 11:56:12 -05:00
Jacques Distler
46a456b3ad
Security: ensure that the file system cache is not world-writable
2007-03-10 11:05:52 -06:00
Jacques Distler
4ae46b32d8
Sync with latest maruku.
2007-03-10 02:06:54 -06:00
Jacques Distler
8300133c8d
Sync with latest Maruku.
2007-03-07 12:49:06 -06:00
Jacques Distler
541ef91df4
Update to latest Maruku. Fixes alt text bug.
2007-03-04 15:32:21 -06:00
Jacques Distler
43dbd8712e
Another tweak to Maruku's S5 output (IE compatibility).
2007-03-02 08:26:37 -06:00
Jacques Distler
5a352d0f5e
Sync with latest Maruku.
2007-03-01 22:46:49 -06:00
Jacques Distler
e93cedb155
Fixed S5 page numbering.
2007-03-01 11:15:45 -06:00
Jacques Distler
41ff4724b8
Converging on S5 support.
2007-03-01 03:05:35 -06:00
Jacques Distler
02c6ed2fa0
More progress on S5.
...
Forgot to add gremlin zapping in app/views/wiki/edit.rhtml.
2007-02-28 18:38:52 -06:00
Jacques Distler
8359047fd5
Start on adding S5 support to Instiki.
2007-02-28 13:31:34 -06:00
Jacques Distler
d1923e6387
Sync with latest Maruku.
2007-02-20 10:04:51 -06:00
Jacques Distler
21a403b04f
More XHTML validity and CSS cleanup.
2007-02-18 17:27:36 -06:00
Jacques Distler
fdbd6e288b
Sync with latest Maruku.
2007-02-16 23:40:06 -06:00
Jacques Distler
82e56697ee
Fix bug in Maruku.
2007-02-16 09:39:49 -06:00
Jacques Distler
ff63e894b2
Sync with latest Maruku.
...
Finally able to ditch BlueCloth completely.
2007-02-14 20:32:24 -06:00
Jacques Distler
0556f43180
XHTML-safe version of form_spam_protection.
2007-02-14 11:00:11 -06:00
Jacques Distler
d291318f3e
Sync with latest (2/13/2007) Instiki svn.
2007-02-13 09:55:26 -06:00
Jacques Distler
f896f8fbdc
Added support for @xml:lang and blockquote@cite to Maruku.
...
Added Javascript styling for blockquote@cite.
2007-02-13 03:25:05 -06:00
Jacques Distler
63e217bcfd
Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ .
...
Synced with Instiki SVN.
2007-02-10 23:03:15 -06:00
Jacques Distler
bba0cf6b10
Ooops! Fixed upgrade of Rails.
2007-02-09 17:12:31 -06:00
Jacques Distler
c358389f25
TeX and CSS tweaks.
...
Sync with latest Instiki Trunk
(Updates Rails to 1.2.2)
2007-02-09 02:04:31 -06:00
Jacques Distler
69b62b6f33
Checkout of Instiki Trunk 1/21/2007.
2007-01-22 07:43:50 -06:00