Commit graph

741 commits

Author SHA1 Message Date
Jacques Distler 267f4a51fc Don't escape web.additional_style
Reported by Andrew Stacey
2010-07-21 09:39:18 -05:00
Jacques Distler 4576a7f7df Remove Unneeded PHP files
We don't use these, so there's no point
in having them in our bundled SVG-Edit.
2010-07-20 21:56:10 -05:00
Jacques Distler b3aae9b06d Sqlite3-ruby 1.3.1, itextomml 1.3.26
Update vendored sqlite3-ruby and tests
for latest itextmml.
2010-07-20 20:36:17 -05:00
Jacques Distler 29224d6bcc SVG-Edit update 2010-07-20 07:59:47 -05:00
Jacques Distler 39c2138f88 Update Vendored Erubis to 2.6.6 2010-07-04 08:51:53 -05:00
Jacques Distler c18c2f988d Update SVG-Edit Sanitizer
plus some minor SVG-Edit tweaks.
2010-06-22 08:26:15 -05:00
Jacques Distler ce8578d2d0 Some Maruku Regexp Refactoring 2010-06-19 03:02:15 -05:00
Jacques Distler 0d8f680d4f Updates
SVG-Edit -> 2.5final
Vendored Rack -> 1.2.1
2010-06-17 19:27:39 -05:00
Jacques Distler 6338a3bcb2 Update to latest SVG-Edit 2010-06-16 22:46:12 -05:00
Jacques Distler 6491d70326 Update Vendored Rack to 1.2.0
Also update tests for itextomml 1.3.25.
2010-06-13 23:09:24 -05:00
Jacques Distler 4f8759cdf3 Update vendored Sqlite3-ruby to 1.3.0
Also, some tweaks to Maruku.
2010-06-10 22:42:33 -05:00
Jacques Distler 9a80cacc34 Update Sanitizer
Support <menclose notation="...">.
2010-06-09 13:26:51 -05:00
Jacques Distler 90ad482ed2 Rename stringsupport.rb => instiki_stringsupport.rb 2010-06-09 11:47:39 -05:00
Jacques Distler 3aaf3989c7 Test for divref Issue in Weizenbaum's Branch 2010-06-05 10:59:12 -05:00
Jacques Distler 06ae79322a Maruku Cleanup Branch
Use Nathan Weizenbaum's "cleanup" branch of
Maruku. There were a few evident problems
with his branch, so please report any
anomalies you see.
2010-06-04 21:36:31 -05:00
Jacques Distler dead710e69 Revert #633
MathPlayer doesn't like the HTML5 DOCTYPE.
Revert to sending XHTML+MathML+SVG DOCTYPE.
2010-06-04 12:10:26 -05:00
Jacques Distler 05ffd215f1 SVG-Edit Markers Extension
The arrows extension on steroids.
2010-06-03 07:13:37 -05:00
Jacques Distler c25b608f3d Maruku's string_utils.rb
Wow! Totally un-Ruby-like.
This is more Ruby-like and
(hopefully) faster.
2010-06-02 00:15:58 -05:00
Jacques Distler b7a3b8aa94 Minor Update From Current Maruku 2010-06-01 10:39:55 -05:00
Jacques Distler ad7e32c92c Tests for Revision 644 2010-06-01 09:22:37 -05:00
Jacques Distler 17e9cfab87 IAL's for <li> elements
Add a Markdown syntax for attaching
attribute lists to list items (for both
ordered and unordered lists).

The syntax is trivial:

1. This is the first item
2. {: value="3"} We skip straight to #3

* This is an item
* {: style="color:red"} This is a red item
2010-06-01 01:50:19 -05:00
Jacques Distler b8647da41a Fix TeX Output
\empty was causing problems.
That was kinda stupid.
2010-05-30 13:34:30 -05:00
Jacques Distler dafe67046a Better
Use :only_path => true
2010-05-27 01:17:24 -05:00
Jacques Distler a57152d743 Fix Category Listing Bugs
The links to the category listings
were bogus, and the category listing
page needed some XSS-unprotection.
2010-05-27 00:27:49 -05:00
Jacques Distler b5a4e2fd9c Sync with latest SVG-Edit 2010-05-26 14:37:55 -05:00
Jacques Distler 1da034e2be Fix some to-be-deprecated stuff 2010-05-26 14:16:34 -05:00
Jacques Distler 4b73f1a1ae More rails_xss Plugin fun
:-(
2010-05-26 01:27:09 -05:00
Jacques Distler a5e08f7bcc Rails_xss Plugin
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
2010-05-26 00:27:49 -05:00
Jacques Distler d6be09e0f0 Fix some Helper Methods
It seems that (advertising to the contrary)
Rails's XSS Protection is enabled, by default
in 2.3.8. So needed to fix some helper methods.
2010-05-25 12:59:35 -05:00
Jacques Distler f0635301aa Update to Rails 2.3.8 2010-05-25 12:45:45 -05:00
Jacques Distler 6677b46cb4 A few more additions for the Sanitizer 2010-05-23 23:22:45 -05:00
Jacques Distler d2c4623bf7 HTML5 Doctype 2010-05-22 16:11:27 -05:00
Jacques Distler 8149c29324 More HTML5 Attribute support in Maruku 2010-05-22 15:21:06 -05:00
Jacques Distler 2781890832 Updated Sanitizer for HTML5
Sanitizer should recognize HTML elements
and attributes.

New Allowed Elements:

  article aside audio canvas command details
  dialog figcaption figure footer header
  hgroup mark meter nav progress rp rt ruby
  section source summary time video war 
       
(OK, audio and video were already there)

New Allowed Attributes:

  autocomplete contenteditable contextmenu
  draggable formaction icon low max min
  open optimum pattern placeholder preload
  pubdate required reversed  spellcheck step
  wrap

Attributes removed:

  abbr charset loopcount loopend loopstart
  noshade nowrap rev rules 


Maruku supports @start and @reversed on
ordered lists. It doesn't seem to support
IALs on li elements, so you still can't
attach @value to an li.
2010-05-22 14:34:08 -05:00
Jacques Distler d9d353a350 Some HTML5 audio/video attributes for the Sanitizer 2010-05-13 00:47:09 -05:00
Jacques Distler 80845297a3 This is even better 2010-05-11 01:10:59 -05:00
Jacques Distler 04a1727082 Select Saved SVG
When closing SVG-Edit, make the saved
svg selected.

Also, some SVG-Edit updates.
2010-05-11 00:38:21 -05:00
Jacques Distler fd9fc1455e Prefer Monkey-patching Rack Gem to Vendored Rack
This gets around a dreaded 

  in `load_missing_constant': Rack
  is not missing constant Handler! (ArgumentError)

error in latest Ruby 1.9.2-dev. (Ruby
1.8.x doesn't seem to care.)
2010-05-08 23:42:40 -05:00
Jacques Distler 10cf102544 More bogus namespace fixes 2010-04-28 16:44:07 -05:00
Jacques Distler 86a53d1dfa Task of Sisyphus: Filter bogus attributes generated by Gecko (again) 2010-04-28 11:54:56 -05:00
Jacques Distler d1678ceb49 Sync with SVG-Edit 2.5beta 2010-04-28 00:22:49 -05:00
Jacques Distler 79a2299363 Content-Type of Cached Files with Period in Name
Monkey patch to prevent ActionCache from overriding
the correct content-type header, when serving cached
pages with a "." in the name. (Thanks to Jason Blevins)

Also sync with latest SVG-Edit.
2010-04-18 12:55:02 -05:00
Jacques Distler 324cc12320 Gaussian Blur (and other fun stuff)
Sync with latest SVG-edit.
2010-04-12 00:33:24 -05:00
Jacques Distler 6d5db0739a Buglet in latest SVG-Edit
Sync with latest SVG-Edit.
Among other things, fixes Issue 512.
2010-04-06 13:39:21 -05:00
Jacques Distler da0c6a2ea1 Fix an SVG nonce bug
Dunno when this problem with randomized IDs arose.
But it's fixed now.

Also, sync with latest SVG-Edit.
2010-04-01 23:56:21 -05:00
Jacques Distler 18b5ea9aa6 Use Instiki's escapeHTML Method in Templates
Fixes bug reported by Toby Bartels.
2010-03-29 09:27:14 -05:00
Jacques Distler 5f66f8387e Latest SVG-Edit
Jquery-1.8, and config for extensions.
2010-03-25 02:22:55 -05:00
Jacques Distler 77cfc0d2e3 Connector extension should use configured defaults 2010-03-22 19:21:00 -05:00
Jacques Distler 3e6d7faec2 Sync with latest SVG-Edit 2010-03-18 10:32:47 -05:00
Jacques Distler 143fa30b78 Whoops!
Somehow these did not make it into the
last commit.
2010-03-15 23:42:04 -05:00