Update Bundler to 1.0.15.
Update Rails to 2.3.12.
Update rails_xss plugin.
The latter two were the
source of a considerable
amount of grief, as rails_xss
is now MUCH stricter about what
string methods can be used.
Also made it possible to use
rake 0.9.x with Instiki. But
you probably REALLY want to use
ruby bundle exec rake ...
instead of just saying
rake ....
Use Bundler to manage RedCloth
gem. 4.x should be much faster
and less buggy. Unfortunately,
it doesn't support mixed
Textile/Markdown syntax. So
we keep an (appropriately
renamed) copy of 3.x around,
for the users of the "Mixed"
text filter.
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.
As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
Sanitizer should recognize HTML elements
and attributes.
New Allowed Elements:
article aside audio canvas command details
dialog figcaption figure footer header
hgroup mark meter nav progress rp rt ruby
section source summary time video war
(OK, audio and video were already there)
New Allowed Attributes:
autocomplete contenteditable contextmenu
draggable formaction icon low max min
open optimum pattern placeholder preload
pubdate required reversed spellcheck step
wrap
Attributes removed:
abbr charset loopcount loopend loopstart
noshade nowrap rev rules
Maruku supports @start and @reversed on
ordered lists. It doesn't seem to support
IALs on li elements, so you still can't
attach @value to an li.
This gets around a dreaded
in `load_missing_constant': Rack
is not missing constant Handler! (ArgumentError)
error in latest Ruby 1.9.2-dev. (Ruby
1.8.x doesn't seem to care.)
Since we can have several SVG-Edit graphics
on a page, SVG-Edit should assign unique IDs
to elements, and do so in a fashion that survives
re-editing.
To do this, we use a nonce, and record its value in
a custom se:nonce attribute on the <svg> element.
(Is there a better way?).
Also, preserve the custom se:connector attribute for
later editing purposes.
