deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
733 commits 3 branches 18 tags 34 MiB
Commit graph

184 commits

Author SHA1 Message Date
Jacques Distler f0cf0ec625 Sanitize REML trees 
OK. Enabled sanitization of rexml trees instead of strings.
My timing tests seem to be erratic. Can't tell whether this is really faster.
 2007-06-05 17:13:44 -05:00
Jacques Distler bd8ba1f4b1 REXML Trees 
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
 2007-06-05 16:34:49 -05:00
Jacques Distler 4dd70af5ae HTML5lib is Back. 
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
 2007-05-30 10:45:52 -05:00
Jacques Distler e1a6827f1f Rollback Switch to HTML5lib 
Apparently, HTML5lib does not handle astral plane unicode characters correctly.
Which makes it useless.
Return to the previous sanitizer.
 2007-05-29 23:57:39 -05:00
Jacques Distler 6b21ac484f HTML5lib Sanitizer 
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
 2007-05-25 20:52:27 -05:00
Jacques Distler b0e063451f Sanitize Tweak 
Add 'cite' to the list of attributes whose values are URI's.
 2007-04-28 02:09:21 -05:00
Jacques Distler 9b55a75570 More SVG Elements and Attributes 
Added <tspan> and <marker>, as well as a slew of related SVG attributes.
Also an SVG-related stylesheet tweak
 2007-04-27 21:52:29 -05:00
Jacques Distler 6ca6525ff7 Add another SVG attribute to Sanitize. 
Add 'stroke-opacity' to list of allowed SVG attributes.
 2007-04-20 16:09:55 -05:00
Jacques Distler 0db06a9fa3 To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.) 2007-03-29 03:30:10 -05:00
Jacques Distler 7adac51d6d Sync with latest Instiki trunk. Changes: 
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix  to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
 2007-03-18 11:56:12 -05:00
Jacques Distler d74116dc67 Ensure that input is bona fide utf-8. 2007-03-07 21:06:39 -06:00
Jacques Distler f208d50032 Bah! 2007-02-24 23:07:25 -06:00
Jacques Distler 507a17aade More lenient URI scheme matching in sanitize. 2007-02-24 22:47:31 -06:00
Jacques Distler f9dcfa5af0 Make list of attributes whose values are scanned for acceptable URI schemes customizable. 2007-02-24 11:55:40 -06:00
Jacques Distler d8e06f6db9 Sanitize URI schemes. 2007-02-23 13:34:58 -06:00
Jacques Distler e179508377 Sanitization now preserves case-sensitive element and attribute names (necessary to support SVG). 
Unit tests, galore.
 2007-02-23 11:32:06 -06:00
Jacques Distler 2fa1e08c96 Tweak dependencies of sanitize.rb 2007-02-22 01:16:18 -06:00
Jacques Distler bacae2c468 Finally! XSS-protection, done right. 
If you want something done right, ...
 2007-02-22 01:06:53 -06:00
Jacques Distler 0aafedb2df More XSS fixes. 
Started fixing file uploads.
 2007-02-21 12:10:47 -06:00
Jacques Distler 88c6f27e14 Bah! *Someone* will care about those other Text-filters. 2007-02-20 08:18:48 -06:00
Jacques Distler e727507ac8 Zap gremlins. 
Close cross-site scripting hole.
 2007-02-19 23:15:39 -06:00
Jacques Distler fc15848517 Configure equation-numbering as we like it. 2007-02-14 22:19:37 -06:00
Jacques Distler ff63e894b2 Sync with latest Maruku. 
Finally able to ditch BlueCloth completely.
 2007-02-14 20:32:24 -06:00
Jacques Distler d4b947462b Whoops! Missed one. 2007-02-10 23:17:16 -06:00
Jacques Distler 63e217bcfd Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ . 
Synced with Instiki SVN.
 2007-02-10 23:03:15 -06:00
Jacques Distler 0ac586ee25 Sync with latest Maruku. 2007-02-04 19:36:33 -06:00
Jacques Distler 8c52f28864 Replaced diff.rb with xhtmldiff.rb, which (unlike its predecessor) produces well-formed redline documents. 2007-02-03 22:52:48 -06:00
Jacques Distler 86e9c70a26 Fix regression in Maruku. 2007-02-02 01:00:02 -06:00
Jacques Distler f406318168 Sync with Maruku. 2007-01-24 17:14:50 -06:00
Jacques Distler 488dd334f7 Support for IE+MathPlayer. 
Sync with latest Maruku.
 2007-01-24 10:53:10 -06:00
Jacques Distler 1c05a94d1b Updated to latest Maruku. 2007-01-23 09:26:45 -06:00
Jacques Distler ceb0931bb3 Sync to lastest Maruku. Tweak to CSS stylesheet. 2007-01-22 11:34:51 -06:00
Jacques Distler b19e1e4f47 Bring up to current. 2007-01-22 08:36:51 -06:00
Jacques Distler 69b62b6f33 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00