I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.
As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
Monkey patch to prevent ActionCache from overriding
the correct content-type header, when serving cached
pages with a "." in the name. (Thanks to Jason Blevins)
Also sync with latest SVG-Edit.
Since itex's \begin{svg}...\end{svg} syntax allows
the client to pass arbitrary junk through the document,
we need to check that the result is well-formed.
Use a pluggable XML parser: nokogiri, if installed,
REXML otherwise.
Make use of a nonce for setting SVG-Edit IDs
option. By default, SVG-Edit behaves as before.
Calling svgCanvas.randomizeIds(true) gives our
behaviour, instead.
Also, sync with latest SVG-Edit (but disable,
for now, manual editing of IDs).
Add a Rack Metal itex endpoint.
Add an itex tool to SVG-Edit.
Disable the foreignObject tool
(at least, for now) as it doesn't
currently play nice with the itex tool.
Under Ruby 1.9, could not delete orphan
pages with utf-8 names. They would be
listed as orphan, but "Delete Orphan Pages"
would silently not delete them.
Fixed.
Fix http://bug.to/issues/show/335
and
http://bug.to/issues/show/334
We now bundle the uploaded files directory
(and the public/ directory for the (X)HTML
export) in the Zipball when exporting a Web.
Also, correct the Print View to produce proper links
uploaded files.
... is to settle these encoding issues
once and for all.
Let's override the accessor methods, which
seems to offer a simpler solution.
Now with tests (for whatever that helps)...
The default encoding in MySQL is latin1. Ruby 1.9
is a stickler about the encoding of a sequence of bytes.
In this case, a utf8 page name stored in the database comes
back as "ASCII-8BIT" (ie, binary). Coerce that back to utf8.
This doesn't affect SQLite3, and it doesn't affect Ruby 1.8.
It doesn't even affect MySQL databases with "utf8" encoding
(though that has other issues, since MySQL's utf8 support is
broken).
There are probably other, similar problems lurking.
Support Marhdown Extra's fenced code blocks. [From Jason Blevins]
Fortran syntax colouring. [From Jason Blevins]
Turn on Syntax colouring, by default.
Point to Michel Fortin's Markdown Extra page.
Move the truncate() method into ApplicationHelper.
Move another method around, for no particularly
good reason. Controllers really shouldn't have
public methods that don't correspond to actions.
Add a Source view. [Based on a suggestion by Andrew Stacey]
Fix a well-formedness bug in the list action, due to
boneheaded truncation algorithm. [Reported by Roby Bartels]