Update Bundler to 1.0.15.
Update Rails to 2.3.12.
Update rails_xss plugin.
The latter two were the
source of a considerable
amount of grief, as rails_xss
is now MUCH stricter about what
string methods can be used.
Also made it possible to use
rake 0.9.x with Instiki. But
you probably REALLY want to use
ruby bundle exec rake ...
instead of just saying
rake ....
Use Bundler to manage RedCloth
gem. 4.x should be much faster
and less buggy. Unfortunately,
it doesn't support mixed
Textile/Markdown syntax. So
we keep an (appropriately
renamed) copy of 3.x around,
for the users of the "Mixed"
text filter.
Completely removed the html5lib sanitizer.
Fixed the string-handling to work in both
Ruby 1.8.x and 1.9.2. There are still,
inexplicably, two functional tests that
fail. But the rest seems to work quite well.
Refactor the upgrade_instiki rake task.
Based on the (very nice) JHerdman's
64d305f2a8
but defaults to 'production' environment, instead.
Instiki users don't know about production/development/test.
Instiki defaults to 'production'. So should its associated rake tasks.
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.
(One solution would be to use the HTML5lib parser on <nowiki> blocks.)
In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
Previously, used a regexp to find and convert named entities in the content.
Now use a more efficient algorithm.
Similar tweak for converting NCRs before checking whether text is valid utf-8.
OK. This is a better way: define a custom TreeWalker which converts named entities to utf-8 as it goes. This avoids having to do an extra tree traversal in sanitize_rexml, AND avoids the trainwreck that is html5/inputstream.rb.
My REXML::Element.to_ncr (and REXML::Element.to_utf8) is horribly slow. For long documents, it proves more efficient to serialize to a string, apply String.to_ncr (or String.to_utf8) and then Sanitize the string.
Jacques Distler