Commit graph

89 commits

Author SHA1 Message Date
Jacques Distler
800880f382 Rough In New Sanitizer
Start work (which may not pan out) on a new sanitizer. Right now, it passes
all but 1 of the HTML5lib Sanitizer's unit tests. But it doesn't do much
of anything to ensure well-formedness. This is not an issue for Maruku-processed
content, but it is a concern for <nowiki> blocks.

(One solution would be to use the HTML5lib parser on <nowiki> blocks.)

In any case, this baby is 3 times as fast as the HTML5lib sanitizer.
2008-05-20 17:02:10 -05:00
Jacques Distler
5292899c9a Rails 2.1 RC1
Updated Instiki to Rails 2.1 RC1 (aka 2.0.991).
2008-05-17 23:22:34 -05:00
Jacques Distler
1d5faf4a84 Upgrade to latest REXML
Sync with REXML svn.
2008-04-12 18:56:02 -05:00
Jacques Distler
9b7b6fb805 Latest Maruku and Tweak for itex2MML 1.3.4
Instiki's LaTeX output also supports \Perp.
2008-02-29 01:30:46 -06:00
Jacques Distler
5dd0507acc Support svg:foreignObject
Fixes to the html5lib sanitizer and maruku to support the SVG <foreignObject> element.
Also update to the latest REXML.
2008-02-03 23:56:17 -06:00
Jacques Distler
15640ca7a3 Latest REXML and Latest Maruku 2008-02-01 01:25:38 -06:00
Jacques Distler
550c2e6c40 Remove the action_cache plugin
The action_cache plugin is now rather superfluous (Rails has native support for ETags, for instance).
And it wasn't working right with Rails 2.0.x (pages were being cached, and 304s were being returned
as appropriate, but cached pages were not being served).
2008-01-22 23:35:35 -06:00
Jacques Distler
5db9ddaf47 Fix Busted Functional Tests
Fix the functional tests busted by Revision 212.
Sync with latest HTML5lib.
2008-01-21 11:59:55 -06:00
Jacques Distler
51474e06c8 Styling Hook
Add a distinct class-name for the footer in the page view.
2008-01-19 15:06:17 -06:00
Jacques Distler
bb3ccfed4e Make life a little more difficult for spammers
Sessions are now stored in a cookie (signed and Base-64 encoded).
Form_spam_protection stores form_keys in the session.
Make sure spambots implement both cookies and javascript, by storing hashed (with salt) keys in the session.
2008-01-18 14:49:28 -06:00
Jacques Distler
e7d080db25 Slightly More Efficient
A slightly more efficient implementation of the above change to form_spam_protection.
2008-01-17 03:47:08 -06:00
Jacques Distler
72b4f97382 Garbage Collection of :form_keys
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.

Also, burnt-orange rulz!
2008-01-17 03:20:19 -06:00
Jacques Distler
4586614914 Misc Cleanup
Cleaned up some dependencies, and added a mime_types.yml file for Mongrel-compatibility.
2008-01-14 14:46:38 -06:00
Jacques Distler
f101ee9a21 Manage_Fixtures
Make sure manage_fixtures plugin doesn't mess with fixtures in test/fixtures.
Also, a slightly more elegant version of the REXML version test.
2008-01-13 00:26:25 -06:00
Jacques Distler
38ae064b8a Bundle Latest REXML
Sam Ruby has been doing a bang-up job fixing the bugs in REXML.
Who knows when these improvements will trickle down to vendor distributions of Ruby.
In the meantime, let's bundle the latest version of REXML with Instiki.
We check the version number of the bundled REXML against that of the System REXML, and use whichever is later.
2008-01-11 23:53:29 -06:00
Jacques Distler
1085168bbf Update to latest HTML5lib, Add Maruku testdir
Sync with the latest html5lib.
Having the Maruku unit tests on-hand may be useful for debugging; so let's include them.
2008-01-08 00:01:35 -06:00
Jacques Distler
5d52cf303f Conditional Use of New REXML Output Logic.
Thanks to Sam Ruby for pointing out the problem.
2007-12-28 19:58:22 -06:00
Jason Blevins
f1106428dc Included a test for page names with spaces.
Upgraded to Rails 2.0.2 routing code.  Kept the "old" CGI-style escaping rather than using URI.escape.
2007-12-24 16:02:14 -05:00
Jacques Distler
6873fc8026 Upgrade to Rails 2.0.2
Upgraded to Rails 2.0.2, except that we maintain

   vendor/rails/actionpack/lib/action_controller/routing.rb

from Rail 1.2.6 (at least for now), so that Routes don't change. We still
get to enjoy Rails's many new features.

Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time).
2007-12-21 01:48:59 -06:00
Jacques Distler
0f6889e09f Fix Unicode bug
Fix Diego Restrepo's bug (see Rev 184).
Update to latest HTML5lib.
2007-12-17 03:17:43 -06:00
Jacques Distler
70025a4ba3 More SVG Sanitization 2007-10-31 01:00:45 -05:00
Jacques Distler
eca126f589 Sanitize <svg:image>
This element is unsafe.
2007-10-29 13:51:41 -05:00
Jacques Distler
f24c60c3fb Better handling of SVG attributes which admit uri refs
Just strip out the URI ref, leaving alternates.
2007-10-27 23:08:13 -05:00
Jacques Distler
5208bbf0af Sanitize url refs in SVG attributes
Add some tests.
Sync with latest HTML5lib (includes above sanitization improvements).
2007-10-27 17:34:29 -05:00
Jacques Distler
8ce5016b41 UTF-8 Bug
Create a test case for utf-8 bug reported by Diego Restrepo. Seems to be related to WikiWord chunk handling.
Add some other tests, and fix a minor bug in vendor/plugins/maruku/lib/maruku/ext/math/latex_fix.rb.
2007-10-26 00:48:43 -05:00
Jacques Distler
a92b593949 SVG in Equations
Support the new "svg" environment from itex2MML 1.3.
2007-10-22 22:24:25 -05:00
Jacques Distler
36f55fc9aa Add support for the MathML <semantics> Element 2007-10-21 02:19:10 -05:00
Jacques Distler
207fb1f7f2 New Version
Sync with Latest Instiki Trunk.
Migrate to Rails 1.2.5.
Bump version number.
2007-10-15 12:16:54 -05:00
Jacques Distler
148afb77e0 Sync with latest Maruku
Apparently, Maruku had trouble with the latest release of Ruby (1.8.6, patchlevel 110). This should fix it.
2007-10-10 22:06:44 -05:00
Jacques Distler
55fdc9fff4 Sync with latest HTML5lib 2007-10-06 11:55:58 -05:00
Jacques Distler
c67382d340 Start on LaTeX
Pave the way for Jason's LaTeX macro support.
Also, uniformize the capitalization of "ETag".
2007-10-04 02:50:08 -05:00
Jacques Distler
b0e316e37c Minor Fixes
Get rid of Redefined CONSTANT warning.
Make WEBrick respond to TERM signal. (Launchd, in particular, requires this.)
Rollback superfluous change to rails/actionpack/lib/action_controller/base.rb. Handled by the action_cache plugin.
2007-10-01 22:09:51 -05:00
Jacques Distler
06d96349e4 Don't stomp on test/fixtures, when dumping the database to YAML
Tweak the manage_fixtures plugin to use the dump/fixtures instead of test/fixtures directory.
2007-09-23 01:50:40 -05:00
Jacques Distler
e8769c0b83 Add the manage_fixtures plugin for easy database migration 2007-09-20 00:36:07 -05:00
Jacques Distler
ed68d975df Update to latest HTML5lib
Fix that Tokenizer bug for real this time.
2007-09-09 22:26:19 -05:00
Jacques Distler
5b182bd228 HTML5lib Bug
Fixed a bug in the HTML5lib tokenizer (affects S5 slideshows).
Some miscellaneous code cleanup. In particular, don't bother with zapping control characters;
instead, rely on is_utf8? method to raise an exception (which we do anyway).
2007-09-06 10:40:48 -05:00
Jacques Distler
f482036683 S5 Themes Support
Added support for S5 Themes. Themes are stored in the public/s5/themes/ directory.
6 themes are included: default, nautilus, blue, flower, i18n, pixel.
2007-09-05 08:38:54 -05:00
Jacques Distler
81d3cdc8e4 Minor S5 tweaks and Sync with Latest HTML5lib 2007-08-30 12:19:10 -05:00
Jacques Distler
1bc5da0053 Use XHTMLSerializer, where appropriate. 2007-07-04 18:53:03 -05:00
Jacques Distler
8ccaad85a5 Sync with latest HTML5lib and latest Maruku 2007-07-04 17:36:59 -05:00
Jacques Distler
8e92e4a3ab Sync with latest HTML5lib 2007-06-22 03:12:08 -05:00
Jacques Distler
df2898d940 Fix Caching bug (bis)
Nope! It's not a Rails bug. It's an action_cache plugin bug, after all. Fixed now.
2007-06-15 09:59:32 -05:00
Jacques Distler
31f691329a Fix Caching Bug
Files with "+"s in their names (e.g. from Wiki pages with spaces in their names) were not being expired properly. This is actually a Rails bug, but I fixed it by patching the action_cache plugin.
2007-06-15 09:18:06 -05:00
Jacques Distler
3de374d6c1 More fixes, sync with HTML5lib
Do a better job with the wrapper <div>s added by xhtmldiff and Maruku's to_html_tree method.
More tests fixed.
2007-06-13 23:05:15 -05:00
Jacques Distler
3ca33e52b5 Cleanup
Got rid of redcloth_for_tex.
Fixed almost all the busted tests.
2007-06-13 01:56:44 -05:00
Jacques Distler
2da672ec5b Many Minor Fixes
Fixed a whole bunch of minor stuff.
Had a go at getting some of the plethora of broken tests to pass.
2007-06-12 17:37:55 -05:00
Jacques Distler
0ddd422059 Sync with latest HTML5lib 2007-06-11 23:33:06 -05:00
Jacques Distler
c2bfdefa57 Another XSS fix
Yet another interesting XSS attack from 
  http://ha.ckers.org/xss.html
2007-06-11 00:03:51 -05:00
Jacques Distler
aac197430c More XSS vectors defanged 2007-06-10 15:07:26 -05:00
Jacques Distler
a6cbf38304 Table elements, too
Last fixup for the sanitizer tests.
2007-06-09 22:53:35 -05:00