52c1f74ecc
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess, the old sanitizer) are vulnerable. Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII, but CGI.unescapeHTML doesn't seem to know that they disagree for i>127. |
||
---|---|---|
.. | ||
plugins | ||
rails |