deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
instiki/vendor/plugins
History
Jacques Distler 52c1f74ecc Add a couple of XSS tests. 
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
..
diff/lib/diff Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ . 2007-02-10 23:03:15 -06:00
dnsbl_check Faster 2008-12-16 00:40:30 -06:00
form_spam_protection Clarify form_spam_protection Error Message 2008-11-30 17:44:21 -06:00
HTML5lib Add a couple of XSS tests. 2009-01-05 16:25:27 -06:00
manage_fixtures Manage_Fixtures 2008-01-13 00:26:25 -06:00
maruku Faster 2008-12-16 00:40:30 -06:00
rexml/lib Upgrade to latest REXML 2008-04-12 18:56:02 -05:00
rubyzip-0.9.1 Fixes 2008-11-05 22:24:14 -06:00
sqlite3-ruby Update SQLite3 Drivers 2008-12-15 14:45:15 -06:00
syntax/lib Moved Maruku (and its dependencies) and XHTMLDiff (and its dependencies) to vendor/plugins/ . 2007-02-10 23:03:15 -06:00
xhtmldiff/lib Fix buglet in xhtmldiff 2008-12-18 22:12:23 -06:00