deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
instiki/lib
History
Jacques Distler 52c1f74ecc Add a couple of XSS tests. 
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
..
chunks Preliminary (?) Interface for Deleting Uploaded Files. 2008-12-30 03:03:02 -06:00
native/win32 Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00
caching_stuff.rb Drop hostname from cache key 2008-12-18 09:21:26 -06:00
instiki_errors.rb Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00
node.rb Rough In New Sanitizer 2008-05-20 17:02:10 -05:00
page_renderer.rb Upgrade to Rails 2.2.0 2008-10-27 01:47:01 -05:00
rdocsupport.rb More Ruby 1.9 Compatibility fixes 2008-11-12 09:47:24 -06:00
redcloth.rb Sync with latest Instiki trunk. Changes: 2007-03-18 11:56:12 -05:00
sanitize.rb Better 2008-12-01 10:29:46 -06:00
sanitizer.rb Add a couple of XSS tests. 2009-01-05 16:25:27 -06:00
stringsupport.rb Add a couple of XSS tests. 2009-01-05 16:25:27 -06:00
url_generator.rb Preliminary (?) Interface for Deleting Uploaded Files. 2008-12-30 03:03:02 -06:00
wiki_content.rb Nowiki Include 2008-12-20 23:24:50 -06:00
wiki_words.rb Multiple leading capital letters in a WikiWord 2008-12-25 17:41:35 -06:00