Skip to content


Subversion checkout URL

You can clone with
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
Commits on Nov 07, 2011
@rtomayko rtomayko don't sanitize in auto_link
Not sure why this is here. Core Rails's auto_link doesn't sanitize
that I'm aware of. Definitely not under <= 2.3.
@rtomayko rtomayko fix auto_link monkey-patch under Rails 2.x
The module was being included in TextHelper behind the default Rails
implementation and so was never called. This causes the method to be
@vmg vmg Merge pull request #10 from rtomayko/rails-method-replacement
fix auto_link monkey-patch under Rails 2.x
@vmg vmg Merge pull request #9 from rtomayko/no-sanitize
Don't sanitize in auto_link
Commits on Nov 08, 2011
@rtomayko rtomayko feedback from marketing e88a1d7
@vmg vmg Include new Houdini escaping for URLs 5c2d7cc
@vmg vmg Add `skip_tags` argument f369b6f
@vmg vmg Update Gemfile for 1.3.0 aa8c466
@vmg vmg Fix compilation for 1.9.3 ae7d290
@vmg vmg Merge pull request #11 from rtomayko/patch-1
feedback from marketing
Commits on Nov 10, 2011
@vmg vmg 0.4.0: RInku performs no escaping now
HTML escaping is left to the calling app. Inputs are expected to be
previously escaped already.
@vmg vmg Minor fix for UTF-8 chars in gemspec 5e52441
Commits on Dec 03, 2011
@vmg vmg Remove the Upskirt submodule 4669057
@vmg vmg Add Sundown submodule 2a8c646
@vmg vmg Backport changes from Sundown
Fixes bug with URLs that end in a single period.
Commits on Dec 04, 2011
@vmg vmg Add global `skip_tags` attribute to the Rinku module a66d445
@vmg vmg Update docs 85a4391
@vmg vmg Bump to 1.5.0 a8f9f9e
Commits on Dec 08, 2011
@henare henare Escape input that's not marked html_safe 85c05eb
@henare henare Always return a string marked html_safe 1beda71
@vmg vmg Merge pull request #17 from henare/rails_escaping
Rinku should escape unencoded Rails input
Commits on Feb 13, 2012
@vmg vmg Fix a terrible terrible XSS bug
Although Rinku was expecting all input data to be properly HTML-encoded,
 we didn't think of the corner case where a link could contain a
 valid `"` character (which isn't required to be explicitly encoded to
 be valid HTML), and open us up to XSS vulnerabilities.

 When writing out attributes, we need to properly escape the same
 character we used to open the attribute declaration: in this case, the
 double quotes.
@vmg vmg Bump to 1.5.1 a6844b8
Commits on May 17, 2012
@erebor erebor Add short_domains option to allow autolinking of domains for the form…
… 'http://foo' without requiring at least one '.' in the domain
@erebor erebor Change short_domain args from integer to boolean (from @jm) d378c8d
@erebor erebor Fix indent 3e6606b
@erebor erebor Bump version slightly for debugging 95256c9
@erebor erebor Add some more output noise 6a80b46
Commits on May 18, 2012
@erebor erebor Take out debug output 8a2a2c4
@vmg vmg Merge pull request #20 from erebor/master
Add the option to accept short domain names (not FQDN)
Commits on Jul 08, 2012
@vmg vmg Refactor the autolink flags passing 4df9e57
@vmg vmg Move the export flags to a define 6a91177
@vmg vmg Bump to 1.7.0 edc1f08
Commits on Aug 01, 2012
@vmg vmg Hey I'm @vmg a2e9834
Commits on Aug 13, 2012
@bquorning bquorning tanoku → vmg 49ab134
Commits on Aug 15, 2012
@vmg vmg Merge pull request #24 from bquorning/tanoku_vs_vmg
Update repository location in gemspec
Something went wrong with that request. Please try again.