Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Nov 07, 2011
Ryan Tomayko rtomayko don't sanitize in auto_link
Not sure why this is here. Core Rails's auto_link doesn't sanitize
that I'm aware of. Definitely not under <= 2.3.
Ryan Tomayko rtomayko fix auto_link monkey-patch under Rails 2.x
The module was being included in TextHelper behind the default Rails
implementation and so was never called. This causes the method to be
Vicent Marti vmg Merge pull request #10 from rtomayko/rails-method-replacement
fix auto_link monkey-patch under Rails 2.x
Vicent Marti vmg Merge pull request #9 from rtomayko/no-sanitize
Don't sanitize in auto_link
Commits on Nov 08, 2011
Ryan Tomayko rtomayko feedback from marketing e88a1d7
Vicent Marti vmg Include new Houdini escaping for URLs 5c2d7cc
Vicent Marti vmg Add `skip_tags` argument f369b6f
Vicent Marti vmg Update Gemfile for 1.3.0 aa8c466
Vicent Marti vmg Fix compilation for 1.9.3 ae7d290
Vicent Marti vmg Merge pull request #11 from rtomayko/patch-1
feedback from marketing
Commits on Nov 10, 2011
Vicent Marti vmg 0.4.0: RInku performs no escaping now
HTML escaping is left to the calling app. Inputs are expected to be
previously escaped already.
Vicent Marti vmg Minor fix for UTF-8 chars in gemspec 5e52441
Commits on Dec 03, 2011
Vicent Marti vmg Remove the Upskirt submodule 4669057
Vicent Marti vmg Add Sundown submodule 2a8c646
Vicent Marti vmg Backport changes from Sundown
Fixes bug with URLs that end in a single period.
Commits on Dec 04, 2011
Vicent Marti vmg Add global `skip_tags` attribute to the Rinku module a66d445
Vicent Marti vmg Update docs 85a4391
Vicent Marti vmg Bump to 1.5.0 a8f9f9e
Commits on Dec 08, 2011
Henare Degan henare Escape input that's not marked html_safe 85c05eb
Henare Degan henare Always return a string marked html_safe 1beda71
Vicent Marti vmg Merge pull request #17 from henare/rails_escaping
Rinku should escape unencoded Rails input
Commits on Feb 13, 2012
Vicent Marti vmg Fix a terrible terrible XSS bug
Although Rinku was expecting all input data to be properly HTML-encoded,
 we didn't think of the corner case where a link could contain a
 valid `"` character (which isn't required to be explicitly encoded to
 be valid HTML), and open us up to XSS vulnerabilities.

 When writing out attributes, we need to properly escape the same
 character we used to open the attribute declaration: in this case, the
 double quotes.
Vicent Marti vmg Bump to 1.5.1 a6844b8
Commits on May 17, 2012
Ryan Waldron erebor Add short_domains option to allow autolinking of domains for the form…
… 'http://foo' without requiring at least one '.' in the domain
Ryan Waldron erebor Change short_domain args from integer to boolean (from @jm) d378c8d
Ryan Waldron erebor Fix indent 3e6606b
Ryan Waldron erebor Bump version slightly for debugging 95256c9
Ryan Waldron erebor Add some more output noise 6a80b46
Commits on May 18, 2012
Ryan Waldron erebor Take out debug output 8a2a2c4
Vicent Marti vmg Merge pull request #20 from erebor/master
Add the option to accept short domain names (not FQDN)
Commits on Jul 08, 2012
Vicent Marti vmg Refactor the autolink flags passing 4df9e57
Vicent Marti vmg Move the export flags to a define 6a91177
Vicent Marti vmg Bump to 1.7.0 edc1f08
Commits on Aug 01, 2012
Vicent Marti vmg Hey I'm @vmg a2e9834
Commits on Aug 13, 2012
Benjamin Quorning bquorning tanoku → vmg 49ab134
Commits on Aug 15, 2012
Vicent Marti vmg Merge pull request #24 from bquorning/tanoku_vs_vmg
Update repository location in gemspec
Something went wrong with that request. Please try again.