Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on May 18, 2012
  1. Vicent Marti

    Merge pull request #20 from erebor/master

    vmg authored
    Add the option to accept short domain names (not FQDN)
  2. Ryan Waldron

    Take out debug output

    erebor authored
Commits on May 17, 2012
  1. Ryan Waldron

    Add some more output noise

    erebor authored
  2. Ryan Waldron
  3. Ryan Waldron

    Fix indent

    erebor authored
  4. Ryan Waldron
  5. Ryan Waldron

    Add short_domains option to allow autolinking of domains for the form…

    erebor authored
    … 'http://foo' without requiring at least one '.' in the domain
Commits on Feb 13, 2012
  1. Vicent Marti

    Bump to 1.5.1

    vmg authored
  2. Vicent Marti

    Fix a terrible terrible XSS bug

    vmg authored
    Although Rinku was expecting all input data to be properly HTML-encoded,
     we didn't think of the corner case where a link could contain a
     valid `"` character (which isn't required to be explicitly encoded to
     be valid HTML), and open us up to XSS vulnerabilities.
    
     When writing out attributes, we need to properly escape the same
     character we used to open the attribute declaration: in this case, the
     double quotes.
Commits on Dec 8, 2011
  1. Vicent Marti

    Merge pull request #17 from henare/rails_escaping

    vmg authored
    Rinku should escape unencoded Rails input
  2. Henare Degan
  3. Henare Degan
Commits on Dec 4, 2011
  1. Vicent Marti

    Bump to 1.5.0

    vmg authored
  2. Vicent Marti

    Update docs

    vmg authored
  3. Vicent Marti
Commits on Dec 3, 2011
  1. Vicent Marti

    Backport changes from Sundown

    vmg authored
    Fixes bug with URLs that end in a single period.
  2. Vicent Marti

    Add Sundown submodule

    vmg authored
  3. Vicent Marti

    Remove the Upskirt submodule

    vmg authored
Commits on Nov 10, 2011
  1. Vicent Marti
  2. Vicent Marti

    0.4.0: RInku performs no escaping now

    vmg authored
    HTML escaping is left to the calling app. Inputs are expected to be
    previously escaped already.
Commits on Nov 8, 2011
  1. Vicent Marti

    Merge pull request #11 from rtomayko/patch-1

    vmg authored
    feedback from marketing
  2. Vicent Marti

    Fix compilation for 1.9.3

    vmg authored
  3. Vicent Marti

    Update Gemfile for 1.3.0

    vmg authored
  4. Vicent Marti

    Add `skip_tags` argument

    vmg authored
  5. Vicent Marti
  6. Ryan Tomayko

    feedback from marketing

    rtomayko authored
Commits on Nov 7, 2011
  1. Vicent Marti

    Merge pull request #9 from rtomayko/no-sanitize

    vmg authored
    Don't sanitize in auto_link
  2. Vicent Marti

    Merge pull request #10 from rtomayko/rails-method-replacement

    vmg authored
    fix auto_link monkey-patch under Rails 2.x
  3. Ryan Tomayko

    fix auto_link monkey-patch under Rails 2.x

    rtomayko authored
    The module was being included in TextHelper behind the default Rails
    implementation and so was never called. This causes the method to be
    replaced.
  4. Ryan Tomayko

    don't sanitize in auto_link

    rtomayko authored
    Not sure why this is here. Core Rails's auto_link doesn't sanitize
    that I'm aware of. Definitely not under <= 2.3.
Commits on Sep 13, 2011
  1. Vicent Marti

    Backport changes from Sundown

    vmg authored
Commits on Jun 19, 2011
  1. Vicent Marti

    Allow dashes in autolinks

    vmg authored
Commits on Jun 17, 2011
  1. Vicent Marti
Commits on Jun 12, 2011
  1. Vicent Marti

    String#html_safe is Rails 3 only

    vmg authored
  2. Vicent Marti

    Merge pull request #3 from sr/patch-1

    vmg authored
    fixup readme formatting
Something went wrong with that request. Please try again.