Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: master
Commits on May 18, 2012
  1. @vmg

    Merge pull request #20 from erebor/master

    vmg authored
    Add the option to accept short domain names (not FQDN)
  2. @erebor

    Take out debug output

    erebor authored
Commits on May 17, 2012
  1. @erebor

    Add some more output noise

    erebor authored
  2. @erebor
  3. @erebor

    Fix indent

    erebor authored
  4. @erebor
  5. @erebor

    Add short_domains option to allow autolinking of domains for the form…

    erebor authored
    … 'http://foo' without requiring at least one '.' in the domain
Commits on Feb 13, 2012
  1. @vmg

    Bump to 1.5.1

    vmg authored
  2. @vmg

    Fix a terrible terrible XSS bug

    vmg authored
    Although Rinku was expecting all input data to be properly HTML-encoded,
     we didn't think of the corner case where a link could contain a
     valid `"` character (which isn't required to be explicitly encoded to
     be valid HTML), and open us up to XSS vulnerabilities.
    
     When writing out attributes, we need to properly escape the same
     character we used to open the attribute declaration: in this case, the
     double quotes.
Commits on Dec 8, 2011
  1. @vmg

    Merge pull request #17 from henare/rails_escaping

    vmg authored
    Rinku should escape unencoded Rails input
  2. @henare
  3. @henare
Commits on Dec 4, 2011
  1. @vmg

    Bump to 1.5.0

    vmg authored
  2. @vmg

    Update docs

    vmg authored
  3. @vmg
Commits on Dec 3, 2011
  1. @vmg

    Backport changes from Sundown

    vmg authored
    Fixes bug with URLs that end in a single period.
  2. @vmg

    Add Sundown submodule

    vmg authored
  3. @vmg

    Remove the Upskirt submodule

    vmg authored
Commits on Nov 10, 2011
  1. @vmg
  2. @vmg

    0.4.0: RInku performs no escaping now

    vmg authored
    HTML escaping is left to the calling app. Inputs are expected to be
    previously escaped already.
Commits on Nov 8, 2011
  1. @vmg

    Merge pull request #11 from rtomayko/patch-1

    vmg authored
    feedback from marketing
  2. @vmg

    Fix compilation for 1.9.3

    vmg authored
  3. @vmg

    Update Gemfile for 1.3.0

    vmg authored
  4. @vmg

    Add `skip_tags` argument

    vmg authored
  5. @vmg
  6. @rtomayko

    feedback from marketing

    rtomayko authored
Commits on Nov 7, 2011
  1. @vmg

    Merge pull request #9 from rtomayko/no-sanitize

    vmg authored
    Don't sanitize in auto_link
  2. @vmg

    Merge pull request #10 from rtomayko/rails-method-replacement

    vmg authored
    fix auto_link monkey-patch under Rails 2.x
  3. @rtomayko

    fix auto_link monkey-patch under Rails 2.x

    rtomayko authored
    The module was being included in TextHelper behind the default Rails
    implementation and so was never called. This causes the method to be
    replaced.
  4. @rtomayko

    don't sanitize in auto_link

    rtomayko authored
    Not sure why this is here. Core Rails's auto_link doesn't sanitize
    that I'm aware of. Definitely not under <= 2.3.
Commits on Sep 13, 2011
  1. @vmg

    Backport changes from Sundown

    vmg authored
Commits on Jun 19, 2011
  1. @vmg

    Allow dashes in autolinks

    vmg authored
Commits on Jun 17, 2011
  1. @vmg
Commits on Jun 12, 2011
  1. @vmg

    String#html_safe is Rails 3 only

    vmg authored
  2. @vmg

    Merge pull request #3 from sr/patch-1

    vmg authored
    fixup readme formatting
Something went wrong with that request. Please try again.