Permalink
Commits on May 20, 2009
  1. Changed protocol regex to ensure Sanitize doesn't kill URLs with colo…

    …ns in path segments
    peter committed May 20, 2009
Commits on Apr 24, 2009
  1. Release 1.0.8

    rgrove committed Apr 24, 2009
  2. Work around an Hpricot bug that prevents attribute names from being d…

    …owncased in recent versions of Hpricot. This was exploitable to prevent non-whitelisted protocols from being cleaned.
    
    See http://github.com/why/hpricot/issues#issue/2
    
    Thanks to Ben Wanicur for reporting this.
    rgrove committed Apr 24, 2009
Commits on Apr 12, 2009
  1. Release 1.0.7

    rgrove committed Apr 12, 2009
Commits on Apr 4, 2009
Commits on Feb 24, 2009
  1. Release version 1.0.6.

    rgrove committed Feb 24, 2009
Commits on Feb 15, 2009
  1. Fix stray comma.

    rgrove committed Feb 15, 2009
  2. Bump gemspec

    rgrove committed Feb 15, 2009
  3. Whoops, forgot one.

    rgrove committed Feb 15, 2009
  4. Add list of contributors.

    rgrove committed Feb 15, 2009
  5. Use :all instead of '*' to specify attributes to be added to all elem…

    …ents; slight tweaks and documentation.
    rgrove committed Feb 15, 2009
  6. added @config[:attributes]['*'] to set values allowed for all elements

    Signed-off-by: Ryan Grove <ryan@wonko.com>
    Mutwin Kraus committed with rgrove Feb 12, 2009
Commits on Feb 8, 2009
  1. Remove htmlentities gem dependency; preserve well-formed entity refer…

    …ences in input; encode special chars in attribute values; encode apostrophes as &#39; rather than &apos;
    rgrove committed Feb 8, 2009
Commits on Feb 7, 2009
  1. Fix crash with unclosed HTML tags

    Adam Hooper committed with rgrove Jan 26, 2009
  2. Whoops, add the gemspec for real

    Adam Hooper committed with rgrove Jan 22, 2009
  3. Refactor so we get a gemspec file

    Adam Hooper committed with rgrove Jan 22, 2009
Commits on Feb 6, 2009
  1. Release 1.0.5.

    rgrove committed Feb 6, 2009
  2. Fix a bug introduced in version 1.0.3 that prevented non-whitelisted …

    …protocols from being cleaned when relative URLs were allowed.
    
    Thanks to Dev Purkayastha for reporting the issue, providing test cases, and suggesting a fix.
    rgrove committed Feb 6, 2009
Commits on Feb 5, 2009
Commits on Jan 16, 2009
  1. Release 1.0.4

    rgrove committed Jan 16, 2009
  2. Fix a bug that made it possible to sneak a non-whitelisted element th…

    …rough by repeating it several times in a row. All versions of Sanitize prior to 1.0.4 are vulnerable. [Reported by Cristobal]
    rgrove committed Jan 16, 2009
  3. Release 1.0.3

    rgrove committed Jan 16, 2009
  4. Fix a bug whereby incomplete Unicode or hex entities could be used to…

    … prevent non-whitelisted protocols from being cleaned.
    rgrove committed Jan 16, 2009
Commits on Jan 4, 2009
  1. Release 1.0.2.

    rgrove committed Jan 4, 2009
  2. Fix a bug that caused an exception to be thrown when parsing a valuel…

    …ess attribute that's expected to contain a URL.
    rgrove committed Jan 4, 2009
Commits on Jan 2, 2009
Commits on Jan 1, 2009
  1. Release 1.0.1

    rgrove committed Jan 1, 2009
  2. Happy New Year!

    rgrove committed Jan 1, 2009
  3. Fix comment typo.

    rgrove committed Jan 1, 2009
  4. Add a workaround for an Hpricot bug (http://code.whytheluckystiff.net…

    …/hpricot/ticket/137) that causes HTML entities for non-ASCII characters to be replaced by question marks, and all other entities to be destructively decoded.
    rgrove committed Jan 1, 2009
Commits on Dec 29, 2008
  1. You can now specify :relative in a protocol config array to allow att…

    …ributes containing relative URLs with no protocol. The Basic and Relaxed configs have been updated to allow relative URLs.
    rgrove committed Dec 29, 2008
Commits on Dec 27, 2008
  1. Rename README to README.rdoc.

    rgrove committed Dec 27, 2008