First time I was thinking about whitelisting Regexp for URL but it's probably will not include all URI protocols.
then I thought it should be fixed in conditional_html_safe but right now moving sanitize after auto_link solves problem more gracefully.
sanitize after auto_link - #13 XSS vulnerability
Congrats, you've got commit access now! :-)
@tenderlove thank you :) Making up with rails!
Can you backport this to Rails 3-0-stable for me? I think 3.1 and up don't have the code, but we could use it in 3.0. Thanks!
Also, can you send me the email address you use with rubygems.org? I will give you permission to release this gem.
@tenderlove it's firstname.lastname@example.org
I will try to backport but I'm not too much pro with git thus it may take a while
Ok. You have release permission now. In order to release, update this version constant and commit. Then do rake release VERSION=newversion (make sure newversion matches what you updated with). It should automatically tag and push the gem to rubygems.org.
rake release VERSION=newversion
I would just take this patch that you added and apply to rails on the 3-0-stable branch.
thinking on graceful patch 3.0 - it uses different methods. hmm maybe rails/rails#6479 is the best option(something weird goes in that PR, github error probably. backport through web interface..)
oh sorry for mess there it's 2am - gh web interface always pushes to master. ok the whole idea is at homakov/rails@15f1035 ..
No problem! I think the patch is fine. Have some sleep and send the PR again tomorrow! :-)