sanitize 1.0.3 → 1.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/HISTORY +5 -0
  2. data/README.rdoc +1 -1
  3. data/lib/sanitize.rb +1 -1
  4. metadata +2 -2
data/HISTORY CHANGED
@@ -1,6 +1,11 @@
1
1
  Sanitize History
2
2
  ================================================================================
3
3
 
4
+ Version 1.0.4 (2009-01-16)
5
+ * Fixed a bug that made it possible to sneak a non-whitelisted element through
6
+ by repeating it several times in a row. All versions of Sanitize prior to
7
+ 1.0.4 are vulnerable. [Reported by Cristobal]
8
+
4
9
  Version 1.0.3 (2009-01-15)
5
10
  * Fixed a bug whereby incomplete Unicode or hex entities could be used to
6
11
  prevent non-whitelisted protocols from being cleaned. Since IE6 and Opera
data/README.rdoc CHANGED
@@ -15,7 +15,7 @@ or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
15
15
  caution.
16
16
 
17
17
  *Author*:: Ryan Grove (mailto:ryan@wonko.com)
18
- *Version*:: 1.0.3 (2009-01-15)
18
+ *Version*:: 1.0.4 (2009-01-16)
19
19
  *Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
20
20
  *License*:: MIT License (http://opensource.org/licenses/mit-license.php)
21
21
  *Website*:: http://github.com/rgrove/sanitize
data/lib/sanitize.rb CHANGED
@@ -84,7 +84,7 @@ class Sanitize
84
84
  def clean!(html)
85
85
  fragment = Hpricot(html)
86
86
 
87
- fragment.traverse_element do |node|
87
+ fragment.search('*') do |node|
88
88
  if node.bogusetag? || node.doctype? || node.procins? || node.xmldecl?
89
89
  node.swap('')
90
90
  next
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanitize
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Grove
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-01-15 00:00:00 -08:00
12
+ date: 2009-01-16 00:00:00 -08:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency