sanitize 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/HISTORY +6 -0
- data/README.rdoc +1 -1
- data/lib/sanitize.rb +2 -2
- metadata +4 -4
data/HISTORY
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
Sanitize History
|
|
2
2
|
================================================================================
|
|
3
3
|
|
|
4
|
+
Version 1.0.7 (2009-04-11)
|
|
5
|
+
* Requires Hpricot 0.8.1+, which is finally compatible with Ruby 1.9.1.
|
|
6
|
+
* Fixed a bug that caused named character entities containing digits (like
|
|
7
|
+
²) to be escaped when they shouldn't have been. [Reported by Sebastian
|
|
8
|
+
Steinmetz]
|
|
9
|
+
|
|
4
10
|
Version 1.0.6 (2009-02-23)
|
|
5
11
|
* Removed htmlentities gem dependency.
|
|
6
12
|
* Existing well-formed character entity references in the input string are now
|
data/README.rdoc
CHANGED
|
@@ -15,7 +15,7 @@ or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
|
|
|
15
15
|
caution.
|
|
16
16
|
|
|
17
17
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
|
18
|
-
*Version*:: 1.0.
|
|
18
|
+
*Version*:: 1.0.7 (2009-04-11)
|
|
19
19
|
*Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
|
|
20
20
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
|
21
21
|
*Website*:: http://github.com/rgrove/sanitize
|
data/lib/sanitize.rb
CHANGED
|
@@ -26,7 +26,7 @@ $:.uniq!
|
|
|
26
26
|
|
|
27
27
|
require 'rubygems'
|
|
28
28
|
|
|
29
|
-
gem 'hpricot', '~> 0.
|
|
29
|
+
gem 'hpricot', '~> 0.8.1'
|
|
30
30
|
|
|
31
31
|
require 'hpricot'
|
|
32
32
|
require 'sanitize/config'
|
|
@@ -46,7 +46,7 @@ class Sanitize
|
|
|
46
46
|
|
|
47
47
|
# Matches an unencoded ampersand that is not part of a valid character entity
|
|
48
48
|
# reference.
|
|
49
|
-
REGEX_AMPERSAND = /&(?!(?:[a-z]
|
|
49
|
+
REGEX_AMPERSAND = /&(?!(?:[a-z]+[0-9]{0,2}|#[0-9]+|#x[0-9a-f]+);)/i
|
|
50
50
|
|
|
51
51
|
# Matches an attribute value that could be treated by a browser as a URL
|
|
52
52
|
# with a protocol prefix, such as "http:" or "javascript:". Any string of zero
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-
|
|
12
|
+
date: 2009-04-11 00:00:00 -07:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
requirements:
|
|
21
21
|
- - ~>
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version:
|
|
23
|
+
version: 0.8.1
|
|
24
24
|
version:
|
|
25
25
|
description:
|
|
26
26
|
email: ryan@wonko.com
|
|
@@ -61,7 +61,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
61
61
|
requirements: []
|
|
62
62
|
|
|
63
63
|
rubyforge_project:
|
|
64
|
-
rubygems_version: 1.
|
|
64
|
+
rubygems_version: 1.3.1
|
|
65
65
|
signing_key:
|
|
66
66
|
specification_version: 2
|
|
67
67
|
summary: Whitelist-based HTML sanitizer.
|