sanitize 1.0.6 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/HISTORY +6 -0
- data/README.rdoc +1 -1
- data/lib/sanitize.rb +2 -2
- metadata +4 -4
data/HISTORY
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
Sanitize History
|
|
2
2
|
================================================================================
|
|
3
3
|
|
|
4
|
+
Version 1.0.7 (2009-04-11)
|
|
5
|
+
* Requires Hpricot 0.8.1+, which is finally compatible with Ruby 1.9.1.
|
|
6
|
+
* Fixed a bug that caused named character entities containing digits (like
|
|
7
|
+
²) to be escaped when they shouldn't have been. [Reported by Sebastian
|
|
8
|
+
Steinmetz]
|
|
9
|
+
|
|
4
10
|
Version 1.0.6 (2009-02-23)
|
|
5
11
|
* Removed htmlentities gem dependency.
|
|
6
12
|
* Existing well-formed character entity references in the input string are now
|
data/README.rdoc
CHANGED
|
@@ -15,7 +15,7 @@ or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
|
|
|
15
15
|
caution.
|
|
16
16
|
|
|
17
17
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
|
18
|
-
*Version*:: 1.0.
|
|
18
|
+
*Version*:: 1.0.7 (2009-04-11)
|
|
19
19
|
*Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
|
|
20
20
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
|
21
21
|
*Website*:: http://github.com/rgrove/sanitize
|
data/lib/sanitize.rb
CHANGED
|
@@ -26,7 +26,7 @@ $:.uniq!
|
|
|
26
26
|
|
|
27
27
|
require 'rubygems'
|
|
28
28
|
|
|
29
|
-
gem 'hpricot', '~> 0.
|
|
29
|
+
gem 'hpricot', '~> 0.8.1'
|
|
30
30
|
|
|
31
31
|
require 'hpricot'
|
|
32
32
|
require 'sanitize/config'
|
|
@@ -46,7 +46,7 @@ class Sanitize
|
|
|
46
46
|
|
|
47
47
|
# Matches an unencoded ampersand that is not part of a valid character entity
|
|
48
48
|
# reference.
|
|
49
|
-
REGEX_AMPERSAND = /&(?!(?:[a-z]
|
|
49
|
+
REGEX_AMPERSAND = /&(?!(?:[a-z]+[0-9]{0,2}|#[0-9]+|#x[0-9a-f]+);)/i
|
|
50
50
|
|
|
51
51
|
# Matches an attribute value that could be treated by a browser as a URL
|
|
52
52
|
# with a protocol prefix, such as "http:" or "javascript:". Any string of zero
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sanitize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Grove
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-
|
|
12
|
+
date: 2009-04-11 00:00:00 -07:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
requirements:
|
|
21
21
|
- - ~>
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version:
|
|
23
|
+
version: 0.8.1
|
|
24
24
|
version:
|
|
25
25
|
description:
|
|
26
26
|
email: ryan@wonko.com
|
|
@@ -61,7 +61,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
61
61
|
requirements: []
|
|
62
62
|
|
|
63
63
|
rubyforge_project:
|
|
64
|
-
rubygems_version: 1.
|
|
64
|
+
rubygems_version: 1.3.1
|
|
65
65
|
signing_key:
|
|
66
66
|
specification_version: 2
|
|
67
67
|
summary: Whitelist-based HTML sanitizer.
|