sanitize 1.0.7 → 1.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/HISTORY +6 -0
  2. data/README.rdoc +2 -1
  3. data/lib/sanitize.rb +1 -0
  4. metadata +3 -3
data/HISTORY CHANGED
@@ -1,6 +1,12 @@
1
1
  Sanitize History
2
2
  ================================================================================
3
3
 
4
+ Version 1.0.8 (2009-04-23)
5
+ * Added a workaround for an Hpricot bug that prevents attribute names from
6
+ being downcased in recent versions of Hpricot. This was exploitable to
7
+ prevent non-whitelisted protocols from being cleaned. [Reported by Ben
8
+ Wanicur]
9
+
4
10
  Version 1.0.7 (2009-04-11)
5
11
  * Requires Hpricot 0.8.1+, which is finally compatible with Ruby 1.9.1.
6
12
  * Fixed a bug that caused named character entities containing digits (like
data/README.rdoc CHANGED
@@ -15,7 +15,7 @@ or maliciously-formed HTML. When in doubt, Sanitize always errs on the side of
15
15
  caution.
16
16
 
17
17
  *Author*:: Ryan Grove (mailto:ryan@wonko.com)
18
- *Version*:: 1.0.7 (2009-04-11)
18
+ *Version*:: 1.0.8 (2009-04-23)
19
19
  *Copyright*:: Copyright (c) 2009 Ryan Grove. All rights reserved.
20
20
  *License*:: MIT License (http://opensource.org/licenses/mit-license.php)
21
21
  *Website*:: http://github.com/rgrove/sanitize
@@ -145,6 +145,7 @@ or ideas that later became code:
145
145
  * Adam Hooper <adam@adamhooper.com>
146
146
  * Mutwin Kraus <mutle@blogage.de>
147
147
  * Dev Purkayastha <dev.purkayastha@gmail.com>
148
+ * Ben Wanicur <bwanicur@verticalresponse.com>
148
149
 
149
150
  == License
150
151
 
data/lib/sanitize.rb CHANGED
@@ -112,6 +112,7 @@ class Sanitize
112
112
  protocol = @config[:protocols][name]
113
113
 
114
114
  node.raw_attributes.delete_if do |key, value|
115
+ key = key.to_s.downcase
115
116
  next false unless protocol.has_key?(key)
116
117
  next true if value.nil?
117
118
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanitize
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.7
4
+ version: 1.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Grove
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-04-11 00:00:00 -07:00
12
+ date: 2009-04-23 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -61,7 +61,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
61
61
  requirements: []
62
62
 
63
63
  rubyforge_project:
64
- rubygems_version: 1.3.1
64
+ rubygems_version: 1.2.0
65
65
  signing_key:
66
66
  specification_version: 2
67
67
  summary: Whitelist-based HTML sanitizer.