sanitize 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sanitize might be problematic. Click here for more details.
- data/HISTORY.md +7 -0
- data/README.rdoc +3 -2
- data/lib/sanitize.rb +1 -1
- data/lib/sanitize/version.rb +1 -1
- metadata +3 -3
data/HISTORY.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
Sanitize History
|
|
2
2
|
================================================================================
|
|
3
3
|
|
|
4
|
+
Version 2.0.1 (2011-03-16)
|
|
5
|
+
--------------------------
|
|
6
|
+
|
|
7
|
+
* Updated the protocol regex to anchor at the beginning of the string rather
|
|
8
|
+
than the beginning of a line. [Eaden McKee]
|
|
9
|
+
|
|
10
|
+
|
|
4
11
|
Version 2.0.0 (2011-01-15)
|
|
5
12
|
--------------------------
|
|
6
13
|
|
data/README.rdoc
CHANGED
|
@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
|
|
|
14
14
|
or maliciously-formed HTML, and will always output valid HTML or XHTML.
|
|
15
15
|
|
|
16
16
|
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
|
|
17
|
-
*Version*:: 2.0.
|
|
17
|
+
*Version*:: 2.0.1 (2011-03-16)
|
|
18
18
|
*Copyright*:: Copyright (c) 2011 Ryan Grove. All rights reserved.
|
|
19
19
|
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
|
|
20
20
|
*Website*:: http://github.com/rgrove/sanitize
|
|
@@ -317,7 +317,7 @@ tried to do this by just whitelisting all <code><object></code>,
|
|
|
317
317
|
end
|
|
318
318
|
|
|
319
319
|
# Verify that the video URL is actually a valid YouTube video URL.
|
|
320
|
-
return unless url =~
|
|
320
|
+
return unless url =~ /\Ahttp:\/\/(?:www\.)?youtube\.com\/v\//
|
|
321
321
|
|
|
322
322
|
# We're now certain that this is a YouTube embed, but we still need to run
|
|
323
323
|
# it through a special Sanitize step to ensure that no unwanted elements or
|
|
@@ -351,6 +351,7 @@ The following lovely people have also contributed to Sanitize:
|
|
|
351
351
|
* Nicholas Evans (owlmanatt@gmail.com)
|
|
352
352
|
* Adam Hooper (adam@adamhooper.com)
|
|
353
353
|
* Mutwin Kraus (mutle@blogage.de)
|
|
354
|
+
* Eaden McKee (eadz@eadz.co.nz)
|
|
354
355
|
* Dev Purkayastha (dev.purkayastha@gmail.com)
|
|
355
356
|
* David Reese (work@whatcould.com)
|
|
356
357
|
* Ardie Saeidi (ardalan.saeidi@gmail.com)
|
data/lib/sanitize.rb
CHANGED
|
@@ -41,7 +41,7 @@ class Sanitize
|
|
|
41
41
|
# or more characters followed by a colon is considered a match, even if the
|
|
42
42
|
# colon is encoded as an entity and even if it's an incomplete entity (which
|
|
43
43
|
# IE6 and Opera will still parse).
|
|
44
|
-
REGEX_PROTOCOL =
|
|
44
|
+
REGEX_PROTOCOL = /\A([A-Za-z0-9\+\-\.\&\;\#\s]*?)(?:\:|�*58|�*3a)/i
|
|
45
45
|
|
|
46
46
|
#--
|
|
47
47
|
# Class Methods
|
data/lib/sanitize/version.rb
CHANGED
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 2
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
version: 2.0.
|
|
8
|
+
- 1
|
|
9
|
+
version: 2.0.1
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Ryan Grove
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-
|
|
17
|
+
date: 2011-03-16 00:00:00 -07:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|