RubyGems - sanitize - Versions diffs - 2.0.1 → 2.0.2 - Mend

sanitize 2.0.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/HISTORY.md CHANGED Viewed

@@ -1,6 +1,15 @@
 Sanitize History
 ================================================================================
+Version 2.0.2 (2011-05-21)
+--------------------------
+  * Fixed a bug in which a protocol like "java\script:" would be translated to
+    "java%5Cscript:" and allowed through the filter when relative URLs were
+    enabled. This didn't actually allow malicious code to run, but it is
+    undesired behavior.
 Version 2.0.1 (2011-03-16)
 --------------------------

data/README.rdoc CHANGED Viewed

@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML, and will always output valid HTML or XHTML.
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   2.0.1 (2011-03-16)
+*Version*::   2.0.2 (2011-05-21)
 *Copyright*:: Copyright (c) 2011 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize

data/lib/sanitize.rb CHANGED Viewed

@@ -41,7 +41,7 @@ class Sanitize
   # or more characters followed by a colon is considered a match, even if the
   # colon is encoded as an entity and even if it's an incomplete entity (which
   # IE6 and Opera will still parse).
-  REGEX_PROTOCOL = /\A([A-Za-z0-9\+\-\.\&\;\#\s]*?)(?:\:|&#0*58|&#x0*3a)/i
+  REGEX_PROTOCOL = /\A([^\/]*?)(?:\:|&#0*58|&#x0*3a)/i
   #--
   # Class Methods

data/lib/sanitize/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Sanitize
-  VERSION = '2.0.1'
+  VERSION = '2.0.2'
 end

metadata CHANGED Viewed

@@ -1,12 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: sanitize
 version: !ruby/object:Gem::Version
-  prerelease: false
-  segments:
-  - 2
-  - 0
-  - 1
-  version: 2.0.1
+  prerelease:
+  version: 2.0.2
 platform: ruby
 authors:
 - Ryan Grove
@@ -14,8 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-16 00:00:00 -07:00
-default_executable:
+date: 2011-05-21 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -25,10 +20,6 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        segments:
-        - 1
-        - 4
-        - 4
         version: 1.4.4
   type: :runtime
   version_requirements: *id001
@@ -40,10 +31,6 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        segments:
-        - 2
-        - 0
-        - 0
         version: 2.0.0
   type: :development
   version_requirements: *id002
@@ -55,10 +42,6 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        segments:
-        - 0
-        - 8
-        - 0
         version: 0.8.0
   type: :development
   version_requirements: *id003
@@ -83,7 +66,6 @@ files:
 - lib/sanitize/transformers/clean_element.rb
 - lib/sanitize/version.rb
 - lib/sanitize.rb
-has_rdoc: true
 homepage: https://github.com/rgrove/sanitize/
 licenses: []
@@ -97,23 +79,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      segments:
-      - 1
-      - 8
-      - 7
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      segments:
-      - 0
       version: "0"
 requirements: []
 rubyforge_project: riposte
-rubygems_version: 1.3.7
+rubygems_version: 1.7.2
 signing_key:
 specification_version: 3
 summary: Whitelist-based HTML sanitizer.