sanitize 2.0.1 → 2.0.2

data/HISTORY.md

@@ -1,6 +1,15 @@
 Sanitize History
 ================================================================================
 
+Version 2.0.2 (2011-05-21)
+--------------------------
+
+  * Fixed a bug in which a protocol like "java\script:" would be translated to
+    "java%5Cscript:" and allowed through the filter when relative URLs were
+    enabled. This didn't actually allow malicious code to run, but it is
+    undesired behavior.
+
+
 Version 2.0.1 (2011-03-16)
 --------------------------
 

data/README.rdoc

@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
 or maliciously-formed HTML, and will always output valid HTML or XHTML.
 
 *Author*::    Ryan Grove (mailto:ryan@wonko.com)
-*Version*::   2.0.1 (2011-03-16)
+*Version*::   2.0.2 (2011-05-21)
 *Copyright*:: Copyright (c) 2011 Ryan Grove. All rights reserved.
 *License*::   MIT License (http://opensource.org/licenses/mit-license.php)
 *Website*::   http://github.com/rgrove/sanitize

data/lib/sanitize.rb

@@ -41,7 +41,7 @@ class Sanitize
   # or more characters followed by a colon is considered a match, even if the
   # colon is encoded as an entity and even if it's an incomplete entity (which
   # IE6 and Opera will still parse).
-  REGEX_PROTOCOL = /\A([A-Za-z0-9\+\-\.\&\;\#\s]*?)(?:\:|&#0*58|&#x0*3a)/i
+  REGEX_PROTOCOL = /\A([^\/]*?)(?:\:|&#0*58|&#x0*3a)/i
 
   #--
   # Class Methods

data/lib/sanitize/version.rb

@@ -1,3 +1,3 @@
 class Sanitize
-  VERSION = '2.0.1'
+  VERSION = '2.0.2'
 end

metadata

@@ -1,12 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: sanitize
 version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 2
-  - 0
-  - 1
-  version: 2.0.1
+  prerelease: 
+  version: 2.0.2
 platform: ruby
 authors: 
 - Ryan Grove
@@ -14,8 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-16 00:00:00 -07:00
-default_executable: 
+date: 2011-05-21 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: nokogiri
@@ -25,10 +20,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 4
-        - 4
         version: 1.4.4
   type: :runtime
   version_requirements: *id001
@@ -40,10 +31,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 2
-        - 0
-        - 0
         version: 2.0.0
   type: :development
   version_requirements: *id002
@@ -55,10 +42,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 8
-        - 0
         version: 0.8.0
   type: :development
   version_requirements: *id003
@@ -83,7 +66,6 @@ files:
 - lib/sanitize/transformers/clean_element.rb
 - lib/sanitize/version.rb
 - lib/sanitize.rb
-has_rdoc: true
 homepage: https://github.com/rgrove/sanitize/
 licenses: []
 
@@ -97,23 +79,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 1
-      - 8
-      - 7
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 0
       version: "0"
 requirements: []
 
 rubyforge_project: riposte
-rubygems_version: 1.3.7
+rubygems_version: 1.7.2
 signing_key: 
 specification_version: 3
 summary: Whitelist-based HTML sanitizer.