I have a few of patches for RC.
A quick fix for a bug in clean_html, an improvement to clean_html to
sanitize more links, and the addition of "filter_classes" and
"filter_ids".
What should I do? Email them to someone? why? (sorry, couldn''t avoid
it)
I actually don''t have separate patches for each, but could do them if
needed. The first two are "one liners", and the filter_* is not too
complex.
I''ve included the patch file in case you guys want to take a look.
It''s based on 3.0.4, downloaded as a gem. It can''t be applied
directly to the svn trunk, but the bugs are still there.
This fixes a bug that caused clean_html to die on me.
@@ -1114,8 +1120,8 @@
q2 = ( q != '''' ? q :
''\s'' )
if raw[3] =~ /#{prop}\s*=\s*#{q}([^#{q2}]+)#
{q}/i
attrv = $1
- pcs <<
"#{prop}=\"#{$1.gsub(''"'',
''\\"'')}\""
+ pcs <<
"#{prop}=\"#{attrv.gsub(''"'', ''\
\"'')}\""
break
end
end
This makes sure all your src and hrefs are limited to http, https or
ftp, avoiding nasty file or javascript links
@@ -1114,8 +1120,8 @@
q2 = ( q != '''' ? q :
''\s'' )
if raw[3] =~ /#{prop}\s*=\s*#{q}([^#{q2}]+)#
{q}/i
attrv = $1
- next if prop == ''src'' and attrv
=~ %r{^
(?!http)\w+:}
+ next if (prop == ''src'' or prop ==
''href'') and not attrv =~ %r{^(http|https|ftp):}
break
end
end
The rest of the changes are for filter_classes and filter_ids. I
don''t want user content to abuse my css classes and ids.
Anyway, thanks for redcloth, textile rulez, long life to textile,
long life to redcloth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: redcloth.diff
Type: application/octet-stream
Size: 2499 bytes
Desc: not available
Url :
http://rubyforge.org/pipermail/redcloth-upwards/attachments/20051122/4a86bd77/redcloth.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2353 bytes
Desc: not available
Url :
http://rubyforge.org/pipermail/redcloth-upwards/attachments/20051122/4a86bd77/smime.bin