search

veger / ruby-bbcode

Convert BBCode to HTML and check whether the BBCode is valid
http://rubygems.org/gems/ruby-bbcode
MIT License
28 stars 29 forks source link

fix security xss issue#10 #11

Closed TheNotary closed 11 years ago

TheNotary commented 11 years ago

For #10 it was a simple patch. I added the test case for it too. I was tempted to escape "=" characters too, but those are valid within links so it would have been tricky to escape them properly without causing problems with handling links.

This version is ready for release, it seems that all the youtube changes are working as expected in this commit.

veger commented 11 years ago

Thanks for fixing the problem! It looks good to me