Security fix for CVE-2013-0256, an XSS exploit in RDoc

ok jeremy@ sthen@

devel/ruby-rdoc/Makefile

@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.2 2012/09/23 16:57:34 jeremy Exp $
+# $OpenBSD: Makefile,v 1.3 2013/02/13 18:19:37 jasper Exp $
 
 COMMENT =	generate and display ruby documentation
 
 DISTNAME =	rdoc-3.11
-REVISION =	0
-CATEGORIES =	devel	
+REVISION =	1
+CATEGORIES =	devel
 
 HOMEPAGE =	http://docs.seattlerb.org/rdoc/
 

devel/ruby-rdoc/patches/patch-lib_rdoc_generator_template_darkfish_js_darkfish_js

@@ -0,0 +1,31 @@
+$OpenBSD: patch-lib_rdoc_generator_template_darkfish_js_darkfish_js,v 1.1 2013/02/13 18:19:37 jasper Exp $
+
+Fix CVE-2013-0256, an XSS exploit in RDoc
+From upstream git:
+https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
+
+--- lib/rdoc/generator/template/darkfish/js/darkfish.js.orig	Wed Feb 13 16:20:53 2013
++++ lib/rdoc/generator/template/darkfish/js/darkfish.js	Wed Feb 13 16:21:41 2013
+@@ -109,13 +109,15 @@ function hookSearch() {
+ function highlightTarget( anchor ) {
+   console.debug( "Highlighting target '%s'.", anchor );
+ 
+-  $("a[name=" + anchor + "]").each( function() {
+-    if ( !$(this).parent().parent().hasClass('target-section') ) {
+-      console.debug( "Wrapping the target-section" );
+-      $('div.method-detail').unwrap( 'div.target-section' );
+-      $(this).parent().wrap( '<div class="target-section"></div>' );
+-    } else {
+-      console.debug( "Already wrapped." );
++  $("a[name]").each( function() {
++    if ( $(this).attr("name") == anchor ) {
++      if ( !$(this).parent().parent().hasClass('target-section') ) {
++        console.debug( "Wrapping the target-section" );
++        $('div.method-detail').unwrap( 'div.target-section' );
++        $(this).parent().wrap( '<div class="target-section"></div>' );
++      } else {
++        console.debug( "Already wrapped." );
++      }
+     }
+   });
+ };