Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. [Rick, lifofifo, Jacques Distler]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: Rick Olson <technoweenie@gmail.com> 2007-09-23 00:11:08 +0000
committer: Rick Olson <technoweenie@gmail.com> 2007-09-23 00:11:08 +0000
commit: 2d02199e1581db8dc84361803950b1697f493fc0 (patch)
tree: 732d42271e966dc294d9263f1bf411f44286d876 /actionpack/CHANGELOG
parent: 4965b1b96163aa7bbc5f14d237683a12300e0798 (diff)
download: rails-2d02199e1581db8dc84361803950b1697f493fc0.tar.gz
rails-2d02199e1581db8dc84361803950b1697f493fc0.tar.bz2
rails-2d02199e1581db8dc84361803950b1697f493fc0.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index df25ec800f..b684148f91 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,10 @@
 *SVN*
 
+* Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks.  Closes #8877. [Rick, lifofifo, Jacques Distler]
+
+  This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin).
+  Also applied updated versions of #strip_tags and #strip_links from #8877.
+
 * Remove use of & logic operator. Closes #8114. [watson]
 
 * Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 [rubyruy]
author	Rick Olson <technoweenie@gmail.com>	2007-09-23 00:11:08 +0000
committer	Rick Olson <technoweenie@gmail.com>	2007-09-23 00:11:08 +0000
commit	2d02199e1581db8dc84361803950b1697f493fc0 (patch)
tree	732d42271e966dc294d9263f1bf411f44286d876 /actionpack/CHANGELOG
parent	4965b1b96163aa7bbc5f14d237683a12300e0798 (diff)
download	rails-2d02199e1581db8dc84361803950b1697f493fc0.tar.gz rails-2d02199e1581db8dc84361803950b1697f493fc0.tar.bz2 rails-2d02199e1581db8dc84361803950b1697f493fc0.zip