aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Changed early return for filter_matches as well as reassigning matches. ↵Timm2014-06-151-6/+6
| | | | | | | | Meddled with initialize in ArgumentFilter.
| * Removed redundant comments from assert_select.Timm2014-06-151-3/+1
| | | | | | | | Cleaned up a comment.
| * Added assert_size_match! with the assertions for assert_select.Timm2014-06-151-14/+18
| |
| * Changed some documentation for css_select.Timm2014-06-151-1/+1
| |
| * Replaced fragment calls with document, since we assume the responses are ↵Timm2014-06-151-9/+8
| | | | | | | | complete documents.
| * Added filter_matches to reduce line count in assert_select.Timm2014-06-151-24/+19
| |
| * Renamed Selector to ArgumentFilter. Put code from HTMLSelector to ↵Timm2014-06-151-59/+39
| | | | | | | | ArgumentFilter.
| * Removed the custom selected proc. It's no longer needed.Timm2014-06-151-10/+8
| |
| * Updated selector to not have reponse_from_page.Timm2014-06-151-5/+6
| |
| * Changed css_select and pulled out response_from_page from Selector.Timm2014-06-151-23/+17
| |
| * Changed comparison from HTML::Node to Nokogiri::XML::Node in ↵Timm2014-06-151-1/+1
| | | | | | | | assert_select_encoded.
| * Removed more redundant lines. Removed fix_content block that circumvented a ↵Timm2014-06-151-7/+1
| | | | | | | | bug in html-scanner.
| * Removed more lines of code in assert_select.Timm2014-06-151-7/+6
| |
| * Simplified the first delete_if loop in assert_select to use Loofah's text ↵Timm2014-06-151-14/+13
| | | | | | | | method.
| * Removed argument and root variable in assert_select proc.Timm2014-06-151-4/+2
| |
| * Changed name to selector. And a bunch of other things.Timm2014-06-151-60/+51
| |
| * The first attempt at abstracting argument parsing from selection methods.Timm2014-06-151-81/+114
| |
| * Removed tag.rb since it has been deprecated.Timm2014-06-154-321/+0
| |
| * Corrected documentation bug.Timm2014-06-151-10/+57
| |
| * Removed whitespace between dependencies.Timm2014-06-151-0/+1
| |
| * Updated documentation to tell that a custom scrubber takes precedence.Timm2014-06-151-0/+1
| |
| * Updated the documentation to reflect the scrubber option.Timm2014-06-151-1/+22
| |
| * Marked the private API as not needing code documentation.Timm2014-06-152-0/+2
| |
| * Added ability to pass a custom scrubber to sanitize. Includes test coverage.Timm2014-06-152-1/+39
| |
| * Moved requiring of Loofah from sanitizers.rb to action_view.rb.Timm2014-06-152-1/+1
| |
| * Marked tests in sanitize_helper_test.rb as pending.Timm2014-06-151-8/+29
| |
| * Marked a test in form_helper_test.rb as pending because of unknown encoding ↵Timm2014-06-151-0/+2
| | | | | | | | ASCII-8BIT output error.
| * Marked some tests as pending in date_helper_test.rb.Timm2014-06-151-0/+4
| |
| * Added some tests for ActionView::Sanitizer.Timm2014-06-151-0/+32
| |
| * Added ActionView::Sanitizer and moved remove_xpaths to there.Timm2014-06-151-7/+0
| |
| * Changed the description of some pending tests. Changed the expected output ↵Timm2014-06-151-3/+4
| | | | | | | | of a script test.
| * Extracted one highlight test method and marked it as pending.Timm2014-06-151-0/+3
| |
| * Added comment removal. Changed definitation of remove_xpaths to not use a ↵Timm2014-06-151-11/+24
| | | | | | | | splat operator.
| * Extracted the xpath removals into some new API that allows users to remove ↵Timm2014-06-151-2/+8
| | | | | | | | xpath subtrees.
| * Added removal of script tags to WhiteListSanitizer.Timm2014-06-151-0/+1
| |
| * Renamed the SanitizerTest class to SanitersTest, to remove the conflict with ↵Timm2014-06-151-1/+1
| | | | | | | | the old SanitizerTest for html-scanner.
| * Added video poster sanitization testing (from @vipulnsward).Timm2014-06-151-0/+5
| |
| * Extracted failing tests in santiizers_test.rb into their own methods and ↵Timm2014-06-151-7/+71
| | | | | | | | marked them as pending.
| * Added guard clauses to FullSanitizer.Timm2014-06-151-1/+6
| |
| * bad_tags include form since we remove it. Also to prevent a ↵Timm2014-06-151-1/+1
| | | | | | | | should_allow_form_tag test creation.
| * Changed expected value from '<b>' to empty string.Timm2014-06-151-1/+1
| |
| * Removed the contains_bad_protocols? method as well as the tests for it. ↵Timm2014-06-152-41/+2
| | | | | | | | Loofah already deals with this.
| * Reordered form removal with stripping.Timm2014-06-152-5/+8
| |
| * Added PermitScrubber which allows you to permit elements for sanitization.Timm2014-06-152-13/+85
| |
| * Removed duplication in the deprecated methods.Timm2014-06-151-5/+5
| |
| * Added Loofah as a dependency in actionview.gemspec.Timm2014-06-117-32/+485
| | | | | | | | | | | | Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb. Deprecated protocol_separator and bad_tags. Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
* | * gcampbell-rosetta_flash:Aaron Patterson2014-07-104-3/+8
|\ \ | | | | | | | | | Address CVE-2014-4671 (JSONP Flash exploit)
| * | Merge branch 'rosetta_flash' of https://github.com/gcampbell/rails into ↵Aaron Patterson2014-07-104-3/+8
|/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | gcampbell-rosetta_flash * 'rosetta_flash' of https://github.com/gcampbell/rails: Address CVE-2014-4671 (JSONP Flash exploit) Conflicts: actionpack/CHANGELOG.md
| * | Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-094-3/+8
| | | | | | | | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
* | | Merge pull request #16123 from karlentwistle/issues/9299Andrew White2014-07-103-5/+21
|\ \ \ | | | | | | | | Force encoding of US-ASCII to UTF-8 in unescape_uri.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 05:31:19 +0000