Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fix protocol checking in sanitization [CVE-2013-1857] | Aaron Patterson | 2013-03-15 | 1 | -2/+2 |
| | | | | | Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb | ||||
* | fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] | Charlie Somerville | 2013-03-15 | 1 | -3/+3 |
| | |||||
* | add missing require to html sanitizer | Alexey Vakhov | 2011-09-27 | 1 | -0/+1 |
| | |||||
* | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 1 | -1/+1 |
| | |||||
* | Fix for stripping tags from frozen strings. | Joshua Ballanco | 2011-04-14 | 1 | -1/+1 |
| | | | | This returns behavior under Ruby 1.9 to match Ruby 1.8. | ||||
* | ActionController::Base.helpers.sanitize ignores case in protocol | Timothy N. Tsvetkov | 2010-12-30 | 1 | -1/+1 |
| | | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | class inheritable attributes is used no more! all internal use of class ↵ | Josh Kalderimis | 2010-11-20 | 1 | -2/+2 |
| | | | | | | inheritable has been changed to class_attribute. class inheritable attributes has been deprecated. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 1 | -25/+25 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | html-scanner uses Set and class_inheritable_accessor | Jeremy Kemper | 2009-05-30 | 1 | -0/+3 |
| | |||||
* | Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved] | Jeffrey Chupp | 2009-05-17 | 1 | -1/+1 |
| | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Fixed the sanitize helper to avoid double escaping already properly escaped ↵ | David Heinemeier Hansson | 2008-11-06 | 1 | -1/+1 |
| | | | | entities [#683 state:committed] | ||||
* | Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes ↵ | Rick Olson | 2007-12-23 | 1 | -2/+2 |
| | | | | | | #10566 [wesley.moxam] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Removed some of the tags that does not make sense to allow per default in ↵ | David Heinemeier Hansson | 2007-12-04 | 1 | -2/+2 |
| | | | | | | the whitelist git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8269 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Refactor sanitizer helpers into HTML classes and make it easy to swap them ↵ | Rick Olson | 2007-11-26 | 1 | -0/+173 |
out with custom implementations. Closes #10129. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |