aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/vendor/html-scanner
Commit message (Collapse)AuthorAgeFilesLines
* Fix HTML sanitizer allowed_css_properties commentAlexey Vakhov2012-04-131-1/+1
|
* Don't ignore non Enumerable values passed to sanitize (closes #5585)Piotr Sarnacki2012-03-271-0/+11
| | | | | | | | | When someone accidentally passes a string to sanitize like: sanitize("<span>foo</span>", :tags => "b") there is no indication that it's the wrong way and span will not be removed.
* Handle leading spaces in protocol while sanitizingManu2012-01-121-1/+1
|
* deprecate String#encoding_aware? and remove its usageSergey Nartimov2011-12-241-1/+1
|
* HTMl -> HTML: html scanner comment fixAlexey Vakhov2011-10-151-1/+1
|
* add missing require to html sanitizerAlexey Vakhov2011-09-271-0/+1
|
* Tags with invalid names should also be stripped in order to preventAaron Patterson2011-08-161-1/+1
| | | | XSS attacks. Thanks Sascha Depold for the report.
* Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-1/+1
|
* Merge pull request #280 from jballanc/frozen-string-strip-tagsJosé Valim2011-05-071-1/+1
|\ | | | | Stripping tags from a frozen string
| * Fix for stripping tags from frozen strings.Joshua Ballanco2011-04-141-1/+1
| | | | | | | | This returns behavior under Ruby 1.9 to match Ruby 1.8.
* | document HTML::Selector's :has(string) pseudo classmisfo2011-04-231-0/+2
|/
* ActionController::Base.helpers.sanitize ignores case in protocolTimothy N. Tsvetkov2010-12-301-1/+1
| | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* class inheritable attributes is used no more! all internal use of class ↵Josh Kalderimis2010-11-201-2/+2
| | | | | | inheritable has been changed to class_attribute. class inheritable attributes has been deprecated. Signed-off-by: José Valim <jose.valim@gmail.com>
* Remove more warnings shadowing outer local variable.Emilio Tagua2010-09-271-3/+3
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Remove more warnings shadowing outer local variable.Emilio Tagua2010-09-271-3/+3
|
* Refactor methods in html node to avoid injects.Emilio Tagua2010-09-221-8/+4
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Use join instead of looping and calling to_s [#5492 state:resolved]Thiago Pradi2010-09-011-3/+1
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-145-65/+65
| | | | 's/[ \t]*$//' -i {} \;)
* Strip_tags never ending attribute should not raise a TypeError [#4870 ↵Bruno Michel2010-06-282-0/+2
| | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* regular expressions are usually ASCII-encoded, so force_encoding the content ↵wycats2010-06-071-0/+1
| | | | of a Node to the encoding of the regular expression is wrong.
* html-scanner uses Set and class_inheritable_accessorJeremy Kemper2009-05-301-0/+3
|
* Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved]Jeffrey Chupp2009-05-171-1/+1
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Ensure assert_select works with XML namespaced attributes [#1547 ↵Pratik Naik2009-03-071-1/+1
| | | | state:resolved] [Jon Yurek]
* Fixed the sanitize helper to avoid double escaping already properly escaped ↵David Heinemeier Hansson2008-11-061-1/+1
| | | | entities [#683 state:committed]
* Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes.Jeffrey Hardy2008-10-231-1/+1
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Fix that HTML::Node.parse would blow up on unclosed CDATA sections.Jeffrey Hardy2008-10-231-1/+8
| | | | | | | | If an unclosed CDATA section is encountered and parsing is strict, an exception will be raised. Otherwise, we consider the remainder of the line to be the section contents. This is consistent with HTML::Tokenizer#scan_tag. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Merge with docrails.Pratik Naik2008-07-161-2/+2
|
* Patched HTML::Document#initialize call to Node.parse so that it includes the ↵Jimmy Baker2008-06-241-1/+1
| | | | strict argument. [#330]
* Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed CDATA ↵David Heinemeier Hansson2008-03-281-1/+1
| | | | | | tags (closes #10071) [esad, packagethief] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9111 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes ↵Rick Olson2007-12-231-2/+2
| | | | | | #10566 [wesley.moxam] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Removed some of the tags that does not make sense to allow per default in ↵David Heinemeier Hansson2007-12-041-2/+2
| | | | | | the whitelist git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8269 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Refactor sanitizer helpers into HTML classes and make it easy to swap them ↵Rick Olson2007-11-262-0/+174
| | | | | | out with custom implementations. Closes #10129. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed spelling errors (closes #9706) [tarmo/rmm5t]David Heinemeier Hansson2007-09-281-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7666 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* [html-scanner] Fix parsing of empty tags. Closes #7641. [anthony.bailey]Michael Koziarski2007-09-211-0/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7528 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Back out of [7300] -- it screwed up nested XMLDavid Heinemeier Hansson2007-08-211-3/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7357 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Ignore processing instructions when parsing htmlMichael Koziarski2007-08-101-0/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7300 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick]Rick Olson2007-02-041-3/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6117 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵Jeremy Kemper2007-01-282-9/+13
| | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Nodoc the irrelevant (from 1.2)David Heinemeier Hansson2007-01-261-1/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6044 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix HTML::Node to output double quotes instead of single quotes. Closes ↵Rick Olson2006-12-141-1/+1
| | | | | | #6845 [mitreandy] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5718 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix assert_tag so that :content => "foo" does not match substrings, but only ↵Jamis Buck2006-09-101-1/+1
| | | | | | exact strings. Use :content => /foo/ to match substrings. closes #2799 git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5086 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added assert_select* for CSS selector-based testing (deprecates assert_tag) ↵David Heinemeier Hansson2006-09-032-0/+823
| | | | | | #5936 [assaf.arkin@gmail.com] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4929 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cleanup assert_tag :children counting. Closes #2181.Jeremy Kemper2006-09-031-1/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4915 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* allow -'s in tag names for html scanner when scanning AR xml documentsRick Olson2006-04-221-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4251 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Remove insignificant classes from docsDavid Heinemeier Hansson2005-12-081-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3249 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Allow assert_tag(:conditions) to match the empty string when a tag has no ↵Jamis Buck2005-11-212-2/+8
| | | | | | children. Closes #2959. [Jamis Buck] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3154 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Update html-scanner to handle CDATA sections better. Closes #2970. [Jamis Buck]Jamis Buck2005-11-212-0/+16
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3153 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* assert_tag uses exact matches for string conditions, instead of partial ↵Jamis Buck2005-11-091-1/+1
| | | | | | matches. Use regex to do partial matches. #2799 git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2952 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix conflict with assert_tag and Glue gem (closes #2255) ↵David Heinemeier Hansson2005-11-071-2/+2
| | | | | | [david.felstead@gmail.com] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2905 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix the html-scanner to count children correctly, playing nicely with :only, ↵Jamis Buck2005-10-181-1/+5
| | | | | | fixes #2181 [patrick@lenz.sh] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2670 5ecf4fe2-1ee6-0310-87b1-e25e094e27de