Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Handle leading spaces in protocol while sanitizing | Manu | 2012-01-12 | 1 | -1/+1 |
| | |||||
* | deprecate String#encoding_aware? and remove its usage | Sergey Nartimov | 2011-12-24 | 1 | -1/+1 |
| | |||||
* | HTMl -> HTML: html scanner comment fix | Alexey Vakhov | 2011-10-15 | 1 | -1/+1 |
| | |||||
* | add missing require to html sanitizer | Alexey Vakhov | 2011-09-27 | 1 | -0/+1 |
| | |||||
* | Tags with invalid names should also be stripped in order to prevent | Aaron Patterson | 2011-08-16 | 1 | -1/+1 |
| | | | | XSS attacks. Thanks Sascha Depold for the report. | ||||
* | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 1 | -1/+1 |
| | |||||
* | Merge pull request #280 from jballanc/frozen-string-strip-tags | José Valim | 2011-05-07 | 1 | -1/+1 |
|\ | | | | | Stripping tags from a frozen string | ||||
| * | Fix for stripping tags from frozen strings. | Joshua Ballanco | 2011-04-14 | 1 | -1/+1 |
| | | | | | | | | This returns behavior under Ruby 1.9 to match Ruby 1.8. | ||||
* | | document HTML::Selector's :has(string) pseudo class | misfo | 2011-04-23 | 1 | -0/+2 |
|/ | |||||
* | ActionController::Base.helpers.sanitize ignores case in protocol | Timothy N. Tsvetkov | 2010-12-30 | 1 | -1/+1 |
| | | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | class inheritable attributes is used no more! all internal use of class ↵ | Josh Kalderimis | 2010-11-20 | 1 | -2/+2 |
| | | | | | | inheritable has been changed to class_attribute. class inheritable attributes has been deprecated. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Remove more warnings shadowing outer local variable. | Emilio Tagua | 2010-09-27 | 1 | -3/+3 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Remove more warnings shadowing outer local variable. | Emilio Tagua | 2010-09-27 | 1 | -3/+3 |
| | |||||
* | Refactor methods in html node to avoid injects. | Emilio Tagua | 2010-09-22 | 1 | -8/+4 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Use join instead of looping and calling to_s [#5492 state:resolved] | Thiago Pradi | 2010-09-01 | 1 | -3/+1 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 5 | -65/+65 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | Strip_tags never ending attribute should not raise a TypeError [#4870 ↵ | Bruno Michel | 2010-06-28 | 2 | -0/+2 |
| | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | regular expressions are usually ASCII-encoded, so force_encoding the content ↵ | wycats | 2010-06-07 | 1 | -0/+1 |
| | | | | of a Node to the encoding of the regular expression is wrong. | ||||
* | html-scanner uses Set and class_inheritable_accessor | Jeremy Kemper | 2009-05-30 | 1 | -0/+3 |
| | |||||
* | Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved] | Jeffrey Chupp | 2009-05-17 | 1 | -1/+1 |
| | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Ensure assert_select works with XML namespaced attributes [#1547 ↵ | Pratik Naik | 2009-03-07 | 1 | -1/+1 |
| | | | | state:resolved] [Jon Yurek] | ||||
* | Fixed the sanitize helper to avoid double escaping already properly escaped ↵ | David Heinemeier Hansson | 2008-11-06 | 1 | -1/+1 |
| | | | | entities [#683 state:committed] | ||||
* | Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes. | Jeffrey Hardy | 2008-10-23 | 1 | -1/+1 |
| | | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Fix that HTML::Node.parse would blow up on unclosed CDATA sections. | Jeffrey Hardy | 2008-10-23 | 1 | -1/+8 |
| | | | | | | | | If an unclosed CDATA section is encountered and parsing is strict, an exception will be raised. Otherwise, we consider the remainder of the line to be the section contents. This is consistent with HTML::Tokenizer#scan_tag. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Merge with docrails. | Pratik Naik | 2008-07-16 | 1 | -2/+2 |
| | |||||
* | Patched HTML::Document#initialize call to Node.parse so that it includes the ↵ | Jimmy Baker | 2008-06-24 | 1 | -1/+1 |
| | | | | strict argument. [#330] | ||||
* | Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed CDATA ↵ | David Heinemeier Hansson | 2008-03-28 | 1 | -1/+1 |
| | | | | | | tags (closes #10071) [esad, packagethief] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9111 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes ↵ | Rick Olson | 2007-12-23 | 1 | -2/+2 |
| | | | | | | #10566 [wesley.moxam] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Removed some of the tags that does not make sense to allow per default in ↵ | David Heinemeier Hansson | 2007-12-04 | 1 | -2/+2 |
| | | | | | | the whitelist git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8269 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Refactor sanitizer helpers into HTML classes and make it easy to swap them ↵ | Rick Olson | 2007-11-26 | 2 | -0/+174 |
| | | | | | | out with custom implementations. Closes #10129. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fixed spelling errors (closes #9706) [tarmo/rmm5t] | David Heinemeier Hansson | 2007-09-28 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7666 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | [html-scanner] Fix parsing of empty tags. Closes #7641. [anthony.bailey] | Michael Koziarski | 2007-09-21 | 1 | -0/+3 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7528 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Back out of [7300] -- it screwed up nested XML | David Heinemeier Hansson | 2007-08-21 | 1 | -3/+0 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7357 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Ignore processing instructions when parsing html | Michael Koziarski | 2007-08-10 | 1 | -0/+3 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7300 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick] | Rick Olson | 2007-02-04 | 1 | -3/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6117 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵ | Jeremy Kemper | 2007-01-28 | 2 | -9/+13 |
| | | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Nodoc the irrelevant (from 1.2) | David Heinemeier Hansson | 2007-01-26 | 1 | -1/+2 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6044 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix HTML::Node to output double quotes instead of single quotes. Closes ↵ | Rick Olson | 2006-12-14 | 1 | -1/+1 |
| | | | | | | #6845 [mitreandy] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5718 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix assert_tag so that :content => "foo" does not match substrings, but only ↵ | Jamis Buck | 2006-09-10 | 1 | -1/+1 |
| | | | | | | exact strings. Use :content => /foo/ to match substrings. closes #2799 git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5086 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Added assert_select* for CSS selector-based testing (deprecates assert_tag) ↵ | David Heinemeier Hansson | 2006-09-03 | 2 | -0/+823 |
| | | | | | | #5936 [assaf.arkin@gmail.com] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4929 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Cleanup assert_tag :children counting. Closes #2181. | Jeremy Kemper | 2006-09-03 | 1 | -1/+0 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4915 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | allow -'s in tag names for html scanner when scanning AR xml documents | Rick Olson | 2006-04-22 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4251 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Remove insignificant classes from docs | David Heinemeier Hansson | 2005-12-08 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3249 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Allow assert_tag(:conditions) to match the empty string when a tag has no ↵ | Jamis Buck | 2005-11-21 | 2 | -2/+8 |
| | | | | | | children. Closes #2959. [Jamis Buck] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3154 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Update html-scanner to handle CDATA sections better. Closes #2970. [Jamis Buck] | Jamis Buck | 2005-11-21 | 2 | -0/+16 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3153 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | assert_tag uses exact matches for string conditions, instead of partial ↵ | Jamis Buck | 2005-11-09 | 1 | -1/+1 |
| | | | | | | matches. Use regex to do partial matches. #2799 git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2952 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix conflict with assert_tag and Glue gem (closes #2255) ↵ | David Heinemeier Hansson | 2005-11-07 | 1 | -2/+2 |
| | | | | | | [david.felstead@gmail.com] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2905 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix the html-scanner to count children correctly, playing nicely with :only, ↵ | Jamis Buck | 2005-10-18 | 1 | -1/+5 |
| | | | | | | fixes #2181 [patrick@lenz.sh] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2670 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Make assert_tag :children count appropriately. Closes #2181. | Marcel Molina | 2005-10-09 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2500 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Optimized tag_options to not sort keys, which is no longer necessary when ↵ | David Heinemeier Hansson | 2005-09-20 | 1 | -1/+23 |
| | | | | | | assert_dom_equal and friend is available #1995 [skae]. Added assert_dom_equal and assert_dom_not_equal to compare tags generated by the helpers in an order-indifferent manner #1995 [skae] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2271 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |