index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
lib
/
action_controller
/
vendor
Commit message (
Expand
)
Author
Age
Files
Lines
*
fix protocol checking in sanitization [CVE-2013-1857]
Aaron Patterson
2013-03-15
1
-2
/
+2
*
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
Charlie Somerville
2013-03-15
1
-3
/
+3
*
HTMl -> HTML: html scanner comment fix
Alexey Vakhov
2011-10-15
1
-1
/
+1
*
add missing require to html sanitizer
Alexey Vakhov
2011-09-27
1
-0
/
+1
*
Tags with invalid names should also be stripped in order to prevent
Aaron Patterson
2011-08-16
1
-1
/
+1
*
Remove extra white spaces on ActionPack docs.
Sebastian Martinez
2011-05-23
1
-1
/
+1
*
Merge pull request #280 from jballanc/frozen-string-strip-tags
José Valim
2011-05-07
1
-1
/
+1
|
\
|
*
Fix for stripping tags from frozen strings.
Joshua Ballanco
2011-04-14
1
-1
/
+1
*
|
document HTML::Selector's :has(string) pseudo class
misfo
2011-04-23
1
-0
/
+2
|
/
*
ActionController::Base.helpers.sanitize ignores case in protocol
Timothy N. Tsvetkov
2010-12-30
1
-1
/
+1
*
class inheritable attributes is used no more! all internal use of class inher...
Josh Kalderimis
2010-11-20
1
-2
/
+2
*
Remove more warnings shadowing outer local variable.
Emilio Tagua
2010-09-27
1
-3
/
+3
*
Remove more warnings shadowing outer local variable.
Emilio Tagua
2010-09-27
1
-3
/
+3
*
Refactor methods in html node to avoid injects.
Emilio Tagua
2010-09-22
1
-8
/
+4
*
Use join instead of looping and calling to_s [#5492 state:resolved]
Thiago Pradi
2010-09-01
1
-3
/
+1
*
Deletes trailing whitespaces (over text files only find * -type f -exec sed '...
Santiago Pastorino
2010-08-14
5
-65
/
+65
*
Strip_tags never ending attribute should not raise a TypeError [#4870 state:r...
Bruno Michel
2010-06-28
2
-0
/
+2
*
regular expressions are usually ASCII-encoded, so force_encoding the content ...
wycats
2010-06-07
1
-0
/
+1
*
Flip deferrable autoload convention
Joshua Peek
2009-12-22
1
-12
/
+14
*
Reorganize autoloads:
Carlhuda
2009-12-02
1
-0
/
+2
*
html-scanner uses Set and class_inheritable_accessor
Jeremy Kemper
2009-05-30
1
-0
/
+3
*
Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved]
Jeffrey Chupp
2009-05-17
1
-1
/
+1
*
Move bundled rack into ActionDispatch
Joshua Peek
2009-04-14
50
-4998
/
+0
*
Ensure our bundled version of rack is at the front of the load path
Joshua Peek
2009-03-15
1
-1
/
+1
*
Add Rack version to Rails info
Joshua Peek
2009-03-14
1
-2
/
+2
*
Update rack to fix multipart uploads with an empty file [#1945 state:resolved]
Joshua Peek
2009-03-13
13
-42
/
+98
*
Update bundled Rack to fix Litespeed compatibility [#2198 state:resolved]
Russ Smith
2009-03-11
7
-10
/
+25
*
update bundled version of rack before 2.3 final
Joshua Peek
2009-03-10
10
-11
/
+42
*
Ensure assert_select works with XML namespaced attributes [#1547 state:resolv...
Pratik Naik
2009-03-07
1
-1
/
+1
*
Update bundled rack to fix more parameter parsing issues
Joshua Peek
2009-02-14
2
-12
/
+25
*
Reapply 0d5b3e6
Joshua Peek
2009-02-10
1
-1
/
+1
*
Update vendored rack
Joshua Peek
2009-02-10
5
-9
/
+32
*
Make sure vendored rack is at the front of the load path
Joshua Peek
2009-02-10
1
-2
/
+1
*
Update bundled Rack for Ruby 1.9 spec changes
Joshua Peek
2009-02-07
10
-25
/
+29
*
Temporarily bundle Rack 1.0 prerelease for testing
Joshua Peek
2009-02-07
48
-0
/
+4857
*
Depend on rack 0.4.0 instead of vendoring it
Joshua Peek
2008-11-25
41
-4225
/
+0
*
Ensure all HTML:: constants are available to autoload [#1462 state:resolved]
Craig Davey
2008-11-25
1
-1
/
+8
*
Autoload HTML::Document and sanitizers
Jeremy Kemper
2008-11-23
1
-0
/
+9
*
Use a relative require for bundled rack lib
Jeremy Kemper
2008-11-22
1
-1
/
+2
*
Vendor rack 0.4.0
Joshua Peek
2008-11-22
41
-0
/
+4224
*
Fixed the sanitize helper to avoid double escaping already properly escaped e...
David Heinemeier Hansson
2008-11-06
1
-1
/
+1
*
Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes.
Jeffrey Hardy
2008-10-23
1
-1
/
+1
*
Fix that HTML::Node.parse would blow up on unclosed CDATA sections.
Jeffrey Hardy
2008-10-23
1
-1
/
+8
*
Merge with docrails.
Pratik Naik
2008-07-16
1
-2
/
+2
*
Patched HTML::Document#initialize call to Node.parse so that it includes the ...
Jimmy Baker
2008-06-24
1
-1
/
+1
*
Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed CDATA t...
David Heinemeier Hansson
2008-03-28
1
-1
/
+1
*
Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes ...
Rick Olson
2007-12-23
1
-2
/
+2
*
Removed some of the tags that does not make sense to allow per default in the...
David Heinemeier Hansson
2007-12-04
1
-2
/
+2
*
Refactor sanitizer helpers into HTML classes and make it easy to swap them ou...
Rick Olson
2007-11-26
2
-0
/
+174
*
Fixed spelling errors (closes #9706) [tarmo/rmm5t]
David Heinemeier Hansson
2007-09-28
1
-1
/
+1
[next]