aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/vendor
Commit message (Collapse)AuthorAgeFilesLines
* Fix HTML sanitizer allowed_css_properties commentAlexey Vakhov2012-04-131-1/+1
|
* Don't ignore non Enumerable values passed to sanitize (closes #5585)Piotr Sarnacki2012-03-271-0/+11
| | | | | | | | | When someone accidentally passes a string to sanitize like: sanitize("<span>foo</span>", :tags => "b") there is no indication that it's the wrong way and span will not be removed.
* Handle leading spaces in protocol while sanitizingManu2012-01-121-1/+1
|
* deprecate String#encoding_aware? and remove its usageSergey Nartimov2011-12-241-1/+1
|
* HTMl -> HTML: html scanner comment fixAlexey Vakhov2011-10-151-1/+1
|
* add missing require to html sanitizerAlexey Vakhov2011-09-271-0/+1
|
* Tags with invalid names should also be stripped in order to preventAaron Patterson2011-08-161-1/+1
| | | | XSS attacks. Thanks Sascha Depold for the report.
* Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-1/+1
|
* Merge pull request #280 from jballanc/frozen-string-strip-tagsJosé Valim2011-05-071-1/+1
|\ | | | | Stripping tags from a frozen string
| * Fix for stripping tags from frozen strings.Joshua Ballanco2011-04-141-1/+1
| | | | | | | | This returns behavior under Ruby 1.9 to match Ruby 1.8.
* | document HTML::Selector's :has(string) pseudo classmisfo2011-04-231-0/+2
|/
* ActionController::Base.helpers.sanitize ignores case in protocolTimothy N. Tsvetkov2010-12-301-1/+1
| | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* class inheritable attributes is used no more! all internal use of class ↵Josh Kalderimis2010-11-201-2/+2
| | | | | | inheritable has been changed to class_attribute. class inheritable attributes has been deprecated. Signed-off-by: José Valim <jose.valim@gmail.com>
* Remove more warnings shadowing outer local variable.Emilio Tagua2010-09-271-3/+3
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Remove more warnings shadowing outer local variable.Emilio Tagua2010-09-271-3/+3
|
* Refactor methods in html node to avoid injects.Emilio Tagua2010-09-221-8/+4
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Use join instead of looping and calling to_s [#5492 state:resolved]Thiago Pradi2010-09-011-3/+1
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-145-65/+65
| | | | 's/[ \t]*$//' -i {} \;)
* Strip_tags never ending attribute should not raise a TypeError [#4870 ↵Bruno Michel2010-06-282-0/+2
| | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* regular expressions are usually ASCII-encoded, so force_encoding the content ↵wycats2010-06-071-0/+1
| | | | of a Node to the encoding of the regular expression is wrong.
* Flip deferrable autoload conventionJoshua Peek2009-12-221-12/+14
|
* Reorganize autoloads:Carlhuda2009-12-021-0/+2
| | | | | | | | | | | | | | | | | | | | | * A new module (ActiveSupport::Autoload) is provide that extends autoloading with new behavior. * All autoloads in modules that have extended ActiveSupport::Autoload will be eagerly required in threadsafe environments * Autoloads can optionally leave off the path if the path is the same as full_constant_name.underscore * It is possible to specify that a group of autoloads live under an additional path. For instance, all of ActionDispatch's middlewares are ActionDispatch::MiddlewareName, but they live under "action_dispatch/middlewares/middleware_name" * It is possible to specify that a group of autoloads are all found at the same path. For instance, a number of exceptions might all be declared there. * One consequence of this is that testing-related constants are not autoloaded. To get the testing helpers for a given component, require "component_name/test_case". For instance, "action_controller/test_case". * test_help.rb, which is automatically required by a Rails application's test helper, requires the test_case.rb for all active components, so this change will not be disruptive in existing or new applications.
* html-scanner uses Set and class_inheritable_accessorJeremy Kemper2009-05-301-0/+3
|
* Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved]Jeffrey Chupp2009-05-171-1/+1
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Move bundled rack into ActionDispatchJoshua Peek2009-04-1450-4998/+0
|
* Ensure our bundled version of rack is at the front of the load pathJoshua Peek2009-03-151-1/+1
|
* Add Rack version to Rails infoJoshua Peek2009-03-141-2/+2
|
* Update rack to fix multipart uploads with an empty file [#1945 state:resolved]Joshua Peek2009-03-1313-42/+98
|
* Update bundled Rack to fix Litespeed compatibility [#2198 state:resolved]Russ Smith2009-03-117-10/+25
| | | | Signed-off-by: Joshua Peek <josh@joshpeek.com>
* update bundled version of rack before 2.3 finalJoshua Peek2009-03-1010-11/+42
|
* Ensure assert_select works with XML namespaced attributes [#1547 ↵Pratik Naik2009-03-071-1/+1
| | | | state:resolved] [Jon Yurek]
* Update bundled rack to fix more parameter parsing issuesJoshua Peek2009-02-142-12/+25
|
* Reapply 0d5b3e6Joshua Peek2009-02-101-1/+1
|
* Update vendored rackJoshua Peek2009-02-105-9/+32
|
* Make sure vendored rack is at the front of the load pathJoshua Peek2009-02-101-2/+1
|
* Update bundled Rack for Ruby 1.9 spec changesJoshua Peek2009-02-0710-25/+29
|
* Temporarily bundle Rack 1.0 prerelease for testingJoshua Peek2009-02-0748-0/+4857
|
* Depend on rack 0.4.0 instead of vendoring itJoshua Peek2008-11-2541-4225/+0
|
* Ensure all HTML:: constants are available to autoload [#1462 state:resolved]Craig Davey2008-11-251-1/+8
| | | | Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Autoload HTML::Document and sanitizersJeremy Kemper2008-11-231-0/+9
|
* Use a relative require for bundled rack libJeremy Kemper2008-11-221-1/+2
|
* Vendor rack 0.4.0Joshua Peek2008-11-2241-0/+4224
|
* Fixed the sanitize helper to avoid double escaping already properly escaped ↵David Heinemeier Hansson2008-11-061-1/+1
| | | | entities [#683 state:committed]
* Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes.Jeffrey Hardy2008-10-231-1/+1
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Fix that HTML::Node.parse would blow up on unclosed CDATA sections.Jeffrey Hardy2008-10-231-1/+8
| | | | | | | | If an unclosed CDATA section is encountered and parsing is strict, an exception will be raised. Otherwise, we consider the remainder of the line to be the section contents. This is consistent with HTML::Tokenizer#scan_tag. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Merge with docrails.Pratik Naik2008-07-161-2/+2
|
* Patched HTML::Document#initialize call to Node.parse so that it includes the ↵Jimmy Baker2008-06-241-1/+1
| | | | strict argument. [#330]
* Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed CDATA ↵David Heinemeier Hansson2008-03-281-1/+1
| | | | | | tags (closes #10071) [esad, packagethief] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9111 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes ↵Rick Olson2007-12-231-2/+2
| | | | | | #10566 [wesley.moxam] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Removed some of the tags that does not make sense to allow per default in ↵David Heinemeier Hansson2007-12-041-2/+2
| | | | | | the whitelist git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8269 5ecf4fe2-1ee6-0310-87b1-e25e094e27de