Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix HTML sanitizer allowed_css_properties comment | Alexey Vakhov | 2012-04-13 | 1 | -1/+1 |
| | |||||
* | Don't ignore non Enumerable values passed to sanitize (closes #5585) | Piotr Sarnacki | 2012-03-27 | 1 | -0/+11 |
| | | | | | | | | | When someone accidentally passes a string to sanitize like: sanitize("<span>foo</span>", :tags => "b") there is no indication that it's the wrong way and span will not be removed. | ||||
* | Handle leading spaces in protocol while sanitizing | Manu | 2012-01-12 | 1 | -1/+1 |
| | |||||
* | deprecate String#encoding_aware? and remove its usage | Sergey Nartimov | 2011-12-24 | 1 | -1/+1 |
| | |||||
* | HTMl -> HTML: html scanner comment fix | Alexey Vakhov | 2011-10-15 | 1 | -1/+1 |
| | |||||
* | add missing require to html sanitizer | Alexey Vakhov | 2011-09-27 | 1 | -0/+1 |
| | |||||
* | Tags with invalid names should also be stripped in order to prevent | Aaron Patterson | 2011-08-16 | 1 | -1/+1 |
| | | | | XSS attacks. Thanks Sascha Depold for the report. | ||||
* | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 1 | -1/+1 |
| | |||||
* | Merge pull request #280 from jballanc/frozen-string-strip-tags | José Valim | 2011-05-07 | 1 | -1/+1 |
|\ | | | | | Stripping tags from a frozen string | ||||
| * | Fix for stripping tags from frozen strings. | Joshua Ballanco | 2011-04-14 | 1 | -1/+1 |
| | | | | | | | | This returns behavior under Ruby 1.9 to match Ruby 1.8. | ||||
* | | document HTML::Selector's :has(string) pseudo class | misfo | 2011-04-23 | 1 | -0/+2 |
|/ | |||||
* | ActionController::Base.helpers.sanitize ignores case in protocol | Timothy N. Tsvetkov | 2010-12-30 | 1 | -1/+1 |
| | | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | class inheritable attributes is used no more! all internal use of class ↵ | Josh Kalderimis | 2010-11-20 | 1 | -2/+2 |
| | | | | | | inheritable has been changed to class_attribute. class inheritable attributes has been deprecated. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Remove more warnings shadowing outer local variable. | Emilio Tagua | 2010-09-27 | 1 | -3/+3 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Remove more warnings shadowing outer local variable. | Emilio Tagua | 2010-09-27 | 1 | -3/+3 |
| | |||||
* | Refactor methods in html node to avoid injects. | Emilio Tagua | 2010-09-22 | 1 | -8/+4 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Use join instead of looping and calling to_s [#5492 state:resolved] | Thiago Pradi | 2010-09-01 | 1 | -3/+1 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 5 | -65/+65 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | Strip_tags never ending attribute should not raise a TypeError [#4870 ↵ | Bruno Michel | 2010-06-28 | 2 | -0/+2 |
| | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | regular expressions are usually ASCII-encoded, so force_encoding the content ↵ | wycats | 2010-06-07 | 1 | -0/+1 |
| | | | | of a Node to the encoding of the regular expression is wrong. | ||||
* | Flip deferrable autoload convention | Joshua Peek | 2009-12-22 | 1 | -12/+14 |
| | |||||
* | Reorganize autoloads: | Carlhuda | 2009-12-02 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | * A new module (ActiveSupport::Autoload) is provide that extends autoloading with new behavior. * All autoloads in modules that have extended ActiveSupport::Autoload will be eagerly required in threadsafe environments * Autoloads can optionally leave off the path if the path is the same as full_constant_name.underscore * It is possible to specify that a group of autoloads live under an additional path. For instance, all of ActionDispatch's middlewares are ActionDispatch::MiddlewareName, but they live under "action_dispatch/middlewares/middleware_name" * It is possible to specify that a group of autoloads are all found at the same path. For instance, a number of exceptions might all be declared there. * One consequence of this is that testing-related constants are not autoloaded. To get the testing helpers for a given component, require "component_name/test_case". For instance, "action_controller/test_case". * test_help.rb, which is automatically required by a Rails application's test helper, requires the test_case.rb for all active components, so this change will not be disruptive in existing or new applications. | ||||
* | html-scanner uses Set and class_inheritable_accessor | Jeremy Kemper | 2009-05-30 | 1 | -0/+3 |
| | |||||
* | Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved] | Jeffrey Chupp | 2009-05-17 | 1 | -1/+1 |
| | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Move bundled rack into ActionDispatch | Joshua Peek | 2009-04-14 | 50 | -4998/+0 |
| | |||||
* | Ensure our bundled version of rack is at the front of the load path | Joshua Peek | 2009-03-15 | 1 | -1/+1 |
| | |||||
* | Add Rack version to Rails info | Joshua Peek | 2009-03-14 | 1 | -2/+2 |
| | |||||
* | Update rack to fix multipart uploads with an empty file [#1945 state:resolved] | Joshua Peek | 2009-03-13 | 13 | -42/+98 |
| | |||||
* | Update bundled Rack to fix Litespeed compatibility [#2198 state:resolved] | Russ Smith | 2009-03-11 | 7 | -10/+25 |
| | | | | Signed-off-by: Joshua Peek <josh@joshpeek.com> | ||||
* | update bundled version of rack before 2.3 final | Joshua Peek | 2009-03-10 | 10 | -11/+42 |
| | |||||
* | Ensure assert_select works with XML namespaced attributes [#1547 ↵ | Pratik Naik | 2009-03-07 | 1 | -1/+1 |
| | | | | state:resolved] [Jon Yurek] | ||||
* | Update bundled rack to fix more parameter parsing issues | Joshua Peek | 2009-02-14 | 2 | -12/+25 |
| | |||||
* | Reapply 0d5b3e6 | Joshua Peek | 2009-02-10 | 1 | -1/+1 |
| | |||||
* | Update vendored rack | Joshua Peek | 2009-02-10 | 5 | -9/+32 |
| | |||||
* | Make sure vendored rack is at the front of the load path | Joshua Peek | 2009-02-10 | 1 | -2/+1 |
| | |||||
* | Update bundled Rack for Ruby 1.9 spec changes | Joshua Peek | 2009-02-07 | 10 | -25/+29 |
| | |||||
* | Temporarily bundle Rack 1.0 prerelease for testing | Joshua Peek | 2009-02-07 | 48 | -0/+4857 |
| | |||||
* | Depend on rack 0.4.0 instead of vendoring it | Joshua Peek | 2008-11-25 | 41 | -4225/+0 |
| | |||||
* | Ensure all HTML:: constants are available to autoload [#1462 state:resolved] | Craig Davey | 2008-11-25 | 1 | -1/+8 |
| | | | | Signed-off-by: Joshua Peek <josh@joshpeek.com> | ||||
* | Autoload HTML::Document and sanitizers | Jeremy Kemper | 2008-11-23 | 1 | -0/+9 |
| | |||||
* | Use a relative require for bundled rack lib | Jeremy Kemper | 2008-11-22 | 1 | -1/+2 |
| | |||||
* | Vendor rack 0.4.0 | Joshua Peek | 2008-11-22 | 41 | -0/+4224 |
| | |||||
* | Fixed the sanitize helper to avoid double escaping already properly escaped ↵ | David Heinemeier Hansson | 2008-11-06 | 1 | -1/+1 |
| | | | | entities [#683 state:committed] | ||||
* | Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes. | Jeffrey Hardy | 2008-10-23 | 1 | -1/+1 |
| | | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Fix that HTML::Node.parse would blow up on unclosed CDATA sections. | Jeffrey Hardy | 2008-10-23 | 1 | -1/+8 |
| | | | | | | | | If an unclosed CDATA section is encountered and parsing is strict, an exception will be raised. Otherwise, we consider the remainder of the line to be the section contents. This is consistent with HTML::Tokenizer#scan_tag. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Merge with docrails. | Pratik Naik | 2008-07-16 | 1 | -2/+2 |
| | |||||
* | Patched HTML::Document#initialize call to Node.parse so that it includes the ↵ | Jimmy Baker | 2008-06-24 | 1 | -1/+1 |
| | | | | strict argument. [#330] | ||||
* | Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed CDATA ↵ | David Heinemeier Hansson | 2008-03-28 | 1 | -1/+1 |
| | | | | | | tags (closes #10071) [esad, packagethief] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9111 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes ↵ | Rick Olson | 2007-12-23 | 1 | -2/+2 |
| | | | | | | #10566 [wesley.moxam] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Removed some of the tags that does not make sense to allow per default in ↵ | David Heinemeier Hansson | 2007-12-04 | 1 | -2/+2 |
| | | | | | | the whitelist git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8269 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |