Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Move action_controller/vendor/html-scanner to action_view | Piotr Sarnacki | 2012-08-28 | 1 | -1/+1 |
| | | | | | | This is another step in moving Action View's dependencies in Action Pack to Action View itself. Also, HtmlScanner seems to be better suited for views rather than controllers. | ||||
* | Do not mark strip_tags result as html_safe | Santiago Pastorino | 2012-08-09 | 1 | -1/+1 |
| | | | | | | Thanks to Marek Labos & Nethemba CVE-2012-3465 | ||||
* | Removing ==Examples and last blank lines of docs from actionpack | Francesco Rodriguez | 2012-05-15 | 1 | -3/+0 |
| | |||||
* | Include TagHelper but don't explicitly require it | Erik Michaels-Ober | 2011-12-12 | 1 | -1/+0 |
| | | | | Allow autoloading to work as intended and avoid multiple requires. | ||||
* | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 1 | -5/+5 |
| | |||||
* | Fixing another example result | Matt Duncan | 2011-04-15 | 1 | -1/+1 |
| | |||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 1 | -2/+2 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | adds missing requires for Object#try | Xavier Noria | 2010-08-09 | 1 | -0/+1 |
| | |||||
* | Concernify SanitizeHelper and TextHelper so including TextHelper correctly ↵ | wycats | 2010-08-04 | 1 | -0/+1 |
| | | | | include SanitizeHelper and extends its ClassMethods | ||||
* | Fixed many references to the old config/environment.rb and Rails::Initializer | Benjamin Quorning | 2010-07-13 | 1 | -14/+14 |
| | |||||
* | Added titles and description. | Rizwan Reza | 2010-06-16 | 1 | -5/+11 |
| | |||||
* | edit pass: the names of Rails components have a space, ie, "Active Record", ↵ | Xavier Noria | 2010-06-14 | 1 | -1/+1 |
| | | | | not "ActiveRecord" | ||||
* | For performance reasons, you can no longer call html_safe! on Strings. ↵ | Yehuda Katz | 2010-01-31 | 1 | -10/+2 |
| | | | | | | | | | | | | Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe. | ||||
* | Merge docrails | Pratik Naik | 2010-01-17 | 1 | -1/+1 |
| | |||||
* | All AD modules are "deferrable" | Joshua Peek | 2009-12-22 | 1 | -0/+1 |
| | |||||
* | Switch to on-by-default XSS escaping for rails. | Michael Koziarski | 2009-10-08 | 1 | -2/+10 |
| | | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration. | ||||
* | prefer autoloaded html scanner | Joshua Peek | 2008-11-24 | 1 | -1/+0 |
| | |||||
* | Autoload HTML::Document and sanitizers | Jeremy Kemper | 2008-11-23 | 1 | -10/+1 |
| | |||||
* | Require missing libraries and check for defined ActionController constant so ↵ | Joshua Peek | 2008-08-26 | 1 | -1/+10 |
| | | | | ActionView can be used standalone | ||||
* | Include all helpers into ActionView::Helper | Joshua Peek | 2008-08-25 | 1 | -31/+54 |
| | |||||
* | Merge with docrails. | Pratik Naik | 2008-07-16 | 1 | -1/+1 |
| | |||||
* | Merge docrails. | Pratik Naik | 2008-05-25 | 1 | -15/+16 |
| | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Added not to sanitize helper docs that it doesn't guarantee well-formed markup. | Michael Schuerig | 2008-05-12 | 1 | -0/+5 |
| | | | | | | Signed-off-by: Michael Koziarski <michael@koziarski.com> [#166 state:resolved] | ||||
* | Improve documentation coverage and markup | Xavier Noria | 2008-05-02 | 1 | -2/+2 |
| | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Refactor sanitizer helpers into HTML classes and make it easy to swap them ↵ | Rick Olson | 2007-11-26 | 1 | -155/+53 |
| | | | | | | out with custom implementations. Closes #10129. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] ↵ | David Heinemeier Hansson | 2007-10-10 | 1 | -0/+325 |
Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |