aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template/html-scanner/sanitizer_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* fix protocol checking in sanitization [CVE-2013-1857]Aaron Patterson2013-03-151-0/+10
|
* fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]Charlie Somerville2013-03-151-0/+5
|
* Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a ↵Jeremy Kemper2012-10-061-1/+1
| | | | few times, so fix up the test to work with however it chooses to escape.
* Don't ignore non Enumerable values passed to sanitize (closes #5585)Piotr Sarnacki2012-03-271-0/+18
| | | | | | | | | When someone accidentally passes a string to sanitize like: sanitize("<span>foo</span>", :tags => "b") there is no indication that it's the wrong way and span will not be removed.
* Refactor button_to helper to use token_tag methodRafael Mendonça França2012-01-191-2/+0
|
* Handle leading spaces in protocol while sanitizingManu2012-01-121-1/+8
|
* Tags with invalid names should also be stripped in order to preventAaron Patterson2011-08-161-0/+7
| | | | XSS attacks. Thanks Sascha Depold for the report.
* Test for stripping tags from a frozen string.Joshua Ballanco2011-04-141-0/+1
| | | | | | This test will pass under Ruby 1.8 but fail under Ruby 1.9 because of the change in behavior of gsub! w.r.t. frozen strings that do not match the pattern used [ruby-core:23664].
* ActionController::Base.helpers.sanitize ignores case in protocolTimothy N. Tsvetkov2010-12-301-0/+7
| | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-17/+17
| | | | 's/[ \t]*$//' -i {} \;)
* Strip_tags never ending attribute should not raise a TypeError [#4870 ↵Bruno Michel2010-06-281-0/+4
| | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* deOMGifying Railties, Active Support, and Action PackMikel Lindsaar2010-01-311-2/+2
|
* File extra test folders into controller, dispatch, or templateJoshua Peek2009-10-031-0/+273