| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | fix protocol checking in sanitization [CVE-2013-1857] | Aaron Patterson | 2013-03-15 | 1 | -0/+10 |
| | | | | | | Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb | ||||
| * | fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] | Charlie Somerville | 2013-03-15 | 1 | -0/+5 |
| | | |||||
| * | Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a ↵ | Jeremy Kemper | 2013-02-24 | 1 | -1/+1 |
| | | | | | few times, so fix up the test to work with however it chooses to escape. | ||||
| * | ActionPack test fix for RBX | Arun Agrawal | 2011-10-24 | 1 | -1/+6 |
| | | |||||
| * | Tags with invalid names should also be stripped in order to prevent | Aaron Patterson | 2011-08-16 | 1 | -0/+7 |
| | | | | | XSS attacks. Thanks Sascha Depold for the report. | ||||
| * | remove warning: assigned but unused variable | Santiago Pastorino | 2011-06-08 | 1 | -2/+2 |
| | | |||||
| * | Test for stripping tags from a frozen string. | Joshua Ballanco | 2011-04-14 | 1 | -0/+1 |
| | | | | | | | This test will pass under Ruby 1.8 but fail under Ruby 1.9 because of the change in behavior of gsub! w.r.t. frozen strings that do not match the pattern used [ruby-core:23664]. | ||||
| * | ActionController::Base.helpers.sanitize ignores case in protocol | Timothy N. Tsvetkov | 2010-12-30 | 1 | -0/+7 |
| | | | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
| * | Fix test that wasn't running at all. | Emilio Tagua | 2010-09-28 | 1 | -1/+1 |
| | | |||||
| * | Redefine duplicated test name. | Emilio Tagua | 2010-09-28 | 1 | -1/+1 |
| | | |||||
| * | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 6 | -65/+65 |
| | | | | | 's/[ \t]*$//' -i {} \;) | ||||
| * | Strip_tags never ending attribute should not raise a TypeError [#4870 ↵ | Bruno Michel | 2010-06-28 | 1 | -0/+4 |
| | | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
| * | deOMGifying Railties, Active Support, and Action Pack | Mikel Lindsaar | 2010-01-31 | 1 | -2/+2 |
| | | |||||
| * | File extra test folders into controller, dispatch, or template | Joshua Peek | 2009-10-03 | 7 | -0/+944 |
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |