Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fix protocol checking in sanitization [CVE-2013-1857] | Aaron Patterson | 2013-03-15 | 1 | -0/+10 |
| | |||||
* | fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] | Charlie Somerville | 2013-03-15 | 1 | -0/+5 |
| | |||||
* | Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a ↵ | Jeremy Kemper | 2012-10-06 | 1 | -1/+1 |
| | | | | few times, so fix up the test to work with however it chooses to escape. | ||||
* | Don't ignore non Enumerable values passed to sanitize (closes #5585) | Piotr Sarnacki | 2012-03-27 | 1 | -0/+18 |
| | | | | | | | | | When someone accidentally passes a string to sanitize like: sanitize("<span>foo</span>", :tags => "b") there is no indication that it's the wrong way and span will not be removed. | ||||
* | Refactor button_to helper to use token_tag method | Rafael Mendonça França | 2012-01-19 | 1 | -2/+0 |
| | |||||
* | Handle leading spaces in protocol while sanitizing | Manu | 2012-01-12 | 1 | -1/+8 |
| | |||||
* | AP tests should inherit from AS::TestCase | Aaron Patterson | 2012-01-05 | 6 | -6/+6 |
| | |||||
* | ActionPack test fix for RBX | Arun Agrawal | 2011-10-24 | 1 | -1/+6 |
| | |||||
* | Tags with invalid names should also be stripped in order to prevent | Aaron Patterson | 2011-08-16 | 1 | -0/+7 |
| | | | | XSS attacks. Thanks Sascha Depold for the report. | ||||
* | remove warning: assigned but unused variable | Santiago Pastorino | 2011-06-08 | 1 | -2/+2 |
| | |||||
* | Test for stripping tags from a frozen string. | Joshua Ballanco | 2011-04-14 | 1 | -0/+1 |
| | | | | | | This test will pass under Ruby 1.8 but fail under Ruby 1.9 because of the change in behavior of gsub! w.r.t. frozen strings that do not match the pattern used [ruby-core:23664]. | ||||
* | ActionController::Base.helpers.sanitize ignores case in protocol | Timothy N. Tsvetkov | 2010-12-30 | 1 | -0/+7 |
| | | | | | | [#6044 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Fix test that wasn't running at all. | Emilio Tagua | 2010-09-28 | 1 | -1/+1 |
| | |||||
* | Redefine duplicated test name. | Emilio Tagua | 2010-09-28 | 1 | -1/+1 |
| | |||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 6 | -65/+65 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | Strip_tags never ending attribute should not raise a TypeError [#4870 ↵ | Bruno Michel | 2010-06-28 | 1 | -0/+4 |
| | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | deOMGifying Railties, Active Support, and Action Pack | Mikel Lindsaar | 2010-01-31 | 1 | -2/+2 |
| | |||||
* | File extra test folders into controller, dispatch, or template | Joshua Peek | 2009-10-03 | 7 | -0/+944 |