rails.git - Mirror of official rails repo with custom fixes.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Switch to on-by-default XSS escaping for rails.	Michael Koziarski	2009-10-08	1	-1/+10
\| \| \| \| \| \| \| \| \| \| \| \|	This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
*	Include all helpers into ActionView::Helper	Joshua Peek	2008-08-25	1	-3/+3
\|
*	Introduce ActionView::TestCase for testing view helpers.	Joshua Peek	2008-04-19	1	-3/+2
\|
*	require abstract_unit directly since test is in load path	Jeremy Kemper	2008-01-05	1	-3/+3
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Refactor sanitizer helpers into HTML classes and make it easy to swap them ↵	Rick Olson	2007-11-26	1	-187/+2
\| \| \| \| \| \|	out with custom implementations. Closes #10129. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] ↵	David Heinemeier Hansson	2007-10-10	1	-0/+234
	Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de