Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | | Removed :nodoc: from PermitScrubber. | Timm | 2014-06-16 | 1 | -1/+0 | |
| | | | ||||||
| * | | Reworked documentation for PermitScrubber and TargetScrubber. | Timm | 2014-06-16 | 1 | -2/+33 | |
| | | | ||||||
| * | | Fixed: spelling error. | Timm | 2014-06-16 | 1 | -1/+1 | |
| | | | ||||||
| * | | Initialized tags and attributes to nil. | Timm | 2014-06-16 | 1 | -0/+4 | |
| | | | ||||||
| * | | Refactored scrub to keep_node? instead of scrub_node calling it. Also added ↵ | Timm | 2014-06-16 | 1 | -6/+5 | |
| | | | | | | | | | | | | ability to stop traversing by returning STOP from scrub_node. | |||||
| * | | Changed PermitScrubber to be even more extensible. Updated TargetScrubber to ↵ | Timm | 2014-06-16 | 1 | -39/+40 | |
| | | | | | | | | | | | | be compliant. Updated documentation for PermitScrubber and TargetScrubber for clarity. | |||||
| * | | Changed PermitScrubbers documentation to list override points for ↵ | Timm | 2014-06-16 | 1 | -12/+15 | |
| | | | | | | | | | | | | subclasses. Renamed should_remove_attributes? to should_scrub_attributes?. | |||||
| * | | Already killed off LinkScrubber. Changed it instead to be TargetScrubber, ↵ | Timm | 2014-06-16 | 2 | -9/+20 | |
| | | | | | | | | | | | | which is more general, while still allowing maximum code reuse. | |||||
| * | | Added LinkScrubber to remove duplication in LinkSanitizer. As such made ↵ | Timm | 2014-06-16 | 2 | -11/+22 | |
| | | | | | | | | | | | | PermitScrubber easier to subclass. | |||||
| * | | Changed FullSanitizer sanitize to use tap method instead of temporary variable. | Timm | 2014-06-16 | 1 | -3/+3 | |
| | | | ||||||
| * | | Extracted the common xpaths to remove into XPATHS_TO_REMOVE. | Timm | 2014-06-16 | 1 | -2/+4 | |
| | | | ||||||
| * | | Refactored remove_xpaths to use duck typing and read better. | Timm | 2014-06-16 | 1 | -4/+5 | |
| | | | ||||||
| * | | Changed explanation for no duck typing of custom scrubbers. | Timm | 2014-06-16 | 1 | -1/+2 | |
| | | | ||||||
| * | | Updated documentation to tell that a custom scrubber takes precedence. | Timm | 2014-06-15 | 1 | -0/+1 | |
| | | | ||||||
| * | | Updated the documentation to reflect the scrubber option. | Timm | 2014-06-15 | 1 | -1/+22 | |
| | | | ||||||
| * | | Marked the private API as not needing code documentation. | Timm | 2014-06-15 | 2 | -0/+2 | |
| | | | ||||||
| * | | Added ability to pass a custom scrubber to sanitize. Includes test coverage. | Timm | 2014-06-15 | 1 | -1/+3 | |
| | | | ||||||
| * | | Moved requiring of Loofah from sanitizers.rb to action_view.rb. | Timm | 2014-06-15 | 1 | -1/+0 | |
| | | | ||||||
| * | | Added ActionView::Sanitizer and moved remove_xpaths to there. | Timm | 2014-06-15 | 1 | -7/+0 | |
| | | | ||||||
| * | | Added comment removal. Changed definitation of remove_xpaths to not use a ↵ | Timm | 2014-06-15 | 1 | -11/+24 | |
| | | | | | | | | | | | | splat operator. | |||||
| * | | Extracted the xpath removals into some new API that allows users to remove ↵ | Timm | 2014-06-15 | 1 | -2/+8 | |
| | | | | | | | | | | | | xpath subtrees. | |||||
| * | | Added removal of script tags to WhiteListSanitizer. | Timm | 2014-06-15 | 1 | -0/+1 | |
| | | | ||||||
| * | | Added guard clauses to FullSanitizer. | Timm | 2014-06-15 | 1 | -1/+6 | |
| | | | ||||||
| * | | bad_tags include form since we remove it. Also to prevent a ↵ | Timm | 2014-06-15 | 1 | -1/+1 | |
| | | | | | | | | | | | | should_allow_form_tag test creation. | |||||
| * | | Removed the contains_bad_protocols? method as well as the tests for it. ↵ | Timm | 2014-06-15 | 1 | -8/+2 | |
| | | | | | | | | | | | | Loofah already deals with this. | |||||
| * | | Reordered form removal with stripping. | Timm | 2014-06-15 | 1 | -4/+7 | |
| | | | ||||||
| * | | Added PermitScrubber which allows you to permit elements for sanitization. | Timm | 2014-06-15 | 2 | -13/+85 | |
| | | | ||||||
| * | | Removed duplication in the deprecated methods. | Timm | 2014-06-15 | 1 | -5/+5 | |
| | | | ||||||
| * | | Added Loofah as a dependency in actionview.gemspec. | Timm | 2014-06-11 | 2 | -23/+140 | |
| | | | | | | | | | | | | | | | | | | Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb. Deprecated protocol_separator and bad_tags. Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah. | |||||
* | | | Include missing module in tag_helper | Carlos Antonio da Silva | 2014-07-09 | 1 | -0/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 6857415187810f1289068a448268264d0cf0844f we are using #safe_join to join the content when an Array is given, so we must include the dependent module here to make sure it's available when this module is used alone. This was making Simple Form tests to fail with current master due to the missing dependency. | |||||
* | | | [ci skip] /javascript/ -> JavaScript - cover whole app | Akshay Vishnoi | 2014-07-04 | 1 | -2/+2 | |
| | | | ||||||
* | | | Use if/else | Rafael Mendonça França | 2014-06-30 | 1 | -2/+5 | |
| | | | | | | | | | | | | | | | Since we are using both branches of the code is preferable to use if/else over the early return. | |||||
* | | | Add String support for min/max attributes on DatetimeField | Todd Bealmear | 2014-06-30 | 2 | -2/+55 | |
| | | | ||||||
* | | | Tiny documentation fixes [ci skip] | Robin Dupret | 2014-06-29 | 1 | -1/+1 | |
| | | | ||||||
* | | | Rename options param of #time_ago_in_words to match API change | Max Kramer | 2014-06-28 | 1 | -2/+2 | |
| |/ |/| | | | Rename `include_seconds_or_options` to `options` to match 6b9356a (which removed the deprecation introduced by #6077). This has no functional impact because the parameter is passed directly through, but makes it clearer that the parameter no longer supports a boolean as input. | |||||
* | | Deal with regex match groups in excerpt | Gareth Rees | 2014-06-24 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Original implementation has bugs if the regex contains a match group. Example: excerpt('This is a beautiful? morning', /\b(beau\w*)\b/i, :radius => 5) Expected: "...is a beautiful? mor..." Actual: "...is a beautifulbeaut..." The original phrase was being converted to a regex and returning the text either side of the phrase as expected: 'This is a beautiful? morning'.split(/beautiful/i, 2) # => ["This is a ", "? morning"] When we have a match with groups the match is returned in the array. Quoting the ruby docs: "If pattern is a Regexp, str is divided where the pattern matches. [...] If pattern contains groups, the respective matches will be returned in the array as well." 'This is a beautiful? morning'.split(/\b(beau\w*)\b/iu, 2) # => ["This is a ", "beautiful", "? morning"] If we assume we want to split on the first match – this fix makes that assumption – we can pass the already assigned `phrase` variable as the place to split (because we already know that a match exists from line 168). Originally spotted by Louise Crow (@crowbot) at https://github.com/mysociety/alaveteli/pull/1557 | |||||
* | | Merge pull request #15732 from kuldeepaggarwal/correct-assets-ouput | Rafael Mendonça França | 2014-06-23 | 2 | -15/+15 | |
|\ \ | | | | | | | [ci skip] correct output for asset_helper methods | |||||
| * | | [ci skip] correct output for asset_helper methods | Kuldeep Aggarwal | 2014-06-16 | 2 | -15/+15 | |
| | | | | | | | | | | | | see cc255d3 | |||||
* | | | Merge pull request #15450 from aditya-kapoor/remove-nbsp-debug | Rafael Mendonça França | 2014-06-19 | 1 | -6/+6 | |
|\ \ \ | | | | | | | | | remove unnecessary gsub for space in ActionView::Helpers#debug | |||||
| * | | | remove unnecessary substitution for space in ActionView::Helpers#debug | Aditya Kapoor | 2014-06-14 | 1 | -6/+6 | |
| |/ / | ||||||
* | | | 'TextHelper#highlight' now accepts a block to highlight the matched words. | Lucas Mazza | 2014-06-19 | 1 | -3/+14 | |
| | | | | | | | | | | | | | | | | | | | | | | | | The helper will yield each matched word, and you can use this instead of the ':highlighter' option for more complex replacing logic: highlight('My email is me@work.com', EMAIL_REGEXP) { |m| mail_to(m) } # => 'My email is <a href="mailto:me@work.com">me@work.com</a>' | |||||
* | | | highlight() now accepts regular expressions as well. | Jan Szumiec | 2014-06-19 | 1 | -4/+6 | |
| | | | ||||||
* | | | excerpt() now accepts regular expression instances as phrases. | Jan Szumiec | 2014-06-19 | 1 | -3/+7 | |
| | | | ||||||
* | | | [ci skip] /javascript/ ~> JavaScript | Aditya Kapoor | 2014-06-17 | 1 | -1/+1 | |
|/ / | ||||||
* | | Merge pull request #15693 from pdg137/enforce_utf8 | Matthew Draper | 2014-06-14 | 3 | -7/+7 | |
|\ \ | | | | | | | | | | In actionview, eliminate calls to tag that use html_safe parameter values. | |||||
| * | | In actionview, eliminate calls to tag that use html_safe parameter values. ↵ | Paul Grayson | 2014-06-13 | 3 | -8/+7 | |
|/ / | | | | | | | This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves. | |||||
* | | Merge pull request #15654 from pdg137/master | Matthew Draper | 2014-06-13 | 2 | -6/+9 | |
|\ \ | |/ |/| | | | In tag helper, honor html_safe on arrays; also make safe_join more similar to Array.join | |||||
| * | In tag helper, honor html_safe on array parameters; also make safe_join more ↵ | Paul Grayson | 2014-06-12 | 2 | -7/+19 | |
|/ | | | | similar to Array.join by first calling flatten. | |||||
* | [ci skip] Fix doc for javascript_helper | Aditya Kapoor | 2014-06-11 | 1 | -1/+7 | |
| | ||||||
* | [ci skip] Add Docs for strip_insignificant_zeros option in number helpers | Akshay Vishnoi | 2014-06-10 | 1 | -10/+8 | |
| |