aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/helpers
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | Missing ActiveSupport require for calling String#firstAkira Matsuda2014-08-141-0/+1
| |/ / /
* | | | Prepare for partial release.Kasper Timm Hansen2014-08-171-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper. - Add upgrade notes. - Add sanitizer to new applications Gemfiles. - Remove 'rails-dom-testing' as a dependency.
* | | | Merge branch 'master' into loofahRafael Mendonça França2014-08-125-94/+92
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/integration_test.rb actionview/CHANGELOG.md
| * | | Fixed #select form builder helper to support block with html outputBogdan Gusiev2014-08-051-1/+1
| | |/ | |/|
| * | docs, cleanup mixed indents within `form_options_helper.rb` RDoc.Yves Senn2014-07-291-81/+81
| | | | | | | | | | | | | | | | | | | | | [ci skip] This fixes the broken code block rendering and indents the examples within the parameter list.
| * | docs, `select` and friends with `multiple=true` include a blank string.Yves Senn2014-07-171-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Jonas Baumann & Yves Senn] The submitted params from a select with `multiple: true` look as follows: ``` {post: {category: [""]}} {post: {category: ["", "Category 1", "Category 2"]}} ``` This is a follow up to #1552.
| * | Fix broken list formatting [ci skip]noinkling2014-07-171-5/+5
| | |
| * | Merge pull request #16161 from jpawlyn/masterAndrew White2014-07-151-1/+1
| |\ \ | | | | | | | | Fix empty host for an asset url when asset_host proc returns nil
| | * | Return an absolute instead of relative path from an asset url in the case of ↵Jolyon Pawlyn2014-07-151-1/+1
| | | | | | | | | | | | | | | | the `asset_host` proc returning nil
| * | | Fix typos like `a html` to `an html` and 'an mail' to 'an email'. [ci skip]Santosh Wadghule2014-07-141-1/+1
| |/ /
* | | Use the plugin API to the getter and settersRafael Mendonça França2014-07-151-4/+4
| | | | | | | | | | | | | | | To avoid having to redefine these methods on the deprecated plugin we should be using the sanitizer_vendor API.
* | | Merge pull request #11218 from kaspth/loofah-integrationRafael Mendonça França2014-07-101-106/+59
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | Loofah-integration Conflicts: actionpack/CHANGELOG.md actionview/CHANGELOG.md
| * | Don't splat arguments to allowed tags or attributes.Timm2014-06-161-2/+2
| | |
| * | Change sanitizer_vendor to just be a method and reword documentation.Timm2014-06-161-4/+5
| | |
| * | Revert some stuff to use the new sanitizers.Timm2014-06-161-6/+6
| | |
| * | Add a layer of indirection making sanitizers pluggable.Timm2014-06-161-3/+8
| | |
| * | Delegate allowed tags and attributes setting to HTML::WhiteListSanitizer.Timm2014-06-161-4/+4
| | |
| * | Changed configuration documentation to no longer state it replaces a Set.Timm2014-06-161-2/+2
| | |
| * | Deprecate configurations and use allowed_tags and allowed_attributes on ↵Timm2014-06-161-99/+22
| | | | | | | | | | | | WhiteListSanitizer.
| * | Made deprecation messages in sanitize_helper more clear.Timm2014-06-161-3/+3
| | |
| * | Completed integration of rails-html-sanitizer in SanitizeHelper. Deprecated ↵Timm2014-06-163-294/+19
| | | | | | | | | | | | protocol_separator accessors and bad_tags=.
| * | Changed PermitScrubber's direction to bottom up to align better with ↵Timm2014-06-161-0/+1
| | | | | | | | | | | | Loofah's strip scrubber.
| * | Now only requiring Loofah in the places where it is needed.Timm2014-06-161-0/+2
| | |
| * | Minor rewording in TargetScrubber documentation.Timm2014-06-161-3/+3
| | |
| * | Now returning html if html is blank? in FullSanitizer and ↵Timm2014-06-161-1/+3
| | | | | | | | | | | | WhiteListSanitizer. This means it'll return false if called with false, however that is not a valid use case.
| * | Stylistic improvements. Some light documentation for remove_xpaths.Timm2014-06-161-6/+8
| | |
| * | Simplified the removal of xpaths in remove_xpaths. Added more tests for ↵Timm2014-06-161-1/+1
| | | | | | | | | | | | remove_xpaths.
| * | Fixed: added apostrophe to possessive noun.Timm2014-06-161-1/+1
| | |
| * | Changed: remove_xpaths called with String returns String, while called with ↵Timm2014-06-161-2/+2
| | | | | | | | | | | | Loofah fragment returns Loofah fragment. Added tests for this.
| * | Removed :nodoc: from PermitScrubber.Timm2014-06-161-1/+0
| | |
| * | Reworked documentation for PermitScrubber and TargetScrubber.Timm2014-06-161-2/+33
| | |
| * | Fixed: spelling error.Timm2014-06-161-1/+1
| | |
| * | Initialized tags and attributes to nil.Timm2014-06-161-0/+4
| | |
| * | Refactored scrub to keep_node? instead of scrub_node calling it. Also added ↵Timm2014-06-161-6/+5
| | | | | | | | | | | | ability to stop traversing by returning STOP from scrub_node.
| * | Changed PermitScrubber to be even more extensible. Updated TargetScrubber to ↵Timm2014-06-161-39/+40
| | | | | | | | | | | | be compliant. Updated documentation for PermitScrubber and TargetScrubber for clarity.
| * | Changed PermitScrubbers documentation to list override points for ↵Timm2014-06-161-12/+15
| | | | | | | | | | | | subclasses. Renamed should_remove_attributes? to should_scrub_attributes?.
| * | Already killed off LinkScrubber. Changed it instead to be TargetScrubber, ↵Timm2014-06-162-9/+20
| | | | | | | | | | | | which is more general, while still allowing maximum code reuse.
| * | Added LinkScrubber to remove duplication in LinkSanitizer. As such made ↵Timm2014-06-162-11/+22
| | | | | | | | | | | | PermitScrubber easier to subclass.
| * | Changed FullSanitizer sanitize to use tap method instead of temporary variable.Timm2014-06-161-3/+3
| | |
| * | Extracted the common xpaths to remove into XPATHS_TO_REMOVE.Timm2014-06-161-2/+4
| | |
| * | Refactored remove_xpaths to use duck typing and read better.Timm2014-06-161-4/+5
| | |
| * | Changed explanation for no duck typing of custom scrubbers.Timm2014-06-161-1/+2
| | |
| * | Updated documentation to tell that a custom scrubber takes precedence.Timm2014-06-151-0/+1
| | |
| * | Updated the documentation to reflect the scrubber option.Timm2014-06-151-1/+22
| | |
| * | Marked the private API as not needing code documentation.Timm2014-06-152-0/+2
| | |
| * | Added ability to pass a custom scrubber to sanitize. Includes test coverage.Timm2014-06-151-1/+3
| | |
| * | Moved requiring of Loofah from sanitizers.rb to action_view.rb.Timm2014-06-151-1/+0
| | |
| * | Added ActionView::Sanitizer and moved remove_xpaths to there.Timm2014-06-151-7/+0
| | |
| * | Added comment removal. Changed definitation of remove_xpaths to not use a ↵Timm2014-06-151-11/+24
| | | | | | | | | | | | splat operator.
| * | Extracted the xpath removals into some new API that allows users to remove ↵Timm2014-06-151-2/+8
| | | | | | | | | | | | xpath subtrees.