aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/helpers
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge pull request #11218 from kaspth/loofah-integrationRafael Mendonça França2014-07-101-106/+59
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | Loofah-integration Conflicts: actionpack/CHANGELOG.md actionview/CHANGELOG.md
| * | Don't splat arguments to allowed tags or attributes.Timm2014-06-161-2/+2
| | |
| * | Change sanitizer_vendor to just be a method and reword documentation.Timm2014-06-161-4/+5
| | |
| * | Revert some stuff to use the new sanitizers.Timm2014-06-161-6/+6
| | |
| * | Add a layer of indirection making sanitizers pluggable.Timm2014-06-161-3/+8
| | |
| * | Delegate allowed tags and attributes setting to HTML::WhiteListSanitizer.Timm2014-06-161-4/+4
| | |
| * | Changed configuration documentation to no longer state it replaces a Set.Timm2014-06-161-2/+2
| | |
| * | Deprecate configurations and use allowed_tags and allowed_attributes on ↵Timm2014-06-161-99/+22
| | | | | | | | | | | | WhiteListSanitizer.
| * | Made deprecation messages in sanitize_helper more clear.Timm2014-06-161-3/+3
| | |
| * | Completed integration of rails-html-sanitizer in SanitizeHelper. Deprecated ↵Timm2014-06-163-294/+19
| | | | | | | | | | | | protocol_separator accessors and bad_tags=.
| * | Changed PermitScrubber's direction to bottom up to align better with ↵Timm2014-06-161-0/+1
| | | | | | | | | | | | Loofah's strip scrubber.
| * | Now only requiring Loofah in the places where it is needed.Timm2014-06-161-0/+2
| | |
| * | Minor rewording in TargetScrubber documentation.Timm2014-06-161-3/+3
| | |
| * | Now returning html if html is blank? in FullSanitizer and ↵Timm2014-06-161-1/+3
| | | | | | | | | | | | WhiteListSanitizer. This means it'll return false if called with false, however that is not a valid use case.
| * | Stylistic improvements. Some light documentation for remove_xpaths.Timm2014-06-161-6/+8
| | |
| * | Simplified the removal of xpaths in remove_xpaths. Added more tests for ↵Timm2014-06-161-1/+1
| | | | | | | | | | | | remove_xpaths.
| * | Fixed: added apostrophe to possessive noun.Timm2014-06-161-1/+1
| | |
| * | Changed: remove_xpaths called with String returns String, while called with ↵Timm2014-06-161-2/+2
| | | | | | | | | | | | Loofah fragment returns Loofah fragment. Added tests for this.
| * | Removed :nodoc: from PermitScrubber.Timm2014-06-161-1/+0
| | |
| * | Reworked documentation for PermitScrubber and TargetScrubber.Timm2014-06-161-2/+33
| | |
| * | Fixed: spelling error.Timm2014-06-161-1/+1
| | |
| * | Initialized tags and attributes to nil.Timm2014-06-161-0/+4
| | |
| * | Refactored scrub to keep_node? instead of scrub_node calling it. Also added ↵Timm2014-06-161-6/+5
| | | | | | | | | | | | ability to stop traversing by returning STOP from scrub_node.
| * | Changed PermitScrubber to be even more extensible. Updated TargetScrubber to ↵Timm2014-06-161-39/+40
| | | | | | | | | | | | be compliant. Updated documentation for PermitScrubber and TargetScrubber for clarity.
| * | Changed PermitScrubbers documentation to list override points for ↵Timm2014-06-161-12/+15
| | | | | | | | | | | | subclasses. Renamed should_remove_attributes? to should_scrub_attributes?.
| * | Already killed off LinkScrubber. Changed it instead to be TargetScrubber, ↵Timm2014-06-162-9/+20
| | | | | | | | | | | | which is more general, while still allowing maximum code reuse.
| * | Added LinkScrubber to remove duplication in LinkSanitizer. As such made ↵Timm2014-06-162-11/+22
| | | | | | | | | | | | PermitScrubber easier to subclass.
| * | Changed FullSanitizer sanitize to use tap method instead of temporary variable.Timm2014-06-161-3/+3
| | |
| * | Extracted the common xpaths to remove into XPATHS_TO_REMOVE.Timm2014-06-161-2/+4
| | |
| * | Refactored remove_xpaths to use duck typing and read better.Timm2014-06-161-4/+5
| | |
| * | Changed explanation for no duck typing of custom scrubbers.Timm2014-06-161-1/+2
| | |
| * | Updated documentation to tell that a custom scrubber takes precedence.Timm2014-06-151-0/+1
| | |
| * | Updated the documentation to reflect the scrubber option.Timm2014-06-151-1/+22
| | |
| * | Marked the private API as not needing code documentation.Timm2014-06-152-0/+2
| | |
| * | Added ability to pass a custom scrubber to sanitize. Includes test coverage.Timm2014-06-151-1/+3
| | |
| * | Moved requiring of Loofah from sanitizers.rb to action_view.rb.Timm2014-06-151-1/+0
| | |
| * | Added ActionView::Sanitizer and moved remove_xpaths to there.Timm2014-06-151-7/+0
| | |
| * | Added comment removal. Changed definitation of remove_xpaths to not use a ↵Timm2014-06-151-11/+24
| | | | | | | | | | | | splat operator.
| * | Extracted the xpath removals into some new API that allows users to remove ↵Timm2014-06-151-2/+8
| | | | | | | | | | | | xpath subtrees.
| * | Added removal of script tags to WhiteListSanitizer.Timm2014-06-151-0/+1
| | |
| * | Added guard clauses to FullSanitizer.Timm2014-06-151-1/+6
| | |
| * | bad_tags include form since we remove it. Also to prevent a ↵Timm2014-06-151-1/+1
| | | | | | | | | | | | should_allow_form_tag test creation.
| * | Removed the contains_bad_protocols? method as well as the tests for it. ↵Timm2014-06-151-8/+2
| | | | | | | | | | | | Loofah already deals with this.
| * | Reordered form removal with stripping.Timm2014-06-151-4/+7
| | |
| * | Added PermitScrubber which allows you to permit elements for sanitization.Timm2014-06-152-13/+85
| | |
| * | Removed duplication in the deprecated methods.Timm2014-06-151-5/+5
| | |
| * | Added Loofah as a dependency in actionview.gemspec.Timm2014-06-112-23/+140
| | | | | | | | | | | | | | | | | | Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb. Deprecated protocol_separator and bad_tags. Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
* | | Include missing module in tag_helperCarlos Antonio da Silva2014-07-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Since 6857415187810f1289068a448268264d0cf0844f we are using #safe_join to join the content when an Array is given, so we must include the dependent module here to make sure it's available when this module is used alone. This was making Simple Form tests to fail with current master due to the missing dependency.
* | | [ci skip] /javascript/ -> JavaScript - cover whole appAkshay Vishnoi2014-07-041-2/+2
| | |
* | | Use if/elseRafael Mendonça França2014-06-301-2/+5
| | | | | | | | | | | | | | | Since we are using both branches of the code is preferable to use if/else over the early return.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-05 20:10:24 +0000