| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
| |
|
| |
|
|
|
|
|
| |
Use the already existing strings instead of creating a new one each time
just to test if it responds to the methods.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8ce3c1e5dde9fb180813e4d89324db03da110b13, reversing
changes made to f93da579ce7f77dbd58b9a2165861aee265b8c93.
Reason: It slow down the running time.
require "diffbench"
load 'output_safety.rb'
N = 10000
b = ActiveSupport::SafeBuffer.new("hello world")
DiffBench.bm do
report "capitalize in safe buffer" do
N.times do
b.capitalize
end
end
end
> git checkout 069ea45; diffbench bench.rb;
diffbench bench.rb;diffbench
bench.rb;diffbench bench.rb;diffbench
bench.rb;diffbench bench.rb;diffbench
bench.rb;
Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again
user system total
real
----------------------------------capitalize
in safe buffer
After patch: 0.010000 0.000000 0.010000
( 0.009733)
Before patch: 0.010000 0.000000 0.010000
( 0.007702)
Improvement: -26%
Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again
user system total
real
----------------------------------capitalize
in safe buffer
After patch: 0.010000 0.000000 0.010000
( 0.009768)
Before patch: 0.010000 0.000000 0.010000
( 0.007896)
Improvement: -24%
Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again
user system total
real
----------------------------------capitalize
in safe buffer
After patch: 0.010000 0.000000 0.010000
( 0.009938)
Before patch: 0.010000 0.000000 0.010000
( 0.007768)
Improvement: -28%
Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again
user system total
real
----------------------------------capitalize
in safe buffer
After patch: 0.010000 0.000000 0.010000
( 0.010001)
Before patch: 0.010000 0.000000 0.010000
( 0.007873)
Improvement: -27%
Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again
user system total
real
----------------------------------capitalize
in safe buffer
After patch: 0.010000 0.000000 0.010000
( 0.009670)
Before patch: 0.010000 0.000000 0.010000
( 0.007800)
Improvement: -24%
Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again
user system total
real
----------------------------------capitalize
in safe buffer
After patch: 0.010000 0.000000 0.010000
( 0.009949)
Before patch: 0.010000 0.000000 0.010000
( 0.007752)
Improvement: -28%
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
actionmailer/lib/action_mailer/base.rb
activesupport/lib/active_support/configurable.rb
activesupport/lib/active_support/core_ext/module/deprecation.rb
guides/source/action_controller_overview.md
guides/source/active_support_core_extensions.md
guides/source/ajax_on_rails.textile
guides/source/association_basics.textile
guides/source/upgrading_ruby_on_rails.md
While resolving conflicts, I have chosen to ignore changes done in
docrails at some places - these will be most likely 1.9 hash syntax
changes.
|
| | |
|
|/ |
|
|\
| |
| | |
Remove j alias for ERB::Util.json_escape
|
| | |
|
| |
| |
| |
| |
| | |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
https://github.com/rails/rails/commit/139963c99a955520db6373343662e55f4d16dcd1
This was issuing a "not initialized variable" warning - related to:
https://github.com/rails/rails/pull/5237
The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
All the logic is based on the HTML_ESCAPE constant available in
ERB::Util, so it seems more logic to have the entire method there and
just delegate the helper to use it.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
length user system total real
before 6 0.010000 0.000000 0.010000 ( 0.012378)
after 6 0.010000 0.000000 0.010000 ( 0.012866)
before 60 0.040000 0.000000 0.040000 ( 0.046273)
after 60 0.040000 0.000000 0.040000 ( 0.036421)
before 600 0.390000 0.000000 0.390000 ( 0.390670)
after 600 0.210000 0.000000 0.210000 ( 0.209094)
before 6000 3.750000 0.000000 3.750000 ( 3.751008)
after 6000 1.860000 0.000000 1.860000 ( 1.857901)
|
|/
|
|
|
|
|
| |
Revert html_escape to do a single gsub again, but add the "n" flag (no
language, i.e. not multi-byte) to protect against XSS via invalid utf8
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
unavailable to use with safe strings
|
| |
|
| |
|
|
|
|
|
|
|
| |
"Safe Buffer" should either be the constant with the class name,
or go in lower case. I've chosen to follow the same terminology
that is used in the AS core extensiong guide, "safe string",
though "safe buffer" is also used elsewhere, we should pick one.
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|