index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
activesupport
/
lib
/
active_support
/
core_ext
/
string
/
output_safety.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Call String#gsub with Hash directly
Aman Gupta
2013-03-04
1
-2
/
+2
*
Merge branch 'master' of github.com:lifo/docrails
Vijay Dev
2012-09-21
1
-1
/
+0
|
\
|
*
update AS/core_ext docs [ci skip]
Francesco Rodriguez
2012-09-12
1
-1
/
+0
*
|
' dates back to SGML when ' was introduced in HTML 4.0
Kalys Osmonov
2012-09-09
1
-1
/
+1
|
/
*
Merge pull request #3578 from amatsuda/remove_j_alias_for_json_escape
Rafael Mendonça França
2012-08-21
1
-7
/
+0
|
\
|
*
Remove j alias for ERB::Util.json_escape
Akira Matsuda
2011-11-09
1
-7
/
+0
*
|
html_escape should escape single quotes
Santiago Pastorino
2012-07-31
1
-3
/
+3
*
|
doesn't modify params in SafeBuffer#%
Vasiliy Ermolovich
2012-05-18
1
-3
/
+1
*
|
fix safe string interpolation with SafeBuffer#%, closes #6352
Vasiliy Ermolovich
2012-05-16
1
-0
/
+14
*
|
remove unnecessary 'examples' noise
Francesco Rodriguez
2012-05-11
1
-2
/
+0
*
|
String quotes and trailing spaces
Alexey Gaziev
2012-04-29
1
-5
/
+5
*
|
AS core_ext refactoring
Alexey Gaziev
2012-04-29
1
-8
/
+13
*
|
Stop SafeBuffer#clone_empty from issuing warnings
Carlos Antonio da Silva
2012-03-02
1
-3
/
+1
*
|
Ensure [] respects the status of the buffer.
José Valim
2012-02-29
1
-12
/
+18
*
|
delete vulnerable AS::SafeBuffer#[]
Akira Matsuda
2012-02-20
1
-6
/
+0
*
|
add AS::SafeBuffer#clone_empty
Akira Matsuda
2012-02-20
1
-0
/
+6
*
|
revise docs [ci skip]
Vijay Dev
2012-02-01
1
-1
/
+1
*
|
Move escaping regexps to constants
Carlos Antonio da Silva
2012-02-01
1
-2
/
+4
*
|
Move escape_once logic to ERB::Util, where it belongs to
Carlos Antonio da Silva
2012-02-01
1
-0
/
+15
*
|
No need to override the to_yaml method in ActiveSupporte::SafeBuffer
Rafael Mendonça França
2012-01-04
1
-5
/
+0
*
|
No need to check if YAML::ENGINE is defined since ruby 1.9 does that
Rafael Mendonça França
2012-01-04
1
-1
/
+1
*
|
We don't need a special html_escape for 1.8 anymore
Guillermo Iguaran
2011-12-21
1
-27
/
+15
*
|
Remove duplicate html_escape docs
Jeremy Kemper
2011-12-11
1
-10
/
+1
*
|
Use 1.9 native XML escaping to speed up html_escape and shush regexp warnings
Jeremy Kemper
2011-12-11
1
-15
/
+36
*
|
Restore performance of ERB::Util.html_escape
Jon Jensen
2011-12-03
1
-1
/
+1
|
/
*
ruby193: String#prepend is also unsafe
Akira Matsuda
2011-10-05
1
-1
/
+1
*
override unsafe methods only if defined on String
Akira Matsuda
2011-10-05
1
-10
/
+12
*
remove superfluous to_s in ERB::Util.html_escape
Alexey Vakhov
2011-09-24
1
-1
/
+1
*
fix incorrect comment
Vijay Dev
2011-09-22
1
-1
/
+1
*
Proper lines numbers for stack trace info
Santiago Pastorino
2011-09-16
1
-1
/
+1
*
revert the changes from c60995f3 - related to marking sub,gsub as unavailable...
Vijay Dev
2011-09-09
1
-20
/
+1
*
Revert removing gsub and sub from safe buffer.
José Valim
2011-09-08
1
-3
/
+3
*
this should have gone with the previous commit
Xavier Noria
2011-09-08
1
-4
/
+4
*
copy-edits a couple of exception messages
Xavier Noria
2011-09-08
1
-4
/
+4
*
better method documentation on disable safe string methods
Damien Mathieu
2011-09-08
1
-6
/
+12
*
make gsub and sub unavailable in SafeBuffers - Closes #1555
Damien Mathieu
2011-09-08
1
-3
/
+16
*
properly escape html to avoid invalid utf8 causing XSS attacks
Aaron Patterson
2011-08-16
1
-1
/
+1
*
Reset @dirty to false when slicing an instance of SafeBuffer
Brian Cardarella
2011-07-29
1
-0
/
+6
*
Merge branch 'master' of git://github.com/lifo/docrails
Xavier Noria
2011-07-05
1
-8
/
+8
|
\
|
*
document meta methods
Vijay Dev
2011-07-03
1
-8
/
+8
*
|
all numerics should be html_safe - Closes #1935
Damien Mathieu
2011-07-03
1
-1
/
+1
|
/
*
calling unsafe methods which don't return a string shouldn't fail
Damien Mathieu
2011-06-22
1
-2
/
+2
*
safe_concat should not work on dirty buffers.
José Valim
2011-06-16
1
-4
/
+13
*
Fix safe buffer by adding a dirty status.
José Valim
2011-06-16
1
-12
/
+24
*
Define ActiveSupport#to_param as to_str - closes #1663
Andrew White
2011-06-12
1
-0
/
+4
*
ensuring that json_escape returns html safe strings when passed an html safe ...
Aaron Patterson
2011-06-09
1
-1
/
+2
*
Prefer 'each' over 'for in' syntax.
Sebastian Martinez
2011-06-07
1
-1
/
+1
*
Ensure that the strings returned by SafeBuffer#gsub and friends aren't consid...
Michael Koziarski
2011-06-07
1
-0
/
+13
*
Revert "Merge pull request #275 from pk-amooma/master"
José Valim
2011-05-07
1
-2
/
+2
*
for escaping HTML can be treated as normal XML
Philipp Kempgen (Amooma)
2011-04-14
1
-2
/
+2
[next]