aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/core_ext/string/output_safety.rb
Commit message (Expand)AuthorAgeFilesLines
...
* Added \u2028 \u2029 to json_escapeGodfrey Chan2013-12-041-5/+7
* Use lower case letters in unicodes sequences to match the new encoder's outputGodfrey Chan2013-12-041-1/+1
* Fixed a long-standing bug in `json_escape` that strips quotation marksGodfrey Chan2013-12-041-12/+49
* Avoid generating more strings while iterating to create methodsCarlos Antonio da Silva2013-12-021-1/+1
* Revert "Merge pull request #10600 from aditya-kapoor/code_refactor"Rafael Mendonça França2013-05-151-9/+11
* Added a blank space and removed to_symaditya-kapoor2013-05-141-4/+5
* Removed Class Eval and used define_method instead for the SafeBufferaditya-kapoor2013-05-141-12/+9
* Call String#gsub with Hash directlyAman Gupta2013-03-041-2/+2
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-09-211-1/+0
|\
| * update AS/core_ext docs [ci skip]Francesco Rodriguez2012-09-121-1/+0
* | &#39 dates back to SGML when &#x27 was introduced in HTML 4.0Kalys Osmonov2012-09-091-1/+1
|/
* Merge pull request #3578 from amatsuda/remove_j_alias_for_json_escapeRafael Mendonça França2012-08-211-7/+0
|\
| * Remove j alias for ERB::Util.json_escapeAkira Matsuda2011-11-091-7/+0
* | html_escape should escape single quotesSantiago Pastorino2012-07-311-3/+3
* | doesn't modify params in SafeBuffer#%Vasiliy Ermolovich2012-05-181-3/+1
* | fix safe string interpolation with SafeBuffer#%, closes #6352Vasiliy Ermolovich2012-05-161-0/+14
* | remove unnecessary 'examples' noiseFrancesco Rodriguez2012-05-111-2/+0
* | String quotes and trailing spacesAlexey Gaziev2012-04-291-5/+5
* | AS core_ext refactoringAlexey Gaziev2012-04-291-8/+13
* | Stop SafeBuffer#clone_empty from issuing warningsCarlos Antonio da Silva2012-03-021-3/+1
* | Ensure [] respects the status of the buffer.José Valim2012-02-291-12/+18
* | delete vulnerable AS::SafeBuffer#[]Akira Matsuda2012-02-201-6/+0
* | add AS::SafeBuffer#clone_emptyAkira Matsuda2012-02-201-0/+6
* | revise docs [ci skip]Vijay Dev2012-02-011-1/+1
* | Move escaping regexps to constantsCarlos Antonio da Silva2012-02-011-2/+4
* | Move escape_once logic to ERB::Util, where it belongs toCarlos Antonio da Silva2012-02-011-0/+15
* | No need to override the to_yaml method in ActiveSupporte::SafeBufferRafael Mendonça França2012-01-041-5/+0
* | No need to check if YAML::ENGINE is defined since ruby 1.9 does thatRafael Mendonça França2012-01-041-1/+1
* | We don't need a special html_escape for 1.8 anymoreGuillermo Iguaran2011-12-211-27/+15
* | Remove duplicate html_escape docsJeremy Kemper2011-12-111-10/+1
* | Use 1.9 native XML escaping to speed up html_escape and shush regexp warningsJeremy Kemper2011-12-111-15/+36
* | Restore performance of ERB::Util.html_escapeJon Jensen2011-12-031-1/+1
|/
* ruby193: String#prepend is also unsafeAkira Matsuda2011-10-051-1/+1
* override unsafe methods only if defined on StringAkira Matsuda2011-10-051-10/+12
* remove superfluous to_s in ERB::Util.html_escapeAlexey Vakhov2011-09-241-1/+1
* fix incorrect commentVijay Dev2011-09-221-1/+1
* Proper lines numbers for stack trace infoSantiago Pastorino2011-09-161-1/+1
* revert the changes from c60995f3 - related to marking sub,gsub as unavailable...Vijay Dev2011-09-091-20/+1
* Revert removing gsub and sub from safe buffer.José Valim2011-09-081-3/+3
* this should have gone with the previous commitXavier Noria2011-09-081-4/+4
* copy-edits a couple of exception messagesXavier Noria2011-09-081-4/+4
* better method documentation on disable safe string methodsDamien Mathieu2011-09-081-6/+12
* make gsub and sub unavailable in SafeBuffers - Closes #1555Damien Mathieu2011-09-081-3/+16
* properly escape html to avoid invalid utf8 causing XSS attacksAaron Patterson2011-08-161-1/+1
* Reset @dirty to false when slicing an instance of SafeBufferBrian Cardarella2011-07-291-0/+6
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-07-051-8/+8
|\
| * document meta methodsVijay Dev2011-07-031-8/+8
* | all numerics should be html_safe - Closes #1935Damien Mathieu2011-07-031-1/+1
|/
* calling unsafe methods which don't return a string shouldn't failDamien Mathieu2011-06-221-2/+2
* safe_concat should not work on dirty buffers.José Valim2011-06-161-4/+13
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 19:22:01 +0000