aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/core_ext/string/output_safety.rb
Commit message (Collapse)AuthorAgeFilesLines
...
* Added \u2028 \u2029 to json_escapeGodfrey Chan2013-12-041-5/+7
|
* Use lower case letters in unicodes sequences to match the new encoder's outputGodfrey Chan2013-12-041-1/+1
|
* Fixed a long-standing bug in `json_escape` that strips quotation marksGodfrey Chan2013-12-041-12/+49
|
* Avoid generating more strings while iterating to create methodsCarlos Antonio da Silva2013-12-021-1/+1
| | | | | Use the already existing strings instead of creating a new one each time just to test if it responds to the methods.
* Revert "Merge pull request #10600 from aditya-kapoor/code_refactor"Rafael Mendonça França2013-05-151-9/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 8ce3c1e5dde9fb180813e4d89324db03da110b13, reversing changes made to f93da579ce7f77dbd58b9a2165861aee265b8c93. Reason: It slow down the running time. require "diffbench" load 'output_safety.rb' N = 10000 b = ActiveSupport::SafeBuffer.new("hello world") DiffBench.bm do report "capitalize in safe buffer" do N.times do b.capitalize end end end > git checkout 069ea45; diffbench bench.rb; diffbench bench.rb;diffbench bench.rb;diffbench bench.rb;diffbench bench.rb;diffbench bench.rb;diffbench bench.rb; Running benchmark with current working tree Checkout HEAD^ Running benchmark with HEAD^ Checkout to previous HEAD again user system total real ----------------------------------capitalize in safe buffer After patch: 0.010000 0.000000 0.010000 ( 0.009733) Before patch: 0.010000 0.000000 0.010000 ( 0.007702) Improvement: -26% Running benchmark with current working tree Checkout HEAD^ Running benchmark with HEAD^ Checkout to previous HEAD again user system total real ----------------------------------capitalize in safe buffer After patch: 0.010000 0.000000 0.010000 ( 0.009768) Before patch: 0.010000 0.000000 0.010000 ( 0.007896) Improvement: -24% Running benchmark with current working tree Checkout HEAD^ Running benchmark with HEAD^ Checkout to previous HEAD again user system total real ----------------------------------capitalize in safe buffer After patch: 0.010000 0.000000 0.010000 ( 0.009938) Before patch: 0.010000 0.000000 0.010000 ( 0.007768) Improvement: -28% Running benchmark with current working tree Checkout HEAD^ Running benchmark with HEAD^ Checkout to previous HEAD again user system total real ----------------------------------capitalize in safe buffer After patch: 0.010000 0.000000 0.010000 ( 0.010001) Before patch: 0.010000 0.000000 0.010000 ( 0.007873) Improvement: -27% Running benchmark with current working tree Checkout HEAD^ Running benchmark with HEAD^ Checkout to previous HEAD again user system total real ----------------------------------capitalize in safe buffer After patch: 0.010000 0.000000 0.010000 ( 0.009670) Before patch: 0.010000 0.000000 0.010000 ( 0.007800) Improvement: -24% Running benchmark with current working tree Checkout HEAD^ Running benchmark with HEAD^ Checkout to previous HEAD again user system total real ----------------------------------capitalize in safe buffer After patch: 0.010000 0.000000 0.010000 ( 0.009949) Before patch: 0.010000 0.000000 0.010000 ( 0.007752) Improvement: -28%
* Added a blank space and removed to_symaditya-kapoor2013-05-141-4/+5
|
* Removed Class Eval and used define_method instead for the SafeBufferaditya-kapoor2013-05-141-12/+9
|
* Call String#gsub with Hash directlyAman Gupta2013-03-041-2/+2
|
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-09-211-1/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionmailer/lib/action_mailer/base.rb activesupport/lib/active_support/configurable.rb activesupport/lib/active_support/core_ext/module/deprecation.rb guides/source/action_controller_overview.md guides/source/active_support_core_extensions.md guides/source/ajax_on_rails.textile guides/source/association_basics.textile guides/source/upgrading_ruby_on_rails.md While resolving conflicts, I have chosen to ignore changes done in docrails at some places - these will be most likely 1.9 hash syntax changes.
| * update AS/core_ext docs [ci skip]Francesco Rodriguez2012-09-121-1/+0
| |
* | &#39 dates back to SGML when &#x27 was introduced in HTML 4.0Kalys Osmonov2012-09-091-1/+1
|/
* Merge pull request #3578 from amatsuda/remove_j_alias_for_json_escapeRafael Mendonça França2012-08-211-7/+0
|\ | | | | Remove j alias for ERB::Util.json_escape
| * Remove j alias for ERB::Util.json_escapeAkira Matsuda2011-11-091-7/+0
| |
* | html_escape should escape single quotesSantiago Pastorino2012-07-311-3/+3
| | | | | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215
* | doesn't modify params in SafeBuffer#%Vasiliy Ermolovich2012-05-181-3/+1
| |
* | fix safe string interpolation with SafeBuffer#%, closes #6352Vasiliy Ermolovich2012-05-161-0/+14
| |
* | remove unnecessary 'examples' noiseFrancesco Rodriguez2012-05-111-2/+0
| |
* | String quotes and trailing spacesAlexey Gaziev2012-04-291-5/+5
| |
* | AS core_ext refactoringAlexey Gaziev2012-04-291-8/+13
| |
* | Stop SafeBuffer#clone_empty from issuing warningsCarlos Antonio da Silva2012-03-021-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | Logic in clone_empty method was dealing with old @dirty variable, which has changed by @html_safe in this commit: https://github.com/rails/rails/commit/139963c99a955520db6373343662e55f4d16dcd1 This was issuing a "not initialized variable" warning - related to: https://github.com/rails/rails/pull/5237 The logic applied by this method is already handled by the [] override, so there is no need to reset the variable here.
* | Ensure [] respects the status of the buffer.José Valim2012-02-291-12/+18
| |
* | delete vulnerable AS::SafeBuffer#[]Akira Matsuda2012-02-201-6/+0
| |
* | add AS::SafeBuffer#clone_emptyAkira Matsuda2012-02-201-0/+6
| |
* | revise docs [ci skip]Vijay Dev2012-02-011-1/+1
| |
* | Move escaping regexps to constantsCarlos Antonio da Silva2012-02-011-2/+4
| |
* | Move escape_once logic to ERB::Util, where it belongs toCarlos Antonio da Silva2012-02-011-0/+15
| | | | | | | | | | | | All the logic is based on the HTML_ESCAPE constant available in ERB::Util, so it seems more logic to have the entire method there and just delegate the helper to use it.
* | No need to override the to_yaml method in ActiveSupporte::SafeBufferRafael Mendonça França2012-01-041-5/+0
| |
* | No need to check if YAML::ENGINE is defined since ruby 1.9 does thatRafael Mendonça França2012-01-041-1/+1
| |
* | We don't need a special html_escape for 1.8 anymoreGuillermo Iguaran2011-12-211-27/+15
| |
* | Remove duplicate html_escape docsJeremy Kemper2011-12-111-10/+1
| |
* | Use 1.9 native XML escaping to speed up html_escape and shush regexp warningsJeremy Kemper2011-12-111-15/+36
| | | | | | | | | | | | | | | | | | | | | | | | length user system total real before 6 0.010000 0.000000 0.010000 ( 0.012378) after 6 0.010000 0.000000 0.010000 ( 0.012866) before 60 0.040000 0.000000 0.040000 ( 0.046273) after 60 0.040000 0.000000 0.040000 ( 0.036421) before 600 0.390000 0.000000 0.390000 ( 0.390670) after 600 0.210000 0.000000 0.210000 ( 0.209094) before 6000 3.750000 0.000000 3.750000 ( 3.751008) after 6000 1.860000 0.000000 1.860000 ( 1.857901)
* | Restore performance of ERB::Util.html_escapeJon Jensen2011-12-031-1/+1
|/ | | | | | | Revert html_escape to do a single gsub again, but add the "n" flag (no language, i.e. not multi-byte) to protect against XSS via invalid utf8 Signed-off-by: José Valim <jose.valim@gmail.com>
* ruby193: String#prepend is also unsafeAkira Matsuda2011-10-051-1/+1
|
* override unsafe methods only if defined on StringAkira Matsuda2011-10-051-10/+12
|
* remove superfluous to_s in ERB::Util.html_escapeAlexey Vakhov2011-09-241-1/+1
|
* fix incorrect commentVijay Dev2011-09-221-1/+1
|
* Proper lines numbers for stack trace infoSantiago Pastorino2011-09-161-1/+1
|
* revert the changes from c60995f3 - related to marking sub,gsub as ↵Vijay Dev2011-09-091-20/+1
| | | | unavailable to use with safe strings
* Revert removing gsub and sub from safe buffer.José Valim2011-09-081-3/+3
|
* this should have gone with the previous commitXavier Noria2011-09-081-4/+4
|
* copy-edits a couple of exception messagesXavier Noria2011-09-081-4/+4
| | | | | | | "Safe Buffer" should either be the constant with the class name, or go in lower case. I've chosen to follow the same terminology that is used in the AS core extensiong guide, "safe string", though "safe buffer" is also used elsewhere, we should pick one.
* better method documentation on disable safe string methodsDamien Mathieu2011-09-081-6/+12
|
* make gsub and sub unavailable in SafeBuffers - Closes #1555Damien Mathieu2011-09-081-3/+16
|
* properly escape html to avoid invalid utf8 causing XSS attacksAaron Patterson2011-08-161-1/+1
|
* Reset @dirty to false when slicing an instance of SafeBufferBrian Cardarella2011-07-291-0/+6
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-07-051-8/+8
|\
| * document meta methodsVijay Dev2011-07-031-8/+8
| |
* | all numerics should be html_safe - Closes #1935Damien Mathieu2011-07-031-1/+1
|/
* calling unsafe methods which don't return a string shouldn't failDamien Mathieu2011-06-221-2/+2
|
* safe_concat should not work on dirty buffers.José Valim2011-06-161-4/+13
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 14:32:17 +0000