kotovalexarian-likes-github
/
heartcombo--simple_form
mirror of https://github.com/heartcombo/simple_form.git
1
0
Fork 0
Code Releases Activity
heartcombo--simple_form/test/form_builder
History
Rafael Mendonça França 7d0ba39309 Always escape error messages 
Before, if your error message contained HTML tags, they were marked as
safe. Some error messages may contain user input so this would
lead a XSS vulnerability.

Error messages are now always escaped. If users need to mark them
as safe they will need to use the explicit `:error` option:

    f.input :name, error: raw('My <b>error</b>')
 		2014-11-25 18:02:01 -02:00
..
association_test.rb Remove all warnings of invalid CSS selector 2014-09-08 17:19:40 -03:00
button_test.rb Remove all warnings of invalid CSS selector 2014-09-08 17:19:40 -03:00
error_notification_test.rb Whitespaces 2014-03-11 19:13:59 -03:00
error_test.rb Always escape error messages 2014-11-25 18:02:01 -02:00
general_test.rb Add default_form_class and allow form class overrides 2014-07-23 18:04:49 -04:00
hint_test.rb Assert the absent of tags not the escaped text 2014-11-17 17:27:13 -02:00
input_field_test.rb Do not remove HTML attributes if components are not present 2014-11-19 19:20:17 -02:00
label_test.rb Assert the absent of tags not the escaped text 2014-11-17 17:27:13 -02:00
wrapper_test.rb Pass wrapper_mappings to simple_fields_for 2014-11-19 19:51:18 -02:00