Jeremy Kemper
3f97ee8014
Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a few times, so fix up the test to work with however it chooses to escape.
2012-10-06 21:06:10 -07:00
Piotr Sarnacki
37c84ed877
Don't ignore non Enumerable values passed to sanitize ( closes #5585 )
...
When someone accidentally passes a string to sanitize like:
sanitize("<span>foo</span>", :tags => "b")
there is no indication that it's the wrong way and span
will not be removed.
2012-03-27 02:26:17 +02:00
Rafael Mendonça França
047097950f
Refactor button_to helper to use token_tag method
2012-01-19 10:37:21 -03:00
Manu
e7e4deec11
Handle leading spaces in protocol while sanitizing
2012-01-12 16:13:26 +05:30
Aaron Patterson
586a944ddd
Tags with invalid names should also be stripped in order to prevent
...
XSS attacks. Thanks Sascha Depold for the report.
2011-08-16 15:24:48 -07:00
Joshua Ballanco
c09538941f
Test for stripping tags from a frozen string.
...
This test will pass under Ruby 1.8 but fail under Ruby 1.9 because of
the change in behavior of gsub! w.r.t. frozen strings that do not
match the pattern used [ruby-core:23664].
2011-04-14 23:18:12 -04:00
Timothy N. Tsvetkov
e5b84fd723
ActionController::Base.helpers.sanitize ignores case in protocol
...
[#6044 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2010-12-30 22:43:43 -02:00
Santiago Pastorino
b451de0d6d
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;)
2010-08-14 04:12:33 -03:00
Bruno Michel
2002e5877e
Strip_tags never ending attribute should not raise a TypeError [ #4870 state:resolved]
...
Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-28 11:40:27 +02:00
Mikel Lindsaar
2ebea1c02d
deOMGifying Railties, Active Support, and Action Pack
2010-01-31 09:46:30 -08:00
Joshua Peek
018b79dd36
File extra test folders into controller, dispatch, or template
2009-10-03 21:05:51 -05:00
