9 commits

Author	SHA1	Message	Date
Ayrton De Craene	a0f97e467d	Minor cleanup, helper method was only used once	2012-10-15 11:30:54 +02:00
Santiago Pastorino	d8cf713afa	Do not mark strip_tags result as html_safe ... Thanks to Marek Labos & Nethemba CVE-2012-3465	2012-08-09 18:51:05 -03:00
Arun Agrawal	7276fc63be	'with_kcode' removed. ... Testing Sandbox removed.	2011-12-21 15:39:50 +05:30
Michael Koziarski	9415935902	Switch to on-by-default XSS escaping for rails. ... This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.	2009-10-08 09:31:20 +13:00
Joshua Peek	ba0d621695	Include all helpers into ActionView::Helper	2008-08-25 21:50:26 -05:00
Joshua Peek	17d4164a16	Introduce ActionView::TestCase for testing view helpers.	2008-04-19 13:08:24 -05:00
Jeremy Kemper	9d755f1983	require abstract_unit directly since test is in load path ... git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de	2008-01-05 13:32:06 +00:00
Rick Olson	1af084ecda	Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129. [rick] ... git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de	2007-11-26 03:45:54 +00:00
David Heinemeier Hansson	6637f9069c	Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH] ... git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de	2007-10-10 17:35:10 +00:00