kotovalexarian-likes-github/rails--rails

Fork 0

mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Xavier Noria	66a7cfa910	applies new string literal convention in actionview/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.	2016-08-06 18:48:35 +02:00
Rafael Mendonça França	33cb47ee48	Use the reference for the mime type to get the format Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082	2014-02-18 16:12:51 -03:00
Prem Sichanugrist	920f3ba266	Introduce `render :html` for render HTML string This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.	2014-02-18 12:08:36 -05:00

Xavier Noria

66a7cfa910

applies new string literal convention in actionview/lib

The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.

2016-08-06 18:48:35 +02:00

Rafael Mendonça França

33cb47ee48

Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082

2014-02-18 16:12:51 -03:00

Prem Sichanugrist

920f3ba266

Introduce render :html for render HTML string

This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.

Please see #12374 for more detail.

2014-02-18 12:08:36 -05:00

3 commits