kotovalexarian-likes-github/rails--rails

mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Author	SHA1	Message	Date
Matt Duncan	50b2eb8cbd	Fixing another example result	2011-04-15 22:09:23 -04:00
Santiago Pastorino	b451de0d6d	Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;)	2010-08-14 04:12:33 -03:00
Xavier Noria	4f7565c4de	adds missing requires for Object#try	2010-08-09 15:25:21 +02:00
wycats	847c123ca5	Concernify SanitizeHelper and TextHelper so including TextHelper correctly include SanitizeHelper and extends its ClassMethods	2010-08-04 03:25:57 -07:00
Benjamin Quorning	7e075e6247	Fixed many references to the old config/environment.rb and Rails::Initializer	2010-07-13 13:00:21 +02:00
Rizwan Reza	324de1993b	Added titles and description.	2010-06-16 22:54:53 +04:30
Xavier Noria	f17159b029	edit pass: the names of Rails components have a space, ie, "Active Record", not "ActiveRecord"	2010-06-14 23:22:04 +02:00
Yehuda Katz	4cbb9db0a5	For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.	2010-01-31 19:39:13 -08:00
Pratik Naik	dba196cb7f	Merge docrails	2010-01-17 03:26:20 +05:30
Joshua Peek	b1aee9f4ee	All AD modules are "deferrable"	2009-12-22 17:11:21 -06:00
Michael Koziarski	9415935902	Switch to on-by-default XSS escaping for rails. This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.	2009-10-08 09:31:20 +13:00
Joshua Peek	426a86ab1e	prefer autoloaded html scanner	2008-11-24 10:20:41 -06:00
Jeremy Kemper	2dd0ec48a5	Autoload HTML::Document and sanitizers	2008-11-23 19:12:00 -08:00
Joshua Peek	9853134b4f	Require missing libraries and check for defined ActionController constant so ActionView can be used standalone	2008-08-26 15:13:28 -05:00
Joshua Peek	ba0d621695	Include all helpers into ActionView::Helper	2008-08-25 21:50:26 -05:00
Pratik Naik	0432d15164	Merge with docrails.	2008-07-16 13:01:23 +01:00
Pratik Naik	98dc582742	Merge docrails. Signed-off-by: Pratik Naik <pratiknaik@gmail.com>	2008-05-25 12:29:00 +01:00
Michael Schuerig	9a137506a1	Added not to sanitize helper docs that it doesn't guarantee well-formed markup. Signed-off-by: Michael Koziarski <michael@koziarski.com> [#166 state:resolved]	2008-05-12 10:22:17 +12:00
Xavier Noria	64092de257	Improve documentation coverage and markup Signed-off-by: Pratik Naik <pratiknaik@gmail.com>	2008-05-02 14:45:23 +01:00
Rick Olson	1af084ecda	Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129 . [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de	2007-11-26 03:45:54 +00:00
David Heinemeier Hansson	6637f9069c	Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de	2007-10-10 17:35:10 +00:00

21 commits