kotovalexarian-likes-github
/
rails--rails
mirror of https://github.com/rails/rails.git
1
0
Fork 0
Code Releases Activity
Ruby on Rails
10,986 Commits 72 Branches 493 Tags 355 MiB
Ruby 95%
JavaScript 4%
HTML 0.6%
CSS 0.3%
Go to file
Michael Koziarski 9415935902 Switch to on-by-default XSS escaping for rails. 
This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.
 		2009-10-08 09:31:20 +13:00
actionmailer
actionpack Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
activemodel Rewrite ActiveModel::Lint as a simple TU mixin 2009-10-07 09:24:51 -05:00
activerecord Call initialize_copy when cloning [#3164 state:resolved] 2009-10-06 16:25:51 -05:00
activeresource
activesupport Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
ci
doc/template
railties Do not ignore .empty_directory files. 2009-10-07 11:00:17 -07:00
tools
.gitignore
.gitmodules
Rakefile
pushgems.rb
release.rb