Skip to content
This repository

Oct 07, 2009

  1. Michael Koziarski

    Switch to on-by-default XSS escaping for rails.

      This consists of:
    
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    
    Hat tip to Django for the inspiration.
    authored October 08, 2009

Jun 09, 2009

  1. Michael Koziarski

    Pull autoload fix from 2-3-stable

    authored June 09, 2009

Sep 18, 2008

  1. Michael Koziarski

    Remove the country_select helper.

    We're in no position to mediate disputes on this matter, and the previous change to use ISO 3166 has offended just as many people as the ad-hoc list did.
    
    If you want the old list back you can install the plugin:
    
    ruby script/plugin install git://github.com/rails/country_select.git
    authored September 18, 2008
Something went wrong with that request. Please try again.