Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Oct 7, 2009
  1. Michael Koziarski

    Switch to on-by-default XSS escaping for rails.

    NZKoz authored
      This consists of:
    
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    
    Hat tip to Django for the inspiration.
Commits on Jul 3, 2008
  1. Michael Koziarski

    Move the file exists checks outside write_asset_file_contents.

    NZKoz authored
    This lets us avoid the relatively costly trip through compute_*_paths if the file already exists.
Commits on Feb 18, 2008
  1. Michael Koziarski

    Check the host string contains %d before using String#%, this avoids …

    NZKoz authored
    …warnings. Closes #10809 [chuyeow]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8893 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jan 27, 2008
  1. Michael Koziarski

    Don't repeatedly add relative_url_root to asset sources. Closes #10767

    NZKoz authored
    …[tomtoday, Koz]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8740 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jan 25, 2008
  1. Michael Koziarski

    Handle corner case with image_tag when passed 'messed up' image names…

    NZKoz authored
    …. Closes #9018 [duncanbeevers, mpalmer]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8717 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jan 14, 2008
  1. Michael Koziarski

    Correct docs on caching and all.js

    NZKoz authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8641 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Oct 19, 2007
  1. Michael Koziarski

    Remove more potential clashes with asset methods and resource routes.…

    NZKoz authored
    … Closes #9928 [gbuesing]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7976 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  2. Michael Koziarski

    Rename image_path path_to_image to avoid conflicting with named route…

    NZKoz authored
    …s. Closes #9924 [gbuesing]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7970 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.