Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 5, 2010
  1. @jeremy

    Backport html_safe. Use latest rails_xss plugin for forward-compatibi…

    Santiago Pastorino and José Ignacio Costa authored jeremy committed
    …lity with Rails 3.
Commits on Oct 8, 2009
  1. @NZKoz

    Merge the prerequisites for on-by-default XSS escaping into rails.

    NZKoz authored
    This consists of:
    
    * String#html_safe! a method to mark a string as 'safe'
    * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
    * Calls to String#html_safe! throughout the rails helpers
    * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
    
    Note, this does *not* give you on-by-default XSS escaping in 2.3 applications.  To get that you'll need to install a plugin:
    
    http://github.com/nzkoz/rails_xss
Commits on Nov 24, 2008
  1. @josh

    prefer autoloaded html scanner

    josh authored
  2. @jeremy
Commits on Aug 26, 2008
  1. @josh

    Require missing libraries and check for defined ActionController cons…

    josh authored
    …tant so ActionView can be used standalone
  2. @josh
Commits on Jul 16, 2008
  1. @lifo

    Merge with docrails.

    lifo authored
Commits on May 25, 2008
  1. @lifo

    Merge docrails.

    lifo authored
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on May 11, 2008
  1. @mschuerig @NZKoz

    Added not to sanitize helper docs that it doesn't guarantee well-form…

    mschuerig authored NZKoz committed
    …ed markup.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    
    [#166 state:resolved]
Commits on May 2, 2008
  1. @fxn @lifo

    Improve documentation coverage and markup

    fxn authored lifo committed
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Nov 26, 2007
  1. @technoweenie

    Refactor sanitizer helpers into HTML classes and make it easy to swap…

    technoweenie authored
    … them out with custom implementations. Closes #10129.  [rick]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Oct 10, 2007
  1. @dhh

    Extracted sanitization methods from TextHelper to SanitizeHelper [DHH…

    dhh authored
    …] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.