Skip to content
Commits on Feb 5, 2010
  1. @jeremy

    Backport html_safe. Use latest rails_xss plugin for forward-compatibi…

    Santiago Pastorino and José Ignacio Costa committed with jeremy
    …lity with Rails 3.
Commits on Oct 8, 2009
  1. @NZKoz

    Merge the prerequisites for on-by-default XSS escaping into rails.

    NZKoz committed
    This consists of:
    * String#html_safe! a method to mark a string as 'safe'
    * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
    * Calls to String#html_safe! throughout the rails helpers
    * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
    Note, this does *not* give you on-by-default XSS escaping in 2.3 applications.  To get that you'll need to install a plugin:
Commits on Nov 24, 2008
  1. @josh

    prefer autoloaded html scanner

    josh committed
  2. @jeremy
Commits on Aug 26, 2008
  1. @josh

    Require missing libraries and check for defined ActionController cons…

    josh committed
    …tant so ActionView can be used standalone
  2. @josh
Commits on Jul 16, 2008
  1. @lifo

    Merge with docrails.

    lifo committed
Commits on May 25, 2008
  1. @lifo

    Merge docrails.

    lifo committed
    Signed-off-by: Pratik Naik <>
Commits on May 11, 2008
  1. @mschuerig @NZKoz

    Added not to sanitize helper docs that it doesn't guarantee well-form…

    mschuerig committed with NZKoz
    …ed markup.
    Signed-off-by: Michael Koziarski <>
    [#166 state:resolved]
Commits on May 2, 2008
  1. @fxn @lifo

    Improve documentation coverage and markup

    fxn committed with lifo
    Signed-off-by: Pratik Naik <>
Commits on Nov 26, 2007
  1. @technoweenie

    Refactor sanitizer helpers into HTML classes and make it easy to swap…

    technoweenie committed
    … them out with custom implementations. Closes #10129.  [rick]
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Oct 10, 2007
  1. @dhh

    Extracted sanitization methods from TextHelper to SanitizeHelper [DHH…

    dhh committed
    …] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH]
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.