Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Aug 14, 2010
  1. @spastorino

    Deletes trailing whitespaces (over text files only find * -type f -ex…

    spastorino authored
    …ec sed 's/[ \t]*$//' -i {} \;)
Commits on Aug 9, 2010
  1. @fxn
Commits on Aug 4, 2010
  1. @wycats

    Concernify SanitizeHelper and TextHelper so including TextHelper corr…

    wycats authored
    …ectly include SanitizeHelper and extends its ClassMethods
Commits on Jul 13, 2010
  1. Fixed many references to the old config/environment.rb and Rails::Ini…

    Benjamin Quorning authored
    …tializer
Commits on Jun 16, 2010
  1. @rizwanreza
Commits on Jun 14, 2010
  1. @fxn

    edit pass: the names of Rails components have a space, ie, "Active Re…

    fxn authored
    …cord", not "ActiveRecord"
Commits on Feb 1, 2010
  1. For performance reasons, you can no longer call html_safe! on Strings…

    Yehuda Katz authored
    …. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
    
      * Additionally, instead of doing concat("</form>".html_safe), you can do
        safe_concat("</form>"), which will skip both the flag set, and the flag
        check.
      * For the first pass, I converted virtually all #html_safe!s to #html_safe,
        and the tests pass. A further optimization would be to try to use
        #safe_concat as much as possible, reducing the performance impact if
        we know up front that a String is safe.
Commits on Jan 16, 2010
  1. @lifo

    Merge docrails

    lifo authored
Commits on Dec 22, 2009
  1. @josh

    All AD modules are "deferrable"

    josh authored
Commits on Oct 7, 2009
  1. @NZKoz

    Switch to on-by-default XSS escaping for rails.

    NZKoz authored
      This consists of:
    
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    
    Hat tip to Django for the inspiration.
Commits on Nov 24, 2008
  1. @josh

    prefer autoloaded html scanner

    josh authored
  2. @jeremy
Commits on Aug 26, 2008
  1. @josh

    Require missing libraries and check for defined ActionController cons…

    josh authored
    …tant so ActionView can be used standalone
  2. @josh
Commits on Jul 16, 2008
  1. @lifo

    Merge with docrails.

    lifo authored
Commits on May 25, 2008
  1. @lifo

    Merge docrails.

    lifo authored
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on May 11, 2008
  1. @mschuerig @NZKoz

    Added not to sanitize helper docs that it doesn't guarantee well-form…

    mschuerig authored NZKoz committed
    …ed markup.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    
    [#166 state:resolved]
Commits on May 2, 2008
  1. @fxn @lifo

    Improve documentation coverage and markup

    fxn authored lifo committed
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Nov 26, 2007
  1. @technoweenie

    Refactor sanitizer helpers into HTML classes and make it easy to swap…

    technoweenie authored
    … them out with custom implementations. Closes #10129.  [rick]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Oct 10, 2007
  1. @dhh

    Extracted sanitization methods from TextHelper to SanitizeHelper [DHH…

    dhh authored
    …] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.