Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Aug 9, 2012
  1. Santiago Pastorino

    Bump to 3.0.17

    spastorino authored
  2. Santiago Pastorino

    Add CHANGELOG entries

    spastorino authored
Commits on Aug 8, 2012
  1. Santiago Pastorino Aaron Patterson

    html_escape should escape single quotes

    spastorino authored tenderlove committed
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215
    
    Conflicts:
    	actionpack/test/controller/new_base/render_template_test.rb
    	actionpack/test/template/asset_tag_helper_test.rb
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/javascript_helper_test.rb
    	actionpack/test/template/template_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    	activesupport/test/core_ext/string_ext_test.rb
    	railties/test/application/assets_test.rb
Commits on Jul 26, 2012
  1. Aaron Patterson

    bumping to 3.0.16

    tenderlove authored
  2. Aaron Patterson

    updating release date

    tenderlove authored
Commits on Jul 23, 2012
  1. Aaron Patterson

    updating changelogs

    tenderlove authored
Commits on Jun 13, 2012
  1. Aaron Patterson

    3.0.15

    tenderlove authored
Commits on Jun 12, 2012
  1. Aaron Patterson

    updating changelogs

    tenderlove authored
Commits on Jun 11, 2012
  1. Aaron Patterson

    bumping to 3.0.14

    tenderlove authored
  2. Aaron Patterson
Commits on May 31, 2012
  1. Aaron Patterson

    bumping to 3.0.13

    tenderlove authored
  2. Aaron Patterson

    updating CHANGELOGs

    tenderlove authored
Commits on May 28, 2012
  1. Aaron Patterson

    bumping to 3.0.13.rc1

    tenderlove authored
Commits on Mar 2, 2012
  1. Carlos Antonio da Silva Piotr Sarnacki

    Stop SafeBuffer#clone_empty from issuing warnings

    carlosantoniodasilva authored drogus committed
    Logic in clone_empty method was dealing with old @dirty variable, which
    has changed by @html_safe in this commit:
    139963c
    
    This was issuing a "not initialized variable" warning - related to:
    #5237
    
    The logic applied by this method is already handled by the [] override,
    so there is no need to reset the variable here.
Commits on Mar 1, 2012
  1. Aaron Patterson

    bumping to 3.0.12

    tenderlove authored
  2. Aaron Patterson

    Merge branch '3-0-stable-security' into 3-0-12

    tenderlove authored
    * 3-0-stable-security:
      Ensure [] respects the status of the buffer.
      use AS::SafeBuffer#clone_empty for flushing the output_buffer
      add AS::SafeBuffer#clone_empty
      fix output safety issue with select options
  3. José Valim Aaron Patterson

    Ensure [] respects the status of the buffer.

    josevalim authored tenderlove committed
Commits on Feb 22, 2012
  1. Aaron Patterson

    updating RAILS_VERSION

    tenderlove authored
  2. Jon Leighton
Commits on Feb 21, 2012
  1. Akira Matsuda Aaron Patterson

    add AS::SafeBuffer#clone_empty

    amatsuda authored tenderlove committed
Commits on Jan 24, 2012
  1. Aaron Patterson

    Merge pull request #4514 from brainopia/update_timezone_offets

    tenderlove authored
    Update time zone offset information
Commits on Jan 7, 2012
  1. Arun Agrawal
Commits on Dec 3, 2011
  1. Aaron Patterson Sam Umbach

    `load` should also return the value from `super`

    tenderlove authored sumbach committed
  2. Aaron Patterson Sam Umbach
  3. Sam Umbach

    Simplify load and require tests

    sumbach authored
    - These tests don't use autoloading so there's no need to add anything to autoload_paths
  4. Sam Umbach
  5. Sam Umbach
  6. Sam Umbach

    Test return value of ActiveSupport::Dependencies::Loadable#require

    sumbach authored
    - Add tests to protect from regressions in require's return value behavior
    - See a10606c (require needs to return true or false) for the original bug fix
Commits on Nov 18, 2011
  1. Jon Leighton
Commits on Nov 17, 2011
  1. Aaron Patterson Jon Leighton

    fixing test case test on 1.9.3dev

    tenderlove authored jonleighton committed
  2. Aaron Patterson Jon Leighton

    removing stubs. 1.9.3 implements Date.today in C so mocking the retur…

    tenderlove authored jonleighton committed
    …n value of Time.now does nothing
Commits on Nov 1, 2011
  1. Josh Kalderimis Aaron Patterson

    Remove a circular require in AS deprecations. This is safe as AS depr…

    joshk authored tenderlove committed
    …ecations is autoloaded as needed.
Commits on Oct 5, 2011
  1. Akira Matsuda Santiago Pastorino

    ruby193: String#prepend is also unsafe

    amatsuda authored spastorino committed
  2. Akira Matsuda Santiago Pastorino

    override unsafe methods only if defined on String

    amatsuda authored spastorino committed
Commits on Oct 3, 2011
  1. Jeremy Kemper

    Merge pull request #2801 from jeremyevans/patch-1

    jeremy authored
    Fix obviously breakage of Time.=== for Time subclasses
Something went wrong with that request. Please try again.