Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Dec 23, 2012
  1. Aaron Patterson

    bumping to 3.0.18

    tenderlove authored
Commits on Aug 28, 2012
  1. Rafael Mendonça França
Commits on Aug 9, 2012
  1. Santiago Pastorino

    Bump to 3.0.17

    spastorino authored
Commits on Aug 8, 2012
  1. Santiago Pastorino Aaron Patterson

    html_escape should escape single quotes

    spastorino authored tenderlove committed
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215
    
    Conflicts:
    	actionpack/test/controller/new_base/render_template_test.rb
    	actionpack/test/template/asset_tag_helper_test.rb
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/javascript_helper_test.rb
    	actionpack/test/template/template_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    	activesupport/test/core_ext/string_ext_test.rb
    	railties/test/application/assets_test.rb
Commits on Jul 26, 2012
  1. Aaron Patterson

    bumping to 3.0.16

    tenderlove authored
Commits on Jun 13, 2012
  1. Aaron Patterson

    3.0.15

    tenderlove authored
Commits on Jun 11, 2012
  1. Aaron Patterson

    bumping to 3.0.14

    tenderlove authored
Commits on May 31, 2012
  1. Aaron Patterson

    bumping to 3.0.13

    tenderlove authored
Commits on May 28, 2012
  1. Aaron Patterson

    bumping to 3.0.13.rc1

    tenderlove authored
Commits on Mar 2, 2012
  1. Carlos Antonio da Silva Piotr Sarnacki

    Stop SafeBuffer#clone_empty from issuing warnings

    carlosantoniodasilva authored drogus committed
    Logic in clone_empty method was dealing with old @dirty variable, which
    has changed by @html_safe in this commit:
    139963c
    
    This was issuing a "not initialized variable" warning - related to:
    #5237
    
    The logic applied by this method is already handled by the [] override,
    so there is no need to reset the variable here.
Commits on Mar 1, 2012
  1. Aaron Patterson

    bumping to 3.0.12

    tenderlove authored
  2. Aaron Patterson

    Merge branch '3-0-stable-security' into 3-0-12

    tenderlove authored
    * 3-0-stable-security:
      Ensure [] respects the status of the buffer.
      use AS::SafeBuffer#clone_empty for flushing the output_buffer
      add AS::SafeBuffer#clone_empty
      fix output safety issue with select options
  3. José Valim Aaron Patterson

    Ensure [] respects the status of the buffer.

    josevalim authored tenderlove committed
Commits on Feb 22, 2012
  1. Aaron Patterson

    updating RAILS_VERSION

    tenderlove authored
  2. Jon Leighton
Commits on Feb 21, 2012
  1. Akira Matsuda Aaron Patterson

    add AS::SafeBuffer#clone_empty

    amatsuda authored tenderlove committed
Commits on Jan 24, 2012
  1. Aaron Patterson

    Merge pull request #4514 from brainopia/update_timezone_offets

    tenderlove authored
    Update time zone offset information
Commits on Dec 3, 2011
  1. Aaron Patterson Sam Umbach

    `load` should also return the value from `super`

    tenderlove authored sumbach committed
  2. Aaron Patterson Sam Umbach
Commits on Nov 18, 2011
  1. Jon Leighton
Commits on Nov 1, 2011
  1. Josh Kalderimis Aaron Patterson

    Remove a circular require in AS deprecations. This is safe as AS depr…

    joshk authored tenderlove committed
    …ecations is autoloaded as needed.
Commits on Oct 5, 2011
  1. Akira Matsuda Santiago Pastorino

    ruby193: String#prepend is also unsafe

    amatsuda authored spastorino committed
  2. Akira Matsuda Santiago Pastorino

    override unsafe methods only if defined on String

    amatsuda authored spastorino committed
Commits on Oct 3, 2011
  1. Jeremy Kemper

    Merge pull request #2801 from jeremyevans/patch-1

    jeremy authored
    Fix obviously breakage of Time.=== for Time subclasses
Commits on Aug 16, 2011
  1. Aaron Patterson

    Merge branch '3-0-10' into 3-0-stable

    tenderlove authored
    * 3-0-10:
      bumping rails to 3.0.10
      properly subsituting bad utf8 characters
      Tags with invalid names should also be stripped in order to prevent XSS attacks.  Thanks Sascha Depold for the report.
      prevent sql injection attacks by escaping quotes in column names
      Properly escape glob characters.
      bumping to 3.0.10.rc1
      more changelog updates
      updating CHANGELOGs
  2. Aaron Patterson

    bumping rails to 3.0.10

    tenderlove authored
  3. Aaron Patterson
Commits on Aug 8, 2011
  1. Jason Weathered Aaron Patterson
Commits on Aug 6, 2011
  1. Santiago Pastorino

    Merge pull request #2450 from guilleiguaran/activesupport-gzip-1.8

    spastorino authored
    Fix ActiveSupport::Gzip under Ruby 1.8.7. Closes #2416
Commits on Aug 5, 2011
  1. Aaron Patterson

    bumping to 3.0.10.rc1

    tenderlove authored
Commits on Aug 1, 2011
  1. Santiago Pastorino

    Merge pull request #2393 from bdurand/fix_cache_read_multi

    spastorino authored
    Fix ArgumentError in ActiveSupport::Cache::CacheStore.read_multi
Commits on Jul 29, 2011
  1. Aaron Patterson
Commits on Jun 28, 2011
  1. Aaron Patterson

    Fix JSON decoding of newline character with Yaml backend [#3479 state…

    Maxime RETY authored tenderlove committed
    …:resolved]
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Jun 20, 2011
  1. José Valim
Commits on Jun 19, 2011
  1. James Miller
Something went wrong with that request. Please try again.