Skip to content
This repository

Apr 16, 2011

  1. Matt Duncan

    Fixing another example result

    authored April 15, 2011

Aug 14, 2010

  1. Santiago Pastorino

    Deletes trailing whitespaces (over text files only find * -type f -ex…

    …ec sed 's/[ \t]*$//' -i {} \;)
    authored August 14, 2010

Aug 09, 2010

  1. Xavier Noria

    adds missing requires for Object#try

    authored August 09, 2010

Aug 04, 2010

  1. Yehuda Katz

    Concernify SanitizeHelper and TextHelper so including TextHelper corr…

    …ectly include SanitizeHelper and extends its ClassMethods
    authored August 04, 2010

Jul 13, 2010

  1. Fixed many references to the old config/environment.rb and Rails::Ini…

    …tializer
    authored July 09, 2010

Jun 16, 2010

  1. Rizwan Reza

    Added titles and description.

    authored June 16, 2010

Jun 14, 2010

  1. Xavier Noria

    edit pass: the names of Rails components have a space, ie, "Active Re…

    …cord", not "ActiveRecord"
    authored June 14, 2010

Feb 01, 2010

  1. For performance reasons, you can no longer call html_safe! on Strings…

    …. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
    
      * Additionally, instead of doing concat("</form>".html_safe), you can do
        safe_concat("</form>"), which will skip both the flag set, and the flag
        check.
      * For the first pass, I converted virtually all #html_safe!s to #html_safe,
        and the tests pass. A further optimization would be to try to use
        #safe_concat as much as possible, reducing the performance impact if
        we know up front that a String is safe.
    authored January 31, 2010

Jan 16, 2010

  1. Pratik

    Merge docrails

    authored January 17, 2010

Dec 22, 2009

  1. Joshua Peek

    All AD modules are "deferrable"

    authored December 22, 2009

Oct 07, 2009

  1. Michael Koziarski

    Switch to on-by-default XSS escaping for rails.

      This consists of:
    
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    
    Hat tip to Django for the inspiration.
    authored October 08, 2009

Nov 24, 2008

  1. Joshua Peek

    prefer autoloaded html scanner

    authored November 24, 2008
  2. Jeremy Kemper

    Autoload HTML::Document and sanitizers

    authored November 23, 2008

Aug 26, 2008

  1. Joshua Peek

    Require missing libraries and check for defined ActionController cons…

    …tant so ActionView can be used standalone
    authored August 26, 2008
  2. Joshua Peek

    Include all helpers into ActionView::Helper

    authored August 25, 2008

Jul 16, 2008

  1. Pratik

    Merge with docrails.

    authored July 16, 2008

May 25, 2008

  1. Pratik

    Merge docrails.

    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
    authored May 25, 2008

May 11, 2008

  1. Michael Schuerig

    Added not to sanitize helper docs that it doesn't guarantee well-form…

    …ed markup.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    
    [#166 state:resolved]
    authored May 12, 2008 NZKoz committed May 12, 2008

May 02, 2008

  1. Xavier Noria

    Improve documentation coverage and markup

    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
    authored May 02, 2008 lifo committed May 02, 2008

Nov 26, 2007

  1. risk danger olson

    Refactor sanitizer helpers into HTML classes and make it easy to swap…

    … them out with custom implementations. Closes #10129.  [rick]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored November 26, 2007

Oct 10, 2007

  1. David Heinemeier Hansson

    Extracted sanitization methods from TextHelper to SanitizeHelper [DHH…

    …] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored October 10, 2007
Something went wrong with that request. Please try again.