Skip to content
Commits on Apr 16, 2011
  1. @mrduncan

    Fixing another example result

    mrduncan committed Apr 15, 2011
Commits on Aug 14, 2010
  1. @spastorino

    Deletes trailing whitespaces (over text files only find * -type f -ex…

    spastorino committed Aug 14, 2010
    …ec sed 's/[ \t]*$//' -i {} \;)
Commits on Aug 9, 2010
  1. @fxn
Commits on Aug 4, 2010
  1. @wycats

    Concernify SanitizeHelper and TextHelper so including TextHelper corr…

    wycats committed Aug 4, 2010
    …ectly include SanitizeHelper and extends its ClassMethods
Commits on Jul 13, 2010
  1. Fixed many references to the old config/environment.rb and Rails::Ini…

    Benjamin Quorning committed Jul 9, 2010
    …tializer
Commits on Jun 16, 2010
  1. @rizwanreza

    Added titles and description.

    rizwanreza committed Jun 16, 2010
Commits on Jun 14, 2010
  1. @fxn

    edit pass: the names of Rails components have a space, ie, "Active Re…

    fxn committed Jun 14, 2010
    …cord", not "ActiveRecord"
Commits on Feb 1, 2010
  1. For performance reasons, you can no longer call html_safe! on Strings…

    Yehuda Katz committed Jan 31, 2010
    …. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
    
      * Additionally, instead of doing concat("</form>".html_safe), you can do
        safe_concat("</form>"), which will skip both the flag set, and the flag
        check.
      * For the first pass, I converted virtually all #html_safe!s to #html_safe,
        and the tests pass. A further optimization would be to try to use
        #safe_concat as much as possible, reducing the performance impact if
        we know up front that a String is safe.
Commits on Jan 16, 2010
  1. @lifo

    Merge docrails

    lifo committed Jan 17, 2010
Commits on Dec 22, 2009
  1. @josh

    All AD modules are "deferrable"

    josh committed Dec 22, 2009
Commits on Oct 7, 2009
  1. @NZKoz

    Switch to on-by-default XSS escaping for rails.

    NZKoz committed Oct 8, 2009
      This consists of:
    
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    
    Hat tip to Django for the inspiration.
Commits on Nov 24, 2008
  1. @josh

    prefer autoloaded html scanner

    josh committed Nov 24, 2008
  2. @jeremy
Commits on Aug 26, 2008
  1. @josh

    Require missing libraries and check for defined ActionController cons…

    josh committed Aug 26, 2008
    …tant so ActionView can be used standalone
  2. @josh
Commits on Jul 16, 2008
  1. @lifo

    Merge with docrails.

    lifo committed Jul 16, 2008
Commits on May 25, 2008
  1. @lifo

    Merge docrails.

    lifo committed May 25, 2008
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on May 11, 2008
  1. @mschuerig @NZKoz

    Added not to sanitize helper docs that it doesn't guarantee well-form…

    mschuerig committed with NZKoz May 12, 2008
    …ed markup.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    
    [#166 state:resolved]
Commits on May 2, 2008
  1. @fxn @lifo

    Improve documentation coverage and markup

    fxn committed with lifo May 2, 2008
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Nov 26, 2007
  1. @technoweenie

    Refactor sanitizer helpers into HTML classes and make it easy to swap…

    technoweenie committed Nov 26, 2007
    … them out with custom implementations. Closes #10129.  [rick]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Oct 10, 2007
  1. @dhh

    Extracted sanitization methods from TextHelper to SanitizeHelper [DHH…

    dhh committed Oct 10, 2007
    …] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.