Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
20425986
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
20425986
编写于
8月 17, 2014
作者:
R
Rafael Mendonça França
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #16525 from kaspth/partial-release-prep
Prepare for partial release.
上级
a2400308
1e2ffe7a
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
46 addition
and
39 deletion
+46
-39
actionpack/CHANGELOG.md
actionpack/CHANGELOG.md
+1
-3
actionpack/actionpack.gemspec
actionpack/actionpack.gemspec
+1
-2
actionview/CHANGELOG.md
actionview/CHANGELOG.md
+0
-29
actionview/actionview.gemspec
actionview/actionview.gemspec
+1
-2
actionview/lib/action_view/helpers/sanitize_helper.rb
actionview/lib/action_view/helpers/sanitize_helper.rb
+8
-3
guides/source/upgrading_ruby_on_rails.md
guides/source/upgrading_ruby_on_rails.md
+32
-0
railties/lib/rails/generators/rails/app/templates/Gemfile
railties/lib/rails/generators/rails/app/templates/Gemfile
+3
-0
未找到文件。
actionpack/CHANGELOG.md
浏览文件 @
20425986
*
Deprecated TagAssertions.
Moved DomAssertions and SelectorAssertions to Action View.
*
Deleted the deprecated TagAssertions.
*Kasper Timm Hansen*
...
...
actionpack/actionpack.gemspec
浏览文件 @
20425986
...
...
@@ -23,8 +23,7 @@
s
.
add_dependency
'rack'
,
'~> 1.6.0.alpha'
s
.
add_dependency
'rack-test'
,
'~> 0.6.2'
s
.
add_dependency
'rails-dom-testing'
s
.
add_dependency
'rails-html-sanitizer'
s
.
add_dependency
'rails-deprecated_sanitizer'
s
.
add_dependency
'actionview'
,
version
s
.
add_development_dependency
'activemodel'
,
version
...
...
actionview/CHANGELOG.md
浏览文件 @
20425986
*
Dom and Selector assertions has extracted to rails-dom-testing to better be used in both Action Pack and Action View.
Note:
This also changes the substitution values syntax in `assert_select`.
`assert_select "div#?", /\d+/`
`assert_select "div:match('id', ?)", /\d+/`
The attribute to match should be enclosed in quotes to avoid
issues with Nokogiri's css selector syntax parsing.
It is not necessary to do so with the question mark.
Calling `assert_select` with an invalid selector will emit a deprecation warning and skip the assertions.
*Kasper Timm Hansen*
*
The sanitizers in
`sanitize_helper`
have been extracted to rails-html-sanitizer. Loofah is used for sanitization instead of html-scanner.
This means:
`sanitize` can now take a `Loofah::Scrubber` for powerful scrubbing.
[See some examples of scrubbers here](https://github.com/flavorjones/loofah#loofahscrubber)
`PermitScrubber` has been added. Set the attributes and tags you want to keep and get everything else stripped.
`TargetScrubber` has been added. Set the attributes and tags you want to have stripped and keep everything else.
The documentation for `PermitScrubber` and `TargetScrubber` explains how you can gain complete control over when and how elements should be stripped.
*Kasper Timm Hansen*
*
Fix that render layout: 'messages/layout' should also be added to the dependency tracker tree.
*DHH*
...
...
actionview/actionview.gemspec
浏览文件 @
20425986
...
...
@@ -23,8 +23,7 @@
s
.
add_dependency
'builder'
,
'~> 3.1'
s
.
add_dependency
'erubis'
,
'~> 2.7.0'
s
.
add_dependency
'rails-dom-testing'
s
.
add_dependency
'rails-html-sanitizer'
s
.
add_dependency
'rails-deprecated_sanitizer'
s
.
add_development_dependency
'actionpack'
,
version
s
.
add_development_dependency
'activemodel'
,
version
...
...
actionview/lib/action_view/helpers/sanitize_helper.rb
浏览文件 @
20425986
require
'active_support/core_ext/object/try'
require
'active_support/deprecation'
require
'rails-
html-
sanitizer'
require
'rails-
deprecated_
sanitizer'
module
ActionView
# = Action View Sanitize Helpers
...
...
@@ -138,9 +138,14 @@ module ClassMethods #:nodoc:
end
# Vendors the full, link and white list sanitizers.
# Strictly for backwards compatibility with html-scanner.
# This uses html-scanner for the HTML sanitization.
# In the next Rails version this will use Rails::Html::Sanitizer instead.
# To get this new behavior now, in your Gemfile, add:
#
# gem 'rails-html-sanitizer'
#
def
sanitizer_vendor
Rails
::
Html
::
Sanitizer
Rails
::
Deprecated
Sanitizer
end
def
sanitized_allowed_tags
...
...
guides/source/upgrading_ruby_on_rails.md
浏览文件 @
20425986
...
...
@@ -91,6 +91,38 @@ after_bundle do
end
```
### Rails Html Sanitizer
There's a new choice for sanitizing HTML fragments in your applications. The
venerable html-scanner approach is now officially being deprecated in favor of
[
`Rails Html Sanitizer`
](
https://github.com/rails/rails-html-sanitizer
)
.
This means the methods
`sanitize`
,
`sanitize_css`
,
`strip_tags`
and
`strip_links`
are backed by a new implementation.
In the next major Rails version
`Rails Html Sanitizer`
will be the default
sanitizer. It already is for new applications.
Include this in your Gemfile to try it out today:
```
ruby
gem
'rails-html-sanitizer'
```
This new sanitizer uses
[
Loofah
](
https://github.com/flavorjones/loofah
)
internally. Loofah in turn uses Nokogiri, which
wraps XML parsers written in both C and Java, so sanitization should be faster
no matter which Ruby version you run.
The new version updates
`sanitize`
, so it can take a
`Loofah::Scrubber`
for
powerful scrubbing.
[
See some examples of scrubbers here
](
https://github.com/flavorjones/loofah#loofahscrubber
)
.
Two new scrubbers have also been added:
`PermitScrubber`
and
`TargetScrubber`
.
Read the
[
gem's readme
](
https://github.com/rails/rails-html-sanitizer
)
for more information.
The documentation for
`PermitScrubber`
and
`TargetScrubber`
explains how you
can gain complete control over when and how elements should be stripped.
Upgrading from Rails 4.0 to Rails 4.1
-------------------------------------
...
...
railties/lib/rails/generators/rails/app/templates/Gemfile
浏览文件 @
20425986
...
...
@@ -15,6 +15,9 @@ source 'https://rubygems.org'
# Use ActiveModel has_secure_password
# gem 'bcrypt', '~> 3.1.7'
# Use Rails Html Sanitizer for HTML sanitization
gem
'rails-html-snaitizer'
# Use Unicorn as the app server
# gem 'unicorn'
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录