Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
28eecd93
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
28eecd93
编写于
9月 02, 2014
作者:
K
Kasper Timm Hansen
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Ship with rails-html-sanitizer instead.
上级
a2f8377d
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
8 addition
and
53 deletion
+8
-53
actionpack/actionpack.gemspec
actionpack/actionpack.gemspec
+1
-1
actionview/actionview.gemspec
actionview/actionview.gemspec
+1
-1
actionview/lib/action_view/helpers/sanitize_helper.rb
actionview/lib/action_view/helpers/sanitize_helper.rb
+3
-8
actionview/test/template/sanitize_helper_test.rb
actionview/test/template/sanitize_helper_test.rb
+1
-1
guides/source/4_2_release_notes.md
guides/source/4_2_release_notes.md
+2
-1
railties/test/application/default_stack_test.rb
railties/test/application/default_stack_test.rb
+0
-41
未找到文件。
actionpack/actionpack.gemspec
浏览文件 @
28eecd93
...
...
@@ -23,7 +23,7 @@
s
.
add_dependency
'rack'
,
'~> 1.6.0.beta'
s
.
add_dependency
'rack-test'
,
'~> 0.6.2'
s
.
add_dependency
'rails-
deprecated_sanitizer'
,
'~> 1.0'
,
'>= 1.0.2
'
s
.
add_dependency
'rails-
html-sanitizer'
,
'~> 1.0
'
s
.
add_dependency
'rails-dom-testing'
,
'~> 1.0'
,
'>= 1.0.2'
s
.
add_dependency
'actionview'
,
version
...
...
actionview/actionview.gemspec
浏览文件 @
28eecd93
...
...
@@ -23,7 +23,7 @@
s
.
add_dependency
'builder'
,
'~> 3.1'
s
.
add_dependency
'erubis'
,
'~> 2.7.0'
s
.
add_dependency
'rails-
deprecated_sanitizer'
,
'~> 1.0'
,
'>= 1.0.2
'
s
.
add_dependency
'rails-
html-sanitizer'
,
'~> 1.0
'
s
.
add_dependency
'rails-dom-testing'
,
'~> 1.0'
,
'>= 1.0.2'
s
.
add_development_dependency
'actionpack'
,
version
...
...
actionview/lib/action_view/helpers/sanitize_helper.rb
浏览文件 @
28eecd93
require
'active_support/core_ext/object/try'
require
'active_support/deprecation'
require
'rails-
deprecated_
sanitizer'
require
'rails-
html-
sanitizer'
module
ActionView
# = Action View Sanitize Helpers
...
...
@@ -122,14 +122,9 @@ module ClassMethods #:nodoc:
attr_writer
:full_sanitizer
,
:link_sanitizer
,
:white_list_sanitizer
# Vendors the full, link and white list sanitizers.
# This uses html-scanner for the HTML sanitization.
# In the next Rails version this will use Rails::Html::Sanitizer instead.
# To get this new behavior now, in your Gemfile, add:
#
# gem 'rails-html-sanitizer'
#
# Provided strictly for compabitility and can be removed in Rails 5.
def
sanitizer_vendor
Rails
::
Deprecated
Sanitizer
Rails
::
Html
::
Sanitizer
end
def
sanitized_allowed_tags
...
...
actionview/test/template/sanitize_helper_test.rb
浏览文件 @
28eecd93
...
...
@@ -18,7 +18,7 @@ def test_sanitize_form
def
test_should_sanitize_illegal_style_properties
raw
=
%(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;)
expected
=
%(display: block; width: 100%; height: 100%; background-color: black; background-
image: ; background-
x: center; background-y: center;)
expected
=
%(display: block; width: 100%; height: 100%; background-color: black; background-x: center; background-y: center;)
assert_equal
expected
,
sanitize_css
(
raw
)
end
...
...
guides/source/4_2_release_notes.md
浏览文件 @
28eecd93
...
...
@@ -167,7 +167,8 @@ config.log_level = :info
### HTML Sanitizer
The HTML sanitizer has been replaced with a new, more robust, implementation
built upon Loofah and Nokogiri. The new sanitizer is (TODO: betterer).
built upon Loofah and Nokogiri. The new sanitizer is more secure and its
sanitization is more powerful and flexible.
With a new sanitization algorithm, the sanitized output will change for certain
pathological inputs.
...
...
railties/test/application/default_stack_test.rb
已删除
100644 → 0
浏览文件 @
a2f8377d
# -*- coding: utf-8 -*-
require
'isolation/abstract_unit'
require
'rack/test'
require
'active_support/json'
module
ApplicationTests
class
DefaultStackTest
<
ActiveSupport
::
TestCase
include
ActiveSupport
::
Testing
::
Isolation
include
Rack
::
Test
::
Methods
def
setup
build_app
(
initializers:
true
)
boot_rails
end
def
teardown
teardown_app
end
test
"the sanitizer helper"
do
controller
:foo
,
<<-
RUBY
class FooController < ApplicationController
def index
render text: self.class.helpers.class.sanitizer_vendor
end
end
RUBY
app_file
'config/routes.rb'
,
<<-
RUBY
Rails.application.routes.draw do
get ':controller(/:action)'
end
RUBY
require
"
#{
app_path
}
/config/environment"
get
"/foo"
assert_equal
'Rails::Html::Sanitizer'
,
last_response
.
body
.
strip
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录