提交 · 0696547814057eaed3c13e70a6dc6b2b7bb3e1f9 · 张重言 / rails

05 12月, 2013 4 次提交
- G
  
  Also move html_esacpe regex to a constant (see 9d25af60 ) · 06965478
  由 Godfrey Chan 提交于 12月 04, 2013
  
  06965478
- G
  
  Added \u2028 \u2029 to json_escape · 2c564cdb
  由 Godfrey Chan 提交于 12月 04, 2013
  
  2c564cdb
- G
  
  Use lower case letters in unicodes sequences to match the new encoder's output · c229c7a3
  由 Godfrey Chan 提交于 11月 27, 2013
  
  c229c7a3
- G
  
  Fixed a long-standing bug in `json_escape` that strips quotation marks · 2f1c5789
  由 Godfrey Chan 提交于 11月 27, 2013
  
  2f1c5789
03 12月, 2013 1 次提交
- C
  Avoid generating more strings while iterating to create methods · 735abe93
  由 Carlos Antonio da Silva 提交于 12月 02, 2013
```
Use the already existing strings instead of creating a new one each time
just to test if it responds to the methods.
```
  735abe93
16 5月, 2013 1 次提交

Revert "Merge pull request #10600 from aditya-kapoor/code_refactor" · ed738f75

由 Rafael Mendonça França 提交于 5月 15, 2013

This reverts commit 8ce3c1e5, reversing
changes made to f93da579.

Reason: It slow down the running time.

require "diffbench"
load 'output_safety.rb'

N = 10000
b = ActiveSupport::SafeBuffer.new("hello world")
DiffBench.bm do
  report "capitalize in safe buffer" do
    N.times do
      b.capitalize
    end
  end
end

> git checkout  069ea45c; diffbench bench.rb;
diffbench bench.rb;diffbench
bench.rb;diffbench bench.rb;diffbench
bench.rb;diffbench bench.rb;diffbench
bench.rb;

Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again

                    user     system      total
                    real
----------------------------------capitalize
in safe buffer
After patch:    0.010000   0.000000   0.010000
(  0.009733)
Before patch:   0.010000   0.000000   0.010000
(  0.007702)
Improvement: -26%

Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again

                    user     system      total
                    real
----------------------------------capitalize
in safe buffer
After patch:    0.010000   0.000000   0.010000
(  0.009768)
Before patch:   0.010000   0.000000   0.010000
(  0.007896)
Improvement: -24%

Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again

                    user     system      total
                    real
----------------------------------capitalize
in safe buffer
After patch:    0.010000   0.000000   0.010000
(  0.009938)
Before patch:   0.010000   0.000000   0.010000
(  0.007768)
Improvement: -28%

Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again

                    user     system      total
                    real
----------------------------------capitalize
in safe buffer
After patch:    0.010000   0.000000   0.010000
(  0.010001)
Before patch:   0.010000   0.000000   0.010000
(  0.007873)
Improvement: -27%

Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again

                    user     system      total
                    real
----------------------------------capitalize
in safe buffer
After patch:    0.010000   0.000000   0.010000
(  0.009670)
Before patch:   0.010000   0.000000   0.010000
(  0.007800)
Improvement: -24%

Running benchmark with current working tree
Checkout HEAD^
Running benchmark with HEAD^
Checkout to previous HEAD again

                    user     system      total
                    real
----------------------------------capitalize
in safe buffer
After patch:    0.010000   0.000000   0.010000
(  0.009949)
Before patch:   0.010000   0.000000   0.010000
(  0.007752)
Improvement: -28%

ed738f75

14 5月, 2013 2 次提交
- A
  
  Added a blank space and removed to_sym · 426f42c0
  由 aditya-kapoor 提交于 5月 14, 2013
  
  426f42c0
- A
  
  Removed Class Eval and used define_method instead for the SafeBuffer · 069ea45c
  由 aditya-kapoor 提交于 5月 14, 2013
  
  069ea45c
05 3月, 2013 1 次提交
- A
  
  Call String#gsub with Hash directly · cc986db5
  由 Aman Gupta 提交于 3月 04, 2013
  
  cc986db5
13 9月, 2012 1 次提交
- F
  
  update AS/core_ext docs [ci skip] · 794a70f9
  由 Francesco Rodriguez 提交于 9月 12, 2012
  
  794a70f9
09 9月, 2012 1 次提交
- K
  
  &#39 dates back to SGML when &#x27 was introduced in HTML 4.0 · 6b2a24c3
  由 Kalys Osmonov 提交于 9月 03, 2012
  
  6b2a24c3
01 8月, 2012 1 次提交

html_escape should escape single quotes · b6ab4417

由 Santiago Pastorino 提交于 7月 31, 2012

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215

b6ab4417

24 5月, 2012 1 次提交

Revert "Remove blank trailing comments" · 1ad0b378

由 Vijay Dev 提交于 5月 23, 2012

This reverts commit fa6d921e.

Reason: Not a fan of such massive changes. We usually close such changes
if made to Rails master as a pull request. Following the same principle
here and reverting.

[ci skip]

1ad0b378

20 5月, 2012 1 次提交

Remove blank trailing comments · fa6d921e

由 Henrik Hodne 提交于 5月 20, 2012

For future reference, this is the regex I used: ^\s*#\s*\n(?!\s*#). Replace
with the first match, and voilà! Note that the regex matches a little bit too
much, so you probably want to `git add -i .` and go through every single diff
to check if it actually should be changed.

fa6d921e

18 5月, 2012 1 次提交
- V
  
  doesn't modify params in SafeBuffer#% · 3b1c30c9
  由 Vasiliy Ermolovich 提交于 5月 18, 2012
  
  3b1c30c9
17 5月, 2012 1 次提交
- V
  
  fix safe string interpolation with SafeBuffer#%, closes #6352 · 9fb21e98
  由 Vasiliy Ermolovich 提交于 5月 16, 2012
  
  9fb21e98
12 5月, 2012 1 次提交
- F
  
  remove unnecessary 'examples' noise · ef440bb0
  由 Francesco Rodriguez 提交于 5月 11, 2012
  
  ef440bb0
29 4月, 2012 2 次提交
- A
  
  String quotes and trailing spaces · 432a65fa
  由 Alexey Gaziev 提交于 4月 29, 2012
  
  432a65fa
- A
  
  AS core_ext refactoring · 1946d7b9
  由 Alexey Gaziev 提交于 4月 26, 2012
  
  1946d7b9
02 3月, 2012 1 次提交

Stop SafeBuffer#clone_empty from issuing warnings · 681d89f9

由 Carlos Antonio da Silva 提交于 3月 02, 2012

Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
https://github.com/rails/rails/commit/139963c99a955520db6373343662e55f4d16dcd1

This was issuing a "not initialized variable" warning - related to:
https://github.com/rails/rails/pull/5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.

681d89f9

01 3月, 2012 1 次提交
- J
  
  Ensure [] respects the status of the buffer. · 8ccaa341
  由 José Valim 提交于 2月 29, 2012
  
  8ccaa341
21 2月, 2012 2 次提交
- A
  
  delete vulnerable AS::SafeBuffer#[] · 71d8c77e
  由 Akira Matsuda 提交于 2月 13, 2012
  
  71d8c77e
- A
  
  add AS::SafeBuffer#clone_empty · 71b95bd9
  由 Akira Matsuda 提交于 2月 13, 2012
  
  71b95bd9
02 2月, 2012 1 次提交
- V
  
  revise docs [ci skip] · d7a85c5c
  由 Vijay Dev 提交于 2月 01, 2012
  
  d7a85c5c
01 2月, 2012 2 次提交
- C
  
  Move escaping regexps to constants · 9d25af60
  由 Carlos Antonio da Silva 提交于 1月 12, 2012
  
  9d25af60
- C
  Move escape_once logic to ERB::Util, where it belongs to · 608eddc6
  由 Carlos Antonio da Silva 提交于 1月 12, 2012
```
All the logic is based on the HTML_ESCAPE constant available in
ERB::Util, so it seems more logic to have the entire method there and
just delegate the helper to use it.
```
  608eddc6
05 1月, 2012 2 次提交
- R
  
  No need to override the to_yaml method in ActiveSupporte::SafeBuffer · ae7dcb4b
  由 Rafael Mendonça França 提交于 1月 04, 2012
  
  ae7dcb4b
- R
  
  No need to check if YAML::ENGINE is defined since ruby 1.9 does that · 0bf51e98
  由 Rafael Mendonça França 提交于 1月 04, 2012
  
  0bf51e98
21 12月, 2011 1 次提交
- G
  
  We don't need a special html_escape for 1.8 anymore · ba7ef536
  由 Guillermo Iguaran 提交于 12月 21, 2011
  
  ba7ef536
12 12月, 2011 2 次提交

J

Remove duplicate html_escape docs · 9147613c
由 Jeremy Kemper 提交于 12月 11, 2011

9147613c

Use 1.9 native XML escaping to speed up html_escape and shush regexp warnings · 63cd9432

由 Jeremy Kemper 提交于 12月 11, 2011

        length      user     system      total        real
before  6      0.010000   0.000000   0.010000 (  0.012378)
after   6      0.010000   0.000000   0.010000 (  0.012866)
before  60     0.040000   0.000000   0.040000 (  0.046273)
after   60     0.040000   0.000000   0.040000 (  0.036421)
before  600    0.390000   0.000000   0.390000 (  0.390670)
after   600    0.210000   0.000000   0.210000 (  0.209094)
before  6000   3.750000   0.000000   3.750000 (  3.751008)
after   6000   1.860000   0.000000   1.860000 (  1.857901)

63cd9432

03 12月, 2011 1 次提交

Restore performance of ERB::Util.html_escape · 0e17cf17

由 Jon Jensen 提交于 12月 02, 2011

Revert html_escape to do a single gsub again, but add the "n" flag (no
language, i.e. not multi-byte) to protect against XSS via invalid utf8
Signed-off-by: NJosé Valim <jose.valim@gmail.com>

0e17cf17

09 11月, 2011 1 次提交
- A
  
  Remove j alias for ERB::Util.json_escape · ed2eac83
  由 Akira Matsuda 提交于 11月 09, 2011
  
  ed2eac83
05 10月, 2011 2 次提交
- A
  
  ruby193: String#prepend is also unsafe · 87eab595
  由 Akira Matsuda 提交于 10月 02, 2011
  
  87eab595
- A
  
  override unsafe methods only if defined on String · 9c4fe308
  由 Akira Matsuda 提交于 10月 02, 2011
  
  9c4fe308
25 9月, 2011 1 次提交
- A
  
  remove superfluous to_s in ERB::Util.html_escape · f9164749
  由 Alexey Vakhov 提交于 9月 24, 2011
  
  f9164749
22 9月, 2011 1 次提交
- V
  
  fix incorrect comment · 8aa537c9
  由 Vijay Dev 提交于 9月 22, 2011
  
  8aa537c9
17 9月, 2011 1 次提交
- S
  
  Proper lines numbers for stack trace info · 18116791
  由 Santiago Pastorino 提交于 9月 16, 2011
  
  18116791
09 9月, 2011 2 次提交
- V
  revert the changes from c60995f3 - related to marking sub,gsub as unavailable... · e05d4cea
  由 Vijay Dev 提交于 9月 09, 2011
```
revert the changes from c60995f3 - related to marking sub,gsub as unavailable to use with safe strings
```
  e05d4cea
- J
  
  Revert removing gsub and sub from safe buffer. · 6b010c26
  由 José Valim 提交于 9月 08, 2011
  
  6b010c26