提交 · 28eecd934b91618b1334acce859c26c1a380f51a · 张重言 / rails

04 9月, 2014 1 次提交
- K
  
  Ship with rails-html-sanitizer instead. · 28eecd93
  由 Kasper Timm Hansen 提交于 9月 02, 2014
  
  28eecd93
19 8月, 2014 1 次提交
- R
  
  Fix assertion to map the behaviour of the old sanitizer · 8d0d0516
  由 Rafael Mendonça França 提交于 8月 18, 2014
  
  8d0d0516
17 6月, 2014 2 次提交
- T
  
  Removed a bunch of duplicated tests in SanitizeHelperTest. · 2563c2ce
  由 Timm 提交于 8月 17, 2013
  
  2563c2ce
- T
  
  Fixed: spelling mistake in SanitizeHelperTest. · 9a3a59ea
  由 Timm 提交于 8月 16, 2013
  
  9a3a59ea
16 6月, 2014 2 次提交
- T
  
  Marked tests in sanitize_helper_test.rb as pending. · 7e2f7daa
  由 Timm 提交于 7月 10, 2013
  
  7e2f7daa
- T
  
  Reordered form removal with stripping. · 3e4ae8e5
  由 Timm 提交于 7月 02, 2013
  
  3e4ae8e5
14 5月, 2014 1 次提交
- A
  
  minor: point to the right test suite location · 4fb2be54
  由 azul 提交于 5月 14, 2014
  
  4fb2be54
20 6月, 2013 1 次提交
- P
  
  Move template tests from actionpack to actionview · eb23754e
  由 Piotr Sarnacki 提交于 4月 17, 2013
  
  eb23754e
15 10月, 2012 1 次提交
- A
  
  Minor cleanup, helper method was only used once · a0f97e46
  由 Ayrton De Craene 提交于 10月 15, 2012
  
  a0f97e46
10 8月, 2012 1 次提交
- S
  Do not mark strip_tags result as html_safe · d8cf713a
  由 Santiago Pastorino 提交于 8月 08, 2012
```
Thanks to Marek Labos & Nethemba

CVE-2012-3465
```
  d8cf713a
21 12月, 2011 1 次提交
- A
  'with_kcode' removed. · 7276fc63
  由 Arun Agrawal 提交于 12月 21, 2011
```
Testing Sandbox removed.
```
  7276fc63
08 10月, 2009 1 次提交

Switch to on-by-default XSS escaping for rails. · 94159359

由 Michael Koziarski 提交于 10月 08, 2009

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

94159359

26 8月, 2008 1 次提交
- J
  
  Include all helpers into ActionView::Helper · ba0d6216
  由 Joshua Peek 提交于 8月 25, 2008
  
  ba0d6216
20 4月, 2008 1 次提交
- J
  
  Introduce ActionView::TestCase for testing view helpers. · 17d4164a
  由 Joshua Peek 提交于 4月 19, 2008
  
  17d4164a
05 1月, 2008 1 次提交
- J
  require abstract_unit directly since test is in load path · 9d755f19
  由 Jeremy Kemper 提交于 1月 05, 2008
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  9d755f19
26 11月, 2007 1 次提交

Refactor sanitizer helpers into HTML classes and make it easy to swap them out... · 1af084ec

由 Rick Olson 提交于 11月 26, 2007

Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations.  Closes #10129.  [rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

1af084ec

11 10月, 2007 1 次提交

Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] Changed... · 6637f906

由 David Heinemeier Hansson 提交于 10月 10, 2007

Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

6637f906