- 09 8月, 2013 6 次提交
-
-
由 Charlie Somerville 提交于
-
由 Charlie Somerville 提交于
-
由 Charlie Somerville 提交于
-
由 Charlie Somerville 提交于
-
由 Charlie Somerville 提交于
-
由 Greg Ose 提交于
Allow authenticity token to be omitted for external requests
-
- 07 8月, 2013 3 次提交
-
-
由 Charlie Somerville 提交于
-
由 Charlie Somerville 提交于
-
由 Charlie Somerville 提交于
-
- 19 3月, 2013 1 次提交
-
-
由 Aaron Patterson 提交于
Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb actionpack/test/controller/html-scanner/sanitizer_test.rb
-
- 06 3月, 2013 1 次提交
-
-
由 Aman Gupta 提交于
-
- 26 2月, 2013 2 次提交
-
-
由 Aman Gupta 提交于
-
由 Aman Gupta 提交于
-
- 22 2月, 2013 1 次提交
-
-
由 Aman Gupta 提交于
before: ');@output_buffer.append= ( content_icon row[:content] );@output_buffer.safe_concat(' ');@output_buffer.safe_concat(' ');@output_buffer.append= ( spinner_img );@output_buffer.safe_concat(' ');@output_buffer.safe_concat(' </td> <td class="content"> ');@output_buffer.append= ( content_link row[:content] );@output_buffer.safe_concat(' ');@output_buffer.safe_concat(' </td> <td class="message"> '); after: ';@output_buffer.append=( content_icon row[:content] );@output_buffer.safe_append=' ';@output_buffer.append=( spinner_img );@output_buffer.safe_append=' </td> <td class="content"> ';@output_buffer.append=( content_link row[:content] );@output_buffer.safe_append=' </td> <td class="message"> ';
-
- 21 2月, 2013 3 次提交
-
-
由 Aman Gupta 提交于
-
由 Aman Gupta 提交于
-
由 Aman Gupta 提交于
-
- 17 2月, 2013 3 次提交
-
-
由 Xavier Noria 提交于
s/escape_once/html_escape/, since html safety is the contract that now says whether something has to be escaped Conflicts: actionpack/CHANGELOG actionpack/lib/action_view/helpers/form_tag_helper.rb actionpack/lib/action_view/helpers/url_helper.rb actionpack/test/template/url_helper_test.rb
-
由 Xavier Noria 提交于
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc. Backported to 2.3. Conflicts: actionpack/CHANGELOG actionpack/lib/action_view/helpers/url_helper.rb actionpack/test/template/url_helper_test.rb
-
由 rizwanreza 提交于
Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
- 09 12月, 2012 1 次提交
-
-
由 Aman Gupta 提交于
-
- 10 11月, 2012 1 次提交
-
-
由 Aman Gupta 提交于
-
- 18 11月, 2011 1 次提交
-
-
由 Ryan Tomayko 提交于
Some pretty gnarly bugs and security issues are present in the latest rack 1.1.x release. There are 1.2.x and 1.3.x releases that correct these. This changes the gem dependencies to allow for rack versions > 1.1. At GitHub we're on 1.2.4 (latest 1.2.x release at present) and should have some results from real world testing soon.
-
- 17 8月, 2011 4 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
- 28 7月, 2011 1 次提交
-
-
由 Xavier Noria 提交于
-
- 25 5月, 2011 1 次提交
-
-
由 Ryan Davis 提交于
+ Fixed deprecated usage in gemspecs. Bumped the version to 2.3.12 so I could test locally with actual installs. If this is bad form for this project, please beat me up and I'll split them out.
-
- 14 4月, 2011 1 次提交
-
-
由 gmarik 提交于
- it was broken after [commit](https://github.com/rails/rails/commit/e0eb8e9c65ededce64169948d4dd51b0079cdd10) - there's also [issue](https://rails.lighthouseapp.com/projects/8994/tickets/6634-railsrack-inconsistency-about-expires_afterexpires-cookie-option) - also: maybe it worth making Rack understand :expire_after as we duplicate same logic in [cookie_store](https://github.com/gmarik/rails/blob/v2.3.11/actionpack/lib/action_controller/session/cookie_store.rb#L114) Signed-off-by: NJosé Valim <jose.valim@gmail.com>
-
- 01 3月, 2011 2 次提交
-
-
由 Rob Di Marco 提交于
-
由 Rob Di Marco 提交于
-
- 09 2月, 2011 3 次提交
-
-
由 Michael Koziarski 提交于
-
由 Michael Koziarski 提交于
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
-
由 Michael Koziarski 提交于
Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. This fixes CVE-2011-0446
-
- 19 1月, 2011 1 次提交
-
-
由 Johnathan Ritzi 提交于
Signed-off-by: NXavier Noria <fxn@hashref.com>
-
- 20 12月, 2010 1 次提交
-
-
由 Michael Koziarski 提交于
-
- 01 12月, 2010 2 次提交
-
-
由 Pascal Friederich 提交于
Let Rack::Utils.set_cookie_header! create the Set-Cookie header instead of manually fiddling with the response headers [#4941 state:resolved] Signed-off-by: NJosé Valim <jose.valim@gmail.com>
-
由 José Valim 提交于
Revert "Fix AbstractStore so that it preserves Set-Cookie header as an array, rather than as newline separated strings" This reverts commit 36b91e34. Conflicts: actionpack/test/activerecord/active_record_store_test.rb
-
- 27 10月, 2010 1 次提交
-
-
由 Andrew White 提交于
-