TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
46,476 Commits 2 Branches 0 Tags 294 MiB
08f209614b
Commit Graph

442 Commits

Author SHA1 Message Date
Aditya Kapoor
7ddaf10fcb [ci skip] /javascript/ ~> JavaScript 2014-06-17 02:07:07 +05:30
Timm
6cb6290f5d Make output_buffers used in tests be utf-8 encoded. Fixing unknown encoding ASCII-8BIT test errors. 2014-06-16 21:04:25 +02:00
Timm
bcd71b4c9a Don't splat arguments to allowed tags or attributes. 2014-06-16 21:04:24 +02:00
Timm
e438c090ae Change sanitizer_vendor to just be a method and reword documentation. 2014-06-16 21:04:24 +02:00
Timm
d4cd7e2a44 Revert some stuff to use the new sanitizers. 2014-06-16 21:04:24 +02:00
Timm
33019a321c Remove html-scanner and its tests. 2014-06-16 21:04:23 +02:00
Timm
017ddc6e24 Remove deprecation notice. 2014-06-16 21:04:23 +02:00
Timm
427f3f90d4 Add a layer of indirection making sanitizers pluggable. 2014-06-16 21:04:23 +02:00
Timm
5d3a29229b Delegate allowed tags and attributes setting to HTML::WhiteListSanitizer. 2014-06-16 21:04:22 +02:00
Timm
7587632b93 Changed configuration documentation to no longer state it replaces a Set. 2014-06-16 21:04:22 +02:00
Timm
13da2788f3 Deprecate configurations and use allowed_tags and allowed_attributes on WhiteListSanitizer. 2014-06-16 21:04:22 +02:00
Timm
2a7f13ebf8 Made deprecation messages in sanitize_helper more clear. 2014-06-16 21:04:21 +02:00
Timm
38620e1bed Completed integration of rails-html-sanitizer in SanitizeHelper. Deprecated protocol_separator accessors and bad_tags=. 2014-06-16 21:04:20 +02:00
Timm
50347b15fe Updated html-scanner deprecation message. 2014-06-16 21:04:20 +02:00
Timm
83f1563ee6 Support for changes in SelectorAssertions. 2014-06-16 21:04:19 +02:00
Timm
5dc57db4b5 Required rails-dom-testing in test_case.rb 2014-06-16 21:04:18 +02:00
Timm
c287572d21 Removed ActionView::Assertions. Getting ready to exchange with Rails::Dom::Testing::Assertions. 2014-06-16 21:04:17 +02:00
Timm
68e08fe8c9 Silenced deprecation warnings in the tests. Documentation uses present tense. Changed deprecation message to not use you. Also returning from rescue block in catch_invalid_selector to abort reraising the exception. 2014-06-16 21:04:16 +02:00
Timm
9ef95a7019 Added deprecation warning for invalid selectors and skipping assertions. 2014-06-16 21:04:16 +02:00
Timm
ddc24fda90 Changed PermitScrubber's direction to bottom up to align better with Loofah's strip scrubber. 2014-06-16 21:04:14 +02:00
Timm
7f9106d5d9 Now only requiring Loofah in the places where it is needed. 2014-06-16 21:04:14 +02:00
Timm
19406dad7d Minor rewording in TargetScrubber documentation. 2014-06-16 21:04:14 +02:00
Timm
dd19557551 Stylistic improvements in ActionView::Assertions::DomAssertions. 2014-06-16 21:04:13 +02:00
Timm
0a0d151bb8 Now returning html if html is blank? in FullSanitizer and WhiteListSanitizer. This means it'll return false if called with false, however that is not a valid use case. 2014-06-16 21:04:13 +02:00
Timm
5430487d85 Stylistic improvements. Some light documentation for remove_xpaths. 2014-06-16 21:04:13 +02:00
Timm
170f414928 Removed require's for html-scanner. 2014-06-16 21:04:12 +02:00
Timm
cb865e1a7b Removed dom_assertion method since it created bugs. 2014-06-16 21:04:12 +02:00
Timm
01e6e1d491 Fixed uninitialized constant ActionView::HTML error entered after recent git rebase. 2014-06-16 21:04:12 +02:00
Timm
7f7a1b5d6b Removed unnecessary documentation in DomAssertions. 2014-06-16 21:04:11 +02:00
Timm
97d20b1417 Removed case statement in equal_children? used child.element? instead. 2014-06-16 21:04:11 +02:00
Timm
905d2bc605 Reworked some internal documentation for equal_attribute_nodes?. 2014-06-16 21:04:11 +02:00
Timm
d6067e8193 Changed attributes_are_equal? to equal_attribute_nodes? which takes attribute_nodes instead of nodes. 2014-06-16 21:04:10 +02:00
Timm
73c690d4fd Removed html_strings variable, no splat operator needed. 2014-06-16 21:04:10 +02:00
Timm
bab54e4e52 Changed back to =~ or == comparison in HTMLSelector filter. 2014-06-16 21:04:10 +02:00
Timm
62171784fe Simplified the removal of xpaths in remove_xpaths. Added more tests for remove_xpaths. 2014-06-16 21:04:10 +02:00
Timm
c1a7864930 Fixed: added apostrophe to possessive noun. 2014-06-16 21:04:09 +02:00
Timm
5169b00330 Extracted: create Regexp from match_with and use =~ to compare instead of checking .is_a? Regexp every time through the loop. 2014-06-16 21:04:09 +02:00
Timm
e600b3a341 Changed conditional check in filter. Removed weird comments. 2014-06-16 21:04:09 +02:00
Timm
4b55c0aa2e Moved: initial assignment of @selector_is_second_argument is now in initialize. 2014-06-16 21:04:09 +02:00
Timm
cabef1415a Changed: using duck typing instead of requiring subclasses of Node and NodeSet. 2014-06-16 21:04:08 +02:00
Timm
65ed2b6371 Renamed: HTMLSelector css_selector to selector. 2014-06-16 21:04:08 +02:00
Timm
9a536bc195 Removed unnecessary lines from HTMLSelector initialize. 2014-06-16 21:04:08 +02:00
Timm
ce4396b366 Changed: put selector extraction into selector_from, which is renamed to extract_selector. 2014-06-16 21:04:08 +02:00
Timm
20615ec7e6 Changed: HTMLSelector comparisons renamed to equality_tests. 2014-06-16 21:04:08 +02:00
Timm
71aaddbd14 Changed: removed @selected and @page variables from HTMLSelector since one method used them. Passed the values directly to there instead. 2014-06-16 21:04:07 +02:00
Timm
75789d5326 Changed: return early from compare_doms if the two doms don't have the same number of children. 2014-06-16 21:04:07 +02:00
Timm
97c5e6fa02 Changed: remove_xpaths called with String returns String, while called with Loofah fragment returns Loofah fragment. Added tests for this. 2014-06-16 21:04:07 +02:00
Timm
9dac1e8b8f Removed duplication in assert_dom_equal and assert_dom_not_equal. 2014-06-16 21:04:06 +02:00
Timm
86c6f5b1d9 Changed wording of missing selector argument exception message in css_select. 2014-06-16 21:04:06 +02:00
Timm
bffa6469b7 Reworked root and selector conditional assignment in css_select. 2014-06-16 21:04:06 +02:00
Timm
53f25ae348 Removed :nodoc: from PermitScrubber. 2014-06-16 21:04:05 +02:00
Timm
d6a6d42e7e Reworked documentation for PermitScrubber and TargetScrubber. 2014-06-16 21:04:05 +02:00
Timm
349230e823 Fixed: spelling error. 2014-06-16 21:04:04 +02:00
Timm
b13d22bff5 Initialized tags and attributes to nil. 2014-06-16 21:04:04 +02:00
Timm
39df4028a2 Refactored scrub to keep_node? instead of scrub_node calling it. Also added ability to stop traversing by returning STOP from scrub_node. 2014-06-16 21:04:04 +02:00
Timm
557806f402 Changed PermitScrubber to be even more extensible. Updated TargetScrubber to be compliant. Updated documentation for PermitScrubber and TargetScrubber for clarity. 2014-06-16 21:04:04 +02:00
Timm
ea57c7cc85 Changed PermitScrubbers documentation to list override points for subclasses. Renamed should_remove_attributes? to should_scrub_attributes?. 2014-06-16 21:04:03 +02:00
Timm
ac0d778fe9 Already killed off LinkScrubber. Changed it instead to be TargetScrubber, which is more general, while still allowing maximum code reuse. 2014-06-16 21:04:03 +02:00
Timm
1cdc511b90 Added LinkScrubber to remove duplication in LinkSanitizer. As such made PermitScrubber easier to subclass. 2014-06-16 21:04:03 +02:00
Timm
739ecdf753 Changed FullSanitizer sanitize to use tap method instead of temporary variable. 2014-06-16 21:04:03 +02:00
Timm
d1de087467 Extracted the common xpaths to remove into XPATHS_TO_REMOVE. 2014-06-16 21:04:03 +02:00
Timm
945e7f529e Refactored remove_xpaths to use duck typing and read better. 2014-06-16 21:04:02 +02:00
Timm
f428aeaa19 Changed explanation for no duck typing of custom scrubbers. 2014-06-16 21:04:02 +02:00
Timm
dea8ddbca1 Removed copyright notice since we aren't relying on html-scanner anymore. 2014-06-16 21:04:01 +02:00
Timm
09454dcca9 Removed require for active_support/core_ext/object/inclusion since in? isn't used anywhere. 2014-06-16 21:04:01 +02:00
Timm
95c517b6d6 Moved Dom and Selector assertions from ActionDispatch to ActionView. 2014-06-16 21:04:01 +02:00
Kuldeep Aggarwal
4db09e6f6c [ci skip] correct output for asset_helper methods 
see cc255d3
 2014-06-16 23:05:11 +05:30
Timm
37ac1c45a3 Replaced html-scanner with Loofah. 2014-06-15 23:41:00 +02:00
Timm
42f0198148 Updated documentation to tell that a custom scrubber takes precedence. 2014-06-15 23:40:54 +02:00
Timm
dad96eff0d Updated the documentation to reflect the scrubber option. 2014-06-15 23:40:54 +02:00
Timm
8fdf86c5f7 Marked the private API as not needing code documentation. 2014-06-15 23:40:54 +02:00
Timm
6241bb8cf4 Added ability to pass a custom scrubber to sanitize. Includes test coverage. 2014-06-15 23:40:54 +02:00
Timm
c88d573739 Moved requiring of Loofah from sanitizers.rb to action_view.rb. 2014-06-15 23:40:53 +02:00
Timm
4fbec83ff4 Added ActionView::Sanitizer and moved remove_xpaths to there. 2014-06-15 23:40:17 +02:00
Timm
40bbb4914f Added comment removal. Changed definitation of remove_xpaths to not use a splat operator. 2014-06-15 23:39:04 +02:00
Timm
68f75b9795 Extracted the xpath removals into some new API that allows users to remove xpath subtrees. 2014-06-15 23:35:27 +02:00
Timm
55b453f295 Added removal of script tags to WhiteListSanitizer. 2014-06-15 23:35:26 +02:00
Timm
5dfd394c4d Added guard clauses to FullSanitizer. 2014-06-15 23:35:25 +02:00
Timm
91712cc11d bad_tags include form since we remove it. Also to prevent a should_allow_form_tag test creation. 2014-06-15 23:35:25 +02:00
Timm
167e998f61 Removed the contains_bad_protocols? method as well as the tests for it. Loofah already deals with this. 2014-06-15 23:35:25 +02:00
Timm
3e4ae8e5a2 Reordered form removal with stripping. 2014-06-15 23:35:24 +02:00
Timm
2622da1758 Added PermitScrubber which allows you to permit elements for sanitization. 2014-06-15 23:35:24 +02:00
Timm
d4d13925d3 Removed duplication in the deprecated methods. 2014-06-15 23:35:24 +02:00
Aditya Kapoor
c782641002 remove unnecessary substitution for space in ActionView::Helpers#debug 2014-06-14 15:22:09 +05:30
Matthew Draper
c28e436aae Merge pull request #15693 from pdg137/enforce_utf8 
In actionview, eliminate calls to tag that use html_safe parameter values.
 2014-06-14 06:33:21 +09:30
Paul Grayson
19af434840 In actionview, eliminate calls to tag that use html_safe parameter values. This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves. 2014-06-13 12:55:55 -07:00
Zachary Scott
1ecc0106ae Builder source code is still available on github [ci skip] 
This was also removed from #15542
 2014-06-13 10:12:20 -07:00
Matthew Draper
6857415187 Merge pull request #15654 from pdg137/master 
In tag helper, honor html_safe on arrays; also make safe_join more similar to Array.join
 2014-06-13 08:52:44 +09:30
Paul Grayson
bcab3f20da In tag helper, honor html_safe on array parameters; also make safe_join more similar to Array.join by first calling flatten. 2014-06-12 15:30:40 -07:00
Yves Senn
8f247871bb Merge pull request #15590 from zuhao/refactor_actionview_register_template_handler 
Add unregister_template_handler to prevent leaks.

Conflicts:
	actionview/CHANGELOG.md
 2014-06-12 14:06:59 +02:00
Zuhao Wan
a1dbb4e7e0 Add unregister_template_handler to prevent leaks. 2014-06-12 18:49:40 +08:00
Timm
c94e24fbe7 Added Loofah as a dependency in actionview.gemspec. 
Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb.
Deprecated protocol_separator and bad_tags.
Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
 2014-06-11 17:53:28 +02:00
Aditya Kapoor
9505a21f42 [ci skip] Fix doc for javascript_helper 2014-06-11 01:29:17 +05:30
Akshay Vishnoi
294ddff512 [ci skip] Add Docs for strip_insignificant_zeros option in number helpers 2014-06-10 23:07:49 +05:30
Akshay Vishnoi
9bb0f1e08a [ci skip] Correct output and use valid options of number helpers 2014-06-10 22:16:13 +05:30
Jiri Pospisil
f62ec6cb2d Fix cache_digest rake tasks 
Bring cache_digests:* rake tasks up-to-date with the API changes introduced in
637bb726cac60aaa1f7e482836458aa73e17fbb7
 2014-06-10 13:52:36 +02:00
Arthur Nogueira Neves
a6c8cde835 Merge pull request #15542 from Gaurav2728/gaurav-remove_shutdown_link 
remove rubyforge.org that was shut down [ci skip]
 2014-06-06 19:50:54 -05:00
Matthew Draper
fadbc7c9ee Unwrap another html_escape 
/cc @tenderlove
 2014-06-07 10:13:00 +09:30
Aaron Patterson
17fc6f16eb eliminate more wasteful allocations 2014-06-06 15:29:03 -07:00
Gaurav Sharma
19ef270923 remove rubyforge.org that was shut down [ci skip] 2014-06-06 22:26:56 +05:30