TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
9415935902
rails/actionpack/lib
History
Michael Koziarski 9415935902 Switch to on-by-default XSS escaping for rails. 
This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.
2009-10-08 09:31:20 +13:00
..
abstract_controller Use NewCallbacks on ActionDispatch::Callbacks. 2009-09-20 10:56:38 -03:00
action_controller Revert "Revert "Fix Dispatch.new so passenger works" as it broke the build" 2009-10-05 09:17:51 -05:00
action_dispatch Coerce all out going body parts to Strings 2009-10-05 13:58:43 -05:00
action_pack Bump up the version to 3.0.pre 2009-06-30 14:37:12 -07:00
action_view Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
abstract_controller.rb Add Orchestra instrumentation to fragment and page caching. 2009-09-20 10:56:38 -03:00
action_controller.rb Resurrect AC::Benchmarking [#3140 state:resolved] 2009-09-24 12:13:09 -05:00
action_dispatch.rb Coerce all out going body parts to Strings 2009-10-05 13:58:43 -05:00
action_pack.rb Bump up the year in MIT license files 2009-01-18 05:28:21 +00:00
action_view.rb Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00