github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
80da8eb43dfabb4ca9f0adcb431882d03e6388bb
rails/actionpack/test/template
History
Michael Koziarski 80da8eb43d Merge the prerequisites for on-by-default XSS escaping into rails. 
This consists of:

* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)

Note, this does *not* give you on-by-default XSS escaping in 2.3 applications.  To get that you'll need to install a plugin:

http://github.com/nzkoz/rails_xss
2009-10-08 13:59:21 +13:00
..
active_record_helper_i18n_test.rb
Bump mocha requirement for Ruby 1.9 compat. Remove uses_mocha.
2009-02-03 18:40:22 -08:00
active_record_helper_test.rb
Rewrote ActionView::TestCase.
2009-09-25 15:51:27 +02:00
asset_tag_helper_test.rb
Merge the prerequisites for on-by-default XSS escaping into rails.
2009-10-08 13:59:21 +13:00
atom_feed_helper_test.rb
Don't call additional methods on builders passed to the atom_feed helper.
2009-08-09 13:09:24 +12:00
benchmark_helper_test.rb
Rewrote ActionView::TestCase.
2009-09-25 15:51:27 +02:00
compiled_templates_test.rb
Fix templates reloading in development when using custom view path [#2012 state:resolved]
2009-02-19 20:55:56 -06:00
date_helper_i18n_test.rb
Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 days return '2 days'.
2009-09-28 14:56:19 +13:00
date_helper_test.rb
Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 days return '2 days'.
2009-09-28 14:56:19 +13:00
erb_util_test.rb
add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]
2008-04-08 04:52:01 +00:00
form_helper_test.rb
Merge the prerequisites for on-by-default XSS escaping into rails.
2009-10-08 13:59:21 +13:00
form_options_helper_i18n_test.rb
I18n: use I18n for select helpers' prompt text
2009-08-26 13:56:15 -07:00
form_options_helper_test.rb
Introduce grouped_collection_select helper.
2009-08-10 00:00:02 -07:00
form_tag_helper_test.rb
Fixes a number of tests that inexplicably didn't fail when we committed the original patch
2009-07-02 10:50:39 -07:00
javascript_helper_test.rb
Remove duplicate test [#2136 state:resolved]
2009-03-08 15:50:38 +00:00
number_helper_i18n_test.rb
Bump mocha requirement for Ruby 1.9 compat. Remove uses_mocha.
2009-02-03 18:40:22 -08:00
number_helper_test.rb
Fixed number_to_phone to work with 7 digit numbers [#2176 state:resolved]
2009-03-09 12:53:44 +00:00
prototype_helper_test.rb
Fixes a number of tests that inexplicably didn't fail when we committed the original patch
2009-07-02 10:50:39 -07:00
raw_output_helper_test.rb
Merge the prerequisites for on-by-default XSS escaping into rails.
2009-10-08 13:59:21 +13:00
record_tag_helper_test.rb
Ensure that calling content_tag_for in a helper doesn't cause duplicate output.
2008-08-29 20:52:01 +02:00
render_test.rb
Fixed simplified render with nested models [#2042 state:resolved]
2009-03-07 14:05:18 -06:00
sanitize_helper_test.rb
Merge the prerequisites for on-by-default XSS escaping into rails.
2009-10-08 13:59:21 +13:00
scriptaculous_helper_test.rb
Introduce ActionView::TestCase for testing view helpers.
2008-04-19 13:08:24 -05:00
tag_helper_test.rb
Merge the prerequisites for on-by-default XSS escaping into rails.
2009-10-08 13:59:21 +13:00
template_test.rb
Fix template extension parsing. [#2315 state:resolved] [#2284 state:resolved]
2009-03-24 10:53:24 -05:00
test_test.rb
Bump mocha requirement for Ruby 1.9 compat. Remove uses_mocha.
2009-02-03 18:40:22 -08:00
text_helper_test.rb
Fix that RedCloth shouldn't be required to run tests
2009-08-09 11:02:45 -07:00
translation_helper_test.rb
Added partial scoping to TranslationHelper#translate, so if you call translate('.foo') from the people/index.html.erb template, you'll actually be calling I18n.translate(people.index.foo) [DHH]
2009-02-10 12:57:12 +01:00
url_helper_test.rb
Make sure link_to generates the form with the specified :href if any [#2254 state:resolved]
2009-08-10 01:00:07 +01:00