Michael Koziarski 9415935902 Switch to on-by-default XSS escaping for rails. ...

This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

2009-10-08 09:31:20 +13:00

actionmailer

Prefer tap to returning

2009-09-28 14:38:24 +13:00

actionpack

Switch to on-by-default XSS escaping for rails.

2009-10-08 09:31:20 +13:00

activemodel

Rewrite ActiveModel::Lint as a simple TU mixin

2009-10-07 09:24:51 -05:00

activerecord

Call initialize_copy when cloning [#3164 state:resolved]

2009-10-06 16:25:51 -05:00

activeresource

Cleanup whitespace introduced in 8377646 and f4f6888

2009-10-02 10:19:30 -05:00

activesupport

Switch to on-by-default XSS escaping for rails.

2009-10-08 09:31:20 +13:00

ci

Run AP isolated tests on CI

2009-10-03 22:14:58 -05:00

doc/template

Horo rdoc template

2008-06-22 10:38:25 -07:00

railties

Do not ignore .empty_directory files.

2009-10-07 11:00:17 -07:00

tools

Rename tools/profile_requires -> tools/profile since we do both require and ruby-prof profiling.

2009-05-27 01:11:33 -05:00

.gitignore

don't ignore all bin directories

2009-10-06 15:53:25 +13:00

.gitmodules

Remove submodule

2009-08-11 23:44:44 -07:00

pushgems.rb

No more svn version numbers to rely on, use timestamps instead

2008-05-11 18:21:47 -05:00

Rakefile

Add rake gemspec and gemspecs to the repo

2009-08-31 17:20:44 -07:00

release.rb

Use copy instead of export for release

2008-09-05 14:22:56 +02:00

Description

No description provided

85 MiB

Languages

Ruby 97.9%

CSS 1.5%

HTML 0.5%