rails/actionpack/test/template at github33 - rails - AtHeartEngineering

github/rails

mirror of https://github.com/github/rails.git synced 2026-01-14 17:18:04 -05:00

Files

History

Nathan Witmer 72cebbcb59 Escape the unit value provided to number_to_currency

Fixes CVE-2013-6415.

Previously the values were trusted blindly allowing for potential XSS attacks.

This is different from the original upstream patch for 3.x in that return values
from other number helper methods are not marked as html_safe, so the html
escaping always applies. This requires applications to explicitly set .html_safe
on unit strings and number separators when calling number_to_currency.

2013-12-03 14:32:26 -07:00

..

active_record_helper_i18n_test.rb

Fix error_messages_for i18n issue if object_name has underscores [#3629 status:resolved]

2010-02-17 21:07:05 +01:00

active_record_helper_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

asset_tag_helper_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

atom_feed_helper_test.rb

Don't call additional methods on builders passed to the atom_feed helper.

2009-08-09 13:09:24 +12:00

benchmark_helper_test.rb

Rewrote ActionView::TestCase.

2009-09-25 15:51:27 +02:00

compiled_templates_test.rb

Silence warning: instance variable @explicit_view_paths not initialized

2009-11-09 17:23:55 -05:00

date_helper_i18n_test.rb

Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 days return '2 days'.

2009-09-28 14:56:19 +13:00

date_helper_test.rb

Adds disable option to date_helpers generated hidden fields when html_options specifies it. ht by Marc Schütz

2010-03-05 13:49:23 -08:00

erb_util_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

form_helper_test.rb

delete tests that hit PrototypeHelper

2013-10-24 12:25:38 -04:00

form_options_helper_i18n_test.rb

I18n: use I18n for select helpers' prompt text

2009-08-26 13:56:15 -07:00

form_options_helper_test.rb

Making time_zone_options_for_select return a html_safe string master backport

2010-08-15 10:07:38 -03:00

form_tag_helper_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

javascript_helper_test.rb

delete link_to_function and button_to_function

2013-10-24 12:46:41 -04:00

number_helper_i18n_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

number_helper_test.rb

Escape the unit value provided to number_to_currency

2013-12-03 14:32:26 -07:00

raw_output_helper_test.rb

Merge the prerequisites for on-by-default XSS escaping into rails.

2009-10-08 13:59:21 +13:00

record_tag_helper_test.rb

Ensure that calling content_tag_for in a helper doesn't cause duplicate output.

2008-08-29 20:52:01 +02:00

render_test.rb

fix tests

2013-10-24 12:46:30 -04:00

sanitize_helper_test.rb

Merge the prerequisites for on-by-default XSS escaping into rails.

2009-10-08 13:59:21 +13:00

tag_helper_test.rb

s/escape_once/html_escape/, since html safety is the contract that now says whether something has to be escaped

2013-02-16 20:44:20 -08:00

template_test.rb

Fix template extension parsing. [#2315 state:resolved] [#2284 state:resolved]

2009-03-24 10:53:24 -05:00

test_test.rb

Bump mocha requirement for Ruby 1.9 compat. Remove uses_mocha.

2009-02-03 18:40:22 -08:00

text_helper_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

translation_helper_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00

url_helper_test.rb

establish a baseline by skipping all tests failing before 2.0.0

2013-08-06 17:41:45 -07:00