mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
62,567 Commits 61 Branches 565 Tags 420 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
Toshi MARUYAMA c388393e8c use rails-html-sanitizer >= 1.0.3 
CVE-2015-7579 says rails-html-sanitizer 1.0.2 has XSS vulnerability.
 2017-01-27 13:53:13 +09:00
Jeremy Evans 7da8d76206
Change ActionView ERB Handler from Erubis to Erubi 
Erubi offers the following advantages for Rails:

* Works with ruby's --enable-frozen-string-literal option
* Has 88% smaller memory footprint
* Does no freedom patching (Erubis adds a method to Kernel)
* Has simpler internals (1 file, <150 lines of code)
* Has an open development model (Erubis doesn't have a
  public source control repository or bug tracker)
* Is not dead (Erubis hasn't been updated since 2011)

Erubi is a simplified fork of Erubis that contains just the
parts that are generally needed (which includes the parts
that Rails uses).  The only intentional difference in
behavior is that it does not include support for <%=== tags
for debug output.  That could be added to the ActionView ERB
handler if it is desired.

The Erubis template handler remains in a deprecated state
so that code that accesses it directly does not break.  It
can be removed after Rails 5.1.
 2017-01-25 01:41:27 -07:00
Xavier Noria adca8154c6 applies new string literal convention in the gemspecs 
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
 2016-08-06 19:27:12 +02:00
Connor Shea 86c860ff0c
Update rails-dom-testing gem to 2.0 
Resolves #24924.
 2016-05-09 20:23:42 -06:00
Xavier Noria 841c74ccba revises whitespace in the gemspec of AV [ci skip] 2016-03-10 07:55:42 +01:00
Xavier Noria 1eb27fafa9 revises the homepage URL in the gemspecs [ci skip] 
References https://github.com/rails/homepage/issues/46.
 2016-03-10 07:55:27 +01:00
Jon Atack 32f7491808 Upgrade to Ruby 2.2.2 
and fix the grammar in the ruby_version_check.rb user message.
 2015-04-14 08:41:56 +05:30
Rafael Mendonça França 2c1f6267f9 Merge pull request #19252 from kaspth/single-escaping-strip-tags 
Let strip_tags leave HTML escaping to Rails.
 2015-03-10 16:05:47 -03:00
Kasper Timm Hansen 37695b8aab Let strip_tags leave HTML escaping to Rails. 
Prevents double escaping errors, such as "&amp;" becoming "&amp;amp;".
 2015-03-10 20:04:01 +01:00
Peter Suschlik f0768eba28 Target Ruby 2.2.1 in gemspecs 
This is a follow-up to #19257
 2015-03-09 09:56:26 +01:00
claudiob d3b098b828 Require Ruby 2.2 for Rails 5.0 
Stems from [this comment](https://github.com/rails/rails/pull/18203#issuecomment-68138096) by @robin850
and by the blog post http://weblog.rubyonrails.org/2014/12/19/Rails-4-2-final
 2014-12-26 13:53:09 +01:00
claudiob 96d0f751f9 Bump required Ruby version to 2.1.0 
[This article](http://weblog.rubyonrails.org/2014/8/20/Rails-4-2-beta1/#maintenance-consequences-and-rails-5-0) states that:

> Rails 5.0 is in most likelihood going to target Ruby 2.2.

Before the exact minimum version is fully decided, @arthurnn [suggests](https://github.com/rails/rails/pull/17830#issuecomment-64940383)
that **at least** version 2.1.0 **must** be required by the `gemspec` files.
 2014-11-28 22:59:51 -08:00
Rafael Mendonça França e3f7817cec Use released rails-dom-testing 2014-11-25 19:43:36 -02:00
Rafael Mendonça França be5521eb4e Use released rails-dom-testing 2014-10-16 16:53:46 -03:00
Godfrey Chan b008e4bd8a Use released rails-html-sanitizer and rails-deprecated_sanitizer 2014-09-26 01:37:05 +09:00
Rafael Mendonça França 2c0cad8034 Use released rails-dom-testing 2014-09-25 12:31:42 -03:00
Kasper Timm Hansen 28eecd934b Ship with rails-html-sanitizer instead. 2014-09-03 20:27:59 +02:00
Rafael Mendonça França 08f209614b Use released rails-deprecated_sanitizer 2014-08-19 16:45:31 -03:00
Rafael Mendonça França fad9e729f1 Fix the rails-dom-testing dependecy 2014-08-19 16:41:38 -03:00
Kasper Timm Hansen 1e2ffe7ae6 Prepare for partial release. 
- Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper.
- Add upgrade notes.
- Add sanitizer to new applications Gemfiles.
- Remove 'rails-dom-testing' as a dependency.
 2014-08-17 19:25:47 +02:00
Rafael Mendonça França a8c667e8f1 Defining the right dependencies 2014-07-15 13:40:22 -03:00
Timm c94e24fbe7 Added Loofah as a dependency in actionview.gemspec. 
Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb.
Deprecated protocol_separator and bad_tags.
Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
 2014-06-11 17:53:28 +02:00
Łukasz Strzałkowski 9f506c494b More liberal builder dependency 
Allowing us to get 3.2.x versions if needed.
 2013-12-12 20:03:02 +01:00
Guillermo Iguaran 152edcc16b activemodel isn't a runtime dependency for actionview 2013-12-02 15:41:16 -05:00
Arun Agrawal 3dffe65d91 Back AV description in gemspec 2013-09-09 17:12:45 +02:00
Vijay Dev ec8ef1e105 Revert "Merge branch 'master' of github.com:rails/docrails" 
This reverts commit 70d6e16fba, reversing
changes made to ea4db3bc07.

Seems to be a code merge done by mistake.
 2013-08-17 21:46:39 +05:30
Arun Agrawal 507c803a93 Added some description to generate actionview gem [ci skip] 2013-07-17 10:19:13 +02:00
Piotr Sarnacki b01331e392 Add actionpack as actionview's development dependency 
ActionView still relies on ActionPack in some of the tests.
 2013-06-20 17:23:16 +02:00
Piotr Sarnacki 78b0934dd1 Add bare actionview gem to the root directory 
This commit creates structure for Action View gem and is first of a
series of commits extracting Action View from Action Pack.
 2013-06-20 17:23:15 +02:00