Javi Martín
0b40865e61
Raise an exception when handling unsafe content
...
We were confused about what `.html_safe` did, and were automatically
marking as safe content which was not.
2019-10-08 18:46:20 +02:00
Javi Martín
2aabf79fb4
Rename methods to add auto links to HTML
...
The name `safe_html_with_links` was confusing and could make you think
it takes care of making the HTML safe. So I've renamed it in a way that
makes it a bit more intuitive that it expects its input to be already
sanitized.
I've changed `text_with_links` as well so now the two method names
complement each other.
2019-10-08 18:46:20 +02:00
Senén Rodero Rodríguez
4f0d1399f2
Fix html with links sanitization
...
Globalize attribute accessors were arriving here as Strings intead of
ActiveSupport::SafeBuffer so they were not sanitized correctly.
2019-06-27 09:19:36 +02:00
Bertocq
06a1785445
Prevent empty html to be safe rendered to html with links
2018-01-18 17:55:21 +01:00
Bertocq
986ee9c87d
Correctly render budget description with html & links
2018-01-18 16:18:27 +01:00
Juanjo Bazán
7231f72e01
cleans up show view
2016-03-08 13:40:35 +01:00
Sergio Arbeo
3013d13b38
Add paragraphs to comments
...
Fix #600
2015-10-26 01:25:53 +01:00
Juanjo Bazán
4c4c467b3e
adds html auto link helper
2015-09-13 18:02:19 +02:00
David Gil
ec4119582c
accepts no html tags in text_with_links sanitize
2015-09-10 20:42:57 +02:00
David Gil
5ecbe01d47
prevents body comments to accept html a tags, sanitize them out instead as well
2015-09-10 19:05:34 +02:00
David Gil
31cf51f07a
adds text_with_links helper and use that in any comment.body in views, adds test to check for malicious injections in comment body
2015-09-10 18:28:10 +02:00
