consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,448 Commits 1 Branch 0 Tags
2f9995f5663b9d2dbb7579e86ffdf47bd9b91b15
Commit Graph

13 Commits

Author SHA1 Message Date
Javi Martín
89402bdbf6 Use raw instead of html_safe 
They do the exact same thing; however `html_safe` might confuse
developers into thinking it will make the HTML safe. Using `raw` makes
it clear that we're inserting the text without escaping it.
 2019-10-08 19:10:13 +02:00
Javi Martín
2586229e38 Remove duplication in TextWithLinksHelper 
We were using `Rinku.auto_link` the same way twice. And it makes sense
that the method `sanitize_and_auto_link` first sanitizes the text and
then calls `auto_link_already_sanitized_text`.
 2019-10-08 18:46:21 +02:00
Javi Martín
0b40865e61 Raise an exception when handling unsafe content 
We were confused about what `.html_safe` did, and were automatically
marking as safe content which was not.
 2019-10-08 18:46:20 +02:00
Javi Martín
2aabf79fb4 Rename methods to add auto links to HTML 
The name `safe_html_with_links` was confusing and could make you think
it takes care of making the HTML safe. So I've renamed it in a way that
makes it a bit more intuitive that it expects its input to be already
sanitized.

I've changed `text_with_links` as well so now the two method names
complement each other.
 2019-10-08 18:46:20 +02:00
Senén Rodero Rodríguez
4f0d1399f2 Fix html with links sanitization 
Globalize attribute accessors were arriving here as Strings intead of
ActiveSupport::SafeBuffer so they were not sanitized correctly.
 2019-06-27 09:19:36 +02:00
Bertocq
06a1785445 Prevent empty html to be safe rendered to html with links 2018-01-18 17:55:21 +01:00
Bertocq
986ee9c87d Correctly render budget description with html & links 2018-01-18 16:18:27 +01:00
Juanjo Bazán
7231f72e01 cleans up show view 2016-03-08 13:40:35 +01:00
Sergio Arbeo
3013d13b38 Add paragraphs to comments 
Fix #600
 2015-10-26 01:25:53 +01:00
Juanjo Bazán
4c4c467b3e adds html auto link helper 2015-09-13 18:02:19 +02:00
David Gil
ec4119582c accepts no html tags in text_with_links sanitize 2015-09-10 20:42:57 +02:00
David Gil
5ecbe01d47 prevents body comments to accept html a tags, sanitize them out instead as well 2015-09-10 19:05:34 +02:00
David Gil
31cf51f07a adds text_with_links helper and use that in any comment.body in views, adds test to check for malicious injections in comment body 2015-09-10 18:28:10 +02:00