deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rails_xss Plugin

Browse source 
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
This commit is contained in:
Jacques Distler 2010-05-26 00:27:49 -05:00
parent d6be09e0f0
commit a5e08f7bcc
343 changed files with 43874 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

28
app/helpers/application_helper.rb
View file

@ -31,7 +31,7 @@ require 'stringsupport'
end
end
html_options.join("\n")
html_options.join("\n").html_safe
end
# Creates a hyperlink to a Wiki page, without checking if the page exists or not
@ -39,18 +39,18 @@ require 'stringsupport'
link_to(
text || page.plain_name,
{:web => @web.address, :action => 'show', :id => page.name, :only_path => true},
html_options)
html_options).html_safe
end
# Creates a hyperlink to a Wiki page, or to a "new page" form if the page doesn't exist yet
def link_to_page(page_name, web = @web, text = nil, options = {})
raise 'Web not defined' if web.nil?
UrlGenerator.new(@controller).make_link(@web, page_name, web, text,
options.merge(:base_url => "#{base_url}/#{web.address}"))
options.merge(:base_url => "#{base_url}/#{web.address}")).html_safe
end
def author_link(page, options = {})
UrlGenerator.new(@controller).make_link(@web, page.author.name, page.web, nil, options)
UrlGenerator.new(@controller).make_link(@web, page.author.name, page.web, nil, options).purify.html_safe
end
# Create a hyperlink to a particular revision of a Wiki page
@ -59,19 +59,19 @@ require 'stringsupport'
link_to(
text || page.plain_name,
{:web => @web.address, :action => 'show', :id => page.name,
:mode => mode}, html_options) :
:mode => mode}, html_options).html_safe :
link_to(
text || page.plain_name + "(rev # #{revision_number})",
text || page.plain_name + "(rev # #{revision_number})".html_safe,
{:web => @web.address, :action => 'revision', :id => page.name,
:rev => revision_number, :mode => mode}, html_options)
:rev => revision_number, :mode => mode}, html_options).html_safe
end
# Create a hyperlink to the history of a particular Wiki page
def link_to_history(page, text = nil, html_options = {})
link_to(
text || page.plain_name + "(history)",
text || page.plain_name + "(history)".html_safe,
{:web => @web.address, :action => 'history', :id => page.name},
html_options)
html_options).html_safe
end
def base_url
@ -84,13 +84,13 @@ require 'stringsupport'
if @categories.empty?
''
else
"<div id=\"categories\">\n" +
("<div id=\"categories\">\n" +
'<strong>Categories</strong>:' +
'[' + link_to_unless_current('Any', :web => @web.address, :action => self.action_name, :category => nil) + "]\n" +
@categories.map { |c|
link_to_unless_current(c, :web => @web.address, :action => self.action_name, :category => c)
link_to_unless_current(c.html_safe, :web => @web.address, :action => self.action_name, :category => c)
}.join(', ') + "\n" +
'</div>'
'</div>').html_safe
end
end
@ -115,14 +115,14 @@ require 'stringsupport'
def truncate(text, *args)
options = args.extract_options!
options.reverse_merge!(:length => 30, :omission => "...")
return text if text.num_chars <= options[:length]
return text.html_safe if text.num_chars <= options[:length]
len = options[:length] - options[:omission].as_utf8.num_chars
t = ''
text.split.collect do |word|
if t.num_chars + word.num_chars <= len
t << word + ' '
else
return t.chop + options[:omission]
return (t.chop + options[:omission]).html_safe
end
end
end