deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rails_xss Plugin

Browse source 
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
This commit is contained in:
Jacques Distler 2010-05-26 00:27:49 -05:00
parent d6be09e0f0
commit a5e08f7bcc
343 changed files with 43874 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

134
vendor/plugins/abstract_1.0.0/doc/classes/Kernel.html vendored Normal file
View file

@ -0,0 +1,134 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Module: Kernel</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
<script type="text/javascript">
// <![CDATA[
function popupCode( url ) {
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
}
function toggleCode( id ) {
if ( document.getElementById )
elem = document.getElementById( id );
else if ( document.all )
elem = eval( "document.all." + id );
else
return false;
elemStyle = elem.style;
if ( elemStyle.display != "block" ) {
elemStyle.display = "block"
} else {
elemStyle.display = "none"
}
return true;
}
// Make codeblocks hidden by default
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
// ]]>
</script>
</head>
<body>
<div id="classHeader">
<table class="header-table">
<tr class="top-aligned-row">
<td><strong>Module</strong></td>
<td class="class-name-in-header">Kernel</td>
</tr>
<tr class="top-aligned-row">
<td><strong>In:</strong></td>
<td>
<a href="../files/lib/abstract_rb.html">
lib/abstract.rb
</a>
<br />
</td>
</tr>
</table>
</div>
<!-- banner header -->
<div id="bodyContent">
<div id="contextContent">
</div>
<div id="method-list">
<h3 class="section-bar">Methods</h3>
<div class="name-list">
<a href="#M000002">not_implemented</a>&nbsp;&nbsp;
</div>
</div>
</div>
<!-- if includes -->
<div id="section">
<!-- if method_list -->
<div id="methods">
<h3 class="section-bar">Private Instance methods</h3>
<div id="method-M000002" class="method-detail">
<a name="M000002"></a>
<div class="method-heading">
<a href="Kernel.src/M000002.html" target="Code" class="method-signature"
onclick="popupCode('Kernel.src/M000002.html');return false;">
<span class="method-name">not_implemented</span><span class="method-args">(</span>
</a>
</div>
<div class="method-description">
<p>
raise NotImplementedError
</p>
</div>
</div>
</div>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>
</body>
</html>

24
vendor/plugins/abstract_1.0.0/doc/classes/Kernel.src/M000002.html vendored Normal file
View file

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>not_implemented (Kernel)</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="../.././rdoc-style.css" type="text/css" media="screen" />
</head>
<body class="standalone-code">
<pre><span class="ruby-comment cmt"># File lib/abstract.rb, line 65</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-identifier">not_implemented</span> <span class="ruby-comment cmt">#:doc:</span>
<span class="ruby-identifier">backtrace</span> = <span class="ruby-identifier">caller</span>()
<span class="ruby-identifier">method_name</span> = (<span class="ruby-identifier">backtrace</span>.<span class="ruby-identifier">shift</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp re">/`(\w+)'$/</span>) <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">$1</span>
<span class="ruby-identifier">mesg</span> = <span class="ruby-node">&quot;class #{self.class.name} must implement abstract method '#{method_name}()'.&quot;</span>
<span class="ruby-comment cmt">#mesg = &quot;#{self.class.name}##{method_name}() is not implemented.&quot;</span>
<span class="ruby-identifier">err</span> = <span class="ruby-constant">NotImplementedError</span>.<span class="ruby-identifier">new</span> <span class="ruby-identifier">mesg</span>
<span class="ruby-identifier">err</span>.<span class="ruby-identifier">set_backtrace</span> <span class="ruby-identifier">backtrace</span>
<span class="ruby-identifier">raise</span> <span class="ruby-identifier">err</span>
<span class="ruby-keyword kw">end</span></pre>
</body>
</html>

140
vendor/plugins/abstract_1.0.0/doc/classes/Module.html vendored Normal file
View file

@ -0,0 +1,140 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Class: Module</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
<script type="text/javascript">
// <![CDATA[
function popupCode( url ) {
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
}
function toggleCode( id ) {
if ( document.getElementById )
elem = document.getElementById( id );
else if ( document.all )
elem = eval( "document.all." + id );
else
return false;
elemStyle = elem.style;
if ( elemStyle.display != "block" ) {
elemStyle.display = "block"
} else {
elemStyle.display = "none"
}
return true;
}
// Make codeblocks hidden by default
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
// ]]>
</script>
</head>
<body>
<div id="classHeader">
<table class="header-table">
<tr class="top-aligned-row">
<td><strong>Class</strong></td>
<td class="class-name-in-header">Module</td>
</tr>
<tr class="top-aligned-row">
<td><strong>In:</strong></td>
<td>
<a href="../files/lib/abstract_rb.html">
lib/abstract.rb
</a>
<br />
</td>
</tr>
<tr class="top-aligned-row">
<td><strong>Parent:</strong></td>
<td>
Object
</td>
</tr>
</table>
</div>
<!-- banner header -->
<div id="bodyContent">
<div id="contextContent">
</div>
<div id="method-list">
<h3 class="section-bar">Methods</h3>
<div class="name-list">
<a href="#M000001">abstract_method</a>&nbsp;&nbsp;
</div>
</div>
</div>
<!-- if includes -->
<div id="section">
<!-- if method_list -->
<div id="methods">
<h3 class="section-bar">Public Instance methods</h3>
<div id="method-M000001" class="method-detail">
<a name="M000001"></a>
<div class="method-heading">
<a href="Module.src/M000001.html" target="Code" class="method-signature"
onclick="popupCode('Module.src/M000001.html');return false;">
<span class="method-name">abstract_method</span><span class="method-args">(args_str, *method_names)</span>
</a>
</div>
<div class="method-description">
<p>
define abstract methods
</p>
</div>
</div>
</div>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>
</body>
</html>

20
vendor/plugins/abstract_1.0.0/doc/classes/Module.src/M000001.html vendored Normal file
View file

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>abstract_method (Module)</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="../.././rdoc-style.css" type="text/css" media="screen" />
</head>
<body class="standalone-code">
<pre><span class="ruby-comment cmt"># File lib/abstract.rb, line 41</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-identifier">abstract_method</span> <span class="ruby-identifier">args_str</span>, <span class="ruby-operator">*</span><span class="ruby-identifier">method_names</span>
<span class="ruby-identifier">method_names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">name</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">module_eval</span> <span class="ruby-value str">&quot;def \#{name}(\#{args_str})\nmesg = \&quot;class \\\#{self.class.name} must implement abstract method `\#{self.name}#\#{name}()'.\&quot;\n#mesg = \&quot;\\\#{self.class.name}#\#{name}() is not implemented.\&quot;\nerr = NotImplementedError.new mesg\nerr.set_backtrace caller()\nraise err\nend\n&quot;</span>
<span class="ruby-keyword kw">end</span>
<span class="ruby-keyword kw">end</span></pre>
</body>
</html>