deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rails_xss Plugin

Browse source 
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
This commit is contained in:
Jacques Distler 2010-05-26 00:27:49 -05:00
parent d6be09e0f0
commit a5e08f7bcc
343 changed files with 43874 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

349
vendor/plugins/erubis-2.6.5/doc-api/classes/Erubis/Helpers/RailsHelper.html vendored Normal file
View file

@ -0,0 +1,349 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Module: Erubis::Helpers::RailsHelper</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
<script type="text/javascript">
// <![CDATA[
function popupCode( url ) {
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
}
function toggleCode( id ) {
if ( document.getElementById )
elem = document.getElementById( id );
else if ( document.all )
elem = eval( "document.all." + id );
else
return false;
elemStyle = elem.style;
if ( elemStyle.display != "block" ) {
elemStyle.display = "block"
} else {
elemStyle.display = "none"
}
return true;
}
// Make codeblocks hidden by default
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
// ]]>
</script>
</head>
<body>
<div id="classHeader">
<table class="header-table">
<tr class="top-aligned-row">
<td><strong>Module</strong></td>
<td class="class-name-in-header">Erubis::Helpers::RailsHelper</td>
</tr>
<tr class="top-aligned-row">
<td><strong>In:</strong></td>
<td>
<a href="../../../files/erubis/helpers/rails_helper_rb.html">
erubis/helpers/rails_helper.rb
</a>
<br />
</td>
</tr>
</table>
</div>
<!-- banner header -->
<div id="bodyContent">
<div id="contextContent">
<div id="description">
<p>
helper module for Ruby on Rails
</p>
<p>
howto:
</p>
<ol>
<li>add the folliwng code in your &#8216;config/environment.rb&#8216;
<pre>
require 'erubis/helpers/rails_helper'
#Erubis::Helpers::RailsHelper.engine_class = Erubis::Eruby # or Erubis::FastEruby
#Erubis::Helpers::RailsHelper.init_properties = {}
#Erubis::Helpers::RailsHelper.show_src = false # set true for debugging
#Erubis::Helpers::RailsHelper.preprocessing = true # set true to enable preprocessing
</pre>
</li>
<li>restart web server.
</li>
</ol>
<p>
if Erubis::Helper::Rails.show_src is true, <a
href="../../Erubis.html">Erubis</a> prints converted Ruby code into log
file (&#8216;log/development.log&#8217; or so). if false, it doesn&#8216;t.
if nil, <a href="../../Erubis.html">Erubis</a> prints converted Ruby code
if ENV[&#8216;RAILS_ENV&#8217;] == &#8216;development&#8217;.
</p>
</div>
</div>
<div id="method-list">
<h3 class="section-bar">Methods</h3>
<div class="name-list">
<a href="#M000066">engine_class</a>&nbsp;&nbsp;
<a href="#M000067">engine_class=</a>&nbsp;&nbsp;
<a href="#M000068">init_properties</a>&nbsp;&nbsp;
<a href="#M000069">init_properties=</a>&nbsp;&nbsp;
<a href="#M000072">preprocessing</a>&nbsp;&nbsp;
<a href="#M000073">preprocessing=</a>&nbsp;&nbsp;
<a href="#M000070">show_src</a>&nbsp;&nbsp;
<a href="#M000071">show_src=</a>&nbsp;&nbsp;
</div>
</div>
</div>
<!-- if includes -->
<div id="section">
<div id="class-list">
<h3 class="section-bar">Classes and Modules</h3>
Module <a href="RailsHelper/TemplateConverter.html" class="link">Erubis::Helpers::RailsHelper::TemplateConverter</a><br />
</div>
<!-- if method_list -->
<div id="methods">
<h3 class="section-bar">Public Class methods</h3>
<div id="method-M000066" class="method-detail">
<a name="M000066"></a>
<div class="method-heading">
<a href="#M000066" class="method-signature">
<span class="method-name">engine_class</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p>
@@<a href="RailsHelper.html#M000066">engine_class</a> = ::<a
href="../FastEruby.html">Erubis::FastEruby</a>
</p>
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000066-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000066-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 47</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">engine_class</span>
<span class="ruby-ivar">@@engine_class</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000067" class="method-detail">
<a name="M000067"></a>
<div class="method-heading">
<a href="#M000067" class="method-signature">
<span class="method-name">engine_class=</span><span class="method-args">(klass)</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000067-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000067-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 50</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">engine_class=</span>(<span class="ruby-identifier">klass</span>)
<span class="ruby-ivar">@@engine_class</span> = <span class="ruby-identifier">klass</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000068" class="method-detail">
<a name="M000068"></a>
<div class="method-heading">
<a href="#M000068" class="method-signature">
<span class="method-name">init_properties</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000068-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000068-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 56</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">init_properties</span>
<span class="ruby-ivar">@@init_properties</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000069" class="method-detail">
<a name="M000069"></a>
<div class="method-heading">
<a href="#M000069" class="method-signature">
<span class="method-name">init_properties=</span><span class="method-args">(hash)</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000069-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000069-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 59</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">init_properties=</span>(<span class="ruby-identifier">hash</span>)
<span class="ruby-ivar">@@init_properties</span> = <span class="ruby-identifier">hash</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000072" class="method-detail">
<a name="M000072"></a>
<div class="method-heading">
<a href="#M000072" class="method-signature">
<span class="method-name">preprocessing</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000072-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000072-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 74</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">preprocessing</span>
<span class="ruby-ivar">@@preprocessing</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000073" class="method-detail">
<a name="M000073"></a>
<div class="method-heading">
<a href="#M000073" class="method-signature">
<span class="method-name">preprocessing=</span><span class="method-args">(flag)</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000073-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000073-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 77</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">preprocessing=</span>(<span class="ruby-identifier">flag</span>)
<span class="ruby-ivar">@@preprocessing</span> = <span class="ruby-identifier">flag</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000070" class="method-detail">
<a name="M000070"></a>
<div class="method-heading">
<a href="#M000070" class="method-signature">
<span class="method-name">show_src</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000070-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000070-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 65</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">show_src</span>
<span class="ruby-ivar">@@show_src</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
<div id="method-M000071" class="method-detail">
<a name="M000071"></a>
<div class="method-heading">
<a href="#M000071" class="method-signature">
<span class="method-name">show_src=</span><span class="method-args">(flag)</span>
</a>
</div>
<div class="method-description">
<p><a class="source-toggle" href="#"
onclick="toggleCode('M000071-source');return false;">[Source]</a></p>
<div class="method-source-code" id="M000071-source">
<pre>
<span class="ruby-comment cmt"># File erubis/helpers/rails_helper.rb, line 68</span>
<span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">show_src=</span>(<span class="ruby-identifier">flag</span>)
<span class="ruby-ivar">@@show_src</span> = <span class="ruby-identifier">flag</span>
<span class="ruby-keyword kw">end</span>
</pre>
</div>
</div>
</div>
</div>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>
</body>
</html>