stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-11 08:25:21 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,668 Commits 4 Branches 0 Tags
ec052d71301acbf519947897f8adda7fdcf7fefb
Commit Graph

11 Commits

Author SHA1 Message Date
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Bharat Mediratta
76da85a1a0 Extend Gallery_Unit_Test_Case instead of Unit_Test_Case. 2010-01-19 22:38:19 -08:00
Andy Staudacher
c453c0ef82 Simplifying SafeString a bit: From a XSS HTML security point of view, treat clean() and purify() the same. 
No longer run a safe HTML string through the HTML purifier (since it's already marked as safe).

This also addresses the issue of calling purify() when no purifier is installed. In that case, we'd run clean() on a clean string (double HTML encoding).

If this approach doesn't work out, we can still modify the fallback code of purify() to check if the string is already clean before calling clean() instead of purify().
 2009-09-04 10:11:42 -07:00
Bharat Mediratta
1405e8ed9e Fix tests for new purifier API. 2009-09-03 11:29:57 -07:00
Andy Staudacher
8f6a120b52 Ensure that purify isn't applied twice for an already purified SafeString 2009-09-03 08:39:44 -07:00
Tim Almdal
33bcf11e27 Change the Html_Helper and SafeString tests to change the expeced results based on whether HtmlPurifier module is installed or not 2009-09-03 01:05:03 -07:00
Andy Staudacher
df38a890a6 Tabs to spaces cleanup 2009-08-30 18:07:13 -07:00
Andy Staudacher
beb711d6a0 Rename clean_js to js_string and have it return a complete JS string (with delimiters) instead of just the string contents. 
Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
 2009-08-30 15:21:02 -07:00
Andy Staudacher
a10063ff68 Add more factory methods for convenience: 
SafeString::purify() and SafeString::of_safe_html().

Removing SafeString::mark_html_safe() since it's no longer needed.
 2009-08-29 12:34:09 -07:00
Andy Staudacher
7adb9ea2e3 Adding SafeString::for_html_attr() 2009-08-29 11:48:55 -07:00
Andy Staudacher
020281d932 Adding SafeString which is going to replace p::clean() and p::purify(). 
Refactoring of Xss_Security_Test.
t() and t2() return a SafeString instance.

TODO:
 - Update all code to use SafeString where appropriate.
 - Update golden fole of Xss_Security_Test
 - Stop reporting CLEAN vars in Xss_Security_Test
 2009-08-29 10:45:47 -07:00