gallery3.git - A clone of the Gallery3 code for testing and development.

Age	Commit message (Collapse)	Author
2009-08-29	Fixing all detected XSS vectors in PHP->JS code.	Andy Staudacher
	Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS)
2009-08-29	Add more factory methods for convenience:	Andy Staudacher
	SafeString::purify() and SafeString::of_safe_html(). Removing SafeString::mark_html_safe() since it's no longer needed.
2009-08-29	Have url::site() and other methods return a SafeString, just as t() and t2().	Andy Staudacher
	Benefits: - url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter. - url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter.
2009-08-29	Adding SafeString which is going to replace p::clean() and p::purify().	Andy Staudacher
	Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test
2009-07-16	Update Xss_Security_Test to know about p::purify() and checkpoint the	Bharat Mediratta
	golden file.
2009-06-05	Remove source code copy artefact	Andy Staudacher

2009-06-04	Change "CLEAN" to an empty string to see if it's better visually.	Bharat Mediratta
	Looks like it is.
2009-05-31	Update the clean/dirty format, check all ffiles instead of just one (which ↵	Bharat Mediratta
	was for debugging)
2009-05-31	First pass at an XSS security test, along with the "p" helper which	Bharat Mediratta
	can clean HTML output.