Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2021-05-17 | Remove forward-slash escape (#486) | Alex Wennerberg | 1 | -1/+0 | |
This was based off of the OWASP XSS prevention cheat sheet -- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary However, there isn't really any attack vector based on forward slash alone, and it's being removed in the next version of that document. > There is no proof that escaping forward slash will improve > defense against XSS, if all other special characters are escaped > properly, but it forces developers to use non-standard implementation of > the HTML escaping, what increases the risk of the mistake and makes the > implementation harder. https://github.com/OWASP/CheatSheetSeries/pull/516 | |||||
2021-01-15 | Add no_std support to askama_escape | Wim Looman | 1 | -3/+10 | |
2020-05-24 | Update `EscapeWriter` HTML implementation to not output empty strings | Ciprian Dorin Craciun | 1 | -1/+5 | |
2019-07-25 | Update formatting | Dirkjan Ochtman | 1 | -4/+1 | |
2019-06-14 | Change askama_escape to require UTF-8 strings | Ram Kaniyur | 1 | -24/+25 | |
2019-01-12 | Specify a trait that handles the output format's escaping | Dirkjan Ochtman | 1 | -55/+108 | |
2019-01-12 | Slightly simplify escaping code | Dirkjan Ochtman | 1 | -19/+21 | |
2019-01-06 | Improved rendering time (#190) | yossyJ | 1 | -1/+23 | |
* Improved rendering time * Fix useless codes | |||||
2018-12-08 | Use 2018 edition idioms | Dirkjan Ochtman | 1 | -3/+3 | |
2018-11-07 | Create askama_escape crate | bott | 1 | -0/+0 | |
2018-11-05 | Reorder and tweak code style a little bit | Dirkjan Ochtman | 1 | -19/+18 | |
2018-11-05 | Improve performance simplify | bott | 1 | -32/+20 | |
2018-11-05 | Escape into Formatter | Dirkjan Ochtman | 1 | -50/+53 | |
2018-11-05 | Improve performance of html escape | bott | 1 | -46/+39 | |
2018-10-25 | Fix off-by-one error with HTML escaping | Benjamin Li | 1 | -1/+2 | |
If the second-to-last character of a string should be escaped, but not the last, the last character was not being included in the result. | |||||
2018-06-21 | Fix formatting with cargo fmt | Dirkjan Ochtman | 1 | -13/+34 | |
2017-11-21 | Apply suggestions from rustfmt to improve style | Dirkjan Ochtman | 1 | -8/+4 | |
2017-09-07 | Rewrite escapable() to prevent duplication | Dirkjan Ochtman | 1 | -3/+6 | |
2017-09-07 | Extend escaping according to OWASP recommendations | Dirkjan Ochtman | 1 | -2/+5 | |
2017-09-04 | Escape all strings with character entities by default (fixes #23) | Dirkjan Ochtman | 1 | -0/+43 | |
2017-09-04 | Move escaping algorithm into a separate module | Dirkjan Ochtman | 1 | -0/+50 | |