Sam Stephenson
|
fea6bc1a21
|
prototype: Automatically strip security delimiter comments from JSON strings before evaling them. The default delimiter is '/*-secure- ... */' or you can specify your own with the Prototype.JSONFilter regular expression. If you wrap your JSON response bodies in this delimiter on the server side, rogue external sites can't hijack potentially sensitive data via <script> tags. Closes #7910.
|
2007-04-24 03:31:14 +00:00 |
Thomas Fuchs
|
4c90be6a30
|
Prevent a crash on Safari on String.prototype.stripScripts and extractScripts with large <script> tags.
|
2007-04-03 22:21:58 +00:00 |
|
Thomas Fuchs
|
c0509c7f5f
|
Prototype: clean (un)escapeHTML IE special casing and optimize speed for IE and Safari
|
2007-03-29 17:39:48 +00:00 |
|
Thomas Fuchs
|
9a7dcd54fb
|
Prevent linefeed normalisation in String.prototype.escapeHTML and unescapeHTML on IE for consistency with other browsers
|
2007-03-28 11:35:05 +00:00 |
|
Thomas Fuchs
|
d1481932b9
|
Prototype: Add unified Browser detection by providing Prototype.Browser.(IE|Gecko|WebKit|Opera) booleans. Closes #6800. [savetheclocktower]
|
2007-02-19 22:23:10 +00:00 |
|
Sam Stephenson
|
7044da8138
|
prototype: Fix $(form).serialize() in Safari and add support for extending specific tags to Element.addMethods. Closes #7358.
|
2007-01-27 19:45:34 +00:00 |
|
Sam Stephenson
|
bb4d189b37
|
prototype: Reorganize the source tree.
|
2007-01-18 22:24:27 +00:00 |