aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/helpers/form_tag_helper.rb
Commit message (Collapse)AuthorAgeFilesLines
* Call html_escape in ERB::Util module and don't mix it in in the helpersSantiago Pastorino2010-10-181-1/+2
|
* Refactor a bit this code to add data-confirm and data-disable-withSantiago Pastorino2010-10-111-2/+2
|
* Select tags with array options are deprecated, removingCarlos Antonio da Silva2010-09-261-4/+0
|
* Revert "It's snowing!"wycats2010-08-181-1/+1
| | | | This reverts commit e4283007d607454acf97301821ba1e1c417bdead.
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-8/+8
| | | | 's/[ \t]*$//' -i {} \;)
* It's snowing!Jeremy Kemper2010-08-121-1/+1
|
* Replace snowman with utf8=✓wycats2010-08-111-1/+1
|
* rename _snowman to _ewycats2010-08-091-1/+1
|
* Change returning with tapSantiago Pastorino2010-07-251-2/+1
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* s/escape_once/html_escape/, since html safety is the contract that now says ↵Xavier Noria2010-06-301-1/+1
| | | | whether something has to be escaped
* url_for no longer escapes HTML, the :escape option is also goneXavier Noria2010-06-301-0/+2
| | | | Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
* Rename _snowman_ to _snowman to be in sync with _method and _csrf_token.José Valim2010-06-291-1/+1
|
* Small typowycats2010-06-271-1/+1
|
* Fix several known web encoding issues:wycats2010-06-271-3/+12
| | | | | | | | | | | | | | | | | | | | | | | * Specify accept-charset on all forms. All recent browsers, as well as IE5+, will use the encoding specified for form parameters * Unfortunately, IE5+ will not look at accept-charset unless at least one character in the form's values is not in the page's charset. Since the user can override the default charset (which Rails sets to UTF-8), we provide a hidden input containing a unicode character, forcing IE to look at the accept-charset. * Now that the vast majority of web input is UTF-8, we set the inbound parameters to UTF-8. This will eliminate many cases of incompatible encodings between ASCII-8BIT and UTF-8. * You can safely ignore params[:_snowman_] TODO: * Validate inbound text to confirm it is UTF-8 * Combine the whole_form implementations in form_helper_test and form_tag_helper_test
* Adds title and description where needed.Rizwan Reza2010-06-161-0/+1
|
* Fix a bunch of minor spelling mistakesEvgeniy Dolzhenko2010-06-111-1/+1
|
* HTML safety: fix textarea with nil contentJeremy Kemper2010-05-241-1/+1
|
* Improve previous patch a bit [#3645 state:resolved]José Valim2010-05-151-6/+3
|
* Let label helpers accept blocks.Stephen Celis2010-05-151-3/+10
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* image_path -> path_to_image in a couple of places, plus motivation for ↵Xavier Noria2010-04-091-1/+1
| | | | path_to_image in rdoc
* Consistently use lowercase instead of camelCase for all JS class names in RailsDavid Heinemeier Hansson2010-04-081-10/+10
|
* Remove superfluous conditionJeremy Kemper2010-04-081-1/+1
|
* Merge commit 'rails/master'Xavier Noria2010-04-061-0/+63
|\
| * Added all the new HTML5 form types as individual form tag methods (search, ↵David Heinemeier Hansson2010-04-051-0/+63
| | | | | | | | url, number, etc) (Closes #3646) [Stephen Celis]
* | revises some <%= in rdocXavier Noria2010-04-051-1/+1
|/
* HTML safety: give a deprecation warning if an array of option tags is passed ↵Jeremy Kemper2010-03-311-0/+4
| | | | to select tag. Be sure to join the tag yourself and mark them .html_safe
* adds missing requires for Object#blank? and Object#present?Xavier Noria2010-03-281-0/+1
|
* Merge remote branch 'mainstream/master'Pratik Naik2010-03-121-10/+16
|\ | | | | | | | | | | | | Conflicts: activerecord/lib/active_record/base.rb railties/lib/rails/configuration.rb railties/lib/rails/log_subscriber.rb
| * Make form helpers work with <%= wycats2010-03-091-7/+13
| |
| * content_tag should escape its inputBruno Michel2010-02-141-3/+3
| | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
* | Updated documentation for block helpers in form_tag_helper.rbJeroen van Dijk2010-03-121-5/+5
|/
* More html_safe strings now use the safe_concat methodSantiago Pastorino and José Ignacio Costa2010-02-051-3/+3
| | | | | | [#3856 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Modify the behavior of `radio_button_tag` to use `sanitize_to_id` for ↵Prem Sichanugrist2010-02-021-3/+1
| | | | | | consistency [#1792 status:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* For performance reasons, you can no longer call html_safe! on Strings. ↵Yehuda Katz2010-01-311-3/+3
| | | | | | | | | | | | Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.
* UJS documentation.Stefan Penner2010-01-311-8/+21
|
* add :remote option to form_tagStephen St. Martin2010-01-311-0/+1
|
* Generate UJS code for :disable_withJoshua Peek2010-01-301-10/+1
|
* updating link_to and button_to to support :remote => true and other options ↵Erik St. Martin2010-01-301-7/+5
| | | | | | such as :confirm in a unobtrusive manor Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Revert "Merge branch 'rails/master' into ujs"Joshua Peek2010-01-301-5/+15
| | | | | | | | | | | This reverts commit 3aa1ea1ae4baa4a03d03644e798eeb98a4745785, reversing changes made to 2c12a71378d2146c822acb389b00b866f6420ff5. Conflicts: actionpack/lib/action_view/helpers/javascript_helper.rb actionpack/lib/action_view/helpers/url_helper.rb actionpack/test/template/url_helper_test.rb
* making non remote versions of link_to, button_to, submit_tag and ↵Erik St. Martin2010-01-271-15/+5
| | | | image_submit_tag output data attributes for things like :confirm, :method, :popup, and :disable_with
* Merge docrailsPratik Naik2010-01-171-0/+3
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-081-3/+3
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Add :include_blank option for select_tag [#1987 status:resolved]rizwanreza2009-08-081-0/+7
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* remove duplicate call to stringify_keys [#2587 status:resolved]Steve St. Martin2009-08-081-1/+1
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Patch FormTagHelper so that when a form tag is created, the div which holds ↵Elliot Winkler2009-07-011-2/+2
| | | | | | the form authenticity token is set to display:inline [#2846 state:resolved] Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
* Make text_area_tag escape contents by default.Chris Mear2009-06-271-0/+5
| | | | | Signed-off-by: Michael Koziarski <michael@koziarski.com> [#2015 state:committed]
* Sanitized the id generated by text_area_tag helper method. ↵Stephen Anderson2009-06-091-1/+1
| | | | | | text_area_tag('item[description]') should return: <textarea id="item_description" name="item[description]"></textarea> instead of: <textarea id="item[description]" name="item[description]"></textarea> The old id was causing HTML validation failures. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Add explicit requirement in a few cases it was missing.Yehuda Katz2009-06-021-0/+1
| | | TODO: Come up with the minimal core and remove all of these
* fix for IE incompatibility of :disable_with in submit_tagHan Kessels2009-06-011-1/+2
| | | | Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Merge docrailslifo2009-04-171-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 09:01:54 +0000