aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/helpers/form_tag_helper.rb
Commit message (Collapse)AuthorAgeFilesLines
...
* Add block support to button_tag helperTom Stuart2011-02-121-4/+9
| | | | | | | | | | | | | | | | | | | As per the HTML 4.01 spec: Buttons created with the BUTTON element function just like buttons created with the INPUT element, but they offer richer rendering possibilities: the BUTTON element may have content. For example, a BUTTON element that contains an image functions like and may resemble an INPUT element whose type is set to "image", but the BUTTON element type allows content. Since rich content is the main purpose of the <button> element, it makes sense for the button_tag helper to accept a block. http://www.w3.org/TR/html401/interact/forms.html#edef-BUTTON http://dev.w3.org/html5/spec/the-button-element.html#the-button-element Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
* Make type="submit" the default for button_tag helperTom Stuart2011-02-121-6/+4
| | | | | | | | | | | | "submit" is the default value of the <button> element's type attribute according to the HTML 4.01 and the HTML5 draft specs, so if button_tag is going to have a default, type="submit" is a more sensible choice than type="button". http://www.w3.org/TR/html401/interact/forms.html#adef-type-BUTTON http://dev.w3.org/html5/spec/the-button-element.html#attr-button-type Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
* button_tag should escape it contentSantiago Pastorino2011-01-121-1/+1
|
* authenticity_token option for form_tag [#2988 state:resolved]Jakub Kuźma2011-01-091-5/+17
|
* HTML5 button_tag helperRizwan Reza2011-01-091-0/+50
| | | | | | | | This tag is similar in nature to submit_tag, but allows more control. It also doesn't submit if submit type isn't used, allowing JavaScript to control the flow where required. For more information: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-button-element
* eternal confusion! fixed doco to inform correctlyAditya Sanghi2010-12-151-1/+1
|
* Added :placeholder option to ActionView::Helpers::FormTagHelper text_field_tagBen Mills2010-12-131-0/+4
|
* Added a space before "do" keywordAkira Matsuda2010-11-281-1/+1
|
* Call html_escape in ERB::Util module and don't mix it in in the helpersSantiago Pastorino2010-10-181-1/+2
|
* Refactor a bit this code to add data-confirm and data-disable-withSantiago Pastorino2010-10-111-2/+2
|
* Select tags with array options are deprecated, removingCarlos Antonio da Silva2010-09-261-4/+0
|
* Revert "It's snowing!"wycats2010-08-181-1/+1
| | | | This reverts commit e4283007d607454acf97301821ba1e1c417bdead.
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-8/+8
| | | | 's/[ \t]*$//' -i {} \;)
* It's snowing!Jeremy Kemper2010-08-121-1/+1
|
* Replace snowman with utf8=✓wycats2010-08-111-1/+1
|
* rename _snowman to _ewycats2010-08-091-1/+1
|
* Change returning with tapSantiago Pastorino2010-07-251-2/+1
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* s/escape_once/html_escape/, since html safety is the contract that now says ↵Xavier Noria2010-06-301-1/+1
| | | | whether something has to be escaped
* url_for no longer escapes HTML, the :escape option is also goneXavier Noria2010-06-301-0/+2
| | | | Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
* Rename _snowman_ to _snowman to be in sync with _method and _csrf_token.José Valim2010-06-291-1/+1
|
* Small typowycats2010-06-271-1/+1
|
* Fix several known web encoding issues:wycats2010-06-271-3/+12
| | | | | | | | | | | | | | | | | | | | | | | * Specify accept-charset on all forms. All recent browsers, as well as IE5+, will use the encoding specified for form parameters * Unfortunately, IE5+ will not look at accept-charset unless at least one character in the form's values is not in the page's charset. Since the user can override the default charset (which Rails sets to UTF-8), we provide a hidden input containing a unicode character, forcing IE to look at the accept-charset. * Now that the vast majority of web input is UTF-8, we set the inbound parameters to UTF-8. This will eliminate many cases of incompatible encodings between ASCII-8BIT and UTF-8. * You can safely ignore params[:_snowman_] TODO: * Validate inbound text to confirm it is UTF-8 * Combine the whole_form implementations in form_helper_test and form_tag_helper_test
* Adds title and description where needed.Rizwan Reza2010-06-161-0/+1
|
* Fix a bunch of minor spelling mistakesEvgeniy Dolzhenko2010-06-111-1/+1
|
* HTML safety: fix textarea with nil contentJeremy Kemper2010-05-241-1/+1
|
* Improve previous patch a bit [#3645 state:resolved]José Valim2010-05-151-6/+3
|
* Let label helpers accept blocks.Stephen Celis2010-05-151-3/+10
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* image_path -> path_to_image in a couple of places, plus motivation for ↵Xavier Noria2010-04-091-1/+1
| | | | path_to_image in rdoc
* Consistently use lowercase instead of camelCase for all JS class names in RailsDavid Heinemeier Hansson2010-04-081-10/+10
|
* Remove superfluous conditionJeremy Kemper2010-04-081-1/+1
|
* Merge commit 'rails/master'Xavier Noria2010-04-061-0/+63
|\
| * Added all the new HTML5 form types as individual form tag methods (search, ↵David Heinemeier Hansson2010-04-051-0/+63
| | | | | | | | url, number, etc) (Closes #3646) [Stephen Celis]
* | revises some <%= in rdocXavier Noria2010-04-051-1/+1
|/
* HTML safety: give a deprecation warning if an array of option tags is passed ↵Jeremy Kemper2010-03-311-0/+4
| | | | to select tag. Be sure to join the tag yourself and mark them .html_safe
* adds missing requires for Object#blank? and Object#present?Xavier Noria2010-03-281-0/+1
|
* Merge remote branch 'mainstream/master'Pratik Naik2010-03-121-10/+16
|\ | | | | | | | | | | | | Conflicts: activerecord/lib/active_record/base.rb railties/lib/rails/configuration.rb railties/lib/rails/log_subscriber.rb
| * Make form helpers work with <%= wycats2010-03-091-7/+13
| |
| * content_tag should escape its inputBruno Michel2010-02-141-3/+3
| | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
* | Updated documentation for block helpers in form_tag_helper.rbJeroen van Dijk2010-03-121-5/+5
|/
* More html_safe strings now use the safe_concat methodSantiago Pastorino and José Ignacio Costa2010-02-051-3/+3
| | | | | | [#3856 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Modify the behavior of `radio_button_tag` to use `sanitize_to_id` for ↵Prem Sichanugrist2010-02-021-3/+1
| | | | | | consistency [#1792 status:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* For performance reasons, you can no longer call html_safe! on Strings. ↵Yehuda Katz2010-01-311-3/+3
| | | | | | | | | | | | Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.
* UJS documentation.Stefan Penner2010-01-311-8/+21
|
* add :remote option to form_tagStephen St. Martin2010-01-311-0/+1
|
* Generate UJS code for :disable_withJoshua Peek2010-01-301-10/+1
|
* updating link_to and button_to to support :remote => true and other options ↵Erik St. Martin2010-01-301-7/+5
| | | | | | such as :confirm in a unobtrusive manor Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Revert "Merge branch 'rails/master' into ujs"Joshua Peek2010-01-301-5/+15
| | | | | | | | | | | This reverts commit 3aa1ea1ae4baa4a03d03644e798eeb98a4745785, reversing changes made to 2c12a71378d2146c822acb389b00b866f6420ff5. Conflicts: actionpack/lib/action_view/helpers/javascript_helper.rb actionpack/lib/action_view/helpers/url_helper.rb actionpack/test/template/url_helper_test.rb
* making non remote versions of link_to, button_to, submit_tag and ↵Erik St. Martin2010-01-271-15/+5
| | | | image_submit_tag output data attributes for things like :confirm, :method, :popup, and :disable_with
* Merge docrailsPratik Naik2010-01-171-0/+3
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-081-3/+3
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 06:53:15 +0000